//
#import <Accounts/Accounts.h>
#import <Accounts/ACAccountStore_Private.h>
+#import <Accounts/ACAccountType_Private.h>
#import <AggregateDictionary/ADClient.h>
+#import <AppSupport/AppSupportUtils.h>
#import <AppleAccount/AppleAccount.h>
#import <AppleAccount/ACAccountStore+AppleAccount.h>
-#import <Accounts/ACAccountType_Private.h>
+#import <CloudServices/SecureBackup.h>
+#import <CoreFoundation/CFUserNotification.h>
#import <Foundation/Foundation.h>
+#import <ManagedConfiguration/MCProfileConnection.h>
+#import <ManagedConfiguration/MCFeatures.h>
+#import <MobileCoreServices/MobileCoreServices.h>
+#import <MobileCoreServices/LSApplicationWorkspace.h>
+#import <MobileGestalt.h>
+#import <ProtectedCloudStorage/CloudIdentity.h>
+#import <Security/SecFrameworkStrings.h>
+#import <SpringBoardServices/SBSCFUserNotificationKeys.h>
#include <dispatch/dispatch.h>
#include "SecureObjectSync/SOSCloudCircle.h"
#include "SecureObjectSync/SOSPeerInfo.h"
-#import <CoreFoundation/CFUserNotification.h>
-#import <SpringBoardServices/SBSCFUserNotificationKeys.h>
#include <notify.h>
#include <sysexits.h>
#import "Applicant.h"
#import "NSArray+map.h"
-#import <ManagedConfiguration/MCProfileConnection.h>
-#import <ManagedConfiguration/MCFeatures.h>
-#import <Security/SecFrameworkStrings.h>
#import "PersistentState.h"
#include <xpc/private.h>
#include <sys/time.h>
#import "NSDate+TimeIntervalDescription.h"
-#include <MobileGestalt.h>
#include <xpc/activity.h>
#include <xpc/private.h>
-#import <MobileCoreServices/MobileCoreServices.h>
-#import <MobileCoreServices/LSApplicationWorkspace.h>
-#import <CloudServices/SecureBackup.h>
-#import <AppSupport/AppSupportUtils.h>
#import <syslog.h>
#include "utilities/SecCFRelease.h"
#include "utilities/debugging.h"
dispatch_block_t doOnceInMainBlockChain = NULL;
NSString *castleKeychainUrl = @"prefs:root=CASTLE&path=Keychain/ADVANCED";
+NSString *rejoinICDPUrl = @"prefs:root=CASTLE&aaaction=CDP&command=rejoin";
static void doOnceInMain(dispatch_block_t block)
{
if (responseFlags == kCFUserNotificationDefaultResponse) {
// We need to let things unwind to main for the new state to get saved
doOnceInMain(^{
- BOOL ok = [[LSApplicationWorkspace defaultWorkspace] openSensitiveURL:[NSURL URLWithString:castleKeychainUrl] withOptions:nil];
- NSLog(@"ok=%d opening %@", ok, [NSURL URLWithString:castleKeychainUrl]);
+ ACAccountStore *store = [ACAccountStore new];
+ ACAccount *primary = [store aa_primaryAppleAccount];
+ NSString *dsid = [primary aa_personID];
+ bool localICDP = false;
+ if (dsid) {
+ NSDictionary *options = @{ (__bridge id) kPCSSetupDSID : dsid, };
+ PCSIdentitySetRef identity = PCSIdentitySetCreate((__bridge CFDictionaryRef) options, NULL, NULL);
+
+ if (identity) {
+ localICDP = PCSIdentitySetIsICDP(identity, NULL);
+ CFRelease(identity);
+ }
+ }
+ NSURL *url = [NSURL URLWithString: localICDP ? rejoinICDPUrl : castleKeychainUrl];
+ BOOL ok = [[LSApplicationWorkspace defaultWorkspace] openSensitiveURL:url withOptions:nil];
+ NSLog(@"ok=%d opening %@", ok, url);
});
}
cancelCurrentAlert(true);
<true/>
<key>com.apple.securebackupd.access</key>
<true/>
+ <key>keychain-access-groups</key>
+ <array>
+ <string>com.apple.ProtectedCloudStorage</string>
+ </array>
</dict>
</plist>
}
}
+ // <rdar://problem/21988060> Improve wording of the iCloud keychain drop/reset error messages
// Contrary to HI spec (and I think it makes more sense)
// 1. otherButton == top : Not Now
// 2. actionButton == bottom: Continue
buildPhases = (
);
dependencies = (
+ D4A2FC7E1BC89D5200BF6E56 /* PBXTargetDependency */,
5EF7C2541B00EEC000E5E99C /* PBXTargetDependency */,
3705CADE1A8971DF00402F75 /* PBXTargetDependency */,
37AB39401A44A95500B56E04 /* PBXTargetDependency */,
CDF91EC91AAE022600E88CF7 /* com.apple.private.alloy.keychainsync.plist in Resources */ = {isa = PBXBuildFile; fileRef = CDF91EC81AAE022600E88CF7 /* com.apple.private.alloy.keychainsync.plist */; };
CDF91EF51AAE028F00E88CF7 /* com.apple.private.alloy.keychainsync.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = CDF91EC81AAE022600E88CF7 /* com.apple.private.alloy.keychainsync.plist */; };
D41685841B3A288F001FB54E /* oids.h in Headers */ = {isa = PBXBuildFile; fileRef = D41685831B3A288F001FB54E /* oids.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ D4DDD3D01BE3EC0300E8AE2D /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = D4DDD3A71BE3EB4200E8AE2D /* libDiagnosticMessagesClient.dylib */; };
E76079D61951FDAF00F69731 /* liblogging.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E76079D51951FDA800F69731 /* liblogging.a */; };
E778BFBC17176DDE00302C14 /* security.exp-in in Sources */ = {isa = PBXBuildFile; fileRef = 182BB562146F4C73000BF1F3 /* security.exp-in */; };
EB22F3F918A26BCA0016A8EC /* SecBreadcrumb.c in Sources */ = {isa = PBXBuildFile; fileRef = EB22F3F718A26BA50016A8EC /* SecBreadcrumb.c */; };
remoteGlobalIDString = 5214700516977CB800DF0DB3;
remoteInfo = CloudKeychainProxy;
};
- 529FF21F1523BD7F0029D842 /* PBXContainerItemProxy */ = {
- isa = PBXContainerItemProxy;
- containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */;
- proxyType = 1;
- remoteGlobalIDString = 52200F8714F2B87F00F7F6E7;
- remoteInfo = XPCTimeStampingService;
- };
52B5A8F5151928B400664F11 /* PBXContainerItemProxy */ = {
isa = PBXContainerItemProxy;
containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */;
remoteGlobalIDString = CD63ACDF1A8061FA001B5671;
remoteInfo = IDSKeychainSyncingProxy;
};
+ D4A2FC7D1BC89D5200BF6E56 /* PBXContainerItemProxy */ = {
+ isa = PBXContainerItemProxy;
+ containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */;
+ proxyType = 1;
+ remoteGlobalIDString = 52200F8714F2B87F00F7F6E7;
+ remoteInfo = XPCTimeStampingService;
+ };
E7421C7D1ADC8E0D005FC1C0 /* PBXContainerItemProxy */ = {
isa = PBXContainerItemProxy;
containerPortal = 0C6D77DE15C8C06500BB4405 /* tlsnke.xcodeproj */;
D41685831B3A288F001FB54E /* oids.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = oids.h; path = libsecurity_keychain/libDER/libDER/oids.h; sourceTree = SOURCE_ROOT; };
D46E9CED1B1E5DEF00ED650E /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = "<group>"; };
D46E9CEE1B1E5DEF00ED650E /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = "<group>"; };
+ D4DDD3A71BE3EB4200E8AE2D /* libDiagnosticMessagesClient.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libDiagnosticMessagesClient.dylib; path = ../../../../../../usr/lib/libDiagnosticMessagesClient.dylib; sourceTree = "<group>"; };
EB22F3F518A26BA50016A8EC /* bc-10-knife-on-bread.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "bc-10-knife-on-bread.c"; path = "Breadcrumb/bc-10-knife-on-bread.c"; sourceTree = "<group>"; };
EB22F3F618A26BA50016A8EC /* breadcrumb_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = breadcrumb_regressions.h; path = Breadcrumb/breadcrumb_regressions.h; sourceTree = "<group>"; };
EB22F3F718A26BA50016A8EC /* SecBreadcrumb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecBreadcrumb.c; path = Breadcrumb/SecBreadcrumb.c; sourceTree = "<group>"; };
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
+ D4DDD3D01BE3EC0300E8AE2D /* libDiagnosticMessagesClient.dylib in Frameworks */,
BE48AE051ADF1DF4000836C1 /* libACM.a in Frameworks */,
BE48AE061ADF1DF4000836C1 /* libcoreauthd_client.a in Frameworks */,
BE48AE071ADF1DF4000836C1 /* libaks.a in Frameworks */,
1807384D146D0D4E00F05C24 /* Frameworks */ = {
isa = PBXGroup;
children = (
+ D4DDD3A71BE3EB4200E8AE2D /* libDiagnosticMessagesClient.dylib */,
4C97761D17BEB23E0002BFE4 /* AOSAccounts.framework */,
4C328D2F1778EC4F0015EED1 /* AOSUI.framework */,
4C5DD46B17A5F67300696A79 /* AppleSystemInfo.framework */,
5208C0FE16A0D3980062DDC5 /* PBXTargetDependency */,
E76079FA1951FDF600F69731 /* PBXTargetDependency */,
182BB22C146F07DD000BF1F3 /* PBXTargetDependency */,
- 529FF2201523BD7F0029D842 /* PBXTargetDependency */,
);
name = Security;
productName = Security;
);
runOnlyForDeploymentPostprocessing = 0;
shellPath = /bin/sh;
- shellScript = "DST=${BUILT_PRODUCTS_DIR}/${CONTENTS_FOLDER_PATH}/XPCServices\n\nXPC_SERVICE=XPCKeychainSandboxCheck.xpc\nditto -v ${BUILT_PRODUCTS_DIR}/${XPC_SERVICE} ${DST}/${XPC_SERVICE}\nif [ $0 -ne 0 ]; then\n\texit $0;\nfi\n\nXPC_SERVICE=XPCTimeStampingService.xpc\nif [ $0 -ne 0 ]; then\n\texit $0;\nfi\n\nif [ ! -h ${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}/XPCServices ]; then\n ln -s Versions/Current/XPCServices ${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}/XPCServices\nfi\n\nexit 0";
+ shellScript = "DST=${BUILT_PRODUCTS_DIR}/${CONTENTS_FOLDER_PATH}/XPCServices\n\nXPC_SERVICE=XPCKeychainSandboxCheck.xpc\nditto -v ${BUILT_PRODUCTS_DIR}/${XPC_SERVICE} ${DST}/${XPC_SERVICE}\nif [ $0 -ne 0 ]; then\n\texit $0;\nfi\n\nif [ ! -h ${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}/XPCServices ]; then\n ln -s Versions/Current/XPCServices ${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}/XPCServices\nfi\n\nexit 0";
showEnvVarsInLog = 0;
};
18500F961470828E006F9AB4 /* Run Script Generate Strings */ = {
target = 5214700516977CB800DF0DB3 /* CloudKeychainProxy */;
targetProxy = 521470281697842500DF0DB3 /* PBXContainerItemProxy */;
};
- 529FF2201523BD7F0029D842 /* PBXTargetDependency */ = {
- isa = PBXTargetDependency;
- name = XPCTimeStampingService;
- targetProxy = 529FF21F1523BD7F0029D842 /* PBXContainerItemProxy */;
- };
5ED88B6E1B0DEF3100F3B047 /* PBXTargetDependency */ = {
isa = PBXTargetDependency;
name = libDER;
target = CD63ACDF1A8061FA001B5671 /* IDSKeychainSyncingProxy */;
targetProxy = CDEB2BD11A8151CD00B0E23A /* PBXContainerItemProxy */;
};
+ D4A2FC7E1BC89D5200BF6E56 /* PBXTargetDependency */ = {
+ isa = PBXTargetDependency;
+ name = XPCTimeStampingService;
+ targetProxy = D4A2FC7D1BC89D5200BF6E56 /* PBXContainerItemProxy */;
+ };
E76079FA1951FDF600F69731 /* PBXTargetDependency */ = {
isa = PBXTargetDependency;
name = liblogging;
</BuildActionEntries>
</BuildAction>
<TestAction
+ buildConfiguration = "Debug"
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
- shouldUseLaunchSchemeArgsEnv = "YES"
- buildConfiguration = "Debug">
+ shouldUseLaunchSchemeArgsEnv = "YES">
<Testables>
</Testables>
<MacroExpansion>
</AdditionalOptions>
</TestAction>
<LaunchAction
+ buildConfiguration = "Debug"
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
launchStyle = "0"
useCustomWorkingDirectory = "NO"
- buildConfiguration = "Debug"
ignoresPersistentStateOnLaunch = "NO"
debugDocumentVersioning = "YES"
debugServiceExtension = "internal"
</CommandLineArgument>
<CommandLineArgument
argument = "ssl-46-SSLGetSupportedCiphers"
- isEnabled = "NO">
+ isEnabled = "YES">
</CommandLineArgument>
<CommandLineArgument
argument = "ssl-47-falsestart"
</AdditionalOptions>
</LaunchAction>
<ProfileAction
+ buildConfiguration = "Release"
shouldUseLaunchSchemeArgsEnv = "YES"
savedToolIdentifier = ""
useCustomWorkingDirectory = "NO"
- buildConfiguration = "Release"
debugDocumentVersioning = "YES">
<MacroExpansion>
<BuildableReference
static void _printCFError(const char * errmsg, CFErrorRef err)
{
- CFStringRef errString = NULL;
- errString = CFErrorCopyDescription(err);
- char * tmp = _copy_cf_string(errString, NULL);
- LOGV("%s, %s", errmsg, tmp);
- free_safe(tmp);
- CFReleaseSafe(errString);
+ if (err) {
+ CFStringRef errString = NULL;
+ errString = CFErrorCopyDescription(err);
+ char *tmp = _copy_cf_string(errString, NULL);
+ LOGV("%s, %s", errmsg, tmp);
+ free_safe(tmp);
+ CFReleaseSafe(errString);
+ } else {
+ LOGV("%s", errmsg);
+ }
}
static void _db_load_data(authdb_connection_t dbconn, auth_items_t config)
CFTypeRef value = NULL;
CFAbsoluteTime ts = 0;
CFAbsoluteTime old_ts = 0;
+ Boolean ok;
authURL = CFURLCreateWithFileSystemPath(kCFAllocatorDefault, CFSTR(AUTHDB_DATA), kCFURLPOSIXPathStyle, false);
require_action(authURL != NULL, done, LOGE("authdb: file not found %s", AUTHDB_DATA));
- CFURLCopyResourcePropertyForKey(authURL, kCFURLContentModificationDateKey, &value, &err);
- require_action(err == NULL, done, _printCFError("authdb: failed to get modification date", err));
+ ok = CFURLCopyResourcePropertyForKey(authURL, kCFURLContentModificationDateKey, &value, &err);
+ require_action(ok && value != NULL, done, _printCFError("authdb: failed to get modification date", err));
if (CFGetTypeID(value) == CFDateGetTypeID()) {
ts = CFDateGetAbsoluteTime(value);
<key>shared</key>
<false/>
</dict>
- <key>com.apple.iCloud.passwordReset</key>
- <dict>
- <key>class</key>
- <string>user</string>
- <key>comment</key>
- <string>Authenticate as the session owner to reset iCloud password</string>
- <key>session-owner</key>
- <true/>
+ <key>com.apple.icloud.passwordreset</key>
+ <dict>
+ <key>class</key>
+ <string>user</string>
+ <key>comment</key>
+ <string>Authenticate as the session owner to reset iCloud password</string>
+ <key>session-owner</key>
+ <true/>
<key>timeout</key>
<integer>0</integer>
- </dict>
+ </dict>
<key>com.apple.library-repair</key>
<dict>
<key>class</key>
_kSecPolicyAppleTestATVAppSigning
_kSecPolicyApplePayIssuerEncryption
_kSecPolicyAppleOSXProvisioningProfileSigning
+_kSecPolicyAppleATVVPNProfileSigning
_kSecPolicyOid
_kSecPolicyName
_kSecPolicyClient
_SecPolicyCreateApplePPQService
_SecPolicyCreateAppleATVAppSigning
_SecPolicyCreateTestAppleATVAppSigning
+_SecPolicyCreateAppleATVVPNProfileSigning
_SecPolicyCreateApplePayIssuerEncryption
_SecPolicyCreateAppleSSLService
_SecPolicyCreateBasicX509
_SSLSetSessionStrengthPolicy
_SSLSetDHEEnabled
_SSLGetDHEEnabled
+_SSLSetSessionConfig
+_SSLGetSessionConfig
+
+_kSSLSessionConfig_default
+_kSSLSessionConfig_ATSv1
+_kSSLSessionConfig_ATSv1_noPFS
+_kSSLSessionConfig_legacy
+_kSSLSessionConfig_standard
+_kSSLSessionConfig_RC4_fallback
+_kSSLSessionConfig_TLSv1_fallback
+_kSSLSessionConfig_TLSv1_RC4_fallback
+_kSSLSessionConfig_legacy_DHE
+
//
// libsecurity_transform
//
//
// utilities
//
+_SecSecdUsage
// SecDH
_SecDHComputeKey
return CSSMERR_APPLETP_IDP_FAIL;
}
}
+
+ /* Verify DistributionPointName matches cRLDistributionPoints
+ * in cert.
+ */
+ if(idp->distPointName) {
+ CSSM_DATA_PTR certDistPoints;
+ CSSM_RETURN crtn = forCert->fetchField(&CSSMOID_CrlDistributionPoints, &certDistPoints);
+ switch(crtn) {
+ case CSSM_OK:
+ break;
+ case CSSMERR_CL_NO_FIELD_VALUES:
+ return CSSM_OK;
+ default:
+ return crtn;
+ }
+ if (certDistPoints->Length != sizeof(CSSM_X509_EXTENSION)) {
+ forCert->freeField(&CSSMOID_CrlDistributionPoints, certDistPoints);
+ return CSSMERR_TP_UNKNOWN_FORMAT;
+ }
+ CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)certDistPoints->Data;
+ if (cssmExt == NULL) {
+ forCert->freeField(&CSSMOID_CrlDistributionPoints, certDistPoints);
+ return CSSMERR_TP_UNKNOWN_FORMAT;
+ }
+ CE_CRLDistPointsSyntax *dps = (CE_CRLDistPointsSyntax *)cssmExt->value.parsedValue;
+ if (dps == NULL) {
+ forCert->freeField(&CSSMOID_CrlDistributionPoints, certDistPoints);
+ return CSSMERR_TP_UNKNOWN_FORMAT;
+ }
+ if (!dps->numDistPoints) {
+ /* no distribution points in the cert extension */
+ forCert->freeField(&CSSMOID_CrlDistributionPoints, certDistPoints);
+ return CSSM_OK;
+ }
+
+ /* Loop over the cRLDistributionPoints in the cert. */
+ CSSM_BOOL sameType = CSSM_FALSE;
+ CSSM_BOOL found = CSSM_FALSE;
+ for (unsigned dex=0; dex<dps->numDistPoints; dex++) {
+ CE_CRLDistributionPoint *dp = &dps->distPoints[dex];
+ if (dp->distPointName == NULL) {
+ continue;
+ }
+ if (idp->distPointName->nameType != dp->distPointName->nameType) {
+ /* Not the same name type; move on. */
+ continue;
+ }
+ sameType = CSSM_TRUE;
+ switch (dp->distPointName->nameType) {
+ case CE_CDNT_NameRelativeToCrlIssuer: {
+ if (true) {
+ /* RDN code below is not tested, so we won't use it.
+ * Defaulting to prior behavior of accepting without testing.
+ */
+ found = CSSM_TRUE;
+ tpErrorLog("parseExtensions: "
+ "CE_CDNT_NameRelativeToCrlIssuer not implemented\n");
+ break;
+ }
+ /* relativeName is a RDN sequence */
+ CSSM_X509_RDN_PTR idpName = idp->distPointName->dpn.rdn;
+ CSSM_X509_RDN_PTR certName = dp->distPointName->dpn.rdn;
+ if (idpName == NULL || certName == NULL || idpName->numberOfPairs != certName->numberOfPairs) {
+ /* They don't have the same number of attribute/value pairs; move on. */
+ continue;
+ }
+ unsigned nDex;
+ for (nDex=0; nDex<idpName->numberOfPairs; nDex++) {
+ CSSM_X509_TYPE_VALUE_PAIR_PTR iPair = idpName->AttributeTypeAndValue;
+ CSSM_X509_TYPE_VALUE_PAIR_PTR cPair = certName->AttributeTypeAndValue;
+ if (!tpCompareCssmData(&iPair->type, &cPair->type) ||
+ !tpCompareCssmData(&iPair->value, &cPair->value)) {
+ break;
+ }
+ }
+ if (nDex==idpName->numberOfPairs) {
+ /* All the pairs matched. */
+ found = CSSM_TRUE;
+ }
+ }
+ case CE_CDNT_FullName: {
+ /* fullName is a GeneralNames sequence */
+ CE_GeneralNames *idpNames = idp->distPointName->dpn.fullName;
+ CE_GeneralNames *certNames = dp->distPointName->dpn.fullName;
+ if (idpNames == NULL || certNames == NULL || idpNames->numNames != certNames->numNames) {
+ /* They don't have the same number of names; move on. */
+ continue;
+ }
+ unsigned nDex;
+ for (nDex=0; nDex<idpNames->numNames; nDex++) {
+ CE_GeneralName *idpName = &idpNames->generalName[nDex];
+ CE_GeneralName *certName = &certNames->generalName[nDex];
+ if ((idpName->nameType != certName->nameType) ||
+ (!tpCompareCssmData(&idpName->name, &certName->name))) {
+ break;
+ }
+ }
+ if (nDex==idpNames->numNames) {
+ /* All the names matched. */
+ found = CSSM_TRUE;
+ }
+ break;
+ }
+ default: {
+ forCert->freeField(&CSSMOID_CrlDistributionPoints, certDistPoints);
+ return CSSMERR_TP_UNKNOWN_FORMAT;
+ }
+ }
+ if (found) {
+ break; /* out of loop over crlDistribtionPoints in cert. */
+ }
+ }
+ forCert->freeField(&CSSMOID_CrlDistributionPoints, certDistPoints);
+ if(sameType && !found) {
+ return CSSMERR_APPLETP_IDP_FAIL;
+ }
+ } /* distPointName check */
} /* IDP */
} /* have target cert */
}
VERSIONING_SYSTEM = apple-generic;
DEAD_CODE_STRIPPING = YES;
+// Debug symbols should be on obviously
+GCC_GENERATE_DEBUGGING_SYMBOLS = YES
+COPY_PHASE_STRIP = NO
+STRIP_STYLE = debugging
+STRIP_INSTALLED_PRODUCT = NO
+
ARCHS = $(ARCHS_STANDARD_32_64_BIT)
WARNING_CFLAGS = -Wglobal-constructors -Wno-deprecated-declarations $(inherited)
*
* "buf" For decode only; points to the start of the decoded data for
* the current template. Callee can use the tag at this location
- * to infer the returned template. Not used on encode.
+ * to infer the returned template. Not used on encode.
+ *
+ * "len" For decode only; the length of buf.
*
* "Dest" points to the template-specific item being decoded to
* or encoded from. (This is as opposed to arg, which
void *arg,
Boolean enc,
const char *buf,
+ size_t len,
void *dest);
typedef SecAsn1TemplateChooser * SecAsn1TemplateChooserPtr;
void *arg,
Boolean enc,
const char *buf,
+ size_t len,
void *dest)
{
- return SecAsn1TaggedTemplateChooser(arg, enc, buf, dest, timeChoices);
+ return SecAsn1TaggedTemplateChooser(arg, enc, buf, len, dest, timeChoices);
}
static const SecAsn1TemplateChooserPtr NSS_TimeChooserPtr = NSS_TimeChooser;
* Generalized Template chooser.
*/
const SecAsn1Template * SecAsn1TaggedTemplateChooser(
- /* Four args passed to specific SecAsn1TemplateChooser */
+ /* Five args passed to specific SecAsn1TemplateChooser */
void *arg, // currently not used
Boolean enc,
const char *buf,
+ size_t len,
void *dest,
/* array of tag/template pairs */
const NSS_TagChoice *chooser)
/* encoding: tag from an NSS_TaggedItem at *dest */
tag = item->tag;
}
- else {
+ else if (len > 0) {
/* decoding: tag from raw bytes being decoded */
tag = buf[0] & SEC_ASN1_TAGNUM_MASK;
/* and tell caller what's coming */
item->tag = tag;
}
+ /*
+ * If buffer length is 0, leave tag = 0. No choice will have this
+ * the invalid tag.
+ */
/* infer template from tag */
const NSS_TagChoice *thisChoice;
void *arg,
Boolean enc,
const char *buf,
+ size_t len,
void *dest)
{
- return SecAsn1TaggedTemplateChooser(arg, enc, buf, dest, atvChoices);
+ return SecAsn1TaggedTemplateChooser(arg, enc, buf, len, dest, atvChoices);
}
static const SecAsn1TemplateChooserPtr NSS_ATVChooserPtr = NSS_ATVChooser;
void *arg,
Boolean enc,
const char *buf,
+ size_t len,
void *dest)
{
- return SecAsn1TaggedTemplateChooser(arg, enc, buf, dest, genNameChoices);
+ return SecAsn1TaggedTemplateChooser(arg, enc, buf, len, dest, genNameChoices);
}
static const SecAsn1TemplateChooserPtr NSS_genNameChooserPtr =
* Generalized Template chooser.
*/
const SecAsn1Template * SecAsn1TaggedTemplateChooser(
- /* Four args passed to specific SecAsn1TemplateChooser */
+ /* Five args passed to specific SecAsn1TemplateChooser */
void *arg, // currently not used
Boolean enc,
const char *buf,
+ size_t len,
void *dest,
/* array of tag/template pairs */
const NSS_TagChoice *chooser);
static const SecAsn1Template * NSS_P12_CertBagChooser(
void *arg, // --> NSS_P12_CertBag
Boolean enc,
- const char *buf, // on decode, tag byte
+ const char *buf, // on decode, tag byte and length
+ size_t len,
void *dest) // --> NSS_P12_CertBag.bagValue
{
NSS_P12_CertBag *bag = (NSS_P12_CertBag *)arg;
static const SecAsn1Template * NSS_P12_CrlBagChooser(
void *arg, // --> NSS_P12_CrlBag
Boolean enc,
- const char *buf, // on decode, tag byte
+ const char *buf, // on decode, tag byte and length
+ size_t len,
void *dest) // --> NSS_P12_CertBag.bagValue
{
NSS_P12_CrlBag *bag = (NSS_P12_CrlBag *)arg;
static const SecAsn1Template * NSS_P12_SafeBagChooser(
void *arg, // --> NSS_P12_SafeBag
Boolean enc,
- const char *buf, // on decode, tag byte
+ const char *buf, // on decode, tag byte and len
+ size_t len,
void *dest) // --> NSS_P12_SafeBag.bagValue
{
NSS_P12_SafeBag *bag = (NSS_P12_SafeBag *)arg;
static const SecAsn1Template * NSS_P7_ContentInfoChooser(
void *arg, // --> NSS_P7_DecodedContentInfo
Boolean enc,
- const char *buf, // on decode, tag byte
+ const char *buf, // on decode, tag byte and length
+ size_t len,
void *dest) // --> NSS_P7_DecodedContentInfo.content
{
NSS_P7_DecodedContentInfo *dci =
* Only needed if first element will
* be SEC_ASN1_DYNAMIC
*/
- const char *buf);
+ const char *buf, size_t len);
/* XXX char or unsigned char? */
extern SECStatus SEC_ASN1DecoderUpdate(SEC_ASN1DecoderContext *cx,
const SecAsn1Template *inTemplate,
void *thing,
PRBool encoding,
- const char *buf); /* __APPLE__ addenda: for decode only */
+ const char *buf, size_t len); /* __APPLE__ addenda: for decode only */
extern SecAsn1Item *sec_asn1e_allocate_item (
PRArenaPool *poolp,
static sec_asn1d_state *
sec_asn1d_init_state_based_on_template (sec_asn1d_state *state,
#ifdef __APPLE__
- const char *buf /* for SEC_ASN1GetSubtemplate() */
+ const char *buf, /* for SEC_ASN1GetSubtemplate() */
+ size_t len
#endif
)
{
state->dest, PR_FALSE);
if (state != NULL)
state = sec_asn1d_init_state_based_on_template (state,
- buf /* __APPLE__ */);
+ buf /* __APPLE__ */, len /* __APPLE__ */);
return state;
}
}
}
#endif /* __APPLE__ */
subt = SEC_ASN1GetSubtemplate (state->theTemplate, subDest,
- PR_FALSE, buf /* __APPLE__ */);
+ PR_FALSE, buf /* __APPLE__ */, len /* __APPLE__ */);
state = sec_asn1d_push_state (state->top, subt, dest, PR_FALSE);
if (state == NULL)
return NULL;
#endif
) {
state = sec_asn1d_init_state_based_on_template (state,
- buf /* __APPLE__ */);
+ buf /* __APPLE__ */, len /* __APPLE__ */);
if (state != NULL) {
/*
* If this field is optional, we need to record that on
static void
sec_asn1d_prepare_for_contents (sec_asn1d_state *state,
#ifdef __APPLE__
- const char *buf /* needed for SEC_ASN1GetSubtemplate */
+ const char *buf, /* needed for SEC_ASN1GetSubtemplate */
+ size_t len
#endif
)
{
SEC_ASN1GetSubtemplate(state->theTemplate,
state->dest,
PR_FALSE,
- buf /* __APPLE__ */),
+ buf /* __APPLE__ */,
+ len /* __APPLE__ */),
state->dest, PR_TRUE);
if (state != NULL)
state = sec_asn1d_init_state_based_on_template (state,
- buf /* __APPLE__ */);
+ buf /* __APPLE__ */, len /* __APPLE__ */);
(void) state;
return;
}
state->place = duringGroup;
subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->dest,
- PR_FALSE, buf /* __APPLE__ */);
+ PR_FALSE, buf /* __APPLE__ */, len /* __APPLE__ */);
state = sec_asn1d_push_state (state->top, subt, NULL, PR_TRUE);
if (state != NULL) {
if (!state->top->filter_only)
*/
sec_asn1d_notify_before (state->top, state->dest, state->depth);
state = sec_asn1d_init_state_based_on_template (state,
- buf /* __APPLE__ */);
+ buf /* __APPLE__ */, len /* __APPLE__ */);
}
} else {
/*
*/
sec_asn1d_notify_before (state->top, state->dest, state->depth);
state = sec_asn1d_init_state_based_on_template (state,
- buf /* __APPLE__ */);
+ buf /* __APPLE__ */, len /* __APPLE__ */);
}
(void) state;
break;
if (state != NULL) {
state->substring = PR_TRUE; /* XXX propogate? */
state = sec_asn1d_init_state_based_on_template (state,
- buf /* __APPLE__ */);
+ buf /* __APPLE__ */, len /* __APPLE__ */);
}
} else if (state->indefinite) {
/*
* And initialize it so it is ready to parse.
*/
(void) sec_asn1d_init_state_based_on_template(child,
- (char *) item->Data /* __APPLE__ */);
+ (char *) item->Data /* __APPLE__ */,
+ item->Length /* __APPLE__ */);
/*
* Now parse that out of our data.
*/
static void
sec_asn1d_next_in_group (sec_asn1d_state *state,
- const char *buf /* __APPLE__ */)
+ const char *buf, /* __APPLE__ */
+ size_t len /* __APPLE__ */)
{
sec_asn1d_state *child;
unsigned long child_consumed;
sec_asn1d_scrub_state (child);
/* Initialize child state from the template */
- sec_asn1d_init_state_based_on_template(child, buf /* __APPLE__ */);
+ sec_asn1d_init_state_based_on_template(child, buf /* __APPLE__ */, len /* __APPLE__ */);
state->top->current = child;
}
*/
static void
sec_asn1d_next_in_sequence (sec_asn1d_state *state,
- const char *buf /* __APPLE__ */)
+ const char *buf /* __APPLE__ */,
+ size_t len /*__APPLE__*/)
{
sec_asn1d_state *child;
unsigned long child_consumed;
}
state->top->current = child;
child = sec_asn1d_init_state_based_on_template (child,
- buf /* __APPLE__ */);
+ buf /* __APPLE__ */,
+ len /* __APPLE__ */);
if (child_missing && child) {
child->place = afterIdentifier;
child->found_tag_modifiers = child_found_tag_modifiers;
}
static sec_asn1d_state *
-sec_asn1d_before_choice (sec_asn1d_state *state, const char *buf /* __APPLE__ */)
+sec_asn1d_before_choice (sec_asn1d_state *state,
+ const char *buf /* __APPLE__ */,
+ size_t len /* __APPLE__ */)
{
sec_asn1d_state *child;
sec_asn1d_scrub_state(child);
child = sec_asn1d_init_state_based_on_template(child,
- buf /* __APPLE__ */);
+ buf /* __APPLE__ */, len /* __APPLE__ */);
if( (sec_asn1d_state *)NULL == child ) {
return (sec_asn1d_state *)NULL;
}
}
static sec_asn1d_state *
-sec_asn1d_during_choice (sec_asn1d_state *state, const char *buf /* __APPLE__ */)
+sec_asn1d_during_choice (sec_asn1d_state *state,
+ const char *buf, /* __APPLE__ */
+ size_t len /* __APPLE__ */)
{
sec_asn1d_state *child = state->child;
child_found_tag_modifiers = child->found_tag_modifiers;
child_found_tag_number = child->found_tag_number;
- child = sec_asn1d_init_state_based_on_template(child, buf /* __APPLE__*/);
+ child = sec_asn1d_init_state_based_on_template(child, buf /* __APPLE__*/, len /* __APPLE__ */);
if( (sec_asn1d_state *)NULL == child ) {
return (sec_asn1d_state *)NULL;
}
what = SEC_ASN1_Length;
break;
case afterLength:
- sec_asn1d_prepare_for_contents (state, buf);
+ sec_asn1d_prepare_for_contents (state, buf, len);
break;
case beforeBitString:
consumed = sec_asn1d_parse_bit_string (state, buf, len);
sec_asn1d_next_substring (state);
break;
case duringGroup:
- sec_asn1d_next_in_group (state, buf);
+ sec_asn1d_next_in_group (state, buf, len);
break;
case duringLeaf:
consumed = sec_asn1d_parse_leaf (state, buf, len);
}
break;
case duringSequence:
- sec_asn1d_next_in_sequence (state, buf);
+ sec_asn1d_next_in_sequence (state, buf, len);
break;
case afterConstructedString:
sec_asn1d_concat_substrings (state);
sec_asn1d_pop_state (state);
break;
case beforeChoice:
- state = sec_asn1d_before_choice(state, buf);
+ state = sec_asn1d_before_choice(state, buf, len);
break;
case duringChoice:
- state = sec_asn1d_during_choice(state, buf);
+ state = sec_asn1d_during_choice(state, buf, len);
break;
case afterChoice:
sec_asn1d_after_choice(state);
#ifdef __APPLE__
,
/* only needed if first element will be SEC_ASN1_DYNAMIC */
- const char *buf
+ const char *buf,
+ size_t len /* __APPLE__ */
#endif
)
{
if (sec_asn1d_push_state(cx, theTemplate, dest, PR_FALSE) == NULL
|| sec_asn1d_init_state_based_on_template (cx->current,
- buf /* __APPLE__ */) == NULL) {
+ buf /* __APPLE__ */, len /* __APPLE__ */) == NULL) {
/*
* Trouble initializing (probably due to failed allocations)
* requires that we just give up.
SECStatus urv, frv;
dcx = SEC_ASN1DecoderStart (poolp, dest, theTemplate,
- buf /* __APPLE__ */);
+ buf /* __APPLE__ */, len /* __APPLE__ */);
if (dcx == NULL)
return SECFailure;
}
subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->src, PR_TRUE,
- NULL /* __APPLE__ */);
+ NULL /* __APPLE__ */, 0 /* __APPLE__ */);
state = sec_asn1e_push_state (state->top, subt, src, PR_FALSE);
if (state == NULL)
return NULL;
/* XXX any bits we want to disallow (PORT_Assert against) here? */
theTemplate = SEC_ASN1GetSubtemplate (theTemplate, src, PR_TRUE,
- NULL /* __APPLE__ */);
+ NULL /* __APPLE__ */, 0 /* __APPLE__ */);
if (encode_kind & SEC_ASN1_POINTER) {
/*
break;
tmpt = SEC_ASN1GetSubtemplate (theTemplate, src, PR_TRUE,
- NULL /* __APPLE__ */);
+ NULL /* __APPLE__ */, 0 /* __APPLE__ */);
for (; *group != NULL; group++) {
sub_src = (char *)(*group) + tmpt->offset;
SEC_ASN1GetSubtemplate(state->theTemplate,
state->src,
PR_TRUE,
- NULL /* __APPLE__ */),
+ NULL /* __APPLE__ */, 0 /* __APPLE__ */),
state->src, PR_TRUE);
if (state != NULL)
state = sec_asn1e_init_state_based_on_template (state);
}
state->place = duringGroup;
subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->src,
- PR_TRUE, NULL /* __APPLE__ */);
+ PR_TRUE, NULL /* __APPLE__ */, 0 /* __APPLE__ */);
state = sec_asn1e_push_state (state->top, subt, *group, PR_TRUE);
if (state != NULL)
state = sec_asn1e_init_state_based_on_template (state);
PRBool encoding
#ifdef __APPLE__
,
- const char *buf // for decode only
+ const char *buf, // for decode only
+ size_t len
#endif
)
{
if (thing != NULL) {
thing = (char *)thing - theTemplate->offset;
}
- subt = (* chooserp)(thing, encoding, buf, dest);
+ subt = (* chooserp)(thing, encoding, buf, len, dest);
}
} else {
subt = (SecAsn1Template*)theTemplate->sub;
}
rtn = (int)lseek(fd, 0, SEEK_SET);
if(rtn < 0) {
+ free(buf);
goto errOut;
}
rtn = (int)read(fd, buf, (size_t)size);
if(rtn >= 0) {
printf("readFile: short read\n");
}
+ free(buf);
rtn = EIO;
}
else {
CFDictionaryAddValue(result, key, value);
});
}));
-
- if (mExceptionToRethrow) std::rethrow_exception(mExceptionToRethrow);
}
}
-void EvaluationManager::waitForCompletion(EvaluationTask *task, SecAssessmentFlags flags, CFMutableDictionaryRef result)
+void EvaluationManager::finalizeTask(EvaluationTask *task, SecAssessmentFlags flags, CFMutableDictionaryRef result)
{
task->waitForCompletion(flags, result);
+
+ std::exception_ptr pendingException = task->mExceptionToRethrow;
+
+ removeTask(task);
+
+ if (pendingException) std::rethrow_exception(pendingException);
}
static EvaluationManager *globalManager();
EvaluationTask *evaluationTask(PolicyEngine *engine, CFURLRef path, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context, CFMutableDictionaryRef result);
- void waitForCompletion(EvaluationTask *task, SecAssessmentFlags flags, CFMutableDictionaryRef result);
- void removeTask(EvaluationTask *task);
+ void finalizeTask(EvaluationTask *task, SecAssessmentFlags flags, CFMutableDictionaryRef result);
private:
CFCopyRef<CFMutableDictionaryRef> mCurrentEvaluations;
+
EvaluationManager();
~EvaluationManager();
+ void removeTask(EvaluationTask *task);
+
dispatch_queue_t mListLockQueue;
};
// perform the evaluation
EvaluationTask *evaluationTask = evaluationManager->evaluationTask(this, path, type, flags, context, result);
- evaluationManager->waitForCompletion(evaluationTask, flags, result);
- evaluationManager->removeTask(evaluationTask);
+ evaluationManager->finalizeTask(evaluationTask, flags, result);
// if rejected, reset the automatic rearm timer
if (CFDictionaryGetValue(result, kSecAssessmentAssessmentVerdict) == kCFBooleanFalse)
// flatten the dictionary
CssmData data;
nvd.Export (data);
-
- SecurityServer::ClientSession cs (Allocator::standard(), Allocator::standard());
- cs.postNotification (SecurityServer::kNotificationDomainDatabase, whichEvent, data);
- secdebug("kcnotify", "KCEventNotifier::PostKeychainEvent posted event %u", (unsigned int) whichEvent);
+ /* enforce a maximum size of 16k for notifications */
+ if (data.length() <= 16384) {
+ SecurityServer::ClientSession cs (Allocator::standard(), Allocator::standard());
+ cs.postNotification (SecurityServer::kNotificationDomainDatabase, whichEvent, data);
+
+ secdebug("kcnotify", "KCEventNotifier::PostKeychainEvent posted event %u", (unsigned int) whichEvent);
+ }
free (data.data ());
}
}
if ( userName.length() == 0 ) // did we ultimately get one?
MacOSError::throwMe(errAuthorizationInternal);
-
+
+ SecurityServer::ClientSession().resetKeyStorePassphrase(password ? CssmData(const_cast<void *>(password), passwordLength) : CssmData());
+
if (password)
{
// Clear the plist and move aside (rename) the existing login.keychain
globals().storageManager.makeLoginAuthUI(NULL);
}
- SecurityServer::ClientSession().resetKeyStorePassphrase(password ? CssmData(const_cast<void *>(password), passwordLength) : CssmData());
-
// Post a "list changed" event after a reset, so apps can refresh their list.
// Make sure we are not holding mLock when we post this event.
KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent);
}
#endif
+
+#if !SECTRUST_OSX
+/* new in 10.11 */
+SecPolicyRef SecPolicyCreateAppleATVVPNProfileSigning(void)
+{
+ return _SecPolicyCreateWithOID(kSecPolicyAppleX509Basic);
+}
+#endif
+
#if !SECTRUST_OSX
SecPolicyRef SecPolicyCreateAppleSSLService(CFStringRef hostname)
{
resultPolicyArray=appleTimeStampingPolicies.yield();
}
catch (...) {
+ syslog(LOG_ERR, "SecPolicyCreateAppleTimeStampingAndRevocationPolicies: unable to create policy array");
CFReleaseNull(resultPolicyArray);
};
#else
@constant kSecPolicyAppleATVAppSigning
@constant kSecPolicyAppleTestATVAppSigning
@constant kSecPolicyAppleOSXProvisioningProfileSigning
+ @constant kSecPolicyAppleATVVPNProfileSigning
*/
extern const CFStringRef kSecPolicyAppleMobileStore
__OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
extern const CFStringRef kSecPolicyAppleOSXProvisioningProfileSigning
__OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+extern const CFStringRef kSecPolicyAppleATVVPNProfileSigning
+ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
/*!
@function SecPolicyCopy
*/
SecPolicyRef SecPolicyCreateOSXProvisioningProfileSigning(void)
__OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+
+
+/*!
+ @function SecPolicyCreateAppleATVVPNProfileSigning
+ @abstract Check for leaf marker OID 1.2.840.113635.100.6.43,
+ intermediate marker OID 1.2.840.113635.100.6.2.10,
+ chains to Apple Root CA, path length 3
+ */
+SecPolicyRef SecPolicyCreateAppleATVVPNProfileSigning(void)
+ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
#if defined(__cplusplus)
}
}
return status;
}
-
-#define APPNAMEWORKAROUND_KEY CFSTR("WorkaroundAppNames")
-#define APPNAMEWORKAROUND_DOMAIN CFSTR("com.apple.security")
-
-static bool tsCheckAppNameWorkaround(const char *name)
-{
- bool result = false;
- CFIndex idx, count;
- CFStringRef str =
- CFStringCreateWithCString (NULL, name, kCFStringEncodingUTF8);
- CFArrayRef value = (CFArrayRef)
- CFPreferencesCopyValue (APPNAMEWORKAROUND_KEY,
- APPNAMEWORKAROUND_DOMAIN,
- kCFPreferencesCurrentUser,
- kCFPreferencesAnyHost);
- if (!str || !value ||
- !(CFArrayGetTypeID() == CFGetTypeID(value))) {
- goto cleanup;
- }
- count = CFArrayGetCount(value);
- for (idx = 0; idx < count; idx++) {
- CFStringRef appstr = (CFStringRef) CFArrayGetValueAtIndex(value, idx);
- if (!(appstr) || !(CFStringGetTypeID() == CFGetTypeID(appstr))) {
- continue;
- }
- if (!CFStringCompare(str, appstr, 0)) {
- result = true;
- break;
- }
- }
-
-cleanup:
- if (str) {
- CFRelease(str);
- }
- if (value) {
- CFRelease(value);
- }
- return result;
-}
#endif
static void tsAddConditionalCerts(CFMutableArrayRef certArray)
if (!certArray) { return; }
- pid_t pid = getpid();
- char pathbuf[PROC_PIDPATHINFO_MAXSIZE];
- int ret = proc_name(pid, pathbuf, sizeof(pathbuf));
- if (ret <= 0) { return; }
-
OSStatus status = _tsEnsuredInitialized();
- if ((status == 0 && sCSCheckFix_f(CFSTR("21946795"))) ||
- tsCheckAppNameWorkaround(pathbuf)) {
+ if (status == 0 && sCSCheckFix_f(CFSTR("21946795"))) {
// conditionally include these 1024-bit roots
const certmap_entry_t certmap[] = {
{ _EquifaxSecureCA, sizeof(_EquifaxSecureCA) },
#ifndef _SEC_TRUST_SETTINGS_CERTIFICATES_H_
#define _SEC_TRUST_SETTINGS_CERTIFICATES_H_
+#if 0
+/* SHA1 Fingerprint=4D:34:EA:92:76:4B:3A:31:49:11:99:52:F4:19:30:CA:11:34:83:61 */
+/* subject:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */
+/* issuer :/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root */
+/* 2048-bit RSA */
+unsigned char _BaltimoreCyberTrustCSICA[1049]={
+0x30,0x82,0x04,0x15,0x30,0x82,0x03,0x7E,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x07,
+0x27,0x8E,0xED,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,
+0x05,0x00,0x30,0x75,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
+0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0A,0x13,0x0F,0x47,0x54,0x45,0x20,
+0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x27,0x30,0x25,0x06,
+0x03,0x55,0x04,0x0B,0x13,0x1E,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,
+0x72,0x75,0x73,0x74,0x20,0x53,0x6F,0x6C,0x75,0x74,0x69,0x6F,0x6E,0x73,0x2C,0x20,
+0x49,0x6E,0x63,0x2E,0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1A,0x47,
+0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x47,0x6C,
+0x6F,0x62,0x61,0x6C,0x20,0x52,0x6F,0x6F,0x74,0x30,0x1E,0x17,0x0D,0x31,0x32,0x30,
+0x34,0x31,0x38,0x31,0x36,0x33,0x36,0x31,0x38,0x5A,0x17,0x0D,0x31,0x38,0x30,0x38,
+0x31,0x33,0x31,0x36,0x33,0x35,0x31,0x37,0x5A,0x30,0x5A,0x31,0x0B,0x30,0x09,0x06,
+0x03,0x55,0x04,0x06,0x13,0x02,0x49,0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,
+0x0A,0x13,0x09,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x31,0x13,0x30,0x11,
+0x06,0x03,0x55,0x04,0x0B,0x13,0x0A,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,
+0x74,0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6C,0x74,
+0x69,0x6D,0x6F,0x72,0x65,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,
+0x20,0x52,0x6F,0x6F,0x74,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,
+0x0A,0x02,0x82,0x01,0x01,0x00,0xA3,0x04,0xBB,0x22,0xAB,0x98,0x3D,0x57,0xE8,0x26,
+0x72,0x9A,0xB5,0x79,0xD4,0x29,0xE2,0xE1,0xE8,0x95,0x80,0xB1,0xB0,0xE3,0x5B,0x8E,
+0x2B,0x29,0x9A,0x64,0xDF,0xA1,0x5D,0xED,0xB0,0x09,0x05,0x6D,0xDB,0x28,0x2E,0xCE,
+0x62,0xA2,0x62,0xFE,0xB4,0x88,0xDA,0x12,0xEB,0x38,0xEB,0x21,0x9D,0xC0,0x41,0x2B,
+0x01,0x52,0x7B,0x88,0x77,0xD3,0x1C,0x8F,0xC7,0xBA,0xB9,0x88,0xB5,0x6A,0x09,0xE7,
+0x73,0xE8,0x11,0x40,0xA7,0xD1,0xCC,0xCA,0x62,0x8D,0x2D,0xE5,0x8F,0x0B,0xA6,0x50,
+0xD2,0xA8,0x50,0xC3,0x28,0xEA,0xF5,0xAB,0x25,0x87,0x8A,0x9A,0x96,0x1C,0xA9,0x67,
+0xB8,0x3F,0x0C,0xD5,0xF7,0xF9,0x52,0x13,0x2F,0xC2,0x1B,0xD5,0x70,0x70,0xF0,0x8F,
+0xC0,0x12,0xCA,0x06,0xCB,0x9A,0xE1,0xD9,0xCA,0x33,0x7A,0x77,0xD6,0xF8,0xEC,0xB9,
+0xF1,0x68,0x44,0x42,0x48,0x13,0xD2,0xC0,0xC2,0xA4,0xAE,0x5E,0x60,0xFE,0xB6,0xA6,
+0x05,0xFC,0xB4,0xDD,0x07,0x59,0x02,0xD4,0x59,0x18,0x98,0x63,0xF5,0xA5,0x63,0xE0,
+0x90,0x0C,0x7D,0x5D,0xB2,0x06,0x7A,0xF3,0x85,0xEA,0xEB,0xD4,0x03,0xAE,0x5E,0x84,
+0x3E,0x5F,0xFF,0x15,0xED,0x69,0xBC,0xF9,0x39,0x36,0x72,0x75,0xCF,0x77,0x52,0x4D,
+0xF3,0xC9,0x90,0x2C,0xB9,0x3D,0xE5,0xC9,0x23,0x53,0x3F,0x1F,0x24,0x98,0x21,0x5C,
+0x07,0x99,0x29,0xBD,0xC6,0x3A,0xEC,0xE7,0x6E,0x86,0x3A,0x6B,0x97,0x74,0x63,0x33,
+0xBD,0x68,0x18,0x31,0xF0,0x78,0x8D,0x76,0xBF,0xFC,0x9E,0x8E,0x5D,0x2A,0x86,0xA7,
+0x4D,0x90,0xDC,0x27,0x1A,0x39,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x47,0x30,
+0x82,0x01,0x43,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,
+0x06,0x01,0x01,0xFF,0x02,0x01,0x03,0x30,0x4A,0x06,0x03,0x55,0x1D,0x20,0x04,0x43,
+0x30,0x41,0x30,0x3F,0x06,0x04,0x55,0x1D,0x20,0x00,0x30,0x37,0x30,0x35,0x06,0x08,
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x29,0x68,0x74,0x74,0x70,0x3A,0x2F,
+0x2F,0x63,0x79,0x62,0x65,0x72,0x74,0x72,0x75,0x73,0x74,0x2E,0x6F,0x6D,0x6E,0x69,
+0x72,0x6F,0x6F,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,
+0x6F,0x72,0x79,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,
+0x02,0x01,0x06,0x30,0x81,0x89,0x06,0x03,0x55,0x1D,0x23,0x04,0x81,0x81,0x30,0x7F,
+0xA1,0x79,0xA4,0x77,0x30,0x75,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,
+0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0A,0x13,0x0F,0x47,0x54,
+0x45,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x27,0x30,
+0x25,0x06,0x03,0x55,0x04,0x0B,0x13,0x1E,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,
+0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6F,0x6C,0x75,0x74,0x69,0x6F,0x6E,0x73,
+0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,
+0x1A,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,
+0x47,0x6C,0x6F,0x62,0x61,0x6C,0x20,0x52,0x6F,0x6F,0x74,0x82,0x02,0x01,0xA5,0x30,
+0x45,0x06,0x03,0x55,0x1D,0x1F,0x04,0x3E,0x30,0x3C,0x30,0x3A,0xA0,0x38,0xA0,0x36,
+0x86,0x34,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x70,0x75,0x62,
+0x6C,0x69,0x63,0x2D,0x74,0x72,0x75,0x73,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x67,
+0x69,0x2D,0x62,0x69,0x6E,0x2F,0x43,0x52,0x4C,0x2F,0x32,0x30,0x31,0x38,0x2F,0x63,
+0x64,0x70,0x2E,0x63,0x72,0x6C,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,
+0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x93,0x1D,0xFE,0x8B,0xAE,0x46,0xEC,
+0xCB,0xA9,0x0F,0xAB,0xE5,0xEF,0xCA,0xB2,0x68,0x16,0x68,0xD8,0x8F,0xFA,0x13,0xA9,
+0xAF,0xB3,0xCB,0x2D,0xE7,0x4B,0x6E,0x8E,0x69,0x2A,0xC2,0x2B,0x10,0x0A,0x8D,0xF6,
+0xAE,0x73,0xB6,0xB9,0xFB,0x14,0xFD,0x5F,0x6D,0xB8,0x50,0xB6,0xC4,0x8A,0xD6,0x40,
+0x7E,0xD7,0xC3,0xCB,0x73,0xDC,0xC9,0x5D,0x5B,0xAF,0xB0,0x41,0xB5,0x37,0xEB,0xEA,
+0xDC,0x20,0x91,0xC4,0x34,0x6A,0xF4,0xA1,0xF3,0x96,0x9D,0x37,0x86,0x97,0xE1,0x71,
+0xA4,0xDD,0x7D,0xFA,0x44,0x84,0x94,0xAE,0xD7,0x09,0x04,0x22,0x76,0x0F,0x64,0x51,
+0x35,0xA9,0x24,0x0F,0xF9,0x0B,0xDB,0x32,0xDA,0xC2,0xFE,0xC1,0xB9,0x2A,0x5C,0x7A,
+0x27,0x13,0xCA,0xB1,0x48,0x3A,0x71,0xD0,0x43,
+};
+
+/* SHA1 Fingerprint=32:F3:08:82:62:2B:87:CF:88:56:C6:3D:B8:73:DF:08:53:B4:DD:27 */
+/* subject:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 */
+/* issuer :/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority */
+/* 2048-bit RSA */
+unsigned char _VeriSignG5CSICA[1236]={
+0x30,0x82,0x04,0xD0,0x30,0x82,0x04,0x39,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x25,
+0x0C,0xE8,0xE0,0x30,0x61,0x2E,0x9F,0x2B,0x89,0xF7,0x05,0x4D,0x7C,0xF8,0xFD,0x30,
+0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x5F,
+0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,
+0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,
+0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0B,0x13,
+0x2E,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6C,0x69,0x63,0x20,
+0x50,0x72,0x69,0x6D,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
+0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,
+0x1E,0x17,0x0D,0x30,0x36,0x31,0x31,0x30,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,
+0x17,0x0D,0x32,0x31,0x31,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,
+0x81,0xCA,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,
+0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,
+0x67,0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,
+0x0B,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,
+0x74,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,
+0x04,0x0B,0x13,0x31,0x28,0x63,0x29,0x20,0x32,0x30,0x30,0x36,0x20,0x56,0x65,0x72,
+0x69,0x53,0x69,0x67,0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x20,0x2D,0x20,0x46,0x6F,
+0x72,0x20,0x61,0x75,0x74,0x68,0x6F,0x72,0x69,0x7A,0x65,0x64,0x20,0x75,0x73,0x65,
+0x20,0x6F,0x6E,0x6C,0x79,0x31,0x45,0x30,0x43,0x06,0x03,0x55,0x04,0x03,0x13,0x3C,
+0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,
+0x20,0x50,0x75,0x62,0x6C,0x69,0x63,0x20,0x50,0x72,0x69,0x6D,0x61,0x72,0x79,0x20,
+0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,
+0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x2D,0x20,0x47,0x35,0x30,0x82,0x01,0x22,
+0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,
+0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xAF,0x24,0x08,
+0x08,0x29,0x7A,0x35,0x9E,0x60,0x0C,0xAA,0xE7,0x4B,0x3B,0x4E,0xDC,0x7C,0xBC,0x3C,
+0x45,0x1C,0xBB,0x2B,0xE0,0xFE,0x29,0x02,0xF9,0x57,0x08,0xA3,0x64,0x85,0x15,0x27,
+0xF5,0xF1,0xAD,0xC8,0x31,0x89,0x5D,0x22,0xE8,0x2A,0xAA,0xA6,0x42,0xB3,0x8F,0xF8,
+0xB9,0x55,0xB7,0xB1,0xB7,0x4B,0xB3,0xFE,0x8F,0x7E,0x07,0x57,0xEC,0xEF,0x43,0xDB,
+0x66,0x62,0x15,0x61,0xCF,0x60,0x0D,0xA4,0xD8,0xDE,0xF8,0xE0,0xC3,0x62,0x08,0x3D,
+0x54,0x13,0xEB,0x49,0xCA,0x59,0x54,0x85,0x26,0xE5,0x2B,0x8F,0x1B,0x9F,0xEB,0xF5,
+0xA1,0x91,0xC2,0x33,0x49,0xD8,0x43,0x63,0x6A,0x52,0x4B,0xD2,0x8F,0xE8,0x70,0x51,
+0x4D,0xD1,0x89,0x69,0x7B,0xC7,0x70,0xF6,0xB3,0xDC,0x12,0x74,0xDB,0x7B,0x5D,0x4B,
+0x56,0xD3,0x96,0xBF,0x15,0x77,0xA1,0xB0,0xF4,0xA2,0x25,0xF2,0xAF,0x1C,0x92,0x67,
+0x18,0xE5,0xF4,0x06,0x04,0xEF,0x90,0xB9,0xE4,0x00,0xE4,0xDD,0x3A,0xB5,0x19,0xFF,
+0x02,0xBA,0xF4,0x3C,0xEE,0xE0,0x8B,0xEB,0x37,0x8B,0xEC,0xF4,0xD7,0xAC,0xF2,0xF6,
+0xF0,0x3D,0xAF,0xDD,0x75,0x91,0x33,0x19,0x1D,0x1C,0x40,0xCB,0x74,0x24,0x19,0x21,
+0x93,0xD9,0x14,0xFE,0xAC,0x2A,0x52,0xC7,0x8F,0xD5,0x04,0x49,0xE4,0x8D,0x63,0x47,
+0x88,0x3C,0x69,0x83,0xCB,0xFE,0x47,0xBD,0x2B,0x7E,0x4F,0xC5,0x95,0xAE,0x0E,0x9D,
+0xD4,0xD1,0x43,0xC0,0x67,0x73,0xE3,0x14,0x08,0x7E,0xE5,0x3F,0x9F,0x73,0xB8,0x33,
+0x0A,0xCF,0x5D,0x3F,0x34,0x87,0x96,0x8A,0xEE,0x53,0xE8,0x25,0x15,0x02,0x03,0x01,
+0x00,0x01,0xA3,0x82,0x01,0x9B,0x30,0x82,0x01,0x97,0x30,0x0F,0x06,0x03,0x55,0x1D,
+0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x31,0x06,0x03,0x55,
+0x1D,0x1F,0x04,0x2A,0x30,0x28,0x30,0x26,0xA0,0x24,0xA0,0x22,0x86,0x20,0x68,0x74,
+0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,
+0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x70,0x63,0x61,0x33,0x2E,0x63,0x72,0x6C,0x30,0x0E,
+0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x3D,
+0x06,0x03,0x55,0x1D,0x20,0x04,0x36,0x30,0x34,0x30,0x32,0x06,0x04,0x55,0x1D,0x20,
+0x00,0x30,0x2A,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,
+0x1C,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,0x65,0x72,
+0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,0x30,0x1D,0x06,
+0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x7F,0xD3,0x65,0xA7,0xC2,0xDD,0xEC,0xBB,
+0xF0,0x30,0x09,0xF3,0x43,0x39,0xFA,0x02,0xAF,0x33,0x31,0x33,0x30,0x6D,0x06,0x08,
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0C,0x04,0x61,0x30,0x5F,0xA1,0x5D,0xA0,0x5B,
+0x30,0x59,0x30,0x57,0x30,0x55,0x16,0x09,0x69,0x6D,0x61,0x67,0x65,0x2F,0x67,0x69,
+0x66,0x30,0x21,0x30,0x1F,0x30,0x07,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,0x04,0x14,
+0x8F,0xE5,0xD3,0x1A,0x86,0xAC,0x8D,0x8E,0x6B,0xC3,0xCF,0x80,0x6A,0xD4,0x48,0x18,
+0x2C,0x7B,0x19,0x2E,0x30,0x25,0x16,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6C,
+0x6F,0x67,0x6F,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,
+0x2F,0x76,0x73,0x6C,0x6F,0x67,0x6F,0x2E,0x67,0x69,0x66,0x30,0x34,0x06,0x08,0x2B,
+0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x28,0x30,0x26,0x30,0x24,0x06,0x08,0x2B,
+0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x18,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,
+0x6F,0x63,0x73,0x70,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,
+0x6D,0x30,0x3E,0x06,0x03,0x55,0x1D,0x25,0x04,0x37,0x30,0x35,0x06,0x08,0x2B,0x06,
+0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,
+0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,0x06,0x09,0x60,0x86,0x48,0x01,
+0x86,0xF8,0x42,0x04,0x01,0x06,0x0A,0x60,0x86,0x48,0x01,0x86,0xF8,0x45,0x01,0x08,
+0x01,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,
+0x03,0x81,0x81,0x00,0x13,0x02,0xDD,0xF8,0xE8,0x86,0x00,0xF2,0x5A,0xF8,0xF8,0x20,
+0x0C,0x59,0x88,0x62,0x07,0xCE,0xCE,0xF7,0x4E,0xF9,0xBB,0x59,0xA1,0x98,0xE5,0xE1,
+0x38,0xDD,0x4E,0xBC,0x66,0x18,0xD3,0xAD,0xEB,0x18,0xF2,0x0D,0xC9,0x6D,0x3E,0x4A,
+0x94,0x20,0xC3,0x3C,0xBA,0xBD,0x65,0x54,0xC6,0xAF,0x44,0xB3,0x10,0xAD,0x2C,0x6B,
+0x3E,0xAB,0xD7,0x07,0xB6,0xB8,0x81,0x63,0xC5,0xF9,0x5E,0x2E,0xE5,0x2A,0x67,0xCE,
+0xCD,0x33,0x0C,0x2A,0xD7,0x89,0x56,0x03,0x23,0x1F,0xB3,0xBE,0xE8,0x3A,0x08,0x59,
+0xB4,0xEC,0x45,0x35,0xF7,0x8A,0x5B,0xFF,0x66,0xCF,0x50,0xAF,0xC6,0x6D,0x57,0x8D,
+0x19,0x78,0xB7,0xB9,0xA2,0xD1,0x57,0xEA,0x1F,0x9A,0x4B,0xAF,0xBA,0xC9,0x8E,0x12,
+0x7E,0xC6,0xBD,0xFF,
+};
+#endif
+
/* SHA1 Fingerprint=D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A */
/* subject:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority */
/* issuer :/C=US/O=Equifax/OU=Equifax Secure Certificate Authority */
_kSecPolicyAppleTestATVAppSigning
_kSecPolicyApplePayIssuerEncryption
_kSecPolicyAppleOSXProvisioningProfileSigning
+_kSecPolicyAppleATVVPNProfileSigning
_kSecPolicyOid
_kSecPolicyName
_kSecPolicyClient
_SecPolicyCreateApplePPQService
_SecPolicyCreateAppleATVAppSigning
_SecPolicyCreateTestAppleATVAppSigning
+_SecPolicyCreateAppleATVVPNProfileSigning
_SecPolicyCreateApplePayIssuerEncryption
_SecPolicyCreateAppleSSLService
_SecPolicyCreateBasicX509
/* (note this OID is unfortunately used as a cert extension even though it's under the EKU arc) */
#define APPLE_CERT_EXT_OSX_PROVISIONING_PROFILE_SIGNING APPLE_EKU_OID, 11
+/* AppleTV VPN Profile Signing 1.2.840.113635.100.6.43 */
+#define APPLE_CERT_EXT_APPLE_ATV_VPN_PROFILE_SIGNING APPLE_CERT_EXT, 43
+
/*
* Netscape OIDs.
*/
_oidGoogleOCSPSignedCertificateTimestamp[] = {GOOGLE_OCSP_SCT_OID},
_oidAppleCertExtATVAppSigningTest[] = {APPLE_ATV_APP_SIGNING_OID_TEST},
_oidAppleCertExtATVAppSigningProd[] = {APPLE_ATV_APP_SIGNING_OID},
+ _oidAppleCertExtATVVPNProfileSigning[] = {APPLE_CERT_EXT_APPLE_ATV_VPN_PROFILE_SIGNING},
_oidAppleCertExtCryptoServicesExtEncryption[] = {APPLE_CERT_EXT_CRYPTO_SERVICES_EXT_ENCRYPTION};
__unused const DERItem
sizeof(_oidAppleCertExtATVAppSigningProd)},
oidAppleCertExtATVAppSigningTest = { (DERByte *)_oidAppleCertExtATVAppSigningTest,
sizeof(_oidAppleCertExtATVAppSigningTest)},
+ oidAppleCertExtATVVPNProfileSigning = { (DERByte *) _oidAppleCertExtATVVPNProfileSigning,
+ sizeof(_oidAppleCertExtATVVPNProfileSigning)},
oidAppleCertExtCryptoServicesExtEncryption = { (DERByte *)_oidAppleCertExtCryptoServicesExtEncryption,
sizeof(_oidAppleCertExtCryptoServicesExtEncryption)};
oidAppleCertExtApplePPQSigningTest,
oidAppleCertExtATVAppSigningProd,
oidAppleCertExtATVAppSigningTest,
+ oidAppleCertExtATVVPNProfileSigning,
oidAppleCertExtCryptoServicesExtEncryption;
/* Compare two decoded OIDs. Returns true iff they are equivalent. */
BE50AE680F687AB900D28C54 /* TrustAdditions.h in Headers */ = {isa = PBXBuildFile; fileRef = BE50AE660F687AB900D28C54 /* TrustAdditions.h */; };
BEA830070EB17344001CA937 /* SecItemConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = BEE897100A62CDD800BF88A5 /* SecItemConstants.c */; };
BECE5141106B056C0091E644 /* TrustKeychains.h in Headers */ = {isa = PBXBuildFile; fileRef = BECE5140106B056C0091E644 /* TrustKeychains.h */; settings = {ATTRIBUTES = (); }; };
- BED2BCA21B96217B006CF43A /* si-20-sectrust-provisioning.c in Sources */ = {isa = PBXBuildFile; fileRef = BED2BCA11B96217B006CF43A /* si-20-sectrust-provisioning.c */; settings = {ASSET_TAGS = (); }; };
+ BED2BCA21B96217B006CF43A /* si-20-sectrust-provisioning.c in Sources */ = {isa = PBXBuildFile; fileRef = BED2BCA11B96217B006CF43A /* si-20-sectrust-provisioning.c */; };
BEE896E20A61F0BB00BF88A5 /* SecItem.h in Headers */ = {isa = PBXBuildFile; fileRef = BEE896E00A61F0BB00BF88A5 /* SecItem.h */; settings = {ATTRIBUTES = (); }; };
BEE896E30A61F0BB00BF88A5 /* SecItemPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = BEE896E10A61F0BB00BF88A5 /* SecItemPriv.h */; settings = {ATTRIBUTES = (); }; };
BEE896E70A61F12300BF88A5 /* SecItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BEE896E60A61F12300BF88A5 /* SecItem.cpp */; };
C2AA2C22052E099D006D0211 /* TrustStore.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2BB2052E099D006D0211 /* TrustStore.cpp */; };
C2FD26380731CEFB0027896A /* defaultcreds.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2FD26370731CEE60027896A /* defaultcreds.cpp */; };
C429431E053B2F8B00470431 /* KCUtilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C429431C053B2F8B00470431 /* KCUtilities.cpp */; };
+ D4A2FC821BC8A65B00BF6E56 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = D4A2FC811BC8A65B00BF6E56 /* Security.framework */; };
D6095E960A94F17C0026C68B /* KCEventNotifier.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D6E1457B0A632A5A008AA7E8 /* KCEventNotifier.cpp */; };
F92321381ACF69EE00634C21 /* si-34-one-true-keychain.c in Sources */ = {isa = PBXBuildFile; fileRef = F92321371ACF69EE00634C21 /* si-34-one-true-keychain.c */; };
/* End PBXBuildFile section */
C429431D053B2F8B00470431 /* KCUtilities.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = KCUtilities.h; sourceTree = "<group>"; };
C4A397A1053B1D50000E1B34 /* SecKeychainPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKeychainPriv.h; sourceTree = "<group>"; };
C4A397FA053B21F9000E1B34 /* SecKeychainItemPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKeychainItemPriv.h; sourceTree = "<group>"; };
+ D4A2FC811BC8A65B00BF6E56 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; };
D6E1457B0A632A5A008AA7E8 /* KCEventNotifier.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = KCEventNotifier.cpp; sourceTree = "<group>"; };
D6E1457C0A632A5A008AA7E8 /* KCEventNotifier.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = KCEventNotifier.h; sourceTree = "<group>"; };
F92321371ACF69EE00634C21 /* si-34-one-true-keychain.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "si-34-one-true-keychain.c"; path = "regressions/si-34-one-true-keychain.c"; sourceTree = "<group>"; };
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
+ D4A2FC821BC8A65B00BF6E56 /* Security.framework in Frameworks */,
52200F8B14F2B87F00F7F6E7 /* CoreFoundation.framework in Frameworks */,
52B609D914F55B6800134209 /* Foundation.framework in Frameworks */,
);
52200F9914F2B93700F7F6E7 /* xpc-tsa */ = {
isa = PBXGroup;
children = (
+ D4A2FC811BC8A65B00BF6E56 /* Security.framework */,
52B609D814F55B6800134209 /* Foundation.framework */,
52200F9B14F2B93700F7F6E7 /* XPCTimeStampingService-Info.plist */,
52B60A0614F5CA9500134209 /* main-tsa.m */,
#include <sysexits.h>
#include "timestampclient.h"
#include <syslog.h>
+#include <Security/SecTask.h>
+#include <xpc/private.h>
struct connection_info {
xpc_connection_t peer;
#endif
}
+/*
+ * Check whether the caller can access the network. Currently, this applies
+ * only to applications running under App Sandbox.
+ */
+static bool callerHasNetworkEntitlement(audit_token_t auditToken)
+{
+ bool result = true; /* until proven otherwise */
+ SecTaskRef task = SecTaskCreateWithAuditToken(NULL, auditToken);
+ if(task != NULL) {
+ CFTypeRef appSandboxValue = SecTaskCopyValueForEntitlement(task,
+ CFSTR("com.apple.security.app-sandbox"),
+ NULL);
+ if(appSandboxValue != NULL) {
+ if(!CFEqual(kCFBooleanFalse, appSandboxValue)) {
+ CFTypeRef networkClientValue = SecTaskCopyValueForEntitlement(task,
+ CFSTR("com.apple.security.network.client"),
+ NULL);
+ if(networkClientValue != NULL) {
+ result = (!CFEqual(kCFBooleanFalse, networkClientValue));
+ CFRelease(networkClientValue);
+ } else {
+ result = false;
+ }
+ }
+ CFRelease(appSandboxValue);
+ }
+ CFRelease(task);
+ }
+ return result;
+}
+
static void communicateWithTimeStampingServer(xpc_object_t event, const char *requestData, size_t requestLength, const char *tsaURL)
{
if ((requestLength==0) || !tsaURL)
{
size_t length = 0;
const char *operation = xpc_dictionary_get_string(event, "operation");
+ audit_token_t auditToken = {};
+ xpc_connection_get_audit_token(peer, &auditToken);
+
if (operation && !strcmp(operation, "TimeStampRequest"))
{
- xpctsaDebug("Handling TimeStampRequest event");
- const void *requestData = xpc_dictionary_get_data(event, "TimeStampRequest", &length);
- const char *url = xpc_dictionary_get_string(event, "ServerURL");
+ if (callerHasNetworkEntitlement(auditToken)) {
+ xpctsaDebug("Handling TimeStampRequest event");
+ const void *requestData = xpc_dictionary_get_data(event, "TimeStampRequest", &length);
+ const char *url = xpc_dictionary_get_string(event, "ServerURL");
- communicateWithTimeStampingServer(event, requestData, length, url);
+ communicateWithTimeStampingServer(event, requestData, length, url);
+ }
+ else
+ xpctsaDebug("No network entitlement for pid %d", xpc_connection_get_pid(peer));
}
else
xpctsaDebug("Unknown op=%s request from pid %d", operation, xpc_connection_get_pid(peer));
}
static
-xpc_object_t create_one_sandbox_extension(xpc_object_t path, uint64_t extension_flags)
+xpc_object_t create_one_sandbox_extension(xpc_object_t path, bool read_only)
{
- char *sandbox_extension = NULL;
- int status = sandbox_issue_fs_extension(xpc_string_get_string_ptr(path), extension_flags, &sandbox_extension);
- if (0 == status && sandbox_extension) {
+ const char * extension_class = read_only ? APP_SANDBOX_READ : APP_SANDBOX_READ_WRITE;
+ char *sandbox_extension = sandbox_extension_issue_file(extension_class, xpc_string_get_string_ptr(path), SANDBOX_EXTENSION_CANONICAL);
+ if (sandbox_extension) {
xpc_object_t sandbox_extension_as_xpc_string = xpc_string_create(sandbox_extension);
free(sandbox_extension);
return sandbox_extension_as_xpc_string;
} else {
- syslog(LOG_ERR, "Can't get sandbox fs extension for %s, status=%d errno=%m ext=%s", xpc_string_get_string_ptr(path), status, sandbox_extension);
+ syslog(LOG_ERR, "Can't get sandbox fs extension for %s", xpc_string_get_string_ptr(path));
}
return NULL;
}
{
xpc_object_t extensions = xpc_array_create(NULL, 0);
- xpc_object_t sandbox_extension = create_one_sandbox_extension(keychain_prefs_path, FS_EXT_FOR_PATH|FS_EXT_READ);
+ xpc_object_t sandbox_extension = create_one_sandbox_extension(keychain_prefs_path, true);
if (sandbox_extension) {
xpc_array_append_value(extensions, sandbox_extension);
xpc_release(sandbox_extension);
}
xpc_dictionary_apply(path_dict, ^(const char *keychain_domain, xpc_object_t path_array) {
- uint64_t extension_flags = FS_EXT_FOR_PATH|FS_EXT_READ;
+ bool read_only = true;
if (keychain_domain_needs_writes(keychain_domain)) {
- extension_flags = FS_EXT_FOR_PATH|FS_EXT_READ|FS_EXT_WRITE;
+ read_only = false;
}
xpc_array_apply(path_array, ^(size_t index, xpc_object_t path) {
- xpc_object_t sandbox_extension = create_one_sandbox_extension(path, extension_flags);
+ xpc_object_t sandbox_extension = create_one_sandbox_extension(path, read_only);
if (sandbox_extension) {
xpc_array_append_value(extensions, sandbox_extension);
xpc_release(sandbox_extension);
static const SecAsn1Template * NSS_P12_CertBagChooser(
void *arg, // --> NSS_P12_CertBag
Boolean enc,
- const char *buf, // on decode, tag byte
+ const char *buf,
+ size_t len,
void *dest) // --> NSS_P12_CertBag.bagValue
{
NSS_P12_CertBag *bag = (NSS_P12_CertBag *)arg;
static const SecAsn1Template * NSS_P12_CrlBagChooser(
void *arg, // --> NSS_P12_CrlBag
Boolean enc,
- const char *buf, // on decode, tag byte
+ const char *buf, // on decode, tag byte and length
+ size_t len,
void *dest) // --> NSS_P12_CertBag.bagValue
{
NSS_P12_CrlBag *bag = (NSS_P12_CrlBag *)arg;
static const SecAsn1Template * NSS_P12_SafeBagChooser(
void *arg, // --> NSS_P12_SafeBag
Boolean enc,
- const char *buf, // on decode, tag byte
+ const char *buf, // on decode, tag byte and length
+ size_t len,
void *dest) // --> NSS_P12_SafeBag.bagValue
{
NSS_P12_SafeBag *bag = (NSS_P12_SafeBag *)arg;
static const SecAsn1Template * NSS_P7_ContentInfoChooser(
void *arg, // --> NSS_P7_DecodedContentInfo
Boolean enc,
- const char *buf, // on decode, tag byte
+ const char *buf, // on decode, tag byte and length
+ size_t len,
void *dest) // --> NSS_P7_DecodedContentInfo.content
{
NSS_P7_DecodedContentInfo *dci =
/* forward declaration */
static const SecAsn1Template *
-nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest);
+nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest);
static const SecAsn1TemplateChooserPtr nss_cms_chooser
= nss_cms_choose_content_template;
*
*/
static const SecAsn1Template *
-nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest)
+nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest)
{
const SecAsn1Template *theTemplate;
SecCmsContentInfoRef cinfo;
* helper function for dynamic template determination of the attribute value
*/
static const SecAsn1Template *
-cms_attr_choose_attr_value_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest)
+cms_attr_choose_attr_value_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest)
{
const SecAsn1Template *theTemplate;
SecCmsAttribute *attribute;
cinfo->content.pointer = childp7dcx->content.pointer;
/* start the child decoder */
- childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer, template, NULL);
+ childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer, template, NULL, 0);
if (childp7dcx->dcx == NULL)
goto loser;
goto loser;
}
- p7dcx->dcx = SEC_ASN1DecoderStart(cmsg->poolp, cmsg, SecCmsMessageTemplate, NULL);
+ p7dcx->dcx = SEC_ASN1DecoderStart(cmsg->poolp, cmsg, SecCmsMessageTemplate, NULL, 0);
if (p7dcx->dcx == NULL) {
PORT_Free (p7dcx);
SecCmsMessageDestroy(cmsg);
/* Find digest and contentType for signerinfo */
algiddata = SecCmsSignerInfoGetDigestAlg(signerinfo);
if (algiddata == NULL) {
+ syslog(LOG_ERR,"SecCmsSignedDataVerifySignerInfo: could not get digest algorithm %d", PORT_GetError());
return errSecInternalError; // shouldn't have happened, this is likely due to corrupted data
}
* FIXME: need some error return for this (as well as many
* other places in this library).
*/
+ syslog(LOG_ERR,"SecCmsSignedDataVerifySignerInfo: could not get digest using algorithm id");
return errSecDataNotAvailable;
}
contentType = SecCmsContentInfoGetContentTypeOID(cinfo);
status2 = SecCmsSignerInfoVerifyCertificate(signerinfo, keychainOrArray,
policies, trustRef);
dprintf("SecCmsSignedDataVerifySignerInfo: status %d status2 %d\n", (int) status, (int)status2);
+ if(status || status2) {
+ syslog(LOG_ERR,"SecCmsSignedDataVerifySignerInfo: status %d status2 %d.", (int) status, (int)status2);
+ syslog(LOG_ERR,"SecCmsSignedDataVerifySignerInfo: verify status %d", signerinfo->verificationStatus);
+ }
/* The error from SecCmsSignerInfoVerify() supercedes error from SecCmsSignerInfoVerifyCertificate(). */
if (status)
return status;
#include "tsaSupport.h"
#include "tsaSupportPriv.h"
+#include <syslog.h>
+
#define HIDIGIT(v) (((v) / 10) + '0')
#define LODIGIT(v) (((v) % 10) + '0')
goto loser;
}
- vs = (VFY_VerifyData (encoded_attrs.Data, (int)encoded_attrs.Length,
+ SECStatus err = SECSuccess;
+ vs = ((err = VFY_VerifyData (encoded_attrs.Data, (int)encoded_attrs.Length,
publickey, &(signerinfo->encDigest),
digestAlgTag, digestEncAlgTag,
- signerinfo->cmsg->pwfn_arg) != SECSuccess) ? SecCmsVSBadSignature : SecCmsVSGoodSignature;
+ signerinfo->cmsg->pwfn_arg)) != SECSuccess) ? SecCmsVSBadSignature : SecCmsVSGoodSignature;
dprintf("VFY_VerifyData (authenticated attributes): %s\n",
(vs == SecCmsVSGoodSignature)?"SecCmsVSGoodSignature":"SecCmsVSBadSignature");
+ if (vs != SecCmsVSGoodSignature) syslog(LOG_ERR, "VFY_VerifyData (authenticated attributes) failed: %d", err);
PORT_FreeArena(poolp, PR_FALSE); /* awkward memory management :-( */
if (sig->Length == 0)
goto loser;
- vs = (VFY_VerifyDigest(digest, publickey, sig,
+ SECStatus err = SECSuccess;
+ vs = ((err = VFY_VerifyDigest(digest, publickey, sig,
digestAlgTag, digestEncAlgTag,
- signerinfo->cmsg->pwfn_arg) != SECSuccess) ? SecCmsVSBadSignature : SecCmsVSGoodSignature;
+ signerinfo->cmsg->pwfn_arg)) != SECSuccess) ? SecCmsVSBadSignature : SecCmsVSGoodSignature;
dprintf("VFY_VerifyData (plain message digest): %s\n",
(vs == SecCmsVSGoodSignature)?"SecCmsVSGoodSignature":"SecCmsVSBadSignature");
+ if (vs != SecCmsVSGoodSignature) syslog(LOG_ERR, "VFY_VerifyDigest (plain message digest) failed: %d", err);
}
if (!SecCmsArrayIsEmpty((void **)signerinfo->unAuthAttr))
dprintf("found an unAuthAttr\n");
OSStatus rux = SecCmsSignerInfoVerifyUnAuthAttrsWithPolicy(signerinfo,timeStampPolicy);
dprintf("SecCmsSignerInfoVerifyUnAuthAttrs Status: %ld\n", (long)rux);
- if (rux)
+ if (rux) {
+ syslog(LOG_ERR, "SecCmsSignerInfoVerifyUnAuthAttrsWithPolicy failed: %d", (int)rux);
goto loser;
+ }
}
if (vs == SecCmsVSBadSignature) {
* certificate signature check that failed during the cert
* verification done above. Our error handling is really a mess.
*/
+ syslog(LOG_ERR, "SecCmsSignerInforVerify bad signature PORT_GetError: %d", PORT_GetError());
if (PORT_GetError() == SEC_ERROR_BAD_SIGNATURE)
PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE);
}
kSSLDatagramType
};
-typedef CF_ENUM(int, SSLSessionStrengthPolicy)
-{
- kSSLSessionStrengthPolicyDefault,
- kSSLSessionStrengthPolicyATSv1
-};
/******************
*** Public API ***
__OSX_AVAILABLE_STARTING(__MAC_10_2, __IPHONE_5_0);
+/* Deprecated, does nothing */
+typedef CF_ENUM(int, SSLSessionStrengthPolicy)
+{
+ kSSLSessionStrengthPolicyDefault,
+ kSSLSessionStrengthPolicyATSv1,
+ kSSLSessionStrengthPolicyATSv1_noPFS,
+};
+
+OSStatus
+SSLSetSessionStrengthPolicy(SSLContextRef context,
+ SSLSessionStrengthPolicy policyStrength);
+
+
#if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE))
/*
* Enable/disable peer certificate chain validation. Default is enabled.
SSLClose (SSLContextRef context)
__OSX_AVAILABLE_STARTING(__MAC_10_2, __IPHONE_5_0);
-/*
- * Set the minimum acceptable strength of policy to be negotiated for an
- * ATS session
- */
-OSStatus
-SSLSetSessionStrengthPolicy(SSLContextRef context,
- SSLSessionStrengthPolicy policyStrength);
-
CF_IMPLICIT_BRIDGING_DISABLED
CF_ASSUME_NONNULL_END
OSStatus SSLGetDHEEnabled(SSLContextRef ctx, bool *enabled);
+extern const CFStringRef kSSLSessionConfig_default;
+extern const CFStringRef kSSLSessionConfig_ATSv1;
+extern const CFStringRef kSSLSessionConfig_ATSv1_noPFS;
+extern const CFStringRef kSSLSessionConfig_legacy;
+extern const CFStringRef kSSLSessionConfig_standard;
+extern const CFStringRef kSSLSessionConfig_RC4_fallback;
+extern const CFStringRef kSSLSessionConfig_TLSv1_fallback;
+extern const CFStringRef kSSLSessionConfig_TLSv1_RC4_fallback;
+extern const CFStringRef kSSLSessionConfig_legacy_DHE;
+
+OSStatus
+SSLSetSessionConfig(SSLContextRef context,
+ CFStringRef config);
+
+OSStatus
+SSLGetSessionConfig(SSLContextRef context,
+ CFStringRef *config);
+
+
#if TARGET_OS_IPHONE
/* Following are SPIs on iOS */
_SSLSetMinimumDHGroupSize
_SSLGetMinimumDHGroupSize
_SSLSetSessionStrengthPolicy
+_SSLSetSessionConfig
+_SSLGetSessionConfig
static const unsigned STCipherSuiteCount = sizeof(STKnownCipherSuites)/sizeof(STKnownCipherSuites[0]);
-/*
- * Build ctx->validCipherSpecs as a copy of KnownCipherSpecs, assuming that
- * validCipherSpecs is currently not valid (i.e., SSLSetEnabledCiphers() has
- * not been called).
- */
-OSStatus sslBuildCipherSuiteArray(SSLContext *ctx)
-{
- size_t size;
- unsigned dex;
-
- assert(ctx != NULL);
- assert(ctx->validCipherSuites == NULL);
-
- ctx->numValidCipherSuites = STCipherSuiteCount;
- size = STCipherSuiteCount * sizeof(uint16_t);
- ctx->validCipherSuites = (uint16_t *)sslMalloc(size);
- if(ctx->validCipherSuites == NULL) {
- ctx->numValidCipherSuites = 0;
- return errSecAllocate;
- }
-
- /*
- * Trim out inappropriate ciphers:
- * -- trim anonymous ciphers if !ctx->anonCipherEnable
- * -- trim ECDSA ciphers for server side if appropriate
- * -- trim ECDSA ciphers if TLSv1 disable or SSLv2 enabled (since
- * we MUST do the Client Hello extensions to make these ciphers
- * work reliably)
- * -- trim Stream ciphers if DTLSv1 enable
- * -- trim CBC ciphers when doing SSLv3 fallback
- */
- uint16_t *dst = ctx->validCipherSuites;
- const uint16_t *src = STKnownCipherSuites;
-
- bool trimDHE = !ctx->dheEnabled;
- bool trimECDHE = false;
- const bool trimECDH = true;
-
- if(ctx->maxProtocolVersion == SSL_Version_3_0) {
- /* We trim ECDSA cipher suites if SSL2 is enabled or
- The maximum allowed protocol is SSL3. Note that this
- won't trim ECDSA cipherspecs for DTLS which should be
- the right thing to do here. */
- trimECDHE = true;
- }
-
- /* trim Stream Ciphers for DTLS */
- bool trimRC4 = ctx->isDTLS;
-
- /* trim CBC cipher when doing SSLv3 only fallback */
- bool trimCBC = (ctx->protocolSide==kSSLClientSide)
- && (ctx->maxProtocolVersion == SSL_Version_3_0)
- && ctx->fallbackEnabled;
-
- for(dex=0; dex<STCipherSuiteCount; dex++) {
- KeyExchangeMethod kem = sslCipherSuiteGetKeyExchangeMethod(*src);
- uint8_t keySize = sslCipherSuiteGetSymmetricCipherKeySize(*src);
- HMAC_Algs mac = sslCipherSuiteGetMacAlgorithm(*src);
- SSL_CipherAlgorithm cipher = sslCipherSuiteGetSymmetricCipherAlgorithm(*src);
- /* Skip ciphers as appropriate */
- switch(kem) {
- case SSL_ECDHE_ECDSA:
- case SSL_ECDHE_RSA:
- if(trimECDHE) {
- /* Skip this one */
- ctx->numValidCipherSuites--;
- src++;
- continue;
- }
- else {
- break;
- }
- case SSL_ECDH_ECDSA:
- case SSL_ECDH_RSA:
- case SSL_ECDH_anon:
- if(trimECDH) {
- /* Skip this one */
- ctx->numValidCipherSuites--;
- src++;
- continue;
- }
- else {
- break;
- }
- case SSL_DHE_RSA:
- if(trimDHE) {
- /* Skip this one */
- ctx->numValidCipherSuites--;
- src++;
- continue;
- }
- default:
- break;
- }
- if(!ctx->anonCipherEnable) {
- /* trim out the anonymous (and null-auth-cipher) ciphers */
- if(mac == HA_Null) {
- /* skip this one */
- ctx->numValidCipherSuites--;
- src++;
- continue;
- }
- switch(kem) {
- case SSL_DH_anon:
- case SSL_DH_anon_EXPORT:
- case SSL_ECDH_anon:
- /* skip this one */
- ctx->numValidCipherSuites--;
- src++;
- continue;
- default:
- break;
- }
- }
-
- /* This will skip the simple DES cipher suites, but not the NULL cipher ones */
- if (keySize == 8)
- {
- /* skip this one */
- ctx->numValidCipherSuites--;
- src++;
- continue;
- }
-
- /* Trim PSK ciphersuites, they need to be enabled explicitely */
- if (kem==TLS_PSK) {
- ctx->numValidCipherSuites--;
- src++;
- continue;
- }
-
- if (trimRC4 && (cipher==SSL_CipherAlgorithmRC4_128)) {
- ctx->numValidCipherSuites--;
- src++;
- continue;
- }
-
- if(trimCBC) {
- switch (cipher) {
- case SSL_CipherAlgorithmAES_128_CBC:
- case SSL_CipherAlgorithmAES_256_CBC:
- case SSL_CipherAlgorithm3DES_CBC:
- ctx->numValidCipherSuites--;
- src++;
- continue;
- default:
- break;
- }
- }
-
- if(cipher==SSL_CipherAlgorithmNull) {
- ctx->numValidCipherSuites--;
- src++;
- continue;
- }
-
- /* This one is good to go */
- *dst++ = *src++;
- }
-
- tls_handshake_set_ciphersuites(ctx->hdsk, ctx->validCipherSuites, ctx->numValidCipherSuites);
-
- return errSecSuccess;
-}
-
/*
* Convert an array of uint16_t
const SSLCipherSuite *ciphers,
size_t numCiphers)
{
- size_t size;
- unsigned foundCiphers=0;
- unsigned callerDex;
- unsigned tableDex;
+ uint16_t *cs;
if((ctx == NULL) || (ciphers == NULL) || (numCiphers == 0)) {
return errSecParam;
/* can't do this with an active session */
return errSecBadReq;
}
- size = numCiphers * sizeof(uint16_t);
- ctx->validCipherSuites = (uint16_t *)sslMalloc(size);
- if(ctx->validCipherSuites == NULL) {
- ctx->numValidCipherSuites = 0;
+
+ cs = (uint16_t *)sslMalloc(numCiphers * sizeof(uint16_t));
+ if(cs == NULL) {
return errSecAllocate;
}
- /*
- * Run thru caller's specs, keep only the supported ones.
- */
- for(callerDex=0; callerDex<numCiphers; callerDex++) {
- /* find matching CipherSpec in our known table */
- for(tableDex=0; tableDex<STCipherSuiteCount; tableDex++) {
- if(ciphers[callerDex] == STKnownCipherSuites[tableDex]) {
- ctx->validCipherSuites[foundCiphers] = STKnownCipherSuites[tableDex];
- foundCiphers++;
- break;
- }
- }
+ for(int i=0; i<numCiphers; i++)
+ {
+ cs[i] = ciphers[i];
}
- if(foundCiphers==0) {
- /* caller specified only unsupported ciphersuites */
- sslFree(ctx->validCipherSuites);
- ctx->validCipherSuites = NULL;
- return errSSLBadCipherSuite;
- }
-
- /* success */
- ctx->numValidCipherSuites = foundCiphers;
+ tls_handshake_set_ciphersuites(ctx->hdsk, cs, (unsigned) numCiphers);
- tls_handshake_set_ciphersuites(ctx->hdsk, ctx->validCipherSuites, ctx->numValidCipherSuites);
+ sslFree(cs);
return errSecSuccess;
}
/* Default for server is DHE enabled, default for client is disabled */
if(ctx->protocolSide == kSSLServerSide) {
- ctx->dheEnabled = true;
+ SSLSetDHEEnabled(ctx, true);
} else {
- ctx->dheEnabled = false;
+ SSLSetDHEEnabled(ctx, false);
}
if(kMinDhGroupSizeDefaultValue) {
SSLFreeBuffer(&ctx->resumableSession);
SSLFreeBuffer(&ctx->receivedDataBuffer);
- sslFree(ctx->validCipherSuites);
- ctx->validCipherSuites = NULL;
- ctx->numValidCipherSuites = 0;
-
CFReleaseSafe(ctx->acceptableCAs);
CFReleaseSafe(ctx->trustedLeafCerts);
CFReleaseSafe(ctx->localCertArray);
OSStatus SSLSetDHEEnabled(SSLContextRef ctx, bool enabled)
{
ctx->dheEnabled = enabled;
+ /* Hack a little so that only the ciphersuites change */
+ tls_protocol_version min, max;
+ unsigned nbits;
+ tls_handshake_get_min_protocol_version(ctx->hdsk, &min);
+ tls_handshake_get_max_protocol_version(ctx->hdsk, &max);
+ tls_handshake_get_min_dh_group_size(ctx->hdsk, &nbits);
+ tls_handshake_set_config(ctx->hdsk, enabled?tls_handshake_config_legacy_DHE:tls_handshake_config_legacy);
+ tls_handshake_set_min_protocol_version(ctx->hdsk, min);
+ tls_handshake_set_max_protocol_version(ctx->hdsk, max);
+ tls_handshake_set_min_dh_group_size(ctx->hdsk, nbits);
+
return noErr;
}
{
return errSecSuccess;
}
+
+const CFStringRef kSSLSessionConfig_default = CFSTR("default");
+const CFStringRef kSSLSessionConfig_ATSv1 = CFSTR("ATSv1");
+const CFStringRef kSSLSessionConfig_ATSv1_noPFS = CFSTR("ATSv1_noPFS");
+const CFStringRef kSSLSessionConfig_legacy = CFSTR("legacy");
+const CFStringRef kSSLSessionConfig_standard = CFSTR("standard");
+const CFStringRef kSSLSessionConfig_RC4_fallback = CFSTR("RC4_fallback");
+const CFStringRef kSSLSessionConfig_TLSv1_fallback = CFSTR("TLSv1_fallback");
+const CFStringRef kSSLSessionConfig_TLSv1_RC4_fallback = CFSTR("TLSv1_RC4_fallback");
+const CFStringRef kSSLSessionConfig_legacy_DHE = CFSTR("legacy_DHE");
+
+static
+tls_handshake_config_t SSLSessionConfig_to_tls_handshake_config(CFStringRef config)
+{
+ if(CFEqual(config, kSSLSessionConfig_ATSv1)){
+ return tls_handshake_config_ATSv1;
+ } else if(CFEqual(config, kSSLSessionConfig_ATSv1_noPFS)){
+ return tls_handshake_config_ATSv1_noPFS;
+ } else if(CFEqual(config, kSSLSessionConfig_standard)){
+ return tls_handshake_config_standard;
+ } else if(CFEqual(config, kSSLSessionConfig_TLSv1_fallback)){
+ return tls_handshake_config_TLSv1_fallback;
+ } else if(CFEqual(config, kSSLSessionConfig_TLSv1_RC4_fallback)){
+ return tls_handshake_config_TLSv1_RC4_fallback;
+ } else if(CFEqual(config, kSSLSessionConfig_RC4_fallback)){
+ return tls_handshake_config_RC4_fallback;
+ } else if(CFEqual(config, kSSLSessionConfig_legacy)){
+ return tls_handshake_config_legacy;
+ } else if(CFEqual(config, kSSLSessionConfig_legacy_DHE)){
+ return tls_handshake_config_legacy_DHE;
+ } else if(CFEqual(config, kSSLSessionConfig_default)){
+ return tls_handshake_config_default;
+ } else {
+ return tls_handshake_config_none;
+ }
+}
+
+static
+const CFStringRef tls_handshake_config_to_SSLSessionConfig(tls_handshake_config_t config)
+{
+ switch(config) {
+ case tls_handshake_config_ATSv1:
+ return kSSLSessionConfig_ATSv1;
+ case tls_handshake_config_ATSv1_noPFS:
+ return kSSLSessionConfig_ATSv1_noPFS;
+ case tls_handshake_config_standard:
+ return kSSLSessionConfig_standard;
+ case tls_handshake_config_RC4_fallback:
+ return kSSLSessionConfig_RC4_fallback;
+ case tls_handshake_config_TLSv1_fallback:
+ return kSSLSessionConfig_TLSv1_fallback;
+ case tls_handshake_config_TLSv1_RC4_fallback:
+ return kSSLSessionConfig_TLSv1_RC4_fallback;
+ case tls_handshake_config_legacy:
+ return kSSLSessionConfig_legacy;
+ case tls_handshake_config_legacy_DHE:
+ return kSSLSessionConfig_legacy_DHE;
+ case tls_handshake_config_default:
+ return kSSLSessionConfig_default;
+ case tls_handshake_config_none:
+ return NULL;
+ }
+}
+
+
+/* Set Predefined TLS Configuration */
+OSStatus
+SSLSetSessionConfig(SSLContextRef context,
+ CFStringRef config)
+{
+ tls_handshake_config_t cfg = SSLSessionConfig_to_tls_handshake_config(config);
+ if(cfg>=0) {
+ return tls_handshake_set_config(context->hdsk, cfg);
+ } else {
+ return errSecParam;
+ }
+}
+
+OSStatus
+SSLGetSessionConfig(SSLContextRef context,
+ CFStringRef *config)
+{
+ tls_handshake_config_t cfg;
+ OSStatus err = tls_handshake_get_config(context->hdsk, &cfg);
+ if(err) {
+ return err;
+ }
+
+ *config = tls_handshake_config_to_SSLSessionConfig(cfg);
+
+ return noErr;
+}
+
SSLBuffer peerID;
SSLBuffer resumableSession; /* We keep a copy for now - but eventually this should go away if we get refcounted SSLBuffers */
- uint16_t *validCipherSuites; /* context's valid suites */
- unsigned numValidCipherSuites; /* size of validCipherSuites */
uint16_t *ecdhCurves;
if (ctx->state == SSL_HdskStateErrorClose)
return errSSLClosedAbort;
- if(ctx->validCipherSuites == NULL) {
- /* build list of legal cipherSpecs */
- err = sslBuildCipherSuiteArray(ctx);
- if(err) {
- return err;
- }
- }
-
err = errSecSuccess;
if(ctx->isDTLS && ctx->timeout_deadline) {
uint16_t cs = (uint16_t)(SupportedCipherSuites[i]);
KeyExchangeMethod kem = sslCipherSuiteGetKeyExchangeMethod(cs);
SSL_CipherAlgorithm cipher = sslCipherSuiteGetSymmetricCipherAlgorithm(cs);
+ tls_protocol_version min_version = sslCipherSuiteGetMinSupportedTLSVersion(cs);
+
CFArrayRef server_certs;
if(kem == SSL_ECDHE_ECDSA) {
SKIP:{
bool dtls = (protos[p] == kDTLSProtocol1);
- bool dtls_ok = (cipher != SSL_CipherAlgorithmRC4_128);
bool server_ok = ((kem != SSL_ECDH_ECDSA) && (kem != SSL_ECDH_RSA) && (kem != SSL_ECDH_anon));
bool dh_anonymous = ((kem == SSL_DH_anon) || (kem == TLS_PSK));
-
+ bool version_ok;
+
+ switch(protos[p]) {
+ case kDTLSProtocol1:
+ version_ok = cipher != SSL_CipherAlgorithmRC4_128 && (min_version != tls_protocol_version_TLS_1_2);
+ break;
+ case kSSLProtocol3:
+ version_ok = (min_version == tls_protocol_version_SSL_3);
+ break;
+ case kTLSProtocol1:
+ case kTLSProtocol11:
+ version_ok = (min_version != tls_protocol_version_TLS_1_2);
+ break;
+ case kTLSProtocol12:
+ version_ok = true;
+ break;
+ default:
+ version_ok = false;
+
+ }
skip("This ciphersuite is not supported by Server", 1, server_ok);
- skip("This ciphersuite is not supported for DTLS", 1, (dtls_ok || !dtls));
+ skip("This ciphersuite is not supported for this protocol version", 1, version_ok);
int sp[2];
if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp)) exit(errno);
return fail;
}
-static
-int allowed_default_ciphers(SSLCipherSuite cs, bool server, bool dhe_enabled)
-{
- switch (cs) {
-
- /* BAD to enable by default */
-
-
- /*
- * Tags for SSL 2 cipher kinds which are not specified
- * for SSL 3.
- */
- case SSL_RSA_WITH_RC2_CBC_MD5:
- case SSL_RSA_WITH_IDEA_CBC_MD5:
- case SSL_RSA_WITH_DES_CBC_MD5:
- case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
-
- /* Export and Simple DES ciphers */
- case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
- case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
- case SSL_RSA_WITH_IDEA_CBC_SHA:
- case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_RSA_WITH_DES_CBC_SHA:
- case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DH_DSS_WITH_DES_CBC_SHA:
- case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DH_RSA_WITH_DES_CBC_SHA:
- case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DHE_DSS_WITH_DES_CBC_SHA:
- case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DHE_RSA_WITH_DES_CBC_SHA:
- case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
- case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
- case SSL_DH_anon_WITH_DES_CBC_SHA:
- case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
- case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
-
- case SSL_NO_SUCH_CIPHERSUITE:
-
- /* Null ciphers. */
- case TLS_NULL_WITH_NULL_NULL:
- case TLS_RSA_WITH_NULL_MD5:
- case TLS_RSA_WITH_NULL_SHA:
- case TLS_RSA_WITH_NULL_SHA256:
- case TLS_ECDH_ECDSA_WITH_NULL_SHA:
- case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
- case TLS_ECDHE_RSA_WITH_NULL_SHA:
- case TLS_ECDH_RSA_WITH_NULL_SHA:
- case TLS_ECDH_anon_WITH_NULL_SHA:
-
- /* Completely anonymous Diffie-Hellman */
- case TLS_DH_anon_WITH_RC4_128_MD5:
- case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_anon_WITH_AES_128_CBC_SHA:
- case TLS_DH_anon_WITH_AES_256_CBC_SHA:
- case TLS_DH_anon_WITH_AES_128_CBC_SHA256:
- case TLS_DH_anon_WITH_AES_256_CBC_SHA256:
- case TLS_DH_anon_WITH_AES_128_GCM_SHA256:
- case TLS_DH_anon_WITH_AES_256_GCM_SHA384:
- case TLS_ECDH_anon_WITH_RC4_128_SHA:
- case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
-
-
- /* Sstatic Diffie-Hellman and DSS */
- case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
- case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
- case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
- case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
- case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
- case TLS_DH_DSS_WITH_AES_128_CBC_SHA256:
- case TLS_DH_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
- case TLS_DH_DSS_WITH_AES_256_CBC_SHA256:
- case TLS_DH_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
- case TLS_DH_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_DH_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:
- case TLS_DH_DSS_WITH_AES_128_GCM_SHA256:
- case TLS_DH_DSS_WITH_AES_256_GCM_SHA384:
-
- return 0;
-
-
- /* OK to enable by default on the client only (not supported on server) */
- case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
- case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDH_RSA_WITH_RC4_128_SHA:
- case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
- return !server;
-
- /* OK to enable by default for both client and server */
-
- case TLS_RSA_WITH_RC4_128_MD5:
- case TLS_RSA_WITH_RC4_128_SHA:
- case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_RSA_WITH_AES_128_CBC_SHA:
- case TLS_RSA_WITH_AES_256_CBC_SHA:
- case TLS_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_RSA_WITH_AES_256_GCM_SHA384:
-
-
- case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
- case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
- case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
- case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:
- case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
- return 1;
-
- case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
- case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
- case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:
- case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:
- case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:
- return dhe_enabled;
-
- /* RFC 5746 - Secure Renegotiation - not specified by the user or returned by APIs*/
- case TLS_EMPTY_RENEGOTIATION_INFO_SCSV:
- return 0;
-
- /* unknown cipher ? */
- default:
- return 0;
- }
-}
static OSStatus SocketWrite(SSLConnectionRef conn, const void *data, size_t *length)
{
}
-static int test_GetEnabledCiphers(SSLContextRef ssl, bool server, bool dhe_enabled)
+
+static const SSLCipherSuite legacy_ciphersuites[] = {
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+ SSL_RSA_WITH_RC4_128_SHA,
+ SSL_RSA_WITH_RC4_128_MD5,
+};
+
+const SSLCipherSuite legacy_DHE_ciphersuites[] = {
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+ SSL_RSA_WITH_RC4_128_SHA,
+ SSL_RSA_WITH_RC4_128_MD5,
+};
+
+
+
+const SSLCipherSuite standard_ciphersuites[] = {
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA,
+};
+
+const SSLCipherSuite ATSv1_ciphersuites[] = {
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+};
+
+const SSLCipherSuite ATSv1_noPFS_ciphersuites[] = {
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+
+ TLS_RSA_WITH_AES_256_GCM_SHA384,
+ TLS_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+};
+
+const SSLCipherSuite TLSv1_RC4_fallback_ciphersuites[] = {
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+ SSL_RSA_WITH_RC4_128_SHA,
+ SSL_RSA_WITH_RC4_128_MD5,
+};
+
+const SSLCipherSuite TLSv1_fallback_ciphersuites[] = {
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+ TLS_RSA_WITH_AES_256_CBC_SHA256,
+ TLS_RSA_WITH_AES_128_CBC_SHA256,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA,
+};
+
+
+
+static int test_GetEnabledCiphers(SSLContextRef ssl, unsigned expected_num_ciphers, const SSLCipherSuite *expected_ciphers)
{
- size_t max_ciphers = 0;
size_t num_ciphers;
- size_t num_ciphers_2;
size_t size;
int fail=1;
SSLCipherSuite *ciphers = NULL;
- SSLCipherSuite *ciphers_2 = NULL;
OSStatus err;
err=SSLSetIOFuncs(ssl, &SocketRead, &SocketWrite);
err=SSLSetConnection(ssl, NULL);
- require_noerr(SSLGetNumberEnabledCiphers(ssl, &max_ciphers), out);
+ require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_ciphers), out);
+ require_string(num_ciphers==expected_num_ciphers, out, "wrong ciphersuites number");
- err=SSLHandshake(ssl);
-
- require_noerr(SSLGetNumberEnabledCiphers(ssl, &max_ciphers), out);
-
- require(max_ciphers == (dhe_enabled?32:25), out);
-
- size = max_ciphers * sizeof (SSLCipherSuite);
+ size = num_ciphers * sizeof (SSLCipherSuite);
ciphers = (SSLCipherSuite *) malloc(size);
require_string(ciphers, out, "out of memory");
memset(ciphers, 0xff, size);
- num_ciphers = max_ciphers;
require_noerr(SSLGetEnabledCiphers(ssl, ciphers, &num_ciphers), out);
+ require_string(memcmp(ciphers, expected_ciphers, size)==0, out, "wrong ciphersuites");
- //printf("Ciphers Enabled before first handshake: %zd\n", num_ciphers);
-
- for (size_t i = 0; i < num_ciphers; i++) {
- char csname[256];
- snprintf(csname, 256, "(%04x) %s", ciphers[i], ciphersuite_name(ciphers[i]));
- /* Uncomment the next line if you want to list the default enabled ciphers */
- //printf("%s\n", csname);
- require_string(allowed_default_ciphers(ciphers[i], server, dhe_enabled), out, csname);
- }
+ free(ciphers);
+ ciphers = NULL;
err=SSLHandshake(ssl);
- require_noerr(SSLGetNumberEnabledCiphers(ssl, &max_ciphers), out);
-
- size = max_ciphers * sizeof (SSLCipherSuite);
- ciphers_2 = (SSLCipherSuite *) malloc(size);
- require_string(ciphers_2, out, "out of memory");
- memset(ciphers_2, 0xff, size);
-
- num_ciphers_2 = max_ciphers;
- require_noerr(SSLGetEnabledCiphers(ssl, ciphers_2, &num_ciphers_2), out);
- //printf("Ciphers Enabled after first handshake: %zd\n", num_ciphers_2);
+ require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_ciphers), out);
+ require_string(num_ciphers==expected_num_ciphers, out, "wrong ciphersuites number");
- for (size_t i = 0; i < num_ciphers_2; i++) {
- char csname[256];
- snprintf(csname, 256, "(%04x) %s", ciphers_2[i], ciphersuite_name(ciphers_2[i]));
- /* Uncomment the next line if you want to list the default enabled ciphers */
- //printf("%s\n", csname);
- }
+ size = num_ciphers * sizeof (SSLCipherSuite);
+ ciphers = (SSLCipherSuite *) malloc(size);
+ require_string(ciphers, out, "out of memory");
+ memset(ciphers, 0xff, size);
- require(num_ciphers_2 == num_ciphers, out);
- require((memcmp(ciphers, ciphers_2, num_ciphers*sizeof(uint16_t)) == 0), out);
+ require_noerr(SSLGetEnabledCiphers(ssl, ciphers, &num_ciphers), out);
+ require_string(memcmp(ciphers, expected_ciphers, size)==0, out, "wrong ciphersuites");
/* Success! */
fail=0;
out:
- if(ciphers) free(ciphers);
- if(ciphers_2) free(ciphers_2);
+ free(ciphers);
return fail;
}
-static int test_SetEnabledCiphers(SSLContextRef ssl, bool server)
+static int test_SetEnabledCiphers(SSLContextRef ssl)
{
int fail=1;
size_t num_enabled;
static void
-test(SSLProtocolSide side, bool dhe_enabled)
+test_dhe(SSLProtocolSide side, bool dhe_enabled)
{
SSLContextRef ssl = NULL;
bool server = (side == kSSLServerSide);
- require(ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType), out);
- ok(ssl, "SSLCreateContext failed");
+ ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
+ ok(ssl, "test_dhe: SSLCreateContext(1) failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
+ require(ssl, out);
- ok_status(SSLSetDHEEnabled(ssl, dhe_enabled));
+ ok_status(SSLSetDHEEnabled(ssl, dhe_enabled),"test_dhe: SSLSetDHEEnabled failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
+ unsigned num = (dhe_enabled?sizeof(legacy_DHE_ciphersuites):sizeof(legacy_ciphersuites))/sizeof(SSLCipherSuite);
+ const SSLCipherSuite *ciphers = dhe_enabled?legacy_DHE_ciphersuites:legacy_ciphersuites;
/* The order of this tests does matter, be careful when adding tests */
- ok(!test_GetSupportedCiphers(ssl, server), "GetSupportedCiphers test failed");
- ok(!test_GetEnabledCiphers(ssl, server, dhe_enabled), "GetEnabledCiphers test failed");
+ ok(!test_GetSupportedCiphers(ssl, server), "test_dhe: GetSupportedCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
+ ok(!test_GetEnabledCiphers(ssl, num, ciphers), "test_dhe: GetEnabledCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
CFRelease(ssl); ssl=NULL;
- require(ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType), out);
- ok(ssl, "SSLCreateContext failed");
-
- ok(!test_SetEnabledCiphers(ssl, server), "SetEnabledCiphers test failed");
+ ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
+ ok(ssl, "test_dhe: SSLCreateContext(2) failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
+ require(ssl, out);
+
+ ok(!test_SetEnabledCiphers(ssl), "test_dhe: SetEnabledCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled");
out:
if(ssl) CFRelease(ssl);
}
-
-int ssl_46_SSLGetSupportedCiphers(int argc, char *const *argv)
+static void
+test_config(SSLProtocolSide side, CFStringRef config, unsigned num, const SSLCipherSuite *ciphers)
{
- plan_tests(24);
+ SSLContextRef ssl = NULL;
+ bool server = (side == kSSLServerSide);
- test(kSSLClientSide, true);
- test(kSSLServerSide, true);
- test(kSSLClientSide, false);
- test(kSSLServerSide, false);
+ ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
+ ok(ssl, "test_config: SSLCreateContext(1) failed (%s,%@)", server?"server":"client", config);
+ require(ssl, out);
+
+ ok_status(SSLSetSessionConfig(ssl, config), "test_config: SSLSetSessionConfig failed (%s,%@)", server?"server":"client", config);
+
+ /* The order of this tests does matter, be careful when adding tests */
+ ok(!test_GetSupportedCiphers(ssl, server), "test_config: GetSupportedCiphers test failed (%s,%@)", server?"server":"client", config);
+ ok(!test_GetEnabledCiphers(ssl, num, ciphers), "test_config: GetEnabledCiphers test failed (%s,%@)", server?"server":"client", config);
+
+ CFRelease(ssl); ssl=NULL;
+ ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType);
+ ok(ssl, "test_config: SSLCreateContext(2) failed (%s,%@)", server?"server":"client", config);
+ require(ssl, out);
+
+ ok(!test_SetEnabledCiphers(ssl), "test_config: SetEnabledCiphers test failed (%s,%@)", server?"server":"client", config);
+
+out:
+ if(ssl) CFRelease(ssl);
+}
+
+
+
+int ssl_46_SSLGetSupportedCiphers(int argc, char *const *argv)
+{
+ plan_tests(132);
+
+ test_dhe(kSSLClientSide, true);
+ test_dhe(kSSLServerSide, true);
+ test_dhe(kSSLClientSide, false);
+ test_dhe(kSSLServerSide, false);
+
+#define TEST_CONFIG(x, y) do { \
+ test_config(kSSLClientSide, x, sizeof(y)/sizeof(SSLCipherSuite), y); \
+ test_config(kSSLServerSide, x, sizeof(y)/sizeof(SSLCipherSuite), y); \
+} while(0)
+
+ TEST_CONFIG(kSSLSessionConfig_ATSv1, ATSv1_ciphersuites);
+ TEST_CONFIG(kSSLSessionConfig_ATSv1_noPFS, ATSv1_noPFS_ciphersuites);
+ TEST_CONFIG(kSSLSessionConfig_legacy, legacy_ciphersuites);
+ TEST_CONFIG(kSSLSessionConfig_legacy_DHE, legacy_DHE_ciphersuites);
+ TEST_CONFIG(kSSLSessionConfig_standard, standard_ciphersuites);
+ TEST_CONFIG(kSSLSessionConfig_RC4_fallback, legacy_ciphersuites);
+ TEST_CONFIG(kSSLSessionConfig_TLSv1_fallback, standard_ciphersuites);
+ TEST_CONFIG(kSSLSessionConfig_TLSv1_RC4_fallback, legacy_ciphersuites);
+ TEST_CONFIG(kSSLSessionConfig_default, legacy_ciphersuites);
return 0;
}
#include "Utilities.h"
#include "SecDigestTransform.h"
#include "Digest.h"
-#include <Security/SecRandom.h>
+#include <Security/SecRandomP.h>
#include <Security/SecKey.h>
#include "SecMaskGenerationFunctionTransform.h"
seed = (CFDataRef)this->GetAttribute(CFSTR("FixedSeedForOAEPTesting"));
raw_seed = NULL;
if (seed) {
- raw_seed = (UInt8*)CFDataGetBytePtr(seed);
(void)transforms_assume(hLen == CFDataGetLength(seed));
CFRetain(seed);
} else {
- raw_seed = (UInt8*)malloc(hLen);
- if (!raw_seed) {
- error = GetNoMemoryErrorAndRetain();
- goto out;
- }
- SecRandomCopyBytes(kSecRandomDefault, hLen, raw_seed);
- seed = CFDataCreateWithBytesNoCopy(NULL, raw_seed, hLen, kCFAllocatorMalloc);
+ seed = SecRandomCopyData(kSecRandomDefault, hLen);
if (!seed) {
- free(raw_seed);
error = GetNoMemoryErrorAndRetain();
+ goto out;
}
}
+ raw_seed = (UInt8*)CFDataGetBytePtr(seed);
// (7) Let dbMask = MGF (seed, emLen − hLen).
mgf_dbMask = transforms_assume(SecCreateMaskGenerationFunctionTransform(hashAlgo, desired_message_length - hLen, &error));
//
// Translate strings into CFStrings
//
-inline CFStringRef makeCFString(const char *s, CFStringEncoding encoding = kCFStringEncodingUTF8)
+inline CFStringRef makeCFString(const char *s, CFStringEncoding encoding)
{
return s ? CFStringCreateWithCString(NULL, s, encoding) : NULL;
}
+
+inline CFStringRef makeCFString(const char *s)
+{
+ if (s == NULL)
+ return NULL;
+ CFStringRef result = CFStringCreateWithCString(NULL, s, kCFStringEncodingUTF8);
+ if (result == NULL) {
+ result = CFStringCreateWithCString(NULL, s, kCFStringEncodingASCII);
+ if (result == NULL)
+ CFError::throwMe();
+ }
+ return result;
+}
-inline CFStringRef makeCFString(const string &s, CFStringEncoding encoding = kCFStringEncodingUTF8)
+inline CFStringRef makeCFString(const string &s, CFStringEncoding encoding)
{
- return CFStringCreateWithCString(NULL, s.c_str(), encoding);
+ return makeCFString(s.c_str(), encoding);
}
+inline CFStringRef makeCFString(const string &s)
+{
+ return makeCFString(s.c_str());
+}
+
inline CFStringRef makeCFString(CFDataRef data, CFStringEncoding encoding = kCFStringEncodingUTF8)
{
return CFStringCreateFromExternalRepresentation(NULL, data, encoding);
while (off < gapSize) {
size_t want = min(gapSize - off, (size_t)PAGE_SIZE);
size_t got = fd.read(gapBytes, want, prevHeaderEnd + off);
+ if (got == 0) {
+ mSuspicious = true;
+ break;
+ }
off += got;
for (size_t x = 0; x < got; x++) {
if (gapBytes[x] != 0) {
C2B1EE2906D5929700F68F34 /* muscle++.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "muscle++.h"; sourceTree = "<group>"; };
C2B9F35F0D5A288900CAB713 /* cfmunge.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cfmunge.cpp; sourceTree = "<group>"; };
C2B9F3600D5A288900CAB713 /* cfmunge.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cfmunge.h; sourceTree = "<group>"; };
- C2B9F3610D5A288900CAB713 /* macho++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "macho++.cpp"; sourceTree = "<group>"; };
+ C2B9F3610D5A288900CAB713 /* macho++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "macho++.cpp"; sourceTree = "<group>"; usesTabs = 1; };
C2B9F3620D5A288900CAB713 /* macho++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "macho++.h"; sourceTree = "<group>"; };
C2C164890F66F2CA00FD6D34 /* kq++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "kq++.h"; sourceTree = "<group>"; };
C2C1648D0F66F2D300FD6D34 /* kq++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "kq++.cpp"; sourceTree = "<group>"; };
return true;
}
-bool SOSAccountUpdateFullPeerInfo(SOSAccountRef account, CFSetRef minimumViews) {
+bool SOSAccountUpdateFullPeerInfo(SOSAccountRef account, CFSetRef minimumViews, CFSetRef excludedViews) {
if (account->trusted_circle && account->my_identity) {
- if(SOSFullPeerInfoUpdateToCurrent(account->my_identity, minimumViews)) {
+ if(SOSFullPeerInfoUpdateToCurrent(account->my_identity, minimumViews, excludedViews)) {
SOSAccountModifyCircle(account, NULL, ^(SOSCircleRef circle_to_change) {
secnotice("circleChange", "Calling SOSCircleUpdatePeerInfo for gestalt change");
return SOSCircleUpdatePeerInfo(circle_to_change, SOSFullPeerInfoGetPeerInfo(account->my_identity));
require_action_quiet(account->my_identity, xit,
SOSCreateError(kSOSErrorBadFormat, CFSTR("Account identity not set"), NULL, &error));
- CFStringRef deviceID = SOSPeerInfoCopyDeviceID(SOSFullPeerInfoGetPeerInfo(account->my_identity));
- if(deviceID == NULL || CFStringGetLength(deviceID) == 0){
- hasID = false;
- secerror("Cannot sync with all peers at this time, securityd needs the IDS device ID first.");
-
- __block bool success = true;
-
- SOSCloudKeychainGetIDSDeviceID(^(CFDictionaryRef returnedValues, CFErrorRef sync_error){
- success = (sync_error == NULL);
- if (!success) {
- CFRetainAssign(error, sync_error);
- }
- });
-
- if(!success){
- secerror("Could not ask IDSKeychainSyncingProxy for Device ID: %@", error);
- }
- else{
- secdebug("IDS Transport", "Attempting to retrieve the IDS Device ID");
- }
- }
- CFReleaseNull(deviceID);
-
+ SOSTransportMessageIDSGetIDSDeviceID(account);
require_action_quiet(account->trusted_circle, xit,
SOSCreateError(kSOSErrorBadFormat, CFSTR("Account trusted circle not set"), NULL, &error));
//Initialize our device ID
if(whichTransportType == kSOSTransportIDS || whichTransportType == kSOSTransportFuture || whichTransportType == kSOSTransportPresent){
- CFStringRef deviceID = SOSPeerInfoCopyDeviceID(SOSFullPeerInfoGetPeerInfo(account->my_identity));
- if( deviceID == NULL || CFStringGetLength(deviceID) == 0){
-
- __block bool success = true;
- __block CFErrorRef localError = NULL;
-
- SOSCloudKeychainGetIDSDeviceID(^(CFDictionaryRef returnedValues, CFErrorRef sync_error){
- success = (sync_error == NULL);
- if (!success) {
- CFRetainAssign(localError, sync_error);
- }
- });
-
- if(!success && localError != NULL && error != NULL){
- secerror("Could not ask IDSKeychainSyncingProxy for Device ID: %@", localError);
- *error = localError;
- }
- else{
- secdebug("IDS Transport", "Attempting to retrieve the IDS Device ID");
- }
- CFReleaseNull(localError);
- }
- CFReleaseNull(deviceID);
+ SOSTransportMessageIDSGetIDSDeviceID(account);
}
done:
//
bool SOSAccountUpdateGestalt(SOSAccountRef account, CFDictionaryRef new_gestalt);
-bool SOSAccountUpdateFullPeerInfo(SOSAccountRef account, CFSetRef minimumViews);
+bool SOSAccountUpdateFullPeerInfo(SOSAccountRef account, CFSetRef minimumViews, CFSetRef excludedViews);
SOSViewResultCode SOSAccountUpdateView(SOSAccountRef account, CFStringRef viewname, SOSViewActionCode actionCode, CFErrorRef *error);
require_quiet(circle, exit);
- SOSCircleForEachActiveValidPeer(circle, account->user_public, ^(SOSPeerInfoRef peer) {
+ SOSCircleForEachValidPeer(circle, account->user_public, ^(SOSPeerInfoRef peer) {
if (SOSPeerInfoIsViewBackupEnabled(peer, viewName))
CFSetAddValue(backupPeers, peer);
});
CFArrayRef SOSAccountCopyViewUnaware(SOSAccountRef account, CFErrorRef *error) {
return SOSAccountCopySortedPeerArray(account, error, ^(SOSCircleRef circle, CFMutableArrayRef appendPeersTo) {
SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) {
- if (!SOSPeerInfoVersionHasV2Data(peer)) {
+ if (!SOSPeerInfoVersionHasV2Data(peer) ) {
sosArrayAppendPeerCopy(appendPeersTo, peer);
+ } else {
+ CFSetRef peerEnabledViews = SOSPeerInfoCopyEnabledViews(peer);
+ CFSetRef enabledV0Views = CFSetCreateIntersection(kCFAllocatorDefault, peerEnabledViews, SOSViewsGetV0ViewSet());
+ if(CFSetGetCount(enabledV0Views) != 0) {
+ sosArrayAppendPeerCopy(appendPeersTo, peer);
+ }
+ CFReleaseNull(peerEnabledViews);
+ CFReleaseNull(enabledV0Views);
}
});
});
// if we were syncing legacy keychain, ensure we include those legacy views.
bool wasSyncingLegacy = !SOSPeerInfoVersionIsCurrent(myPI) && SOSAccountIsInCircle(account, NULL);
CFSetRef viewsToEnsure = SOSViewsCreateDefault(wasSyncingLegacy, NULL);
- SOSAccountUpdateFullPeerInfo(account, viewsToEnsure);
+ SOSAccountUpdateFullPeerInfo(account, viewsToEnsure, SOSViewsGetV0ViewSet()); // We don't permit V0 view proper, only sub-views
CFReleaseNull(viewsToEnsure);
}
if (der_end == NULL) return der_end;
require_quiet(SecRequirementError(set != NULL, error, CFSTR("Null set passed to encode")), fail);
+ require_quiet(set, fail); // This should be removed when SecRequirementError can squelch analyzer warnings
der_end = ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, der_end, der,
der_encode_data(set->aks_bag, error, der,
require_quiet(SecRequirementError(data != NULL, error, CFSTR("data required for wrapping")), exit);
require_quiet(SecRequirementError(ec_ctx != NULL, error, CFSTR("ec pub key required for wrapping")), exit);
+ require_quiet(ec_ctx, exit); // This should be removed when SecRequirementError can squelch analyzer warnings
outputLength = ccec_rfc6637_wrap_key_size(ec_ctx, CCEC_RFC6637_COMPACT_KEYS | DEBUGKEYS, CFDataGetLength(data));
// reflect that we actually have these objects if we didn't already.
// Ensure any objects that we received and have locally already are actually in our local manifest
- SOSEngineUpdateChanges_locked(engine, NULL, kSOSDataSourceTransactionDidCommit, kSOSDataSourceSOSTransaction, changes, error);
+ SOSEngineUpdateChanges_locked(engine, txn, kSOSDataSourceTransactionDidCommit, kSOSDataSourceSOSTransaction, changes, error);
}
CFReleaseSafe(changes);
}) ? retval : kSOSCCGeneralViewError;
}
+static CFMutableSetRef SOSFullPeerInfoCopyViewUpdate(SOSFullPeerInfoRef peer, CFSetRef minimumViews, CFSetRef excludedViews) {
+ CFSetRef enabledViews = SOSPeerInfoCopyEnabledViews(peer->peer_info);
+ CFMutableSetRef newViews = SOSPeerInfoCopyEnabledViews(peer->peer_info);
-static bool CFSetIsSubset(CFSetRef smaller, CFSetRef bigger) {
- __block bool isSubset = true;
- CFSetForEach(smaller, ^(const void *value) {
- if (!CFSetContainsValue(bigger, value)) {
- isSubset = false;
- }
- });
+ if (isSet(minimumViews)) {
+ CFSetUnion(newViews, minimumViews);
+ }
+ if (isSet(excludedViews)) {
+ CFSetSubtract(newViews, excludedViews);
+ }
- return isSubset;
-}
+ if (CFEqualSafe(newViews, enabledViews)) {
+ CFReleaseNull(newViews);
+ }
-static void CFSetUnionSet(CFMutableSetRef target, CFSetRef source) {
- CFSetForEach(source, ^(const void *value) {
- CFSetAddValue(target, value);
- });
+ CFReleaseNull(enabledViews);
+ return newViews;
}
-static bool sosFullPeerInfoNeedsViewUpdate(SOSFullPeerInfoRef peer, CFSetRef minimumViews) {
- CFSetRef currentViews = SOSPeerInfoCopyEnabledViews(peer->peer_info);
- bool success = isSet(minimumViews) && (!isSet(currentViews) || !CFSetIsSubset(minimumViews, currentViews));
- CFReleaseNull(currentViews);
- return success;
+static bool SOSFullPeerInfoNeedsViewUpdate(SOSFullPeerInfoRef peer, CFSetRef minimumViews, CFSetRef excludedViews) {
+ CFSetRef updatedViews = SOSFullPeerInfoCopyViewUpdate(peer, minimumViews, excludedViews);
+ bool needsUpdate = (updatedViews != NULL);
+ CFReleaseNull(updatedViews);
+ return needsUpdate;
}
-static bool sosFullPeerInfoRequiresUpdate(SOSFullPeerInfoRef peer, CFSetRef minimumViews) {
+static bool sosFullPeerInfoRequiresUpdate(SOSFullPeerInfoRef peer, CFSetRef minimumViews, CFSetRef excludedViews) {
if(!SOSPeerInfoVersionIsCurrent(peer->peer_info)) return true;
if(!SOSPeerInfoSerialNumberIsSet(peer->peer_info)) return true;
if(!(SOSPeerInfoV2DictionaryHasString(peer->peer_info, sDeviceID)))return true;
if(!(SOSPeerInfoV2DictionaryHasString(peer->peer_info, sTransportType))) return true;
if(!(SOSPeerInfoV2DictionaryHasBoolean(peer->peer_info, sPreferIDS))) return true;
- if(sosFullPeerInfoNeedsViewUpdate(peer, minimumViews)) return true;
+ if(SOSFullPeerInfoNeedsViewUpdate(peer, minimumViews, excludedViews)) return true;
return false;
}
// Returning false indicates we don't need to upgrade.
-bool SOSFullPeerInfoUpdateToCurrent(SOSFullPeerInfoRef peer, CFSetRef minimumViews) {
- CFMutableSetRef newViews = NULL;
-
- if(!sosFullPeerInfoRequiresUpdate(peer, minimumViews)) return false;
+bool SOSFullPeerInfoUpdateToCurrent(SOSFullPeerInfoRef peer, CFSetRef minimumViews, CFSetRef excludedViews) {
+ bool success = false;
- CFSetRef currentViews = SOSPeerInfoCopyEnabledViews(peer->peer_info);
- if (sosFullPeerInfoNeedsViewUpdate(peer, minimumViews)) {
- newViews = isSet(currentViews) ? CFSetCreateMutableCopy(kCFAllocatorDefault, 0, currentViews) : CFSetCreateMutableForCFTypes(kCFAllocatorDefault);
- CFSetUnionSet(newViews, minimumViews);
- }
-
+ CFMutableSetRef newViews = NULL;
CFErrorRef copyError = NULL;
CFErrorRef createError = NULL;
- SecKeyRef device_key = SOSFullPeerInfoCopyDeviceKey(peer, ©Error);
+ SecKeyRef device_key = NULL;
+
+ require_quiet(sosFullPeerInfoRequiresUpdate(peer, minimumViews, excludedViews), errOut);
+
+ newViews = SOSFullPeerInfoCopyViewUpdate(peer, minimumViews, excludedViews);
+
+ device_key = SOSFullPeerInfoCopyDeviceKey(peer, ©Error);
require_action_quiet(device_key, errOut,
secnotice("upgrade", "SOSFullPeerInfoCopyDeviceKey failed: %@", copyError));
SOSPeerInfoRef newPeer = SOSPeerInfoCreateCurrentCopy(kCFAllocatorDefault, peer->peer_info,
- NULL, NULL, NULL, newViews ? newViews : minimumViews,
+ NULL, NULL, NULL, newViews,
device_key, &createError);
require_action_quiet(newPeer, errOut,
secnotice("upgrade", "Peer info v2 create copy failed: %@", createError));
CFTransferRetained(peer->peer_info, newPeer);
-
- CFReleaseNull(currentViews);
- CFReleaseSafe(newViews);
- CFReleaseNull(device_key);
- return true;
-
+
+ success = true;
+
errOut:
- CFReleaseNull(currentViews);
- CFReleaseSafe(newViews);
+ CFReleaseNull(newViews);
CFReleaseNull(copyError);
CFReleaseNull(createError);
CFReleaseNull(device_key);
- return false;
+ return success;
}
SOSViewResultCode SOSFullPeerInfoViewStatus(SOSFullPeerInfoRef peer, CFStringRef viewname, CFErrorRef *error)
bool SOSFullPeerInfoReplaceEscrowRecords(SOSFullPeerInfoRef peer, CFDictionaryRef escrowRecords, CFErrorRef* error);
-bool SOSFullPeerInfoUpdateToCurrent(SOSFullPeerInfoRef peer, CFSetRef minimumViews);
+bool SOSFullPeerInfoUpdateToCurrent(SOSFullPeerInfoRef peer, CFSetRef minimumViews, CFSetRef excludedViews);
SOSViewResultCode SOSFullPeerInfoUpdateViews(SOSFullPeerInfoRef peer, SOSViewActionCode action, CFStringRef viewname, CFErrorRef* error);
sGestaltKey, pi->gestalt,
NULL);
- if (backup_key != NULL)
- SOSPeerInfoV2DictionarySetValue(pi, sBackupKeyKey, backup_key);
-
description_modifier(pi->description);
}
require_action_quiet((v2data = SOSCreateDERFromDictionary(v2Dictionary, error)), out, SOSCreateError(kSOSErrorAllocationFailure, CFSTR("No Memory"), NULL, error));
CFDictionaryAddValue(pi->description, sV2DictionaryKey, v2data);
- SOSPeerInfoExpandV2Data(pi, error);
+ //SOSPeerInfoExpandV2Data(pi, error);
retval = true;
out:
CFReleaseNull(views);
bool SOSPeerInfoExpandV2Data(SOSPeerInfoRef pi, CFErrorRef *error) {
CFDataRef v2data = NULL;
- CFMutableDictionaryRef v2Dictionary = NULL;
+ bool retval = false;
- require_action_quiet((v2data = SOSPeerInfoGetV2Data(pi)), out, SOSCreateError(kSOSErrorDecodeFailure, CFSTR("No V2 Data in description"), NULL, error));
- require_action_quiet((v2Dictionary = SOSCreateDictionaryFromDER(v2data, error)), out, SOSCreateError(kSOSErrorDecodeFailure, CFSTR("Can't expand V2 Dictionary"), NULL, error));
+ require_quiet(pi, out);
CFReleaseNull(pi->v2Dictionary);
- pi->v2Dictionary = v2Dictionary;
- return true;
-
+ require_action_quiet((v2data = SOSPeerInfoGetV2Data(pi)), out, SOSCreateError(kSOSErrorDecodeFailure, CFSTR("No V2 Data in description"), NULL, error));
+ require_action_quiet((pi->v2Dictionary = SOSCreateDictionaryFromDER(v2data, error)), out, SOSCreateError(kSOSErrorDecodeFailure, CFSTR("Can't expand V2 Dictionary"), NULL, error));
+ retval = true;
out:
- CFReleaseNull(v2Dictionary);
- return false;
-
+ return retval;
}
void SOSPeerInfoV2DictionarySetValue(SOSPeerInfoRef pi, const void *key, const void *value) {
return retval;
}
-static bool CFSetIsSubset(CFSetRef little, CFSetRef big) {
- __block bool retval = true;
- CFSetForEach(little, ^(const void *value) {
- if(!CFSetContainsValue(big, value)) retval = false;
- });
- return retval;
-}
-
// Make sure that the ring includes me if I'm enabled for its view.
static SOSConcordanceStatus SOSBackupRingEvaluateMyInclusion(SOSRingRef ring, SOSFullPeerInfoRef me) {
bool shouldBeInRing = false;
// Initialize ourselves
- CFStringRef deviceID = SOSPeerInfoCopyDeviceID(SOSFullPeerInfoGetPeerInfo(account->my_identity));
- if(deviceID == NULL || CFStringGetLength(deviceID) == 0){
-
- __block bool success = true;
- __block CFErrorRef localError = NULL;
- SOSCloudKeychainGetIDSDeviceID(^(CFDictionaryRef returnedValues, CFErrorRef sync_error){
- success = (sync_error == NULL);
- if (!success) {
- CFRetainAssign(localError, sync_error);
- }
- });
-
- if(!success && localError != NULL && error != NULL){
- secerror("Could not ask IDSKeychainSyncingProxy for Device ID: %@", localError);
- *error = localError;
- }
- else{
- secdebug("IDS Transport", "Attempting to retrieve the IDS Device ID");
- }
- }
- CFReleaseNull(deviceID);
+ SOSTransportMessageIDSGetIDSDeviceID(account);
SOSRegisterTransportMessage((SOSTransportMessageRef)ids);
}
{
return true;
}
+
+void SOSTransportMessageIDSGetIDSDeviceID(SOSAccountRef account){
+
+ CFStringRef deviceID = SOSPeerInfoCopyDeviceID(SOSFullPeerInfoGetPeerInfo(account->my_identity));
+ if( deviceID == NULL || CFStringGetLength(deviceID) == 0){
+ SOSCloudKeychainGetIDSDeviceID(^(CFDictionaryRef returnedValues, CFErrorRef sync_error){
+ bool success = (sync_error == NULL);
+ if (!success) {
+ secerror("Could not ask IDSKeychainSyncingProxy for Device ID: %@", sync_error);
+ }
+ else{
+ secdebug("IDS Transport", "Successfully attempting to retrieve the IDS Device ID");
+ }
+ });
+ }
+ CFReleaseNull(deviceID);
+}
HandleIDSMessageReason SOSTransportMessageIDSHandleMessage(SOSAccountRef account, CFDictionaryRef message, CFErrorRef *error);
+void SOSTransportMessageIDSGetIDSDeviceID(SOSAccountRef account);
ONE_TEST(si_16_ec_certificate)
ONE_TEST(si_20_sectrust_activation)
ONE_TEST(si_20_sectrust)
-ONE_TEST(si_20_sectrust_att)
ONE_TEST(si_21_sectrust_asr)
ONE_TEST(si_22_sectrust_iap)
ONE_TEST(si_23_sectrust_ocsp)
ONE_TEST(si_84_atv_appsigning)
ONE_TEST(si_85_sectrust_ssl_policy)
ONE_TEST(si_86_sectrust_eap_tls)
+ONE_TEST(si_87_sectrust_name_constraints)
+ONE_TEST(si_88_sectrust_vpnprofile)
ONE_TEST(vmdh_40)
ONE_TEST(vmdh_41_example)
+++ /dev/null
-/*
- * Copyright (c) 2006-2010,2012-2015 Apple Inc. All Rights Reserved.
- */
-
-#include <CoreFoundation/CoreFoundation.h>
-#include <Security/SecCertificate.h>
-#include <Security/SecCertificatePriv.h>
-#include <Security/SecInternal.h>
-#include <Security/SecPolicyPriv.h>
-#include <Security/SecTrustPriv.h>
-#include <Security/SecItem.h>
-#include <ipc/securityd_client.h>
-#include <utilities/array_size.h>
-#include <utilities/SecCFWrappers.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "Security_regressions.h"
-
-/* subject:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=nmd.mcd06643.sjc.wayport.net */
-/* issuer :/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=AWS Managed Device CA G2 */
-
-static unsigned char c0[1582]={
- 0x30,0x82,0x06,0x2A,0x30,0x82,0x05,0x12,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x0B,
- 0x3B,0x5F,0x62,0x39,0x50,0xB5,0x6E,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
- 0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x78,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
- 0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,
- 0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,
- 0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,
- 0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x13,0x12,0x41,0x54,0x54,0x20,0x57,
- 0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x21,0x30,
- 0x1F,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x41,0x57,0x53,0x20,0x4D,0x61,0x6E,0x61,
- 0x67,0x65,0x64,0x20,0x44,0x65,0x76,0x69,0x63,0x65,0x20,0x43,0x41,0x20,0x47,0x32,
- 0x30,0x1E,0x17,0x0D,0x31,0x35,0x30,0x38,0x31,0x32,0x30,0x32,0x30,0x35,0x31,0x31,
- 0x5A,0x17,0x0D,0x31,0x35,0x30,0x38,0x32,0x32,0x30,0x32,0x30,0x35,0x31,0x31,0x5A,
- 0x30,0x7C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,
- 0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,0x54,0x65,0x78,0x61,0x73,0x31,
- 0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x41,0x54,0x54,0x20,0x53,0x65,
- 0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0x31,0x1B,0x30,0x19,0x06,0x03,
- 0x55,0x04,0x0B,0x13,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,
- 0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x03,
- 0x13,0x1C,0x6E,0x6D,0x64,0x2E,0x6D,0x63,0x64,0x30,0x36,0x36,0x34,0x33,0x2E,0x73,
- 0x6A,0x63,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x82,
- 0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,
- 0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xD0,
- 0x65,0xD5,0x7A,0x99,0xB8,0x19,0x83,0x22,0x9F,0xE0,0x0E,0xDA,0x16,0x37,0x74,0x2A,
- 0xDD,0xDA,0xD3,0x5A,0xBE,0xBC,0xDC,0xF7,0x3F,0xBC,0x16,0x24,0x94,0x3A,0xDA,0x51,
- 0xD6,0xB4,0xA6,0x0E,0x2F,0xC6,0x87,0x74,0x50,0x0F,0x60,0xDD,0x6C,0xD5,0xD6,0x5B,
- 0x0C,0x69,0x54,0x06,0x51,0x70,0xB7,0xA3,0x4D,0x2A,0x81,0x07,0xC8,0xE6,0xFB,0x08,
- 0x0D,0x4B,0xA3,0xBE,0xC8,0x1D,0x83,0xBB,0x8D,0xD4,0xB6,0x67,0x5A,0x41,0x03,0xF4,
- 0x14,0x31,0x23,0x14,0x25,0xF9,0x59,0xAA,0x0D,0x32,0xAF,0xA7,0x4E,0x65,0xDE,0x24,
- 0x76,0x06,0x50,0x6D,0xF0,0x0A,0x2A,0x7F,0x88,0xA9,0x6A,0x52,0x1C,0xB0,0xFE,0xF3,
- 0xD3,0xE2,0x33,0xBD,0x4E,0xBC,0xB8,0xFB,0x27,0xD0,0x24,0x1F,0x17,0xAF,0xA9,0xDE,
- 0x5D,0x40,0xAD,0x20,0xBB,0xF8,0x88,0x90,0x4E,0x34,0x9F,0xEF,0x21,0x70,0xBB,0xB2,
- 0x15,0x1C,0xB7,0x86,0x37,0x34,0x31,0x8F,0x73,0xBE,0x97,0xDF,0x25,0xE5,0x8F,0x2F,
- 0x0D,0xB8,0xAA,0x24,0x8B,0x73,0x3D,0x73,0xD2,0xFB,0x50,0x0D,0x02,0x31,0x32,0xFC,
- 0x8E,0x8E,0x45,0xC7,0x97,0x61,0x68,0xB0,0xFC,0xF3,0xD1,0x49,0xCE,0x66,0x83,0x6A,
- 0x15,0x30,0xAF,0x3F,0x8D,0x8F,0xFC,0x0E,0x2D,0xA4,0x05,0x9E,0xAC,0xDF,0xFD,0xB9,
- 0xF3,0x83,0x69,0x4A,0xEB,0xA9,0x0E,0x3F,0x32,0xA8,0x25,0x95,0xB5,0x10,0xFF,0xF9,
- 0x29,0x1B,0x15,0xA7,0x23,0x35,0x65,0xA5,0x74,0xB3,0x1D,0x0D,0x18,0xE2,0x02,0x5C,
- 0xEA,0xD7,0xB6,0x50,0x61,0x0C,0x2B,0x90,0x01,0xED,0x69,0xFA,0xEE,0xE8,0xD1,0x02,
- 0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0xB2,0x30,0x82,0x02,0xAE,0x30,0x73,0x06,0x08,
- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x67,0x30,0x65,0x30,0x33,0x06,0x08,
- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x27,0x68,0x74,0x74,0x70,0x3A,0x2F,
- 0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,
- 0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x6D,0x64,0x63,0x61,0x67,0x32,0x2E,0x63,0x72,
- 0x74,0x30,0x2E,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x22,0x68,
- 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2D,0x62,0x2E,0x70,0x6B,0x69,
- 0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x3A,0x32,0x35,0x36,
- 0x30,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x94,0x0A,0xF3,0x3D,
- 0x5A,0x66,0xC1,0x2C,0x8B,0x68,0xD9,0x26,0xBB,0xD9,0x09,0x22,0x7F,0x34,0x85,0x96,
- 0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,0x1F,
- 0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x83,0x85,0x8B,0x92,0x05,
- 0x1B,0x41,0x9E,0x45,0xAB,0xAB,0xB2,0xE3,0xFD,0xD5,0x44,0xCA,0x41,0xBD,0xE7,0x30,
- 0x81,0xD4,0x06,0x03,0x55,0x1D,0x20,0x04,0x81,0xCC,0x30,0x81,0xC9,0x30,0x81,0xC6,
- 0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,0x48,0x83,0x7D,0x01,0x01,0x30,0x81,0xB6,
- 0x30,0x81,0x80,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x74,0x1E,
- 0x72,0x00,0x43,0x00,0x6F,0x00,0x70,0x00,0x79,0x00,0x72,0x00,0x69,0x00,0x67,0x00,
- 0x68,0x00,0x74,0x00,0x20,0x00,0x28,0x00,0x63,0x00,0x29,0x00,0x20,0x00,0x32,0x00,
- 0x30,0x00,0x31,0x00,0x33,0x00,0x20,0x00,0x41,0x00,0x54,0x00,0x54,0x00,0x20,0x00,
- 0x57,0x00,0x69,0x00,0x2D,0x00,0x46,0x00,0x69,0x00,0x20,0x00,0x53,0x00,0x65,0x00,
- 0x72,0x00,0x76,0x00,0x69,0x00,0x63,0x00,0x65,0x00,0x73,0x00,0x20,0x00,0x41,0x00,
- 0x6C,0x00,0x6C,0x00,0x20,0x00,0x52,0x00,0x69,0x00,0x67,0x00,0x68,0x00,0x74,0x00,
- 0x73,0x00,0x20,0x00,0x52,0x00,0x65,0x00,0x73,0x00,0x65,0x00,0x72,0x00,0x76,0x00,
- 0x65,0x00,0x64,0x30,0x31,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,
- 0x25,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,
- 0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,
- 0x73,0x2E,0x68,0x74,0x6D,0x6C,0x30,0x81,0xB9,0x06,0x03,0x55,0x1D,0x1F,0x04,0x81,
- 0xB1,0x30,0x81,0xAE,0x30,0x81,0xAB,0xA0,0x2B,0xA0,0x29,0x86,0x27,0x68,0x74,0x74,
- 0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,
- 0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x6D,0x64,0x63,0x61,0x67,0x32,
- 0x2E,0x63,0x72,0x6C,0xA2,0x7C,0xA4,0x7A,0x30,0x78,0x31,0x21,0x30,0x1F,0x06,0x03,
- 0x55,0x04,0x03,0x0C,0x18,0x41,0x57,0x53,0x20,0x4D,0x61,0x6E,0x61,0x67,0x65,0x64,
- 0x20,0x44,0x65,0x76,0x69,0x63,0x65,0x20,0x43,0x41,0x20,0x47,0x32,0x31,0x1B,0x30,
- 0x19,0x06,0x03,0x55,0x04,0x0B,0x0C,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,
- 0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x19,0x30,0x17,0x06,0x03,
- 0x55,0x04,0x0A,0x0C,0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,
- 0x73,0x20,0x49,0x6E,0x63,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x0C,0x05,
- 0x54,0x65,0x78,0x61,0x73,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
- 0x55,0x53,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,
- 0x03,0xA8,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,
- 0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,
- 0x02,0x30,0x27,0x06,0x03,0x55,0x1D,0x11,0x04,0x20,0x30,0x1E,0x82,0x1C,0x6E,0x6D,
- 0x64,0x2E,0x6D,0x63,0x64,0x30,0x36,0x36,0x34,0x33,0x2E,0x73,0x6A,0x63,0x2E,0x77,
- 0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86,
- 0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x19,0x90,
- 0xD6,0x10,0xBA,0x3E,0x55,0x07,0x1B,0x4E,0x71,0x94,0x9F,0xCE,0x80,0xD7,0x1F,0x90,
- 0x2A,0x23,0x79,0x45,0xFB,0x61,0x47,0x19,0xBD,0x32,0x58,0xB2,0x58,0xC5,0x37,0xE9,
- 0x01,0x63,0x61,0x6B,0x1E,0x17,0x54,0xC5,0xE9,0x5F,0x2A,0x9F,0xF3,0x01,0x0A,0x4C,
- 0x61,0x7C,0x18,0x9A,0x3E,0x91,0x7F,0x14,0x8E,0xDF,0xB2,0x2C,0xB8,0xEC,0x3B,0x7C,
- 0xC7,0xE5,0x62,0xC4,0x72,0x22,0x42,0xBB,0x61,0x9C,0xB0,0x5D,0x49,0x44,0x47,0x90,
- 0x8E,0xBF,0x85,0x88,0xFF,0x36,0x7A,0x4C,0xCE,0x35,0x1B,0x88,0x93,0xE4,0x0A,0xB4,
- 0xD1,0x24,0x44,0x43,0x8E,0xC0,0xFC,0x7F,0xE8,0x03,0xCD,0x91,0xF5,0x21,0x6F,0x4B,
- 0xB7,0x9C,0x06,0xDC,0xE0,0xE4,0x5A,0xFD,0x3C,0x33,0xC4,0xE1,0xFB,0xB7,0xC4,0xF5,
- 0xD4,0xC4,0xFD,0x63,0x43,0xD8,0x9B,0x2C,0x6C,0x5D,0x45,0xBE,0xD2,0x25,0x80,0xF7,
- 0x5D,0x4A,0x73,0xB5,0xB4,0xF0,0xEF,0xDD,0x91,0x11,0xEF,0xAB,0x85,0xD6,0xDF,0x92,
- 0xC0,0xA6,0x3E,0xBE,0x7A,0x2B,0xC5,0xD0,0x6C,0x48,0x6C,0x2A,0x9E,0x7D,0x7B,0xFC,
- 0x93,0x9D,0x80,0xD1,0xCB,0x2F,0x2C,0x3E,0x94,0x46,0x5B,0xF3,0x8A,0xE8,0xE9,0xC7,
- 0x1A,0x49,0x67,0x2B,0xE7,0xDD,0x73,0x05,0x1C,0x83,0x08,0xC5,0xBB,0xBC,0x47,0x5D,
- 0x90,0x38,0x08,0xAC,0x49,0x82,0xE7,0xA9,0x28,0xA2,0x42,0x3E,0xFD,0x15,0x5C,0xF9,
- 0x63,0x50,0x18,0xCA,0x76,0x1B,0x9C,0x88,0xF7,0x4D,0x7C,0xF4,0x5B,0x0E,0x93,0x53,
- 0xBC,0xFD,0x25,0x90,0x88,0x06,0xB7,0xDE,0x33,0x33,0x5D,0xD6,0x9C,0x03,
-};
-
-
-/* subject:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=AWS Managed Device CA G2 */
-/* issuer :/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Root Certificate Authority G2 */
-
-static unsigned char c1[1578]={
- 0x30,0x82,0x06,0x26,0x30,0x82,0x05,0x0E,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x19,
- 0x54,0xAA,0x5A,0x22,0x2C,0x5B,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
- 0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0x90,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,
- 0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,
- 0x05,0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,
- 0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,
- 0x63,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x13,0x12,0x41,0x54,0x54,0x20,
- 0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x39,
- 0x30,0x37,0x06,0x03,0x55,0x04,0x03,0x13,0x30,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,
- 0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x52,0x6F,0x6F,0x74,
- 0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74,
- 0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x47,0x32,0x30,0x1E,0x17,0x0D,0x31,0x33,0x30,
- 0x36,0x30,0x35,0x31,0x38,0x33,0x30,0x31,0x35,0x5A,0x17,0x0D,0x31,0x38,0x30,0x35,
- 0x33,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x30,0x78,0x31,0x0B,0x30,0x09,0x06,
- 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,
- 0x08,0x13,0x05,0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,
- 0x0A,0x13,0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,
- 0x49,0x6E,0x63,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x13,0x12,0x41,0x54,
- 0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,
- 0x31,0x21,0x30,0x1F,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x41,0x57,0x53,0x20,0x4D,
- 0x61,0x6E,0x61,0x67,0x65,0x64,0x20,0x44,0x65,0x76,0x69,0x63,0x65,0x20,0x43,0x41,
- 0x20,0x47,0x32,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
- 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,
- 0x82,0x01,0x01,0x00,0x8C,0xE4,0xEB,0x2B,0x6D,0x51,0x1E,0xFE,0xBE,0xB9,0x1D,0x72,
- 0x6D,0xD9,0x0C,0xBB,0x30,0x58,0x28,0xA2,0xA2,0x03,0x5B,0x99,0xCF,0x12,0x8B,0xF5,
- 0xAD,0x91,0x66,0x30,0xEC,0x33,0xDE,0x2D,0xF2,0x8C,0x27,0xD9,0x46,0xCC,0xC5,0x32,
- 0x46,0x31,0xC5,0xCA,0x13,0x9A,0xE2,0xD2,0x5E,0x8F,0xCD,0x3C,0x77,0x91,0x71,0x88,
- 0xD9,0xD9,0xA1,0x31,0x8F,0xDA,0x32,0x5E,0x61,0x19,0x65,0x80,0xE6,0x3B,0x0C,0xD8,
- 0x85,0xBC,0x26,0x4F,0x89,0x6D,0x4F,0xFF,0x3D,0x02,0x8D,0xA7,0x81,0x26,0xF9,0xD5,
- 0x2F,0xFD,0x1B,0x30,0xF4,0x7B,0x67,0x51,0x37,0xE3,0x45,0x88,0x2B,0xCF,0x49,0x4E,
- 0xDD,0x22,0xFC,0x93,0xA7,0x25,0x4E,0xDE,0x1D,0x61,0x0D,0x8D,0xF4,0xF0,0xD4,0x65,
- 0x89,0xAD,0xC0,0xBA,0x7E,0xB4,0x8F,0x05,0x02,0xA9,0xDA,0x48,0x1B,0xE0,0x9E,0x06,
- 0x7C,0xC0,0x9C,0x50,0xFB,0x59,0x16,0x09,0xB2,0x91,0xAF,0xC6,0xAD,0x7D,0x18,0x41,
- 0x0E,0x41,0xAC,0xBC,0x22,0xFD,0x78,0xF6,0xF7,0xA3,0x02,0x34,0x77,0x5D,0x11,0x47,
- 0xC2,0x3B,0xAA,0x60,0x38,0x06,0xCA,0xAF,0x18,0xD5,0xC0,0x1E,0x97,0x4F,0x96,0xD4,
- 0x65,0x37,0x23,0xD7,0xAA,0xF1,0xCB,0x27,0xB0,0x53,0xFF,0x74,0x76,0x66,0xEE,0x25,
- 0x1A,0xE0,0x18,0x6C,0xFD,0x29,0x15,0xAE,0x89,0x86,0x6D,0xA1,0x56,0x41,0x5D,0x81,
- 0x68,0x5A,0xC4,0x4A,0x43,0x30,0x38,0xDB,0x61,0x9B,0xDC,0x9A,0x83,0x26,0xF5,0xCE,
- 0x64,0x48,0x1C,0x1A,0x9B,0xE3,0xCB,0xB1,0x8C,0x1C,0x51,0x6C,0x94,0x7C,0x88,0x73,
- 0xDB,0x71,0xED,0x57,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0x99,0x30,0x82,0x02,
- 0x95,0x30,0x70,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x64,0x30,
- 0x62,0x30,0x35,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x29,0x68,
- 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,
- 0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x72,0x6F,0x6F,0x74,
- 0x63,0x61,0x67,0x32,0x2E,0x63,0x72,0x74,0x30,0x29,0x06,0x08,0x2B,0x06,0x01,0x05,
- 0x05,0x07,0x30,0x01,0x86,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,
- 0x70,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,
- 0x6E,0x65,0x74,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x83,0x85,
- 0x8B,0x92,0x05,0x1B,0x41,0x9E,0x45,0xAB,0xAB,0xB2,0xE3,0xFD,0xD5,0x44,0xCA,0x41,
- 0xBD,0xE7,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,
- 0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,
- 0x16,0x80,0x14,0xF3,0xD3,0xC7,0x5E,0x2C,0x45,0x26,0x7E,0xFD,0xE6,0xE4,0xB4,0x94,
- 0xB8,0x04,0x0F,0x39,0x3B,0x10,0xDE,0x30,0x81,0xE3,0x06,0x03,0x55,0x1D,0x20,0x04,
- 0x81,0xDB,0x30,0x81,0xD8,0x30,0x81,0xC6,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,
- 0x48,0x83,0x7D,0x01,0x01,0x30,0x81,0xB6,0x30,0x81,0x80,0x06,0x08,0x2B,0x06,0x01,
- 0x05,0x05,0x07,0x02,0x02,0x30,0x74,0x1E,0x72,0x00,0x43,0x00,0x6F,0x00,0x70,0x00,
- 0x79,0x00,0x72,0x00,0x69,0x00,0x67,0x00,0x68,0x00,0x74,0x00,0x20,0x00,0x28,0x00,
- 0x63,0x00,0x29,0x00,0x20,0x00,0x32,0x00,0x30,0x00,0x31,0x00,0x33,0x00,0x20,0x00,
- 0x41,0x00,0x54,0x00,0x54,0x00,0x20,0x00,0x57,0x00,0x69,0x00,0x2D,0x00,0x46,0x00,
- 0x69,0x00,0x20,0x00,0x53,0x00,0x65,0x00,0x72,0x00,0x76,0x00,0x69,0x00,0x63,0x00,
- 0x65,0x00,0x73,0x00,0x20,0x00,0x41,0x00,0x6C,0x00,0x6C,0x00,0x20,0x00,0x52,0x00,
- 0x69,0x00,0x67,0x00,0x68,0x00,0x74,0x00,0x73,0x00,0x20,0x00,0x52,0x00,0x65,0x00,
- 0x73,0x00,0x65,0x00,0x72,0x00,0x76,0x00,0x65,0x00,0x64,0x30,0x31,0x06,0x08,0x2B,
- 0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x25,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,
- 0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,
- 0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,0x73,0x2E,0x68,0x74,0x6D,0x6C,0x30,0x0D,
- 0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,0x48,0x83,0x7D,0x01,0x02,0x30,0x81,0xD6,
- 0x06,0x03,0x55,0x1D,0x1F,0x04,0x81,0xCE,0x30,0x81,0xCB,0x30,0x81,0xC8,0xA0,0x2D,
- 0xA0,0x2B,0x86,0x29,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,
- 0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,
- 0x2F,0x72,0x6F,0x6F,0x74,0x63,0x61,0x67,0x32,0x2E,0x63,0x72,0x6C,0xA2,0x81,0x96,
- 0xA4,0x81,0x93,0x30,0x81,0x90,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,
- 0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x0C,0x05,0x54,0x65,
- 0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x0C,0x10,0x41,0x54,
- 0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0x31,0x1B,
- 0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x0C,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,
- 0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x39,0x30,0x37,0x06,
- 0x03,0x55,0x04,0x03,0x0C,0x30,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,
- 0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x65,
- 0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,
- 0x69,0x74,0x79,0x20,0x47,0x32,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,
- 0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,
- 0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x79,0xE7,0x9C,0xD0,0x93,0x93,
- 0xB8,0xD6,0xC5,0x58,0x85,0xD4,0xDA,0xC1,0x22,0x73,0x87,0x2F,0x97,0x9C,0x79,0x9B,
- 0x61,0xC1,0x87,0xBB,0xA8,0xFD,0x9F,0x07,0x0C,0x3D,0xA1,0xD3,0xFC,0x17,0x46,0x04,
- 0x1E,0xBE,0xEF,0x8B,0x9A,0xB1,0x17,0x82,0x75,0x25,0x41,0x68,0xD6,0x46,0x13,0x7A,
- 0x9E,0xFB,0x13,0xCE,0x01,0xCA,0x1F,0xD2,0x3F,0x7F,0xF1,0xF3,0xCB,0xC5,0xF7,0x8A,
- 0xAA,0x0F,0x63,0x8E,0xC9,0x68,0x31,0xDB,0x3D,0x69,0x4C,0x55,0xC6,0x34,0x24,0x52,
- 0x76,0xC0,0x51,0xF9,0x29,0x2B,0xB2,0x3C,0x3C,0x95,0x11,0x20,0x92,0x1A,0x25,0xB8,
- 0x10,0x3E,0x45,0xA3,0x4F,0x27,0x51,0xA3,0x8A,0x1D,0xEC,0x00,0x40,0x35,0x3F,0xAC,
- 0x2D,0x49,0xD0,0x20,0x85,0x01,0xAE,0xF7,0x7D,0xFC,0x62,0x4E,0x49,0x9C,0xAA,0x99,
- 0x27,0x6A,0x14,0xE3,0x51,0x9D,0x1B,0x1F,0xA9,0x32,0x33,0x4E,0xA9,0xA2,0x55,0x21,
- 0xDB,0xFF,0x57,0x5A,0x3D,0xC7,0x80,0x6F,0xF1,0x75,0x3F,0x38,0x09,0x52,0x80,0xD5,
- 0x5D,0xFE,0x6D,0x84,0x3A,0x9B,0xA7,0x53,0x62,0x48,0x96,0xA9,0x75,0xB0,0xEA,0x6A,
- 0x78,0xB4,0x92,0x1F,0xC4,0xD2,0x46,0x59,0xEA,0xE0,0x14,0x01,0x38,0xD7,0x6B,0x5D,
- 0x7F,0xB3,0x30,0x15,0x34,0x11,0x52,0xD1,0xF9,0xFB,0xFF,0x21,0xDB,0x06,0xD4,0x3D,
- 0xB8,0x69,0xA0,0x95,0x34,0x20,0x1E,0xA1,0x31,0xF5,0xBD,0x18,0x1E,0x08,0xD8,0x55,
- 0x06,0xB3,0x28,0x3B,0xF8,0x58,0x94,0x0C,0xBB,0x23,0xCB,0x9E,0x10,0x28,0x64,0x2D,
- 0xB9,0x19,0x86,0xB6,0x29,0x2C,0xF2,0xA5,0x36,0x6B,
-};
-
-
-/* subject:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Root Certificate Authority G2 */
-/* issuer :/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA G2 */
-
-static unsigned char c2[1833]={
- 0x30,0x82,0x07,0x25,0x30,0x82,0x06,0x0D,0xA0,0x03,0x02,0x01,0x02,0x02,0x11,0x5C,
- 0xD7,0xD8,0x96,0xBA,0xD5,0xC9,0x77,0x11,0xBC,0x14,0xCF,0x0E,0xD3,0x5F,0x20,0x62,
- 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,
- 0x5C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x42,0x45,0x31,0x15,
- 0x30,0x13,0x06,0x03,0x55,0x04,0x0B,0x13,0x0C,0x54,0x72,0x75,0x73,0x74,0x65,0x64,
- 0x20,0x52,0x6F,0x6F,0x74,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,
- 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,0x2D,0x73,0x61,
- 0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,0x54,0x72,0x75,0x73,0x74,
- 0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x20,0x47,0x32,0x30,0x1E,0x17,
- 0x0D,0x31,0x33,0x30,0x35,0x33,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,
- 0x31,0x38,0x30,0x35,0x33,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x30,0x81,0x90,
- 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,
- 0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,
- 0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,
- 0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,
- 0x0B,0x13,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,
- 0x76,0x69,0x63,0x65,0x73,0x31,0x39,0x30,0x37,0x06,0x03,0x55,0x04,0x03,0x13,0x30,
- 0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,
- 0x65,0x73,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
- 0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x47,0x32,
- 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,
- 0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,
- 0x00,0x83,0x87,0xD2,0xCE,0xE7,0xA6,0x57,0x09,0xA0,0x0A,0x5D,0xD3,0xBF,0x66,0x2B,
- 0x82,0x7E,0xB2,0x8B,0xC2,0x32,0x68,0x61,0x36,0x7D,0xC4,0x96,0xCF,0x2A,0x64,0x7E,
- 0xA7,0x9C,0x3F,0x67,0x3C,0x3E,0x50,0x6F,0x33,0x75,0x16,0x8E,0x81,0x70,0x67,0x5C,
- 0x37,0x07,0xBD,0xD4,0xD4,0x70,0xD7,0x26,0x3B,0x38,0x25,0x3E,0xB4,0xB6,0x5E,0xCF,
- 0x9A,0x89,0x45,0xA0,0x35,0xDE,0x15,0x83,0x36,0x9F,0x22,0x87,0xEA,0xFE,0xC8,0x4F,
- 0xE8,0x6C,0x67,0xAA,0xEC,0xBC,0xA9,0xDA,0xA7,0xA4,0x3A,0xEB,0xB9,0xD5,0x31,0x4F,
- 0x08,0x15,0x8A,0xCB,0x92,0x1B,0xFC,0xA2,0x5E,0xC6,0x6F,0x6B,0xA3,0x8E,0x9A,0x4C,
- 0xAB,0x47,0xA3,0x75,0x06,0xED,0xB9,0xFA,0xD6,0xF4,0xA1,0x29,0xEA,0x3D,0xE1,0x8C,
- 0xE5,0x85,0xCF,0x8E,0x35,0x81,0x20,0x9B,0x68,0x46,0x55,0x0F,0xA0,0x38,0x07,0xAF,
- 0x6F,0x4F,0xAE,0xFD,0x7F,0x98,0xB6,0x6E,0x06,0xA8,0x14,0xCC,0x5B,0x8D,0xDD,0x4C,
- 0xA7,0xC7,0x5A,0x4D,0xFA,0x17,0xFD,0xEC,0x77,0xD4,0x0D,0xA1,0xE8,0xFF,0x33,0x01,
- 0x14,0x10,0xBC,0x82,0x38,0xEF,0xEF,0xBC,0xCE,0x8C,0x11,0x0A,0xFC,0xFE,0x55,0xA5,
- 0x5B,0xA7,0x37,0xD6,0xBB,0xB2,0x5F,0x85,0x06,0xF6,0x96,0xFB,0x24,0x32,0xF4,0x51,
- 0xB9,0x4D,0x1D,0x27,0x6A,0xB5,0xD2,0xC0,0x12,0x4B,0x8A,0x33,0xE0,0xC5,0x45,0x3D,
- 0xD9,0x38,0xD6,0xE3,0xEF,0x28,0x32,0x77,0xD5,0x72,0xEE,0x99,0x06,0x6A,0xB0,0x05,
- 0x43,0x4D,0xA2,0xB1,0x5F,0x22,0x92,0xD3,0x26,0xAC,0x0F,0x5C,0x91,0x6F,0x17,0x85,
- 0x17,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,0xAB,0x30,0x82,0x03,0xA7,0x30,0x0E,
- 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x82,
- 0x01,0x0B,0x06,0x03,0x55,0x1D,0x20,0x04,0x82,0x01,0x02,0x30,0x81,0xFF,0x30,0x71,
- 0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0xA0,0x32,0x01,0x3C,0x01,0x30,0x63,0x30,0x32,
- 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x26,0x68,0x74,0x74,0x70,
- 0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,
- 0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,
- 0x79,0x2F,0x30,0x2D,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x21,
- 0x0C,0x1F,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,
- 0x73,0x74,0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x20,0x50,0x72,0x6F,0x67,0x72,0x61,
- 0x6D,0x30,0x81,0x89,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,0x48,0x83,0x7D,0x01,
- 0x01,0x30,0x7A,0x30,0x2F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,
- 0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70,0x6B,0x69,0x2E,
- 0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,0x73,0x2E,
- 0x68,0x74,0x6D,0x6C,0x30,0x47,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,
- 0x30,0x3B,0x0C,0x39,0x43,0x6F,0x70,0x79,0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63,
- 0x29,0x20,0x32,0x30,0x31,0x33,0x20,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,
- 0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x41,0x6C,0x6C,0x20,0x52,0x69,
- 0x67,0x68,0x74,0x73,0x20,0x52,0x65,0x73,0x65,0x72,0x76,0x65,0x64,0x30,0x12,0x06,
- 0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,
- 0x01,0x30,0x82,0x01,0x4B,0x06,0x03,0x55,0x1D,0x1E,0x04,0x82,0x01,0x42,0x30,0x82,
- 0x01,0x3E,0xA0,0x82,0x01,0x08,0x30,0x0D,0x82,0x0B,0x77,0x61,0x79,0x70,0x6F,0x72,
- 0x74,0x2E,0x6E,0x65,0x74,0x30,0x0D,0x82,0x0B,0x61,0x74,0x74,0x77,0x69,0x66,0x69,
- 0x2E,0x63,0x6F,0x6D,0x30,0x10,0x82,0x0E,0x73,0x75,0x70,0x65,0x72,0x63,0x6C,0x69,
- 0x63,0x6B,0x2E,0x6E,0x65,0x74,0x30,0x10,0x82,0x0E,0x73,0x75,0x70,0x65,0x72,0x63,
- 0x6C,0x69,0x63,0x6B,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x81,0x0B,0x77,0x61,0x79,0x70,
- 0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x0E,0x81,0x0C,0x2E,0x77,0x61,0x79,0x70,
- 0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x0D,0x81,0x0B,0x61,0x74,0x74,0x77,0x69,
- 0x66,0x69,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x81,0x0C,0x2E,0x61,0x74,0x74,0x77,0x69,
- 0x66,0x69,0x2E,0x63,0x6F,0x6D,0x30,0x10,0x81,0x0E,0x73,0x75,0x70,0x65,0x72,0x63,
- 0x6C,0x69,0x63,0x6B,0x2E,0x6E,0x65,0x74,0x30,0x11,0x81,0x0F,0x2E,0x73,0x75,0x70,
- 0x65,0x72,0x63,0x6C,0x69,0x63,0x6B,0x2E,0x6E,0x65,0x74,0x30,0x10,0x81,0x0E,0x73,
- 0x75,0x70,0x65,0x72,0x63,0x6C,0x69,0x63,0x6B,0x2E,0x63,0x6F,0x6D,0x30,0x11,0x81,
- 0x0F,0x2E,0x73,0x75,0x70,0x65,0x72,0x63,0x6C,0x69,0x63,0x6B,0x2E,0x63,0x6F,0x6D,
- 0x30,0x3C,0xA4,0x3A,0x30,0x38,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,
- 0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,0x54,0x65,
- 0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x41,0x54,
- 0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0xA1,0x30,
- 0x30,0x0A,0x87,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x22,0x87,0x20,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,
- 0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,
- 0x3D,0x06,0x03,0x55,0x1D,0x1F,0x04,0x36,0x30,0x34,0x30,0x32,0xA0,0x30,0xA0,0x2E,
- 0x86,0x2C,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x67,0x6C,0x6F,
- 0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x67,0x73,0x2F,0x74,
- 0x72,0x75,0x73,0x74,0x72,0x6F,0x6F,0x74,0x67,0x32,0x2E,0x63,0x72,0x6C,0x30,0x81,
- 0x84,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x78,0x30,0x76,0x30,
- 0x33,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x27,0x68,0x74,0x74,
- 0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x32,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,
- 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x74,0x72,0x75,0x73,0x74,0x72,0x6F,
- 0x6F,0x74,0x67,0x32,0x30,0x3F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,
- 0x86,0x33,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x65,0x63,0x75,0x72,0x65,0x2E,
- 0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x63,
- 0x61,0x63,0x65,0x72,0x74,0x2F,0x74,0x72,0x75,0x73,0x74,0x72,0x6F,0x6F,0x74,0x67,
- 0x32,0x2E,0x63,0x72,0x74,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,
- 0xF3,0xD3,0xC7,0x5E,0x2C,0x45,0x26,0x7E,0xFD,0xE6,0xE4,0xB4,0x94,0xB8,0x04,0x0F,
- 0x39,0x3B,0x10,0xDE,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,
- 0x14,0x14,0xF6,0xE5,0x8B,0x31,0xB6,0x45,0x80,0x4A,0x4C,0x6D,0xFC,0xC2,0x87,0x89,
- 0xCA,0x36,0xC3,0x90,0x62,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,
- 0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x85,0xDE,0x66,0x4A,0x3A,0x3B,0xAD,
- 0x8A,0xC7,0x32,0xFF,0x2D,0xD3,0x81,0x69,0x1D,0x1C,0xDE,0xE5,0x1E,0x87,0xE6,0x33,
- 0xFE,0x34,0x80,0x1E,0xCF,0xC8,0xF8,0x93,0x38,0x12,0x9B,0x42,0xC4,0x9A,0x49,0x8B,
- 0x98,0xAF,0x52,0xEC,0xD7,0x10,0xC4,0x44,0xEA,0x57,0xE6,0xA5,0xA5,0xC4,0x53,0x15,
- 0xEB,0xEA,0x3D,0x8A,0xB2,0x9F,0xF2,0x90,0x1A,0x03,0xBA,0xB7,0xC8,0x89,0xCD,0x88,
- 0x26,0xF6,0xA3,0xFD,0x41,0x3C,0x70,0x01,0xE1,0x03,0x99,0x33,0xFA,0xF6,0xB1,0x92,
- 0xED,0x3C,0xF9,0x03,0xC5,0x28,0xBB,0x18,0xD8,0x25,0x8F,0x6C,0x13,0x12,0x70,0xFA,
- 0x38,0x1E,0xB2,0xC8,0xC9,0x60,0x51,0x3A,0x43,0x86,0x4F,0x27,0xEF,0xAD,0x03,0x58,
- 0x52,0xCC,0xAF,0x6F,0x03,0xDB,0x7B,0x3B,0xDA,0xF2,0xBC,0xE7,0x40,0x0D,0xE6,0xD9,
- 0x8C,0x36,0x2E,0xEA,0x01,0xA9,0x66,0xCA,0x26,0x41,0x71,0x57,0x84,0xE0,0x38,0xA4,
- 0x13,0xDE,0x05,0xC4,0xC4,0x0A,0x79,0xCF,0x5F,0xE3,0x8E,0xDE,0xCC,0xD8,0x8E,0x6E,
- 0xBC,0x4F,0x50,0x2C,0xD4,0x68,0xDF,0xB6,0xA8,0x61,0x80,0x0B,0x03,0x74,0xF3,0xFF,
- 0x09,0x4A,0x13,0xA0,0x57,0x96,0x0B,0xCB,0x62,0x09,0xB4,0x18,0xFB,0x07,0xD2,0x93,
- 0x17,0x50,0xCF,0xFE,0x5B,0x50,0x03,0xCE,0x9F,0x19,0x65,0x1E,0x9D,0xAD,0xA1,0x49,
- 0x0C,0xC0,0x3D,0xFC,0x1F,0xE9,0xA4,0xEF,0x2D,0x6C,0xFA,0x0C,0xF5,0x0D,0xBB,0x2D,
- 0xCA,0x36,0x22,0x5B,0xCE,0xEB,0xC4,0x4F,0xF7,0x78,0xCD,0x3F,0xCC,0xCE,0xA8,0xCF,
- 0x4F,0x0B,0x14,0x49,0x6E,0xA0,0xE7,0xF1,0x60,
-};
-
-
-/* subject:/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA G2 */
-/* issuer :/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA */
-
-static unsigned char c3[1121]={
- 0x30,0x82,0x04,0x5D,0x30,0x82,0x03,0x45,0xA0,0x03,0x02,0x01,0x02,0x02,0x0B,0x04,
- 0x00,0x00,0x00,0x00,0x01,0x36,0xE9,0x3A,0x3A,0xB3,0x30,0x0D,0x06,0x09,0x2A,0x86,
- 0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x57,0x31,0x0B,0x30,0x09,0x06,
- 0x03,0x55,0x04,0x06,0x13,0x02,0x42,0x45,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,
- 0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,
- 0x2D,0x73,0x61,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x0B,0x13,0x07,0x52,0x6F,
- 0x6F,0x74,0x20,0x43,0x41,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,
- 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x52,0x6F,0x6F,0x74,0x20,
- 0x43,0x41,0x30,0x1E,0x17,0x0D,0x31,0x32,0x30,0x34,0x32,0x35,0x31,0x31,0x30,0x30,
- 0x30,0x30,0x5A,0x17,0x0D,0x32,0x37,0x30,0x34,0x32,0x35,0x31,0x31,0x30,0x30,0x30,
- 0x30,0x5A,0x30,0x5C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x42,
- 0x45,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0B,0x13,0x0C,0x54,0x72,0x75,0x73,
- 0x74,0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,
- 0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,
- 0x2D,0x73,0x61,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,0x54,0x72,
- 0x75,0x73,0x74,0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x20,0x47,0x32,
- 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,
- 0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,
- 0x00,0xAC,0xAE,0xBE,0xAA,0xED,0x70,0xCA,0xFB,0x83,0xB1,0x2E,0x35,0xBB,0xB8,0xB0,
- 0xAC,0x31,0x33,0x5D,0xBB,0x52,0xC0,0xA6,0xC7,0x54,0x71,0x6F,0x1C,0x60,0x70,0x0A,
- 0xC6,0x4B,0xBA,0xE3,0x89,0xE7,0xE9,0x04,0x7F,0xF0,0xE0,0xB6,0x2B,0xCA,0x68,0xDF,
- 0xBD,0xCC,0x35,0xB9,0xEC,0x8C,0x36,0x8A,0x8B,0xA3,0xD9,0xC9,0x33,0x3F,0xCE,0x45,
- 0x7B,0xA9,0x6F,0x7E,0x4D,0x35,0xF1,0x3A,0xEB,0xBA,0x6B,0x41,0x81,0xDA,0xFA,0xD4,
- 0xE3,0x97,0x52,0x22,0x2A,0x90,0x7B,0x41,0x4C,0x2D,0xDF,0x05,0xCF,0xB9,0x33,0x05,
- 0x25,0xAD,0x6D,0x5E,0xD8,0xCA,0xCE,0x4A,0x89,0xCA,0xE2,0x65,0x36,0xE3,0xCA,0x4F,
- 0xBE,0x87,0x72,0x38,0x0D,0xAA,0x05,0x75,0xB3,0xDA,0x86,0xE3,0x83,0x03,0xE4,0x8D,
- 0x89,0xBC,0x8D,0x76,0x76,0xEF,0x33,0x23,0x56,0xE0,0x75,0x0F,0xA5,0xFC,0xAB,0x17,
- 0x91,0x37,0xDB,0x1A,0x35,0x2F,0x84,0xE2,0xCE,0x95,0x53,0x56,0x55,0x00,0xE9,0x2F,
- 0xE6,0x0C,0x22,0xB1,0xAA,0x80,0x16,0x31,0xCB,0x94,0xD4,0x36,0x0A,0xC0,0x71,0x1B,
- 0x70,0xA4,0xD7,0x52,0xD8,0xA9,0x05,0xE6,0x8B,0x52,0x98,0xCC,0x1E,0x55,0xBE,0x64,
- 0x86,0x85,0x15,0xBF,0x7B,0xBC,0x53,0x14,0x07,0xFD,0x65,0x9B,0x36,0x11,0xEA,0xD5,
- 0x1A,0xC8,0x96,0x0F,0xF4,0xAC,0x15,0x1F,0x8B,0xFC,0xE2,0x4A,0x16,0x05,0x48,0x1E,
- 0xD4,0xF9,0xA2,0xF1,0xE4,0x3C,0x4F,0xA6,0x14,0xC5,0x06,0x20,0xEA,0xB9,0x01,0xA9,
- 0xB4,0x1F,0x85,0x0B,0x82,0x6F,0x9E,0xE9,0x03,0x4A,0xD1,0x62,0x85,0x90,0x99,0xD5,
- 0x1F,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x23,0x30,0x82,0x01,0x1F,0x30,0x0E,
- 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0F,
- 0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,
- 0x47,0x06,0x03,0x55,0x1D,0x20,0x04,0x40,0x30,0x3E,0x30,0x3C,0x06,0x04,0x55,0x1D,
- 0x20,0x00,0x30,0x34,0x30,0x32,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,
- 0x16,0x26,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x67,0x6C,
- 0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,
- 0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,
- 0x16,0x04,0x14,0x14,0xF6,0xE5,0x8B,0x31,0xB6,0x45,0x80,0x4A,0x4C,0x6D,0xFC,0xC2,
- 0x87,0x89,0xCA,0x36,0xC3,0x90,0x62,0x30,0x33,0x06,0x03,0x55,0x1D,0x1F,0x04,0x2C,
- 0x30,0x2A,0x30,0x28,0xA0,0x26,0xA0,0x24,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F,
- 0x2F,0x63,0x72,0x6C,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,
- 0x6E,0x65,0x74,0x2F,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x72,0x6C,0x30,0x3E,0x06,0x08,
- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x32,0x30,0x30,0x30,0x2E,0x06,0x08,
- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F,
- 0x2F,0x6F,0x63,0x73,0x70,0x32,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,
- 0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x6F,0x6F,0x74,0x72,0x31,0x30,0x1F,0x06,0x03,
- 0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x60,0x7B,0x66,0x1A,0x45,0x0D,0x97,
- 0xCA,0x89,0x50,0x2F,0x7D,0x04,0xCD,0x34,0xA8,0xFF,0xFC,0xFD,0x4B,0x30,0x0D,0x06,
- 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,
- 0x00,0xBE,0xC8,0x1B,0x49,0x7E,0x93,0x82,0xE4,0x72,0x92,0x3E,0x6B,0xF9,0x2F,0x66,
- 0xC4,0x91,0xC1,0x23,0x38,0xB8,0x0E,0xB3,0x19,0x7D,0xF8,0x7B,0xBF,0x00,0xDA,0x8C,
- 0xAD,0xAF,0xC4,0x46,0xF1,0xB2,0x70,0x55,0xBF,0x3E,0x00,0x73,0x14,0x0F,0xE5,0xDE,
- 0xDA,0x46,0x1D,0x87,0xF5,0x23,0xFF,0x06,0x90,0x5D,0xFA,0x91,0xD0,0xE8,0x31,0x41,
- 0x72,0xFD,0x0A,0xDE,0x19,0x33,0xE2,0x65,0x47,0x56,0xAF,0xB0,0xD2,0x97,0x58,0xBE,
- 0x40,0xC1,0x85,0xC0,0x5C,0x23,0x81,0xDC,0x9E,0x4F,0x5B,0x65,0xCE,0x72,0x4E,0xC7,
- 0x67,0x0D,0x2F,0x45,0xB1,0x90,0x86,0x35,0xA3,0x43,0x1F,0x81,0xE0,0xA3,0x94,0x16,
- 0x0D,0x5B,0xDE,0x8B,0xFF,0xCF,0xA5,0xE4,0xAF,0x7C,0x9A,0x09,0xF4,0x50,0x85,0x78,
- 0x7B,0x28,0x2D,0x01,0x73,0x44,0x57,0x3C,0xF1,0xB9,0x36,0xFE,0x65,0x09,0x6F,0xB3,
- 0xB5,0xB6,0xE0,0xD3,0x33,0x26,0xDE,0x4C,0x9F,0x40,0x84,0xD1,0xBA,0xC3,0x12,0x83,
- 0xA2,0x01,0xB0,0x32,0x6A,0x3A,0x78,0xDA,0x89,0xA2,0x90,0x45,0xC5,0xE2,0x0F,0x44,
- 0xA4,0xE3,0x76,0x57,0x6F,0x66,0xD4,0x28,0xCC,0x42,0xEF,0xE4,0xDD,0xDD,0x02,0xF8,
- 0x47,0x21,0xDC,0x58,0x96,0xD0,0xED,0x8C,0xA5,0x2D,0x34,0xBF,0xC7,0xE8,0xF1,0x58,
- 0x87,0x0E,0x43,0x4A,0x0E,0xE7,0xFE,0x78,0xB7,0x93,0xD3,0x43,0x5E,0x27,0x79,0x88,
- 0x4E,0xCF,0xDC,0x78,0x81,0x49,0x36,0x01,0x80,0x16,0xE9,0xDD,0x6F,0x78,0xFC,0x1B,
- 0x85,0xC0,0xBC,0xAE,0x84,0x30,0x90,0x74,0xFB,0x1E,0xF7,0xD8,0x06,0x87,0x3B,0xE0,
- 0x53,
-};
-
-
-/* subject:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA */
-/* issuer :/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA */
-
-static unsigned char c4[889]={
- 0x30,0x82,0x03,0x75,0x30,0x82,0x02,0x5D,0xA0,0x03,0x02,0x01,0x02,0x02,0x0B,0x04,
- 0x00,0x00,0x00,0x00,0x01,0x15,0x4B,0x5A,0xC3,0x94,0x30,0x0D,0x06,0x09,0x2A,0x86,
- 0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x57,0x31,0x0B,0x30,0x09,0x06,
- 0x03,0x55,0x04,0x06,0x13,0x02,0x42,0x45,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,
- 0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,
- 0x2D,0x73,0x61,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x0B,0x13,0x07,0x52,0x6F,
- 0x6F,0x74,0x20,0x43,0x41,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,
- 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x52,0x6F,0x6F,0x74,0x20,
- 0x43,0x41,0x30,0x1E,0x17,0x0D,0x39,0x38,0x30,0x39,0x30,0x31,0x31,0x32,0x30,0x30,
- 0x30,0x30,0x5A,0x17,0x0D,0x32,0x38,0x30,0x31,0x32,0x38,0x31,0x32,0x30,0x30,0x30,
- 0x30,0x5A,0x30,0x57,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x42,
- 0x45,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,
- 0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,0x2D,0x73,0x61,0x31,0x10,0x30,0x0E,
- 0x06,0x03,0x55,0x04,0x0B,0x13,0x07,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x31,0x1B,
- 0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,
- 0x69,0x67,0x6E,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,
- 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,
- 0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xDA,0x0E,0xE6,0x99,
- 0x8D,0xCE,0xA3,0xE3,0x4F,0x8A,0x7E,0xFB,0xF1,0x8B,0x83,0x25,0x6B,0xEA,0x48,0x1F,
- 0xF1,0x2A,0xB0,0xB9,0x95,0x11,0x04,0xBD,0xF0,0x63,0xD1,0xE2,0x67,0x66,0xCF,0x1C,
- 0xDD,0xCF,0x1B,0x48,0x2B,0xEE,0x8D,0x89,0x8E,0x9A,0xAF,0x29,0x80,0x65,0xAB,0xE9,
- 0xC7,0x2D,0x12,0xCB,0xAB,0x1C,0x4C,0x70,0x07,0xA1,0x3D,0x0A,0x30,0xCD,0x15,0x8D,
- 0x4F,0xF8,0xDD,0xD4,0x8C,0x50,0x15,0x1C,0xEF,0x50,0xEE,0xC4,0x2E,0xF7,0xFC,0xE9,
- 0x52,0xF2,0x91,0x7D,0xE0,0x6D,0xD5,0x35,0x30,0x8E,0x5E,0x43,0x73,0xF2,0x41,0xE9,
- 0xD5,0x6A,0xE3,0xB2,0x89,0x3A,0x56,0x39,0x38,0x6F,0x06,0x3C,0x88,0x69,0x5B,0x2A,
- 0x4D,0xC5,0xA7,0x54,0xB8,0x6C,0x89,0xCC,0x9B,0xF9,0x3C,0xCA,0xE5,0xFD,0x89,0xF5,
- 0x12,0x3C,0x92,0x78,0x96,0xD6,0xDC,0x74,0x6E,0x93,0x44,0x61,0xD1,0x8D,0xC7,0x46,
- 0xB2,0x75,0x0E,0x86,0xE8,0x19,0x8A,0xD5,0x6D,0x6C,0xD5,0x78,0x16,0x95,0xA2,0xE9,
- 0xC8,0x0A,0x38,0xEB,0xF2,0x24,0x13,0x4F,0x73,0x54,0x93,0x13,0x85,0x3A,0x1B,0xBC,
- 0x1E,0x34,0xB5,0x8B,0x05,0x8C,0xB9,0x77,0x8B,0xB1,0xDB,0x1F,0x20,0x91,0xAB,0x09,
- 0x53,0x6E,0x90,0xCE,0x7B,0x37,0x74,0xB9,0x70,0x47,0x91,0x22,0x51,0x63,0x16,0x79,
- 0xAE,0xB1,0xAE,0x41,0x26,0x08,0xC8,0x19,0x2B,0xD1,0x46,0xAA,0x48,0xD6,0x64,0x2A,
- 0xD7,0x83,0x34,0xFF,0x2C,0x2A,0xC1,0x6C,0x19,0x43,0x4A,0x07,0x85,0xE7,0xD3,0x7C,
- 0xF6,0x21,0x68,0xEF,0xEA,0xF2,0x52,0x9F,0x7F,0x93,0x90,0xCF,0x02,0x03,0x01,0x00,
- 0x01,0xA3,0x42,0x30,0x40,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,
- 0x04,0x03,0x02,0x01,0x06,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,
- 0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,
- 0x14,0x60,0x7B,0x66,0x1A,0x45,0x0D,0x97,0xCA,0x89,0x50,0x2F,0x7D,0x04,0xCD,0x34,
- 0xA8,0xFF,0xFC,0xFD,0x4B,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,
- 0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0xD6,0x73,0xE7,0x7C,0x4F,0x76,0xD0,
- 0x8D,0xBF,0xEC,0xBA,0xA2,0xBE,0x34,0xC5,0x28,0x32,0xB5,0x7C,0xFC,0x6C,0x9C,0x2C,
- 0x2B,0xBD,0x09,0x9E,0x53,0xBF,0x6B,0x5E,0xAA,0x11,0x48,0xB6,0xE5,0x08,0xA3,0xB3,
- 0xCA,0x3D,0x61,0x4D,0xD3,0x46,0x09,0xB3,0x3E,0xC3,0xA0,0xE3,0x63,0x55,0x1B,0xF2,
- 0xBA,0xEF,0xAD,0x39,0xE1,0x43,0xB9,0x38,0xA3,0xE6,0x2F,0x8A,0x26,0x3B,0xEF,0xA0,
- 0x50,0x56,0xF9,0xC6,0x0A,0xFD,0x38,0xCD,0xC4,0x0B,0x70,0x51,0x94,0x97,0x98,0x04,
- 0xDF,0xC3,0x5F,0x94,0xD5,0x15,0xC9,0x14,0x41,0x9C,0xC4,0x5D,0x75,0x64,0x15,0x0D,
- 0xFF,0x55,0x30,0xEC,0x86,0x8F,0xFF,0x0D,0xEF,0x2C,0xB9,0x63,0x46,0xF6,0xAA,0xFC,
- 0xDF,0xBC,0x69,0xFD,0x2E,0x12,0x48,0x64,0x9A,0xE0,0x95,0xF0,0xA6,0xEF,0x29,0x8F,
- 0x01,0xB1,0x15,0xB5,0x0C,0x1D,0xA5,0xFE,0x69,0x2C,0x69,0x24,0x78,0x1E,0xB3,0xA7,
- 0x1C,0x71,0x62,0xEE,0xCA,0xC8,0x97,0xAC,0x17,0x5D,0x8A,0xC2,0xF8,0x47,0x86,0x6E,
- 0x2A,0xC4,0x56,0x31,0x95,0xD0,0x67,0x89,0x85,0x2B,0xF9,0x6C,0xA6,0x5D,0x46,0x9D,
- 0x0C,0xAA,0x82,0xE4,0x99,0x51,0xDD,0x70,0xB7,0xDB,0x56,0x3D,0x61,0xE4,0x6A,0xE1,
- 0x5C,0xD6,0xF6,0xFE,0x3D,0xDE,0x41,0xCC,0x07,0xAE,0x63,0x52,0xBF,0x53,0x53,0xF4,
- 0x2B,0xE9,0xC7,0xFD,0xB6,0xF7,0x82,0x5F,0x85,0xD2,0x41,0x18,0xDB,0x81,0xB3,0x04,
- 0x1C,0xC5,0x1F,0xA4,0x80,0x6F,0x15,0x20,0xC9,0xDE,0x0C,0x88,0x0A,0x1D,0xD6,0x66,
- 0x55,0xE2,0xFC,0x48,0xC9,0x29,0x26,0x69,0xE0,
-};
-
-
-static void tests(void)
-{
- SecTrustRef trust = NULL;
- SecPolicyRef policy = NULL;
- SecCertificateRef cert0, cert1, cert2, cert3, cert4;
- SecTrustResultType trustResult;
-
- isnt(cert0 = SecCertificateCreateWithBytes(NULL, c0, sizeof(c0)), NULL, "create cert0");
- isnt(cert1 = SecCertificateCreateWithBytes(NULL, c1, sizeof(c1)), NULL, "create cert1");
- isnt(cert2 = SecCertificateCreateWithBytes(NULL, c2, sizeof(c2)), NULL, "create cert2");
- isnt(cert3 = SecCertificateCreateWithBytes(NULL, c3, sizeof(c3)), NULL, "create cert3");
- isnt(cert4 = SecCertificateCreateWithBytes(NULL, c4, sizeof(c4)), NULL, "create cert4");
-
- const void *v_certs[] = { cert0, cert1, cert2, cert3 };
- const void *v_roots[] = { cert4 };
- CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
- CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
-
- /* Create SSL policy with specific hostname. */
- isnt(policy = SecPolicyCreateSSL(true, CFSTR("nmd.mcd06643.sjc.wayport.net")), NULL, "create policy");
-
- /* Create trust reference. */
- ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
-
- /* Set explicit verify date: Aug 14 2015. */
- CFDateRef date = NULL;
- isnt(date = CFDateCreateForGregorianZuluMoment(NULL, 2015, 8, 14, 12, 0, 0), NULL, "create verify date");
- ok_status(SecTrustSetVerifyDate(trust, date), "set date");
-
- /* Provide root certificate. */
- ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
-
- ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
- is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
- is(SecTrustGetCertificateCount(trust), 5, "cert count is 5");
-
- CFReleaseSafe(date);
- CFReleaseSafe(trust);
- CFReleaseSafe(policy);
- CFReleaseSafe(certs);
- CFReleaseSafe(roots);
- CFReleaseSafe(cert4);
- CFReleaseSafe(cert3);
- CFReleaseSafe(cert2);
- CFReleaseSafe(cert1);
- CFReleaseSafe(cert0);
-}
-
-int si_20_sectrust_att(int argc, char *const *argv)
-{
- plan_tests(13);
-
- tests();
-
- return 0;
-}
/*
- * Copyright (c) 2006-2010,2012-2014 Apple Inc. All Rights Reserved.
+ * Copyright (c) 2006-2010,2012-2015 Apple Inc. All Rights Reserved.
*/
#include <CoreFoundation/CoreFoundation.h>
#include <unistd.h>
#include "Security_regressions.h"
-
-/*
- Serial Number:
- 45:a8:3a:4a:79:4d:0c:2d:71:20:12:5a:7c:82:c0:af
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA
- Validity
- Not Before: May 5 00:00:00 2014 GMT
- Not After : May 4 23:59:59 2016 GMT
- Subject: 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/businessCategory=Private Organization/serialNumber=C0806592, C=US/postalCode=95014, ST=California, L=Cupertino/street=1 Infinite Loop, O=Apple Inc., OU=GNCS Traffic Management, CN=secure1.store.apple.com
- */
-static const uint8_t _c0[] = {
- 0x30,0x82,0x05,0xFF,0x30,0x82,0x04,0xE7,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x45,
- 0xA8,0x3A,0x4A,0x79,0x4D,0x0C,0x2D,0x71,0x20,0x12,0x5A,0x7C,0x82,0xC0,0xAF,0x30,
- 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,
- 0xBE,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
- 0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
- 0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,
- 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,
- 0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,
- 0x0B,0x13,0x32,0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20,
- 0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,
- 0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20,
- 0x28,0x63,0x29,0x30,0x36,0x31,0x38,0x30,0x36,0x06,0x03,0x55,0x04,0x03,0x13,0x2F,
- 0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,
- 0x20,0x45,0x78,0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56,0x61,0x6C,0x69,0x64,0x61,
- 0x74,0x69,0x6F,0x6E,0x20,0x53,0x53,0x4C,0x20,0x53,0x47,0x43,0x20,0x43,0x41,0x30,
- 0x1E,0x17,0x0D,0x31,0x34,0x30,0x35,0x30,0x35,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,
- 0x17,0x0D,0x31,0x36,0x30,0x35,0x30,0x34,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,
- 0x82,0x01,0x1D,0x31,0x13,0x30,0x11,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,
- 0x3C,0x02,0x01,0x03,0x13,0x02,0x55,0x53,0x31,0x1B,0x30,0x19,0x06,0x0B,0x2B,0x06,
- 0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,0x13,0x0A,0x43,0x61,0x6C,0x69,0x66,
- 0x6F,0x72,0x6E,0x69,0x61,0x31,0x1D,0x30,0x1B,0x06,0x03,0x55,0x04,0x0F,0x13,0x14,
- 0x50,0x72,0x69,0x76,0x61,0x74,0x65,0x20,0x4F,0x72,0x67,0x61,0x6E,0x69,0x7A,0x61,
- 0x74,0x69,0x6F,0x6E,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,0x04,0x05,0x13,0x08,0x43,
- 0x30,0x38,0x30,0x36,0x35,0x39,0x32,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
- 0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x11,0x14,0x05,0x39,
- 0x35,0x30,0x31,0x34,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x13,0x0A,0x43,
- 0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x12,0x30,0x10,0x06,0x03,0x55,
- 0x04,0x07,0x14,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,0x31,0x18,0x30,
- 0x16,0x06,0x03,0x55,0x04,0x09,0x14,0x0F,0x31,0x20,0x49,0x6E,0x66,0x69,0x6E,0x69,
- 0x74,0x65,0x20,0x4C,0x6F,0x6F,0x70,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,
- 0x14,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x20,0x30,0x1E,
- 0x06,0x03,0x55,0x04,0x0B,0x14,0x17,0x47,0x4E,0x43,0x53,0x20,0x54,0x72,0x61,0x66,
- 0x66,0x69,0x63,0x20,0x4D,0x61,0x6E,0x61,0x67,0x65,0x6D,0x65,0x6E,0x74,0x31,0x20,
- 0x30,0x1E,0x06,0x03,0x55,0x04,0x03,0x14,0x17,0x73,0x65,0x63,0x75,0x72,0x65,0x31,
- 0x2E,0x73,0x74,0x6F,0x72,0x65,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,
- 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,
- 0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,
- 0x00,0x97,0x1D,0x2E,0x6C,0x69,0x78,0x01,0x17,0xB2,0x6D,0x17,0x50,0x26,0xAE,0x25,
- 0xAA,0x30,0x81,0xB8,0xD6,0xDC,0x46,0x67,0x90,0x24,0xC2,0x23,0x50,0x33,0x74,0x5A,
- 0x71,0x7F,0x6D,0xC0,0xEE,0x15,0x58,0x64,0x57,0xEF,0xE9,0x02,0xAB,0xB6,0x93,0xA3,
- 0x6B,0xFE,0xA9,0xD6,0x53,0x07,0x19,0x08,0xC5,0xC5,0x9D,0x8E,0x4D,0xE8,0x00,0xE8,
- 0x49,0x2B,0x70,0x17,0x46,0xE8,0xAF,0xA1,0x2E,0x85,0x5F,0xA7,0x06,0x58,0xBF,0x64,
- 0x0B,0xF5,0xD3,0xD4,0xF8,0x6B,0xAA,0x6C,0x8E,0x5F,0xE7,0x12,0x86,0x58,0x9A,0xFC,
- 0xDB,0x44,0x9E,0x39,0xA9,0x78,0xE9,0x2D,0x5C,0xE2,0x8A,0x87,0x19,0xB6,0xB3,0xD5,
- 0xB6,0x19,0xD0,0x97,0x1B,0xA3,0xE2,0xF6,0x04,0xCE,0xC6,0xEB,0xC3,0xC9,0x50,0x55,
- 0x57,0xE5,0xE1,0x0B,0xCB,0x31,0x2A,0x4A,0x3E,0xC9,0xFC,0x87,0xC4,0x44,0x7D,0x5A,
- 0x74,0x4D,0x51,0xAD,0xCA,0xD6,0x04,0x2C,0x3B,0x4B,0xE1,0x0F,0x31,0x71,0x00,0xEF,
- 0x18,0x66,0x87,0x7E,0xAD,0x0A,0x68,0x23,0x81,0x8F,0x72,0xED,0x8E,0x5A,0xD1,0xD7,
- 0x4E,0xBB,0x5E,0x38,0x20,0x48,0x77,0x69,0x19,0x55,0x33,0xC9,0x77,0x2A,0x8B,0xBF,
- 0xEB,0xB7,0xF4,0xEB,0x2E,0x00,0x58,0x3C,0x86,0xDB,0x4D,0x95,0xB9,0x93,0x9C,0x78,
- 0x39,0xDA,0x4C,0xAA,0xA3,0xB5,0xA6,0xA0,0xBA,0xBC,0x28,0xDB,0xE7,0x9F,0x2A,0x36,
- 0x40,0x68,0xBC,0x22,0x3D,0xA9,0x4C,0xFC,0x62,0xCA,0x2C,0x61,0xE0,0x30,0xA4,0xAC,
- 0x82,0x63,0xE2,0xE5,0xF0,0xEA,0x32,0x96,0x7B,0xB9,0xDC,0x3A,0x2D,0x1A,0x99,0x28,
- 0x47,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x95,0x30,0x82,0x01,0x91,0x30,0x3B,
- 0x06,0x03,0x55,0x1D,0x11,0x04,0x34,0x30,0x32,0x82,0x17,0x73,0x65,0x63,0x75,0x72,
- 0x65,0x32,0x2E,0x73,0x74,0x6F,0x72,0x65,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,
- 0x6F,0x6D,0x82,0x17,0x73,0x65,0x63,0x75,0x72,0x65,0x31,0x2E,0x73,0x74,0x6F,0x72,
- 0x65,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x09,0x06,0x03,0x55,
- 0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,
- 0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x28,0x06,0x03,0x55,0x1D,0x25,0x04,0x21,0x30,
- 0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,
- 0x05,0x05,0x07,0x03,0x02,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,
- 0x30,0x66,0x06,0x03,0x55,0x1D,0x20,0x04,0x5F,0x30,0x5D,0x30,0x5B,0x06,0x0B,0x60,
- 0x86,0x48,0x01,0x86,0xF8,0x45,0x01,0x07,0x17,0x06,0x30,0x4C,0x30,0x23,0x06,0x08,
- 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x17,0x68,0x74,0x74,0x70,0x73,0x3A,
- 0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,
- 0x73,0x30,0x25,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x19,0x1A,
- 0x17,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,
- 0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,
- 0x18,0x30,0x16,0x80,0x14,0x4E,0x43,0xC8,0x1D,0x76,0xEF,0x37,0x53,0x7A,0x4F,0xF2,
- 0x58,0x6F,0x94,0xF3,0x38,0xE2,0xD5,0xBD,0xDF,0x30,0x2B,0x06,0x03,0x55,0x1D,0x1F,
- 0x04,0x24,0x30,0x22,0x30,0x20,0xA0,0x1E,0xA0,0x1C,0x86,0x1A,0x68,0x74,0x74,0x70,
- 0x3A,0x2F,0x2F,0x73,0x62,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,
- 0x73,0x62,0x2E,0x63,0x72,0x6C,0x30,0x57,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
- 0x01,0x01,0x04,0x4B,0x30,0x49,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
- 0x30,0x01,0x86,0x13,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x62,0x2E,0x73,0x79,
- 0x6D,0x63,0x64,0x2E,0x63,0x6F,0x6D,0x30,0x26,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,
- 0x07,0x30,0x02,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x62,0x2E,0x73,
- 0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x62,0x2E,0x63,0x72,0x74,0x30,
- 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
- 0x01,0x01,0x00,0xA4,0x6A,0x52,0x42,0x67,0x97,0x00,0x8D,0xBF,0xB1,0x3D,0x4C,0x80,
- 0xFD,0x92,0xAB,0x34,0x95,0x89,0x3D,0x2D,0xEF,0x18,0xB9,0x1A,0x5F,0x86,0x52,0x59,
- 0x09,0xCF,0x22,0xBF,0x4A,0xC1,0x27,0xEF,0x4C,0xB5,0xF2,0xD8,0xAD,0xB6,0xAA,0x97,
- 0x0D,0xF1,0x43,0xED,0x15,0x08,0x68,0xBD,0x55,0xE3,0x71,0xA6,0x92,0x10,0x5F,0x20,
- 0xC9,0x15,0xD1,0x0C,0xE4,0x24,0xE6,0x1C,0xC2,0xCF,0x19,0x5C,0x0B,0xDE,0x6B,0x34,
- 0xA1,0xF1,0x18,0x0C,0x27,0x74,0xEA,0x2C,0xEA,0xB0,0x04,0x1C,0x20,0x87,0xD1,0x7A,
- 0x8B,0x82,0xB7,0x31,0xD9,0x33,0xDE,0x7C,0x96,0xD1,0x6F,0x40,0x9F,0xDC,0x7C,0x9D,
- 0x3D,0x09,0xCB,0x93,0xCC,0x6D,0xBE,0xE1,0x1C,0xD8,0x7D,0x66,0x70,0xAF,0x86,0x93,
- 0x86,0xCA,0x77,0x83,0xB6,0xCA,0x86,0xDB,0x83,0xFC,0x6A,0x5C,0xCF,0x93,0x0C,0x1D,
- 0x55,0x1C,0xD9,0xBB,0xFD,0x8E,0xE6,0x2E,0xC8,0x13,0x1C,0x27,0x3F,0x73,0x4F,0x19,
- 0x49,0x40,0xB6,0x75,0x71,0x5B,0x02,0xCA,0x16,0x62,0x56,0x6A,0x6A,0xA8,0x37,0x97,
- 0x67,0x9D,0xD5,0x24,0x34,0x77,0x46,0x3F,0xCA,0xBD,0x02,0x5C,0xDA,0xD8,0x0A,0x29,
- 0x72,0xB1,0xBA,0x38,0x04,0xC3,0xA5,0xEF,0xAF,0x30,0x80,0x03,0x66,0xF9,0x96,0x44,
- 0x3D,0x1C,0x8C,0x87,0x64,0x37,0xF3,0xAF,0x62,0xAD,0xF8,0xE5,0x53,0x9F,0x7A,0x70,
- 0xDA,0x8C,0x00,0x9C,0x13,0xDF,0x7F,0xC4,0x0C,0xE9,0x72,0xA3,0x72,0x39,0x97,0xF5,
- 0xE1,0x38,0x12,0xF3,0xAB,0x9D,0xC2,0xAB,0xE3,0xED,0xD8,0x43,0x9A,0xAC,0x1E,0x7A,
- 0xB7,0x0A,0x3F,
-};
-
-static const uint8_t _c0_serial[] = {
- 0x45, 0xA8, 0x3A, 0x4A, 0x79, 0x4D, 0x0C, 0x2d,
- 0x71, 0x20, 0x12, 0x5A, 0x7C, 0x82, 0xC0, 0xAF
-};
-
-/*
- Serial Number:
- 2c:48:dd:93:0d:f5:59:8e:f9:3c:99:54:7a:60:ed:43
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
- Validity
- Not Before: Nov 8 00:00:00 2006 GMT
- Not After : Nov 7 23:59:59 2016 GMT
- Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA
- */
-static const uint8_t _c1[] = {
- 0x30,0x82,0x06,0x1E,0x30,0x82,0x05,0x06,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x2C,
- 0x48,0xDD,0x93,0x0D,0xF5,0x59,0x8E,0xF9,0x3C,0x99,0x54,0x7A,0x60,0xED,0x43,0x30,
- 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,
- 0xCA,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
- 0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
- 0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,
- 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,
- 0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,
- 0x0B,0x13,0x31,0x28,0x63,0x29,0x20,0x32,0x30,0x30,0x36,0x20,0x56,0x65,0x72,0x69,
- 0x53,0x69,0x67,0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x20,0x2D,0x20,0x46,0x6F,0x72,
- 0x20,0x61,0x75,0x74,0x68,0x6F,0x72,0x69,0x7A,0x65,0x64,0x20,0x75,0x73,0x65,0x20,
- 0x6F,0x6E,0x6C,0x79,0x31,0x45,0x30,0x43,0x06,0x03,0x55,0x04,0x03,0x13,0x3C,0x56,
- 0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,
- 0x50,0x75,0x62,0x6C,0x69,0x63,0x20,0x50,0x72,0x69,0x6D,0x61,0x72,0x79,0x20,0x43,
- 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,
- 0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x2D,0x20,0x47,0x35,0x30,0x1E,0x17,0x0D,0x30,
- 0x36,0x31,0x31,0x30,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x31,0x36,
- 0x31,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x81,0xBE,0x31,0x0B,
- 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,
- 0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x2C,0x20,
- 0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,0x13,0x16,0x56,
- 0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4E,0x65,
- 0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,0x0B,0x13,0x32,
- 0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20,0x61,0x74,0x20,
- 0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,0x65,0x72,0x69,
- 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20,0x28,0x63,0x29,
- 0x30,0x36,0x31,0x38,0x30,0x36,0x06,0x03,0x55,0x04,0x03,0x13,0x2F,0x56,0x65,0x72,
- 0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,0x45,0x78,
- 0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56,0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F,
- 0x6E,0x20,0x53,0x53,0x4C,0x20,0x53,0x47,0x43,0x20,0x43,0x41,0x30,0x82,0x01,0x22,
- 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,
- 0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xBD,0x56,0x88,
- 0xBA,0x88,0x34,0x64,0x64,0xCF,0xCD,0xCA,0xB0,0xEE,0xE7,0x19,0x73,0xC5,0x72,0xD9,
- 0xBB,0x45,0xBC,0xB5,0xA8,0xFF,0x83,0xBE,0x1C,0x03,0xDB,0xED,0x89,0xB7,0x2E,0x10,
- 0x1A,0x25,0xBC,0x55,0xCA,0x41,0xA1,0x9F,0x0B,0xCF,0x19,0x5E,0x70,0xB9,0x5E,0x39,
- 0x4B,0x9E,0x31,0x1C,0x5F,0x87,0xAE,0x2A,0xAA,0xA8,0x2B,0xA2,0x1B,0x3B,0x10,0x23,
- 0x5F,0x13,0xB1,0xDD,0x08,0x8C,0x4E,0x14,0xDA,0x83,0x81,0xE3,0xB5,0x8C,0xE3,0x68,
- 0xED,0x24,0x67,0xCE,0x56,0xB6,0xAC,0x9B,0x73,0x96,0x44,0xDB,0x8A,0x8C,0xB3,0xD6,
- 0xF0,0x71,0x93,0x8E,0xDB,0x71,0x54,0x4A,0xEB,0x73,0x59,0x6A,0x8F,0x70,0x51,0x2C,
- 0x03,0x9F,0x97,0xD1,0xCC,0x11,0x7A,0xBC,0x62,0x0D,0x95,0x2A,0xC9,0x1C,0x75,0x57,
- 0xE9,0xF5,0xC7,0xEA,0xBA,0x84,0x35,0xCB,0xC7,0x85,0x5A,0x7E,0xE4,0x4D,0xE1,0x11,
- 0x97,0x7D,0x0E,0x20,0x34,0x45,0xDB,0xF1,0xA2,0x09,0xEB,0xEB,0x3D,0x9E,0xB8,0x96,
- 0x43,0x5E,0x34,0x4B,0x08,0x25,0x1E,0x43,0x1A,0xA2,0xD9,0xB7,0x8A,0x01,0x34,0x3D,
- 0xC3,0xF8,0xE5,0xAF,0x4F,0x8C,0xFF,0xCD,0x65,0xF0,0x23,0x4E,0xC5,0x97,0xB3,0x5C,
- 0xDA,0x90,0x1C,0x82,0x85,0x0D,0x06,0x0D,0xC1,0x22,0xB6,0x7B,0x28,0xA4,0x03,0xC3,
- 0x4C,0x53,0xD1,0x58,0xBC,0x72,0xBC,0x08,0x39,0xFC,0xA0,0x76,0xA8,0xA8,0xE9,0x4B,
- 0x6E,0x88,0x3D,0xE3,0xB3,0x31,0x25,0x8C,0x73,0x29,0x48,0x0E,0x32,0x79,0x06,0xED,
- 0x3D,0x43,0xF4,0xF6,0xE4,0xE9,0xFC,0x7D,0xBE,0x8E,0x08,0xD5,0x1F,0x02,0x03,0x01,
- 0x00,0x01,0xA3,0x82,0x02,0x08,0x30,0x82,0x02,0x04,0x30,0x1D,0x06,0x03,0x55,0x1D,
- 0x0E,0x04,0x16,0x04,0x14,0x4E,0x43,0xC8,0x1D,0x76,0xEF,0x37,0x53,0x7A,0x4F,0xF2,
- 0x58,0x6F,0x94,0xF3,0x38,0xE2,0xD5,0xBD,0xDF,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,
- 0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x3D,0x06,
- 0x03,0x55,0x1D,0x20,0x04,0x36,0x30,0x34,0x30,0x32,0x06,0x04,0x55,0x1D,0x20,0x00,
- 0x30,0x2A,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C,
- 0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,0x65,0x72,0x69,
- 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,0x30,0x3D,0x06,0x03,
- 0x55,0x1D,0x1F,0x04,0x36,0x30,0x34,0x30,0x32,0xA0,0x30,0xA0,0x2E,0x86,0x2C,0x68,
- 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x45,0x56,0x53,0x65,0x63,0x75,0x72,0x65,0x2D,0x63,
- 0x72,0x6C,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,
- 0x70,0x63,0x61,0x33,0x2D,0x67,0x35,0x2E,0x63,0x72,0x6C,0x30,0x0E,0x06,0x03,0x55,
- 0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x11,0x06,0x09,0x60,
- 0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x6D,
- 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0C,0x04,0x61,0x30,0x5F,0xA1,0x5D,
- 0xA0,0x5B,0x30,0x59,0x30,0x57,0x30,0x55,0x16,0x09,0x69,0x6D,0x61,0x67,0x65,0x2F,
- 0x67,0x69,0x66,0x30,0x21,0x30,0x1F,0x30,0x07,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,
- 0x04,0x14,0x8F,0xE5,0xD3,0x1A,0x86,0xAC,0x8D,0x8E,0x6B,0xC3,0xCF,0x80,0x6A,0xD4,
- 0x48,0x18,0x2C,0x7B,0x19,0x2E,0x30,0x25,0x16,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,
- 0x2F,0x6C,0x6F,0x67,0x6F,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,
- 0x6F,0x6D,0x2F,0x76,0x73,0x6C,0x6F,0x67,0x6F,0x2E,0x67,0x69,0x66,0x30,0x29,0x06,
- 0x03,0x55,0x1D,0x11,0x04,0x22,0x30,0x20,0xA4,0x1E,0x30,0x1C,0x31,0x1A,0x30,0x18,
- 0x06,0x03,0x55,0x04,0x03,0x13,0x11,0x43,0x6C,0x61,0x73,0x73,0x33,0x43,0x41,0x32,
- 0x30,0x34,0x38,0x2D,0x31,0x2D,0x34,0x38,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,
- 0x18,0x30,0x16,0x80,0x14,0x7F,0xD3,0x65,0xA7,0xC2,0xDD,0xEC,0xBB,0xF0,0x30,0x09,
- 0xF3,0x43,0x39,0xFA,0x02,0xAF,0x33,0x31,0x33,0x30,0x3D,0x06,0x08,0x2B,0x06,0x01,
- 0x05,0x05,0x07,0x01,0x01,0x04,0x31,0x30,0x2F,0x30,0x2D,0x06,0x08,0x2B,0x06,0x01,
- 0x05,0x05,0x07,0x30,0x01,0x86,0x21,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x45,0x56,
- 0x53,0x65,0x63,0x75,0x72,0x65,0x2D,0x6F,0x63,0x73,0x70,0x2E,0x76,0x65,0x72,0x69,
- 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x34,0x06,0x03,0x55,0x1D,0x25,0x04,
- 0x2D,0x30,0x2B,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,0x06,0x0A,
- 0x60,0x86,0x48,0x01,0x86,0xF8,0x45,0x01,0x08,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,
- 0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x0D,
- 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,
- 0x01,0x00,0x27,0x74,0xA6,0x34,0xEA,0x1D,0x9D,0xE1,0x53,0xD6,0x1C,0x9D,0x0C,0xA7,
- 0x5B,0x4C,0xA9,0x67,0xF2,0xF0,0x32,0xB7,0x01,0x0F,0xFB,0x42,0x18,0x38,0xDE,0xE4,
- 0xEE,0x49,0xC8,0x13,0xC9,0x0B,0xEC,0x04,0xC3,0x40,0x71,0x18,0x72,0x76,0x43,0x02,
- 0x23,0x5D,0xAB,0x7B,0xC8,0x48,0x14,0x1A,0xC8,0x7B,0x1D,0xFC,0xF6,0x0A,0x9F,0x36,
- 0xA1,0xD2,0x09,0x73,0x71,0x66,0x96,0x75,0x51,0x34,0xBF,0x99,0x30,0x51,0x67,0x9D,
- 0x54,0xB7,0x26,0x45,0xAC,0x73,0x08,0x23,0x86,0x26,0x99,0x71,0xF4,0x8E,0xD7,0xEA,
- 0x39,0x9B,0x06,0x09,0x23,0xBF,0x62,0xDD,0xA8,0xC4,0xB6,0x7D,0xA4,0x89,0x07,0x3E,
- 0xF3,0x6D,0xAE,0x40,0x59,0x50,0x79,0x97,0x37,0x3D,0x32,0x78,0x7D,0xB2,0x63,0x4B,
- 0xF9,0xEA,0x08,0x69,0x0E,0x13,0xED,0xE8,0xCF,0xBB,0xAC,0x05,0x86,0xCA,0x22,0xCF,
- 0x88,0x62,0x5D,0x3C,0x22,0x49,0xD8,0x63,0xD5,0x24,0xA6,0xBD,0xEF,0x5C,0xE3,0xCC,
- 0x20,0x3B,0x22,0xEA,0xFC,0x44,0xC6,0xA8,0xE5,0x1F,0xE1,0x86,0xCD,0x0C,0x4D,0x8F,
- 0x93,0x53,0xD9,0x7F,0xEE,0xA1,0x08,0xA7,0xB3,0x30,0x96,0x49,0x70,0x6E,0xA3,0x6C,
- 0x3D,0xD0,0x63,0xEF,0x25,0x66,0x63,0xCC,0xAA,0xB7,0x18,0x17,0x4E,0xEA,0x70,0x76,
- 0xF6,0xBA,0x42,0xA6,0x80,0x37,0x09,0x4E,0x9F,0x66,0x88,0x2E,0x6B,0x33,0x66,0xC8,
- 0xC0,0x71,0xA4,0x41,0xEB,0x5A,0xE3,0xFC,0x14,0x2E,0x4B,0x88,0xFD,0xAE,0x6E,0x5B,
- 0x65,0xE9,0x27,0xE4,0xBF,0xE4,0xB0,0x23,0xC1,0xB2,0x7D,0x5B,0x62,0x25,0xD7,0x3E,
- 0x10,0xD4,
-};
-
-
-/* subject:/C=US/ST=California/L=Cupertino/O=Apple Inc/OU=Internet Operations/CN=xedge2.apple.com
- issuer :/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority */
-const uint8_t xedge2_certificate[1385]={
-0x30,0x82,0x05,0x65,0x30,0x82,0x04,0xCE,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x46,
-0x9C,0xDF,0x96,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,
-0x05,0x00,0x30,0x81,0xC3,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
-0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x45,0x6E,0x74,
-0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,
-0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,
-0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,0x6F,0x72,0x70,0x2E,0x20,0x62,
-0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,0x6D,0x69,0x74,0x73,0x20,0x6C,
-0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,0x13,0x1C,
-0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,
-0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,0x31,0x3A,0x30,0x38,
-0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,
-0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72,
-0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,
-0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x1E,0x17,0x0D,0x30,0x38,0x30,0x31,
-0x32,0x39,0x31,0x38,0x33,0x33,0x31,0x33,0x5A,0x17,0x0D,0x31,0x30,0x30,0x31,0x32,
-0x38,0x31,0x39,0x30,0x33,0x31,0x32,0x5A,0x30,0x81,0x83,0x31,0x0B,0x30,0x09,0x06,
-0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
-0x08,0x13,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x12,0x30,
-0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,
-0x6F,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x41,0x70,0x70,0x6C,
-0x65,0x20,0x49,0x6E,0x63,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0B,0x13,0x13,
-0x49,0x6E,0x74,0x65,0x72,0x6E,0x65,0x74,0x20,0x4F,0x70,0x65,0x72,0x61,0x74,0x69,
-0x6F,0x6E,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13,0x10,0x78,0x65,
-0x64,0x67,0x65,0x32,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x81,
-0x9F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,
-0x03,0x81,0x8D,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xC7,0xF3,0xA1,0x0E,0x0E,
-0xA4,0xDF,0xC5,0x3F,0x24,0x87,0xC3,0x6E,0xE7,0xD0,0x7C,0x2B,0x5A,0x1C,0xF3,0x67,
-0x6C,0x6B,0x56,0x0A,0x95,0xC9,0xE5,0x13,0x28,0x6E,0x16,0x9D,0x4F,0xB1,0x76,0xFB,
-0x7D,0x42,0x5B,0x2A,0x7C,0xCC,0x97,0x75,0xAA,0xA6,0xA9,0xDE,0xB2,0xEC,0xEF,0xE2,
-0xAB,0x40,0xAE,0x9A,0x23,0xF0,0x6A,0x10,0xB3,0x75,0x27,0xF0,0xF4,0x7D,0x08,0x67,
-0x8F,0xCE,0x41,0x24,0x74,0xAA,0x37,0xB6,0xC1,0x32,0x61,0xCF,0x7D,0x1C,0x21,0xCD,
-0xCF,0x7C,0x9E,0xE2,0x48,0x03,0x7E,0x78,0xB3,0x86,0x3D,0x06,0x6B,0x39,0xEC,0xC8,
-0x73,0x68,0xDB,0xE7,0x5B,0x97,0xF4,0xF9,0xA3,0xE7,0xFB,0x81,0x2E,0x4D,0x0B,0x3F,
-0xA9,0xCA,0xDE,0x32,0x26,0xF3,0xF0,0x97,0x72,0x65,0xAB,0x02,0x03,0x01,0x00,0x01,
-0xA3,0x82,0x02,0xA2,0x30,0x82,0x02,0x9E,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,
-0x04,0x03,0x02,0x05,0xA0,0x30,0x2B,0x06,0x03,0x55,0x1D,0x10,0x04,0x24,0x30,0x22,
-0x80,0x0F,0x32,0x30,0x30,0x38,0x30,0x31,0x32,0x39,0x31,0x38,0x33,0x33,0x31,0x33,
-0x5A,0x81,0x0F,0x32,0x30,0x31,0x30,0x30,0x31,0x32,0x38,0x31,0x39,0x30,0x33,0x31,
-0x32,0x5A,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,0x04,
-0x04,0x03,0x02,0x06,0x40,0x30,0x13,0x06,0x03,0x55,0x1D,0x25,0x04,0x0C,0x30,0x0A,
-0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x82,0x01,0x68,0x06,0x03,
-0x55,0x1D,0x20,0x04,0x82,0x01,0x5F,0x30,0x82,0x01,0x5B,0x30,0x82,0x01,0x57,0x06,
-0x09,0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x4B,0x02,0x30,0x82,0x01,0x48,0x30,0x26,
-0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1A,0x68,0x74,0x74,0x70,
-0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,
-0x65,0x74,0x2F,0x63,0x70,0x73,0x30,0x82,0x01,0x1C,0x06,0x08,0x2B,0x06,0x01,0x05,
-0x05,0x07,0x02,0x02,0x30,0x82,0x01,0x0E,0x1A,0x82,0x01,0x0A,0x54,0x68,0x65,0x20,
-0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x20,0x53,0x53,0x4C,0x20,0x57,0x65,0x62,0x20,
-0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,
-0x74,0x69,0x6F,0x6E,0x20,0x50,0x72,0x61,0x63,0x74,0x69,0x63,0x65,0x20,0x53,0x74,
-0x61,0x74,0x65,0x6D,0x65,0x6E,0x74,0x20,0x28,0x43,0x50,0x53,0x29,0x20,0x61,0x76,
-0x61,0x69,0x6C,0x61,0x62,0x6C,0x65,0x20,0x61,0x74,0x20,0x77,0x77,0x77,0x2E,0x65,
-0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,0x73,0x20,0x20,
-0x69,0x73,0x20,0x68,0x65,0x72,0x65,0x62,0x79,0x20,0x69,0x6E,0x63,0x6F,0x72,0x70,
-0x6F,0x72,0x61,0x74,0x65,0x64,0x20,0x69,0x6E,0x74,0x6F,0x20,0x79,0x6F,0x75,0x72,
-0x20,0x75,0x73,0x65,0x20,0x6F,0x72,0x20,0x72,0x65,0x6C,0x69,0x61,0x6E,0x63,0x65,
-0x20,0x6F,0x6E,0x20,0x74,0x68,0x69,0x73,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,
-0x63,0x61,0x74,0x65,0x2E,0x20,0x20,0x54,0x68,0x69,0x73,0x20,0x43,0x50,0x53,0x20,
-0x63,0x6F,0x6E,0x74,0x61,0x69,0x6E,0x73,0x20,0x6C,0x69,0x6D,0x69,0x74,0x61,0x74,
-0x69,0x6F,0x6E,0x73,0x20,0x6F,0x6E,0x20,0x77,0x61,0x72,0x72,0x61,0x6E,0x74,0x69,
-0x65,0x73,0x20,0x61,0x6E,0x64,0x20,0x6C,0x69,0x61,0x62,0x69,0x6C,0x69,0x74,0x69,
-0x65,0x73,0x2E,0x20,0x43,0x6F,0x70,0x79,0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63,
-0x29,0x20,0x32,0x30,0x30,0x32,0x20,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x20,0x4C,
-0x69,0x6D,0x69,0x74,0x65,0x64,0x30,0x33,0x06,0x03,0x55,0x1D,0x1F,0x04,0x2C,0x30,
-0x2A,0x30,0x28,0xA0,0x26,0xA0,0x24,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,
-0x63,0x72,0x6C,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,
-0x73,0x65,0x72,0x76,0x65,0x72,0x31,0x2E,0x63,0x72,0x6C,0x30,0x33,0x06,0x08,0x2B,
-0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x27,0x30,0x25,0x30,0x23,0x06,0x08,0x2B,
-0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x17,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,
-0x6F,0x63,0x73,0x70,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,
-0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xF0,0x17,0x62,
-0x13,0x55,0x3D,0xB3,0xFF,0x0A,0x00,0x6B,0xFB,0x50,0x84,0x97,0xF3,0xED,0x62,0xD0,
-0x1A,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x2D,0xEF,0xD9,0xAF,
-0x1A,0x89,0x40,0x53,0x75,0x48,0x26,0x59,0x2F,0xEC,0x11,0x18,0xC0,0xD1,0x7A,0x34,
-0x30,0x09,0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x19,0x06,0x09,0x2A,
-0x86,0x48,0x86,0xF6,0x7D,0x07,0x41,0x00,0x04,0x0C,0x30,0x0A,0x1B,0x04,0x56,0x37,
-0x2E,0x31,0x03,0x02,0x03,0x28,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,
-0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x77,0x33,0x2A,0x69,0x45,0x5A,0xB2,
-0xF5,0x74,0xF7,0xDF,0xC7,0x08,0x85,0x86,0x88,0x98,0x41,0x7F,0x57,0x49,0x01,0xBA,
-0x13,0x21,0x40,0xD0,0x0A,0x5C,0xA7,0x37,0xDF,0xB3,0x7E,0xF8,0xED,0x04,0x63,0xC3,
-0xE8,0x0F,0xA0,0xE5,0xC4,0x4F,0x3A,0x90,0xE4,0x87,0x5F,0xEC,0xDB,0x65,0x8B,0x6E,
-0x88,0x6E,0x6E,0xE4,0xBC,0x6A,0x7E,0x37,0x47,0x04,0xFF,0x09,0xC6,0x70,0xE1,0x65,
-0x8F,0xE3,0xE9,0x60,0xEB,0xE8,0x8E,0x29,0xAE,0xF9,0x81,0xCA,0x9A,0x97,0x3C,0x6F,
-0x7C,0xFA,0xA8,0x49,0xB4,0x33,0x76,0x9C,0x65,0x92,0x12,0xF6,0x7F,0x6A,0x62,0x84,
-0x29,0x5F,0x14,0x26,0x6E,0x07,0x6F,0x5C,0xB5,0x7C,0x21,0x64,0x7C,0xD9,0x93,0xF4,
-0x9C,0xC8,0xE7,0xEC,0xC6,0xAC,0x13,0xC4,0xF0
-};
-
-const uint8_t entrust1024RootCA[1244]={
- 0x30,0x82,0x04,0xD8,0x30,0x82,0x04,0x41,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x37,
- 0x4A,0xD2,0x43,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,
- 0x05,0x00,0x30,0x81,0xC3,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
- 0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x45,0x6E,0x74,
- 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,
- 0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,
- 0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,0x6F,0x72,0x70,0x2E,0x20,0x62,
- 0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,0x6D,0x69,0x74,0x73,0x20,0x6C,
- 0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,0x13,0x1C,
- 0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,
- 0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,0x31,0x3A,0x30,0x38,
- 0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,
- 0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72,
- 0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,
- 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x1E,0x17,0x0D,0x39,0x39,0x30,0x35,
- 0x32,0x35,0x31,0x36,0x30,0x39,0x34,0x30,0x5A,0x17,0x0D,0x31,0x39,0x30,0x35,0x32,
- 0x35,0x31,0x36,0x33,0x39,0x34,0x30,0x5A,0x30,0x81,0xC3,0x31,0x0B,0x30,0x09,0x06,
- 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,
- 0x0A,0x13,0x0B,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,
- 0x30,0x39,0x06,0x03,0x55,0x04,0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,
- 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,
- 0x6F,0x72,0x70,0x2E,0x20,0x62,0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,
- 0x6D,0x69,0x74,0x73,0x20,0x6C,0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,
- 0x03,0x55,0x04,0x0B,0x13,0x1C,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,
- 0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,
- 0x65,0x64,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,
- 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,
- 0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,
- 0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x81,
- 0x9D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,
- 0x03,0x81,0x8B,0x00,0x30,0x81,0x87,0x02,0x81,0x81,0x00,0xCD,0x28,0x83,0x34,0x54,
- 0x1B,0x89,0xF3,0x0F,0xAF,0x37,0x91,0x31,0xFF,0xAF,0x31,0x60,0xC9,0xA8,0xE8,0xB2,
- 0x10,0x68,0xED,0x9F,0xE7,0x93,0x36,0xF1,0x0A,0x64,0xBB,0x47,0xF5,0x04,0x17,0x3F,
- 0x23,0x47,0x4D,0xC5,0x27,0x19,0x81,0x26,0x0C,0x54,0x72,0x0D,0x88,0x2D,0xD9,0x1F,
- 0x9A,0x12,0x9F,0xBC,0xB3,0x71,0xD3,0x80,0x19,0x3F,0x47,0x66,0x7B,0x8C,0x35,0x28,
- 0xD2,0xB9,0x0A,0xDF,0x24,0xDA,0x9C,0xD6,0x50,0x79,0x81,0x7A,0x5A,0xD3,0x37,0xF7,
- 0xC2,0x4A,0xD8,0x29,0x92,0x26,0x64,0xD1,0xE4,0x98,0x6C,0x3A,0x00,0x8A,0xF5,0x34,
- 0x9B,0x65,0xF8,0xED,0xE3,0x10,0xFF,0xFD,0xB8,0x49,0x58,0xDC,0xA0,0xDE,0x82,0x39,
- 0x6B,0x81,0xB1,0x16,0x19,0x61,0xB9,0x54,0xB6,0xE6,0x43,0x02,0x01,0x03,0xA3,0x82,
- 0x01,0xD7,0x30,0x82,0x01,0xD3,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,
- 0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x82,0x01,0x19,0x06,0x03,0x55,
- 0x1D,0x1F,0x04,0x82,0x01,0x10,0x30,0x82,0x01,0x0C,0x30,0x81,0xDE,0xA0,0x81,0xDB,
- 0xA0,0x81,0xD8,0xA4,0x81,0xD5,0x30,0x81,0xD2,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,
- 0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,
- 0x0B,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,0x30,0x39,
- 0x06,0x03,0x55,0x04,0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,
- 0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,0x6F,0x72,
- 0x70,0x2E,0x20,0x62,0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,0x6D,0x69,
- 0x74,0x73,0x20,0x6C,0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,0x03,0x55,
- 0x04,0x0B,0x13,0x1C,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,0x6E,0x74,
- 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,
- 0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,0x72,0x75,
- 0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,
- 0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,
- 0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x0D,0x30,0x0B,
- 0x06,0x03,0x55,0x04,0x03,0x13,0x04,0x43,0x52,0x4C,0x31,0x30,0x29,0xA0,0x27,0xA0,
- 0x25,0x86,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x65,0x6E,
- 0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x43,0x52,0x4C,0x2F,0x6E,0x65,
- 0x74,0x31,0x2E,0x63,0x72,0x6C,0x30,0x2B,0x06,0x03,0x55,0x1D,0x10,0x04,0x24,0x30,
- 0x22,0x80,0x0F,0x31,0x39,0x39,0x39,0x30,0x35,0x32,0x35,0x31,0x36,0x30,0x39,0x34,
- 0x30,0x5A,0x81,0x0F,0x32,0x30,0x31,0x39,0x30,0x35,0x32,0x35,0x31,0x36,0x30,0x39,
- 0x34,0x30,0x5A,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x01,0x06,
- 0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xF0,0x17,0x62,
- 0x13,0x55,0x3D,0xB3,0xFF,0x0A,0x00,0x6B,0xFB,0x50,0x84,0x97,0xF3,0xED,0x62,0xD0,
- 0x1A,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xF0,0x17,0x62,0x13,
- 0x55,0x3D,0xB3,0xFF,0x0A,0x00,0x6B,0xFB,0x50,0x84,0x97,0xF3,0xED,0x62,0xD0,0x1A,
- 0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x19,
- 0x06,0x09,0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x41,0x00,0x04,0x0C,0x30,0x0A,0x1B,
- 0x04,0x56,0x34,0x2E,0x30,0x03,0x02,0x04,0x90,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
- 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x90,0xDC,0x30,0x02,
- 0xFA,0x64,0x74,0xC2,0xA7,0x0A,0xA5,0x7C,0x21,0x8D,0x34,0x17,0xA8,0xFB,0x47,0x0E,
- 0xFF,0x25,0x7C,0x8D,0x13,0x0A,0xFB,0xE4,0x98,0xB5,0xEF,0x8C,0xF8,0xC5,0x10,0x0D,
- 0xF7,0x92,0xBE,0xF1,0xC3,0xD5,0xD5,0x95,0x6A,0x04,0xBB,0x2C,0xCE,0x26,0x36,0x65,
- 0xC8,0x31,0xC6,0xE7,0xEE,0x3F,0xE3,0x57,0x75,0x84,0x7A,0x11,0xEF,0x46,0x4F,0x18,
- 0xF4,0xD3,0x98,0xBB,0xA8,0x87,0x32,0xBA,0x72,0xF6,0x3C,0xE2,0x3D,0x9F,0xD7,0x1D,
- 0xD9,0xC3,0x60,0x43,0x8C,0x58,0x0E,0x22,0x96,0x2F,0x62,0xA3,0x2C,0x1F,0xBA,0xAD,
- 0x05,0xEF,0xAB,0x32,0x78,0x87,0xA0,0x54,0x73,0x19,0xB5,0x5C,0x05,0xF9,0x52,0x3E,
- 0x6D,0x2D,0x45,0x0B,0xF7,0x0A,0x93,0xEA,0xED,0x06,0xF9,0xB2,
-};
-
-
-/* subject:/CN=garthc2.apple.com/O=Apple Inc./OU=DTS/ST=California/C=US/L=Cupertino/emailAddress=gcummings@apple.com
- issuer :/CN=garthc2.apple.com/O=Apple Inc./OU=DTS/ST=California/C=US/L=Cupertino/emailAddress=gcummings@apple.com */
-const uint8_t garthc2_certificate[730]={
-0x30,0x82,0x02,0xD6,0x30,0x82,0x02,0x3F,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
-0x30,0x0B,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x30,0x81,0x99,
-0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x67,0x61,0x72,0x74,0x68,
-0x63,0x32,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x13,0x30,0x11,
-0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,
-0x2E,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x0B,0x0C,0x03,0x44,0x54,0x53,0x31,
-0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,
-0x72,0x6E,0x69,0x61,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
-0x53,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65,
-0x72,0x74,0x69,0x6E,0x6F,0x31,0x22,0x30,0x20,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
-0x0D,0x01,0x09,0x01,0x16,0x13,0x67,0x63,0x75,0x6D,0x6D,0x69,0x6E,0x67,0x73,0x40,
-0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,0x0D,0x30,0x39,0x30,
-0x37,0x31,0x36,0x32,0x32,0x34,0x39,0x31,0x30,0x5A,0x17,0x0D,0x31,0x30,0x30,0x37,
-0x31,0x36,0x32,0x32,0x34,0x39,0x31,0x30,0x5A,0x30,0x81,0x99,0x31,0x1A,0x30,0x18,
-0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x67,0x61,0x72,0x74,0x68,0x63,0x32,0x2E,0x61,
-0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
-0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0C,0x30,
-0x0A,0x06,0x03,0x55,0x04,0x0B,0x0C,0x03,0x44,0x54,0x53,0x31,0x13,0x30,0x11,0x06,
-0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,
-0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x12,0x30,
-0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,
-0x6F,0x31,0x22,0x30,0x20,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,
-0x16,0x13,0x67,0x63,0x75,0x6D,0x6D,0x69,0x6E,0x67,0x73,0x40,0x61,0x70,0x70,0x6C,
-0x65,0x2E,0x63,0x6F,0x6D,0x30,0x81,0x9F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
-0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8D,0x00,0x30,0x81,0x89,0x02,0x81,
-0x81,0x00,0xCF,0x30,0xD9,0x9D,0x9C,0xD5,0x6F,0xCB,0xB1,0xD1,0xC2,0x73,0xE2,0xB4,
-0x06,0xC3,0x16,0x6D,0x0E,0x68,0x40,0x5E,0x92,0xFC,0xD9,0x14,0xD2,0x5E,0x21,0x50,
-0x66,0x41,0x96,0x3A,0x76,0x26,0xF6,0x6C,0x3C,0xA2,0xD4,0x84,0x91,0x09,0x2E,0x23,
-0x2D,0x07,0x38,0x48,0x58,0x31,0xE5,0x00,0x08,0xB1,0x6C,0x5D,0x39,0x50,0x30,0xF7,
-0x68,0x12,0x99,0xB5,0x4C,0x86,0x1E,0xA5,0xF4,0x0C,0xCB,0xCB,0x25,0xB0,0x7C,0x6A,
-0xFE,0x28,0xD4,0x34,0xA5,0xD2,0x94,0x5E,0xBE,0x5F,0xC1,0x61,0xAE,0xB5,0xD2,0xD2,
-0x18,0x34,0x07,0x02,0xA8,0x56,0xAC,0x55,0x4D,0x87,0x56,0x8A,0xBA,0x1B,0x17,0x26,
-0x11,0x9B,0xF8,0x88,0xD1,0x4F,0x94,0x03,0x01,0xCC,0x01,0xE7,0x0B,0x9B,0x14,0x43,
-0x25,0xFB,0x02,0x03,0x01,0x00,0x01,0xA3,0x2E,0x30,0x2C,0x30,0x0B,0x06,0x03,0x55,
-0x1D,0x0F,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,
-0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B,
-0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
-0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9D,0x8A,0x8A,0x9F,0xA5,0x36,
-0xA2,0xE6,0x1D,0xA9,0xF1,0x10,0xDF,0xC8,0xFC,0x1A,0x2B,0xA0,0x01,0x07,0x58,0xA4,
-0xD0,0x41,0xE1,0x32,0xD8,0xA9,0x84,0x9E,0xF3,0xE2,0xDE,0x48,0xD3,0x03,0xD7,0xC9,
-0x40,0x58,0x5A,0x91,0x85,0x70,0xF6,0xC7,0x34,0x90,0x3C,0x1B,0x06,0x8F,0x0C,0xEE,
-0xDD,0x79,0x14,0x42,0x72,0x4F,0x41,0xF9,0xB0,0xEC,0x04,0x9F,0xD6,0x75,0x68,0x06,
-0xA0,0xEA,0x11,0x0C,0xE9,0x16,0x2F,0x9E,0x23,0xFA,0x5D,0xC2,0x02,0x92,0x2A,0xDD,
-0xE8,0xBD,0xA1,0x8F,0x33,0x96,0x84,0xFA,0xFD,0x3C,0x70,0xD4,0x9D,0x43,0xA4,0xA0,
-0xE9,0xF4,0x49,0xB2,0xF4,0xCB,0x9F,0x43,0x87,0x04,0x8D,0xD0,0xEA,0xAC,0x21,0x24,
-0x2C,0x4C,0x36,0x5C,0x34,0x8C,0x61,0xA4,0xF4,0xB8,
-};
-
-const uint8_t prt_forest_fi_certificate[1797] = {
- 0x30, 0x82, 0x07, 0x01, 0x30, 0x82, 0x05, 0xe9, 0xa0, 0x03, 0x02, 0x01,
- 0x02, 0x02, 0x11, 0x00, 0xfa, 0x69, 0x1a, 0xa7, 0xbf, 0x1b, 0x93, 0xbe,
- 0x97, 0x11, 0xb0, 0xfe, 0xfc, 0xa8, 0x8d, 0x8c, 0x30, 0x0d, 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
- 0x39, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
- 0x46, 0x49, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
- 0x06, 0x53, 0x6f, 0x6e, 0x65, 0x72, 0x61, 0x31, 0x19, 0x30, 0x17, 0x06,
- 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x53, 0x6f, 0x6e, 0x65, 0x72, 0x61,
- 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x32, 0x20, 0x43, 0x41, 0x30, 0x1e,
- 0x17, 0x0d, 0x31, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x39, 0x33, 0x39,
- 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x31, 0x33, 0x30, 0x30,
- 0x39, 0x33, 0x39, 0x33, 0x33, 0x5a, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09,
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x46, 0x49, 0x31, 0x16, 0x30,
- 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x50, 0x52, 0x54, 0x2d,
- 0x46, 0x6f, 0x72, 0x65, 0x73, 0x74, 0x20, 0x4f, 0x79, 0x31, 0x16, 0x30,
- 0x14, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0d, 0x54, 0x69, 0x65, 0x74,
- 0x6f, 0x68, 0x61, 0x6c, 0x6c, 0x69, 0x6e, 0x74, 0x6f, 0x31, 0x18, 0x30,
- 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x2a, 0x2e, 0x70, 0x72,
- 0x74, 0x2d, 0x66, 0x6f, 0x72, 0x65, 0x73, 0x74, 0x2e, 0x66, 0x69, 0x30,
- 0x82, 0x04, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
- 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x04, 0x0f, 0x00, 0x30,
- 0x82, 0x04, 0x0a, 0x02, 0x82, 0x04, 0x01, 0x00, 0xbc, 0x62, 0x25, 0x57,
- 0xbc, 0x71, 0xb8, 0xa9, 0x5b, 0x0e, 0x04, 0xbc, 0xc4, 0x0e, 0xf1, 0x0e,
- 0x1f, 0x20, 0xd2, 0xf4, 0x4f, 0x23, 0xfe, 0x14, 0x54, 0x34, 0x81, 0xd3,
- 0x5b, 0xdd, 0x74, 0xed, 0xa1, 0xbe, 0x91, 0x99, 0x9d, 0x02, 0xb9, 0x36,
- 0x70, 0x43, 0x5d, 0x73, 0xa6, 0xe5, 0x70, 0x7b, 0x0e, 0x0c, 0x3f, 0x33,
- 0xbb, 0x71, 0xd6, 0xd4, 0x22, 0xb0, 0xeb, 0xf5, 0x6e, 0x07, 0x7c, 0xe7,
- 0xc7, 0xd1, 0x20, 0x64, 0x72, 0x4e, 0xae, 0x5e, 0xae, 0xaf, 0x08, 0xfb,
- 0x7d, 0x6d, 0xdb, 0x69, 0x5a, 0x31, 0x73, 0x7d, 0xbd, 0x53, 0xcb, 0x04,
- 0x69, 0x6d, 0x74, 0x56, 0x6c, 0xbc, 0x84, 0xa6, 0x01, 0x39, 0x37, 0x0c,
- 0xb9, 0x5c, 0x2e, 0x78, 0x50, 0x3a, 0x8d, 0x1f, 0xa2, 0x33, 0xf1, 0xd2,
- 0xc2, 0x87, 0x51, 0xf4, 0x92, 0xc3, 0xa7, 0xaa, 0xc8, 0x36, 0x51, 0x1c,
- 0xfb, 0x77, 0xbf, 0xcf, 0x24, 0x11, 0xfe, 0xf4, 0x11, 0x2f, 0x5c, 0xdf,
- 0x26, 0xf6, 0xb9, 0x15, 0xc1, 0x46, 0x75, 0x83, 0x40, 0x77, 0xa4, 0x83,
- 0x74, 0xce, 0xc0, 0x29, 0x31, 0xd3, 0xd8, 0x68, 0xfa, 0x2e, 0xcc, 0x15,
- 0x2c, 0x59, 0x5c, 0xa7, 0x96, 0x65, 0x8f, 0x34, 0x87, 0x29, 0x22, 0x1d,
- 0xde, 0x65, 0xc7, 0x1c, 0x5c, 0xd8, 0x33, 0x22, 0xf7, 0x93, 0xd9, 0xcd,
- 0x96, 0x76, 0x22, 0xab, 0x75, 0x18, 0x04, 0xe7, 0x65, 0x2a, 0xeb, 0x42,
- 0x75, 0x17, 0x13, 0x12, 0x00, 0xe3, 0xf4, 0xd9, 0xde, 0xd1, 0x9f, 0x1c,
- 0x61, 0xee, 0xf6, 0xb9, 0xf9, 0x50, 0xb3, 0x1b, 0x79, 0x77, 0x38, 0x3c,
- 0x6a, 0xcc, 0xa0, 0x1d, 0xe4, 0xd7, 0x43, 0xca, 0x8b, 0x22, 0xbf, 0x77,
- 0x33, 0xea, 0xaa, 0x01, 0xcf, 0x1e, 0xd0, 0x0d, 0x04, 0x2b, 0xec, 0x42,
- 0x7b, 0xec, 0x53, 0xed, 0xc7, 0x4f, 0x0c, 0xac, 0x29, 0xb7, 0x8b, 0x92,
- 0x14, 0x3f, 0x9b, 0xc6, 0xd8, 0xa1, 0x30, 0x4d, 0x5a, 0x07, 0x0e, 0x1e,
- 0x80, 0x5f, 0x38, 0x66, 0x4d, 0xc1, 0xad, 0x2f, 0xee, 0xae, 0x94, 0x50,
- 0x8e, 0x38, 0x2a, 0x00, 0x80, 0xe2, 0xc4, 0x43, 0x2e, 0xd5, 0xcd, 0xca,
- 0x3f, 0x3d, 0xcb, 0x35, 0x13, 0x96, 0xd2, 0xdc, 0x0e, 0xe7, 0x45, 0x57,
- 0x4b, 0x8f, 0xee, 0xa1, 0xce, 0xe6, 0x57, 0x52, 0xcd, 0xd0, 0x82, 0xca,
- 0x3b, 0x87, 0xf4, 0x22, 0xff, 0x81, 0x4b, 0xf5, 0xa3, 0xda, 0xc5, 0xb6,
- 0x67, 0xb8, 0xf4, 0xaf, 0xff, 0x8d, 0x4e, 0x80, 0xb5, 0x22, 0x80, 0x3c,
- 0x70, 0xe4, 0xa0, 0xae, 0xdc, 0xcf, 0x44, 0xff, 0x00, 0x98, 0x3f, 0x19,
- 0x7b, 0x4c, 0x3d, 0xd8, 0xa5, 0xd8, 0xe0, 0x05, 0x73, 0x54, 0x06, 0x0c,
- 0x4d, 0x50, 0xf8, 0xd8, 0x85, 0x0b, 0xa8, 0x49, 0xaa, 0x97, 0x87, 0x3b,
- 0x32, 0xe8, 0x58, 0x22, 0xee, 0x34, 0x1c, 0x9f, 0xe3, 0x18, 0xba, 0x93,
- 0x43, 0xea, 0xb7, 0x78, 0x35, 0xa2, 0xb5, 0x1e, 0x19, 0x16, 0x3b, 0xb3,
- 0xf5, 0x12, 0xe8, 0x26, 0x62, 0x2d, 0xd7, 0x45, 0xc3, 0xa4, 0x4b, 0xda,
- 0x38, 0x48, 0x00, 0x3f, 0x68, 0x62, 0xa2, 0x83, 0x9d, 0x32, 0x76, 0x27,
- 0x40, 0x5d, 0x0e, 0x75, 0xb1, 0x08, 0xdb, 0x58, 0xfa, 0x20, 0x62, 0xf1,
- 0x3f, 0xbd, 0x86, 0x2f, 0x7c, 0x07, 0x01, 0x14, 0x1d, 0x19, 0x61, 0xee,
- 0x0a, 0x85, 0xbf, 0xc7, 0x4f, 0x4a, 0x06, 0xc0, 0xaf, 0x44, 0x5d, 0x6f,
- 0xc3, 0x53, 0x23, 0xcb, 0xdf, 0x40, 0x7a, 0x18, 0xa1, 0x34, 0x80, 0x18,
- 0x86, 0xfe, 0xe3, 0x87, 0xce, 0x30, 0x53, 0x33, 0x1c, 0x45, 0x4a, 0xb4,
- 0xe1, 0x8c, 0x9b, 0x4b, 0xf5, 0x2c, 0x7c, 0x13, 0x56, 0x37, 0x8a, 0x94,
- 0x24, 0xdb, 0x3a, 0x4b, 0x80, 0xb1, 0x26, 0x57, 0x5a, 0x75, 0x1c, 0x44,
- 0xc5, 0xf7, 0x67, 0xb4, 0x61, 0x87, 0xe8, 0x2e, 0xd9, 0xe1, 0xb9, 0x45,
- 0xcc, 0xdc, 0xdf, 0x3b, 0x8c, 0xce, 0xd0, 0x46, 0x6b, 0x87, 0xb5, 0xa9,
- 0xfe, 0x35, 0x87, 0xe0, 0xca, 0xc6, 0x7d, 0xc8, 0x86, 0xc2, 0xfe, 0x89,
- 0xec, 0xa9, 0x86, 0x33, 0x81, 0xdc, 0x41, 0xb3, 0xe7, 0xc4, 0x82, 0x3a,
- 0x81, 0x05, 0xbd, 0x8b, 0x92, 0xb2, 0x6a, 0x2c, 0x3c, 0xca, 0xd0, 0x22,
- 0xff, 0xc8, 0x8f, 0xf0, 0x5f, 0x0e, 0xfb, 0x0b, 0x36, 0x64, 0x6a, 0x12,
- 0x77, 0x2d, 0x8a, 0x38, 0xde, 0x7d, 0xed, 0xc9, 0xa7, 0xc1, 0x85, 0x41,
- 0xa2, 0x7b, 0xa5, 0xdc, 0x30, 0x96, 0xda, 0xf8, 0xb3, 0xc8, 0x21, 0x56,
- 0x3c, 0xdb, 0xe4, 0x8c, 0xb0, 0xfb, 0xec, 0x0e, 0x58, 0x49, 0x3c, 0x75,
- 0x3c, 0xc2, 0x41, 0xbd, 0xc0, 0x81, 0x37, 0xc7, 0x69, 0x5a, 0x41, 0x86,
- 0x18, 0xe9, 0x41, 0x7f, 0xba, 0xff, 0xc3, 0x52, 0x56, 0xf9, 0x7c, 0x60,
- 0x14, 0xf9, 0x66, 0x4c, 0x60, 0xb6, 0x3e, 0x23, 0xcd, 0xd1, 0x2d, 0x4f,
- 0x43, 0x97, 0xea, 0xa3, 0x37, 0xa4, 0x2a, 0xa7, 0x81, 0x49, 0x90, 0xe3,
- 0xb6, 0x12, 0x1b, 0xac, 0x78, 0x57, 0x20, 0x51, 0xb4, 0x16, 0x5e, 0x58,
- 0x61, 0x0f, 0x1e, 0x35, 0xbc, 0x3f, 0x44, 0xc2, 0x85, 0xa5, 0x61, 0x8a,
- 0x0a, 0x7c, 0x2e, 0xb0, 0x11, 0x12, 0xc6, 0xc0, 0xc8, 0xcb, 0xd8, 0x13,
- 0xc3, 0x58, 0xf1, 0xcd, 0x06, 0x5f, 0x90, 0xa5, 0xd7, 0x74, 0xbc, 0x1a,
- 0x9c, 0xdc, 0xab, 0xde, 0xea, 0x36, 0x67, 0x41, 0x4f, 0x62, 0x86, 0xc6,
- 0xfe, 0x63, 0x14, 0x83, 0x11, 0xab, 0xfb, 0x61, 0x38, 0x11, 0xce, 0x01,
- 0xe8, 0xee, 0x3a, 0x21, 0xbc, 0xaa, 0x4b, 0xb0, 0x8f, 0x2f, 0xcf, 0x58,
- 0xe6, 0x55, 0x61, 0x38, 0xa7, 0xc3, 0xaa, 0x3b, 0xb0, 0x8c, 0xf4, 0x82,
- 0xa0, 0x96, 0xc4, 0x13, 0x4a, 0xc0, 0xc8, 0x93, 0xb7, 0x3d, 0x28, 0x05,
- 0xb9, 0xc8, 0x4c, 0xe8, 0x57, 0xda, 0x56, 0x8b, 0xda, 0x27, 0xab, 0xbf,
- 0x7e, 0x66, 0x43, 0xdc, 0x57, 0x09, 0xdc, 0x88, 0x8e, 0xfb, 0xa7, 0x63,
- 0x41, 0xfb, 0xf1, 0x67, 0xb5, 0xe1, 0x84, 0x5d, 0x1d, 0xe3, 0xb4, 0xc6,
- 0x40, 0x97, 0xf8, 0x4d, 0xfc, 0x00, 0xcd, 0x56, 0xc2, 0xab, 0xff, 0x49,
- 0x93, 0xff, 0x46, 0x56, 0x9b, 0xee, 0x6d, 0xa0, 0x5d, 0xf4, 0x78, 0x36,
- 0x0e, 0xf6, 0xc9, 0x9c, 0x79, 0x89, 0xf9, 0x9c, 0xa7, 0x3e, 0xa0, 0x8d,
- 0x62, 0x7c, 0xdc, 0x83, 0x0a, 0xfc, 0x46, 0x96, 0x31, 0xd3, 0x56, 0xc6,
- 0xea, 0x7f, 0x1d, 0xaa, 0x49, 0xd1, 0x8b, 0x54, 0xa2, 0x6e, 0x59, 0x8c,
- 0x2a, 0xec, 0x3a, 0xd7, 0xda, 0xd2, 0xc1, 0xfc, 0x1d, 0x78, 0x55, 0xce,
- 0xd8, 0x0c, 0x1d, 0x7e, 0x99, 0xf8, 0x5e, 0x3c, 0x2d, 0xec, 0x63, 0xe2,
- 0xda, 0xa1, 0x68, 0x6f, 0x28, 0x2e, 0xb4, 0xef, 0x07, 0xc4, 0xa8, 0x65,
- 0xc7, 0xfd, 0x6b, 0x0f, 0x83, 0x23, 0xf8, 0xc2, 0xc9, 0x55, 0xfa, 0xa4,
- 0xa8, 0x6a, 0xab, 0x12, 0xf4, 0x89, 0x42, 0x26, 0x72, 0xd1, 0x82, 0x2f,
- 0x62, 0x14, 0xb6, 0x04, 0x23, 0x20, 0xb6, 0xd4, 0xef, 0x59, 0x8a, 0x40,
- 0x43, 0xd7, 0x72, 0xe0, 0x5b, 0x0c, 0xb0, 0x73, 0x6f, 0x6a, 0x87, 0xc1,
- 0x82, 0x50, 0x20, 0xdb, 0xaa, 0xf8, 0x8d, 0x70, 0xb6, 0x39, 0x46, 0xe0,
- 0x68, 0xc4, 0xab, 0xea, 0xd1, 0x31, 0xad, 0xf7, 0x05, 0xfb, 0x3a, 0x3c,
- 0x2e, 0x66, 0x4f, 0xc6, 0x0d, 0xf9, 0xb8, 0x29, 0xec, 0xdc, 0xfc, 0x81,
- 0x56, 0x2b, 0xb0, 0xad, 0xd2, 0x12, 0x8f, 0x69, 0x70, 0x18, 0x27, 0x16,
- 0xf9, 0xf0, 0x40, 0x93, 0xef, 0x6b, 0x95, 0x96, 0xcd, 0x5f, 0xe9, 0x5a,
- 0x7b, 0xad, 0x7f, 0x98, 0xa7, 0x6a, 0xe5, 0x17, 0xeb, 0xc3, 0xdd, 0xc9,
- 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xe5, 0x30, 0x81, 0xe2, 0x30,
- 0x13, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x0c, 0x30, 0x0a, 0x80, 0x08,
- 0x4a, 0xa0, 0xaa, 0x58, 0x84, 0xd3, 0x5e, 0x3c, 0x30, 0x19, 0x06, 0x03,
- 0x55, 0x1d, 0x20, 0x04, 0x12, 0x30, 0x10, 0x30, 0x0e, 0x06, 0x0c, 0x2b,
- 0x06, 0x01, 0x04, 0x01, 0x82, 0x0f, 0x02, 0x03, 0x01, 0x01, 0x02, 0x30,
- 0x72, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x6b, 0x30, 0x69, 0x30, 0x67,
- 0xa0, 0x65, 0xa0, 0x63, 0x86, 0x61, 0x6c, 0x64, 0x61, 0x70, 0x3a, 0x2f,
- 0x2f, 0x31, 0x39, 0x34, 0x2e, 0x32, 0x35, 0x32, 0x2e, 0x31, 0x32, 0x34,
- 0x2e, 0x32, 0x34, 0x31, 0x3a, 0x33, 0x38, 0x39, 0x2f, 0x63, 0x6e, 0x3d,
- 0x53, 0x6f, 0x6e, 0x65, 0x72, 0x61, 0x25, 0x32, 0x30, 0x43, 0x6c, 0x61,
- 0x73, 0x73, 0x32, 0x25, 0x32, 0x30, 0x43, 0x41, 0x2c, 0x6f, 0x3d, 0x53,
- 0x6f, 0x6e, 0x65, 0x72, 0x61, 0x2c, 0x63, 0x3d, 0x46, 0x49, 0x3f, 0x63,
- 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x72, 0x65,
- 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x6c, 0x69, 0x73, 0x74,
- 0x3b, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x30, 0x1d, 0x06, 0x03, 0x55,
- 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
- 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
- 0x03, 0x02, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
- 0x14, 0x85, 0xc2, 0x31, 0x35, 0x4f, 0x93, 0x92, 0x9d, 0x8a, 0xbc, 0x32,
- 0x7d, 0x1b, 0xf0, 0xaa, 0x96, 0xb1, 0x03, 0x86, 0x71, 0x30, 0x0d, 0x06,
- 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
- 0x03, 0x82, 0x01, 0x01, 0x00, 0x00, 0x9e, 0x75, 0x2b, 0x95, 0x6a, 0x96,
- 0x12, 0x24, 0xd5, 0x04, 0x6c, 0x34, 0x0a, 0x58, 0x5a, 0x7d, 0x59, 0xb9,
- 0x03, 0x23, 0x13, 0xc3, 0xf5, 0x24, 0x57, 0x33, 0x8d, 0xca, 0x5f, 0xd8,
- 0x26, 0xff, 0x64, 0x46, 0x13, 0x40, 0xe5, 0x04, 0xb2, 0xba, 0x92, 0xa5,
- 0xa6, 0xa3, 0xd9, 0x2b, 0xff, 0x05, 0xef, 0xce, 0x3c, 0x28, 0xe8, 0x1b,
- 0xa3, 0x10, 0x8a, 0xdd, 0x3d, 0x3a, 0x0a, 0xe1, 0x07, 0x3c, 0xb4, 0xf6,
- 0xbb, 0xeb, 0xb5, 0xf2, 0x05, 0xe8, 0xd7, 0x16, 0x3e, 0xe5, 0x15, 0x49,
- 0xdf, 0x8d, 0x34, 0xb8, 0x1b, 0xd4, 0xf2, 0x65, 0xa0, 0x70, 0x80, 0xd0,
- 0xbf, 0xa5, 0x74, 0x5d, 0xfb, 0xd4, 0x52, 0x3b, 0x54, 0xca, 0x32, 0xba,
- 0xf7, 0xe3, 0x90, 0xa5, 0xa8, 0xad, 0xd0, 0xe5, 0x5d, 0x18, 0x18, 0x87,
- 0x60, 0xb0, 0xf3, 0xf9, 0x62, 0x20, 0x77, 0xaa, 0x0f, 0xdd, 0x16, 0x4c,
- 0x01, 0x3a, 0xb1, 0x1f, 0x85, 0x7e, 0x01, 0x04, 0x5f, 0xf1, 0x37, 0x36,
- 0xe3, 0x3a, 0xc1, 0xa3, 0x7c, 0x33, 0xca, 0xce, 0x0b, 0xb9, 0x34, 0xe2,
- 0xe1, 0xe6, 0xed, 0x24, 0xc1, 0xc3, 0xc7, 0x74, 0x8f, 0x22, 0x2c, 0x6e,
- 0xcb, 0x5c, 0x7a, 0x61, 0x99, 0xde, 0xea, 0x13, 0xe1, 0xa8, 0xa1, 0x94,
- 0xd0, 0x85, 0x65, 0x65, 0xed, 0x97, 0x14, 0x6e, 0x97, 0xc9, 0xcf, 0x34,
- 0x7c, 0xf2, 0x68, 0xeb, 0xc2, 0x7d, 0x03, 0x53, 0xf5, 0xdb, 0xa1, 0x11,
- 0x8d, 0xda, 0xcc, 0x26, 0x13, 0xaa, 0x43, 0x76, 0x04, 0x9b, 0x85, 0x89,
- 0xc3, 0x29, 0xd8, 0xb5, 0x54, 0x81, 0x09, 0xf5, 0x18, 0x52, 0xa5, 0x38,
- 0x4a, 0x00, 0xc6, 0x1d, 0x4d, 0x5a, 0x15, 0xa0, 0xfd, 0xf7, 0x58, 0x27,
- 0xcd, 0x6b, 0x56, 0x6b, 0xee, 0x7d, 0x73, 0xd3, 0xfd, 0x6c, 0xb6, 0xb1,
- 0x3b, 0xbd, 0xbf, 0x5b, 0x4a, 0x6c, 0xd3, 0x1c, 0x47
-};
+#include "si-20-sectrust.h"
/* Test basic add delete update copy matching stuff. */
-static void tests(void)
+static void basic_tests(void)
{
SecTrustRef trust;
SecCertificateRef cert0, cert1;
CFReleaseSafe(cert1);
CFReleaseSafe(date);
- /* Test prt_forest_fi that have a 8k RSA key */
- const void *prt_forest_fi;
- isnt(prt_forest_fi = SecCertificateCreateWithBytes(NULL, prt_forest_fi_certificate,
- sizeof(prt_forest_fi_certificate)), NULL, "create prt_forest_fi");
- isnt(certs = CFArrayCreate(NULL, &prt_forest_fi, 1, NULL), NULL, "failed to create cert array");
- policy = SecPolicyCreateSSL(false, CFSTR("owa.prt-forest.fi"));
- ok_status(SecTrustCreateWithCertificates(certs, policy, &trust),
- "create trust for ip client owa.prt-forest.fi");
- date = CFDateCreate(NULL, 391578321.0);
- ok_status(SecTrustSetVerifyDate(trust, date),
- "set owa.prt-forest.fi trust date to May 2013");
-
- SecKeyRef pubkey = SecTrustCopyPublicKey(trust);
- isnt(pubkey, NULL, "pubkey returned");
-
- CFReleaseSafe(certs);
- CFReleaseNull(prt_forest_fi);
- CFReleaseNull(policy);
- CFReleaseNull(trust);
- CFReleaseNull(pubkey);
- CFReleaseNull(date);
-
CFReleaseSafe(_root);
CFReleaseSafe(_anchors);
}
-int si_20_sectrust(int argc, char *const *argv)
+static void rsa8k_tests(void)
{
- plan_tests(77);
+ /* Test prt_forest_fi that have a 8k RSA key */
+ const void *prt_forest_fi;
+ isnt(prt_forest_fi = SecCertificateCreateWithBytes(NULL, prt_forest_fi_certificate,
+ sizeof(prt_forest_fi_certificate)), NULL, "create prt_forest_fi");
+ CFArrayRef certs = NULL;
+ isnt(certs = CFArrayCreate(NULL, &prt_forest_fi, 1, NULL), NULL, "failed to create cert array");
+ SecPolicyRef policy = NULL;
+ isnt(policy = SecPolicyCreateSSL(false, CFSTR("owa.prt-forest.fi")), NULL, "failed to create policy");
+ SecTrustRef trust = NULL;
+ ok_status(SecTrustCreateWithCertificates(certs, policy, &trust),
+ "create trust for ip client owa.prt-forest.fi");
+ CFDateRef date = CFDateCreate(NULL, 391578321.0);
+ ok_status(SecTrustSetVerifyDate(trust, date),
+ "set owa.prt-forest.fi trust date to May 2013");
+
+ SecKeyRef pubkey = SecTrustCopyPublicKey(trust);
+ isnt(pubkey, NULL, "pubkey returned");
+
+ CFReleaseSafe(certs);
+ CFReleaseNull(prt_forest_fi);
+ CFReleaseNull(policy);
+ CFReleaseNull(trust);
+ CFReleaseNull(pubkey);
+ CFReleaseNull(date);
+}
+
+static void date_tests(void)
+{
+ /* Test long-lived cert chain that expires in 9999 */
+ CFDateRef date = NULL;
+ const void *leaf, *root;
+ isnt(leaf = SecCertificateCreateWithBytes(NULL, longleaf, sizeof(longleaf)), NULL, "create leaf");
+ isnt(root = SecCertificateCreateWithBytes(NULL, longroot, sizeof(longroot)), NULL, "create root");
+
+ CFArrayRef certs = NULL;
+ isnt(certs = CFArrayCreate(NULL, &leaf, 1, NULL), NULL, "failed to create cert array");
+ CFArrayRef anchors = NULL;
+ isnt(anchors = CFArrayCreate(NULL, &root, 1, NULL), NULL, "failed to create anchors array");
+
+ SecPolicyRef policy = NULL;
+ isnt(policy = SecPolicyCreateBasicX509(), NULL, "failed to create policy");
+ SecTrustRef trust = NULL;
+ SecTrustResultType trustResult;
+ ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
+ ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchors");
+
+ /* September 4, 2013 (prior to "notBefore" date of 2 April 2014, should fail) */
+ isnt(date = CFDateCreate(NULL, 400000000), NULL, "failed to create date");
+ ok_status(SecTrustSetVerifyDate(trust, date), "set trust date to 23 Sep 2013");
+ ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust on 23 Sep 2013");
+ is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "expected kSecTrustResultRecoverableTrustFailure");
+ CFReleaseNull(date);
+
+ /* January 17, 2016 (recent date within validity period, should succeed) */
+ isnt(date = CFDateCreate(NULL, 474747474), NULL, "failed to create date");
+ ok_status(SecTrustSetVerifyDate(trust, date), "set trust date to 17 Jan 2016");
+ ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust on 17 Jan 2016");
+ is_status(trustResult, kSecTrustResultUnspecified, "expected kSecTrustResultUnspecified");
+ CFReleaseNull(date);
+
+ /* December 20, 9999 (far-future date within validity period, should succeed) */
+ isnt(date = CFDateCreate(NULL, 252423000000), NULL, "failed to create date");
+ ok_status(SecTrustSetVerifyDate(trust, date), "set trust date to 20 Dec 9999");
+ ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust on 20 Dec 9999");
+ is_status(trustResult, kSecTrustResultUnspecified, "expected kSecTrustResultUnspecified");
+ CFReleaseNull(date);
+
+ /* January 12, 10000 (after the "notAfter" date of 31 Dec 9999, should fail) */
+ isnt(date = CFDateCreate(NULL, 252425000000), NULL, "failed to create date");
+ ok_status(SecTrustSetVerifyDate(trust, date), "set trust date to 12 Jan 10000");
+ ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust on 12 Jan 10000");
+ is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "expected kSecTrustResultRecoverableTrustFailure");
+ CFReleaseNull(date);
+ CFReleaseSafe(trust);
+ CFReleaseSafe(policy);
+ CFReleaseSafe(anchors);
+ CFReleaseSafe(certs);
+ CFReleaseNull(root);
+ CFReleaseNull(leaf);
+}
+
+int si_20_sectrust(int argc, char *const *argv)
+{
+ plan_tests(101);
- tests();
+ basic_tests();
+ rsa8k_tests();
+ date_tests();
return 0;
}
--- /dev/null
+/*
+ * Copyright (c) 2006-2010,2012-2015 Apple Inc. All Rights Reserved.
+ */
+
+/*
+ Serial Number:
+ 45:a8:3a:4a:79:4d:0c:2d:71:20:12:5a:7c:82:c0:af
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA
+ Validity
+ Not Before: May 5 00:00:00 2014 GMT
+ Not After : May 4 23:59:59 2016 GMT
+ Subject: 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/businessCategory=Private Organization/serialNumber=C0806592, C=US/postalCode=95014, ST=California, L=Cupertino/street=1 Infinite Loop, O=Apple Inc., OU=GNCS Traffic Management, CN=secure1.store.apple.com
+ */
+static const uint8_t _c0[] = {
+ 0x30,0x82,0x05,0xFF,0x30,0x82,0x04,0xE7,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x45,
+ 0xA8,0x3A,0x4A,0x79,0x4D,0x0C,0x2D,0x71,0x20,0x12,0x5A,0x7C,0x82,0xC0,0xAF,0x30,
+ 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,
+ 0xBE,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
+ 0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
+ 0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,
+ 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,
+ 0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,
+ 0x0B,0x13,0x32,0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20,
+ 0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,
+ 0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20,
+ 0x28,0x63,0x29,0x30,0x36,0x31,0x38,0x30,0x36,0x06,0x03,0x55,0x04,0x03,0x13,0x2F,
+ 0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,
+ 0x20,0x45,0x78,0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56,0x61,0x6C,0x69,0x64,0x61,
+ 0x74,0x69,0x6F,0x6E,0x20,0x53,0x53,0x4C,0x20,0x53,0x47,0x43,0x20,0x43,0x41,0x30,
+ 0x1E,0x17,0x0D,0x31,0x34,0x30,0x35,0x30,0x35,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,
+ 0x17,0x0D,0x31,0x36,0x30,0x35,0x30,0x34,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,
+ 0x82,0x01,0x1D,0x31,0x13,0x30,0x11,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,
+ 0x3C,0x02,0x01,0x03,0x13,0x02,0x55,0x53,0x31,0x1B,0x30,0x19,0x06,0x0B,0x2B,0x06,
+ 0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,0x13,0x0A,0x43,0x61,0x6C,0x69,0x66,
+ 0x6F,0x72,0x6E,0x69,0x61,0x31,0x1D,0x30,0x1B,0x06,0x03,0x55,0x04,0x0F,0x13,0x14,
+ 0x50,0x72,0x69,0x76,0x61,0x74,0x65,0x20,0x4F,0x72,0x67,0x61,0x6E,0x69,0x7A,0x61,
+ 0x74,0x69,0x6F,0x6E,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,0x04,0x05,0x13,0x08,0x43,
+ 0x30,0x38,0x30,0x36,0x35,0x39,0x32,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
+ 0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x11,0x14,0x05,0x39,
+ 0x35,0x30,0x31,0x34,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x13,0x0A,0x43,
+ 0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x12,0x30,0x10,0x06,0x03,0x55,
+ 0x04,0x07,0x14,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,0x31,0x18,0x30,
+ 0x16,0x06,0x03,0x55,0x04,0x09,0x14,0x0F,0x31,0x20,0x49,0x6E,0x66,0x69,0x6E,0x69,
+ 0x74,0x65,0x20,0x4C,0x6F,0x6F,0x70,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,
+ 0x14,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x20,0x30,0x1E,
+ 0x06,0x03,0x55,0x04,0x0B,0x14,0x17,0x47,0x4E,0x43,0x53,0x20,0x54,0x72,0x61,0x66,
+ 0x66,0x69,0x63,0x20,0x4D,0x61,0x6E,0x61,0x67,0x65,0x6D,0x65,0x6E,0x74,0x31,0x20,
+ 0x30,0x1E,0x06,0x03,0x55,0x04,0x03,0x14,0x17,0x73,0x65,0x63,0x75,0x72,0x65,0x31,
+ 0x2E,0x73,0x74,0x6F,0x72,0x65,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,
+ 0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,
+ 0x00,0x97,0x1D,0x2E,0x6C,0x69,0x78,0x01,0x17,0xB2,0x6D,0x17,0x50,0x26,0xAE,0x25,
+ 0xAA,0x30,0x81,0xB8,0xD6,0xDC,0x46,0x67,0x90,0x24,0xC2,0x23,0x50,0x33,0x74,0x5A,
+ 0x71,0x7F,0x6D,0xC0,0xEE,0x15,0x58,0x64,0x57,0xEF,0xE9,0x02,0xAB,0xB6,0x93,0xA3,
+ 0x6B,0xFE,0xA9,0xD6,0x53,0x07,0x19,0x08,0xC5,0xC5,0x9D,0x8E,0x4D,0xE8,0x00,0xE8,
+ 0x49,0x2B,0x70,0x17,0x46,0xE8,0xAF,0xA1,0x2E,0x85,0x5F,0xA7,0x06,0x58,0xBF,0x64,
+ 0x0B,0xF5,0xD3,0xD4,0xF8,0x6B,0xAA,0x6C,0x8E,0x5F,0xE7,0x12,0x86,0x58,0x9A,0xFC,
+ 0xDB,0x44,0x9E,0x39,0xA9,0x78,0xE9,0x2D,0x5C,0xE2,0x8A,0x87,0x19,0xB6,0xB3,0xD5,
+ 0xB6,0x19,0xD0,0x97,0x1B,0xA3,0xE2,0xF6,0x04,0xCE,0xC6,0xEB,0xC3,0xC9,0x50,0x55,
+ 0x57,0xE5,0xE1,0x0B,0xCB,0x31,0x2A,0x4A,0x3E,0xC9,0xFC,0x87,0xC4,0x44,0x7D,0x5A,
+ 0x74,0x4D,0x51,0xAD,0xCA,0xD6,0x04,0x2C,0x3B,0x4B,0xE1,0x0F,0x31,0x71,0x00,0xEF,
+ 0x18,0x66,0x87,0x7E,0xAD,0x0A,0x68,0x23,0x81,0x8F,0x72,0xED,0x8E,0x5A,0xD1,0xD7,
+ 0x4E,0xBB,0x5E,0x38,0x20,0x48,0x77,0x69,0x19,0x55,0x33,0xC9,0x77,0x2A,0x8B,0xBF,
+ 0xEB,0xB7,0xF4,0xEB,0x2E,0x00,0x58,0x3C,0x86,0xDB,0x4D,0x95,0xB9,0x93,0x9C,0x78,
+ 0x39,0xDA,0x4C,0xAA,0xA3,0xB5,0xA6,0xA0,0xBA,0xBC,0x28,0xDB,0xE7,0x9F,0x2A,0x36,
+ 0x40,0x68,0xBC,0x22,0x3D,0xA9,0x4C,0xFC,0x62,0xCA,0x2C,0x61,0xE0,0x30,0xA4,0xAC,
+ 0x82,0x63,0xE2,0xE5,0xF0,0xEA,0x32,0x96,0x7B,0xB9,0xDC,0x3A,0x2D,0x1A,0x99,0x28,
+ 0x47,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x95,0x30,0x82,0x01,0x91,0x30,0x3B,
+ 0x06,0x03,0x55,0x1D,0x11,0x04,0x34,0x30,0x32,0x82,0x17,0x73,0x65,0x63,0x75,0x72,
+ 0x65,0x32,0x2E,0x73,0x74,0x6F,0x72,0x65,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,
+ 0x6F,0x6D,0x82,0x17,0x73,0x65,0x63,0x75,0x72,0x65,0x31,0x2E,0x73,0x74,0x6F,0x72,
+ 0x65,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x09,0x06,0x03,0x55,
+ 0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,
+ 0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x28,0x06,0x03,0x55,0x1D,0x25,0x04,0x21,0x30,
+ 0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,
+ 0x05,0x05,0x07,0x03,0x02,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,
+ 0x30,0x66,0x06,0x03,0x55,0x1D,0x20,0x04,0x5F,0x30,0x5D,0x30,0x5B,0x06,0x0B,0x60,
+ 0x86,0x48,0x01,0x86,0xF8,0x45,0x01,0x07,0x17,0x06,0x30,0x4C,0x30,0x23,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x17,0x68,0x74,0x74,0x70,0x73,0x3A,
+ 0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,
+ 0x73,0x30,0x25,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x19,0x1A,
+ 0x17,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,
+ 0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,
+ 0x18,0x30,0x16,0x80,0x14,0x4E,0x43,0xC8,0x1D,0x76,0xEF,0x37,0x53,0x7A,0x4F,0xF2,
+ 0x58,0x6F,0x94,0xF3,0x38,0xE2,0xD5,0xBD,0xDF,0x30,0x2B,0x06,0x03,0x55,0x1D,0x1F,
+ 0x04,0x24,0x30,0x22,0x30,0x20,0xA0,0x1E,0xA0,0x1C,0x86,0x1A,0x68,0x74,0x74,0x70,
+ 0x3A,0x2F,0x2F,0x73,0x62,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,
+ 0x73,0x62,0x2E,0x63,0x72,0x6C,0x30,0x57,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
+ 0x01,0x01,0x04,0x4B,0x30,0x49,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
+ 0x30,0x01,0x86,0x13,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x62,0x2E,0x73,0x79,
+ 0x6D,0x63,0x64,0x2E,0x63,0x6F,0x6D,0x30,0x26,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,
+ 0x07,0x30,0x02,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x62,0x2E,0x73,
+ 0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x62,0x2E,0x63,0x72,0x74,0x30,
+ 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,
+ 0x01,0x01,0x00,0xA4,0x6A,0x52,0x42,0x67,0x97,0x00,0x8D,0xBF,0xB1,0x3D,0x4C,0x80,
+ 0xFD,0x92,0xAB,0x34,0x95,0x89,0x3D,0x2D,0xEF,0x18,0xB9,0x1A,0x5F,0x86,0x52,0x59,
+ 0x09,0xCF,0x22,0xBF,0x4A,0xC1,0x27,0xEF,0x4C,0xB5,0xF2,0xD8,0xAD,0xB6,0xAA,0x97,
+ 0x0D,0xF1,0x43,0xED,0x15,0x08,0x68,0xBD,0x55,0xE3,0x71,0xA6,0x92,0x10,0x5F,0x20,
+ 0xC9,0x15,0xD1,0x0C,0xE4,0x24,0xE6,0x1C,0xC2,0xCF,0x19,0x5C,0x0B,0xDE,0x6B,0x34,
+ 0xA1,0xF1,0x18,0x0C,0x27,0x74,0xEA,0x2C,0xEA,0xB0,0x04,0x1C,0x20,0x87,0xD1,0x7A,
+ 0x8B,0x82,0xB7,0x31,0xD9,0x33,0xDE,0x7C,0x96,0xD1,0x6F,0x40,0x9F,0xDC,0x7C,0x9D,
+ 0x3D,0x09,0xCB,0x93,0xCC,0x6D,0xBE,0xE1,0x1C,0xD8,0x7D,0x66,0x70,0xAF,0x86,0x93,
+ 0x86,0xCA,0x77,0x83,0xB6,0xCA,0x86,0xDB,0x83,0xFC,0x6A,0x5C,0xCF,0x93,0x0C,0x1D,
+ 0x55,0x1C,0xD9,0xBB,0xFD,0x8E,0xE6,0x2E,0xC8,0x13,0x1C,0x27,0x3F,0x73,0x4F,0x19,
+ 0x49,0x40,0xB6,0x75,0x71,0x5B,0x02,0xCA,0x16,0x62,0x56,0x6A,0x6A,0xA8,0x37,0x97,
+ 0x67,0x9D,0xD5,0x24,0x34,0x77,0x46,0x3F,0xCA,0xBD,0x02,0x5C,0xDA,0xD8,0x0A,0x29,
+ 0x72,0xB1,0xBA,0x38,0x04,0xC3,0xA5,0xEF,0xAF,0x30,0x80,0x03,0x66,0xF9,0x96,0x44,
+ 0x3D,0x1C,0x8C,0x87,0x64,0x37,0xF3,0xAF,0x62,0xAD,0xF8,0xE5,0x53,0x9F,0x7A,0x70,
+ 0xDA,0x8C,0x00,0x9C,0x13,0xDF,0x7F,0xC4,0x0C,0xE9,0x72,0xA3,0x72,0x39,0x97,0xF5,
+ 0xE1,0x38,0x12,0xF3,0xAB,0x9D,0xC2,0xAB,0xE3,0xED,0xD8,0x43,0x9A,0xAC,0x1E,0x7A,
+ 0xB7,0x0A,0x3F,
+};
+
+static const uint8_t _c0_serial[] = {
+ 0x45, 0xA8, 0x3A, 0x4A, 0x79, 0x4D, 0x0C, 0x2d,
+ 0x71, 0x20, 0x12, 0x5A, 0x7C, 0x82, 0xC0, 0xAF
+};
+
+/*
+ Serial Number:
+ 2c:48:dd:93:0d:f5:59:8e:f9:3c:99:54:7a:60:ed:43
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
+ Validity
+ Not Before: Nov 8 00:00:00 2006 GMT
+ Not After : Nov 7 23:59:59 2016 GMT
+ Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA
+ */
+static const uint8_t _c1[] = {
+ 0x30,0x82,0x06,0x1E,0x30,0x82,0x05,0x06,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x2C,
+ 0x48,0xDD,0x93,0x0D,0xF5,0x59,0x8E,0xF9,0x3C,0x99,0x54,0x7A,0x60,0xED,0x43,0x30,
+ 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,
+ 0xCA,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,
+ 0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,
+ 0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,
+ 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,
+ 0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,
+ 0x0B,0x13,0x31,0x28,0x63,0x29,0x20,0x32,0x30,0x30,0x36,0x20,0x56,0x65,0x72,0x69,
+ 0x53,0x69,0x67,0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x20,0x2D,0x20,0x46,0x6F,0x72,
+ 0x20,0x61,0x75,0x74,0x68,0x6F,0x72,0x69,0x7A,0x65,0x64,0x20,0x75,0x73,0x65,0x20,
+ 0x6F,0x6E,0x6C,0x79,0x31,0x45,0x30,0x43,0x06,0x03,0x55,0x04,0x03,0x13,0x3C,0x56,
+ 0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,
+ 0x50,0x75,0x62,0x6C,0x69,0x63,0x20,0x50,0x72,0x69,0x6D,0x61,0x72,0x79,0x20,0x43,
+ 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,
+ 0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x2D,0x20,0x47,0x35,0x30,0x1E,0x17,0x0D,0x30,
+ 0x36,0x31,0x31,0x30,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x31,0x36,
+ 0x31,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x81,0xBE,0x31,0x0B,
+ 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06,
+ 0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x2C,0x20,
+ 0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,0x13,0x16,0x56,
+ 0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4E,0x65,
+ 0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,0x0B,0x13,0x32,
+ 0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20,0x61,0x74,0x20,
+ 0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,0x65,0x72,0x69,
+ 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20,0x28,0x63,0x29,
+ 0x30,0x36,0x31,0x38,0x30,0x36,0x06,0x03,0x55,0x04,0x03,0x13,0x2F,0x56,0x65,0x72,
+ 0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,0x45,0x78,
+ 0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56,0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F,
+ 0x6E,0x20,0x53,0x53,0x4C,0x20,0x53,0x47,0x43,0x20,0x43,0x41,0x30,0x82,0x01,0x22,
+ 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,
+ 0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xBD,0x56,0x88,
+ 0xBA,0x88,0x34,0x64,0x64,0xCF,0xCD,0xCA,0xB0,0xEE,0xE7,0x19,0x73,0xC5,0x72,0xD9,
+ 0xBB,0x45,0xBC,0xB5,0xA8,0xFF,0x83,0xBE,0x1C,0x03,0xDB,0xED,0x89,0xB7,0x2E,0x10,
+ 0x1A,0x25,0xBC,0x55,0xCA,0x41,0xA1,0x9F,0x0B,0xCF,0x19,0x5E,0x70,0xB9,0x5E,0x39,
+ 0x4B,0x9E,0x31,0x1C,0x5F,0x87,0xAE,0x2A,0xAA,0xA8,0x2B,0xA2,0x1B,0x3B,0x10,0x23,
+ 0x5F,0x13,0xB1,0xDD,0x08,0x8C,0x4E,0x14,0xDA,0x83,0x81,0xE3,0xB5,0x8C,0xE3,0x68,
+ 0xED,0x24,0x67,0xCE,0x56,0xB6,0xAC,0x9B,0x73,0x96,0x44,0xDB,0x8A,0x8C,0xB3,0xD6,
+ 0xF0,0x71,0x93,0x8E,0xDB,0x71,0x54,0x4A,0xEB,0x73,0x59,0x6A,0x8F,0x70,0x51,0x2C,
+ 0x03,0x9F,0x97,0xD1,0xCC,0x11,0x7A,0xBC,0x62,0x0D,0x95,0x2A,0xC9,0x1C,0x75,0x57,
+ 0xE9,0xF5,0xC7,0xEA,0xBA,0x84,0x35,0xCB,0xC7,0x85,0x5A,0x7E,0xE4,0x4D,0xE1,0x11,
+ 0x97,0x7D,0x0E,0x20,0x34,0x45,0xDB,0xF1,0xA2,0x09,0xEB,0xEB,0x3D,0x9E,0xB8,0x96,
+ 0x43,0x5E,0x34,0x4B,0x08,0x25,0x1E,0x43,0x1A,0xA2,0xD9,0xB7,0x8A,0x01,0x34,0x3D,
+ 0xC3,0xF8,0xE5,0xAF,0x4F,0x8C,0xFF,0xCD,0x65,0xF0,0x23,0x4E,0xC5,0x97,0xB3,0x5C,
+ 0xDA,0x90,0x1C,0x82,0x85,0x0D,0x06,0x0D,0xC1,0x22,0xB6,0x7B,0x28,0xA4,0x03,0xC3,
+ 0x4C,0x53,0xD1,0x58,0xBC,0x72,0xBC,0x08,0x39,0xFC,0xA0,0x76,0xA8,0xA8,0xE9,0x4B,
+ 0x6E,0x88,0x3D,0xE3,0xB3,0x31,0x25,0x8C,0x73,0x29,0x48,0x0E,0x32,0x79,0x06,0xED,
+ 0x3D,0x43,0xF4,0xF6,0xE4,0xE9,0xFC,0x7D,0xBE,0x8E,0x08,0xD5,0x1F,0x02,0x03,0x01,
+ 0x00,0x01,0xA3,0x82,0x02,0x08,0x30,0x82,0x02,0x04,0x30,0x1D,0x06,0x03,0x55,0x1D,
+ 0x0E,0x04,0x16,0x04,0x14,0x4E,0x43,0xC8,0x1D,0x76,0xEF,0x37,0x53,0x7A,0x4F,0xF2,
+ 0x58,0x6F,0x94,0xF3,0x38,0xE2,0xD5,0xBD,0xDF,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,
+ 0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x3D,0x06,
+ 0x03,0x55,0x1D,0x20,0x04,0x36,0x30,0x34,0x30,0x32,0x06,0x04,0x55,0x1D,0x20,0x00,
+ 0x30,0x2A,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C,
+ 0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,0x65,0x72,0x69,
+ 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,0x30,0x3D,0x06,0x03,
+ 0x55,0x1D,0x1F,0x04,0x36,0x30,0x34,0x30,0x32,0xA0,0x30,0xA0,0x2E,0x86,0x2C,0x68,
+ 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x45,0x56,0x53,0x65,0x63,0x75,0x72,0x65,0x2D,0x63,
+ 0x72,0x6C,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,
+ 0x70,0x63,0x61,0x33,0x2D,0x67,0x35,0x2E,0x63,0x72,0x6C,0x30,0x0E,0x06,0x03,0x55,
+ 0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x11,0x06,0x09,0x60,
+ 0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x6D,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0C,0x04,0x61,0x30,0x5F,0xA1,0x5D,
+ 0xA0,0x5B,0x30,0x59,0x30,0x57,0x30,0x55,0x16,0x09,0x69,0x6D,0x61,0x67,0x65,0x2F,
+ 0x67,0x69,0x66,0x30,0x21,0x30,0x1F,0x30,0x07,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,
+ 0x04,0x14,0x8F,0xE5,0xD3,0x1A,0x86,0xAC,0x8D,0x8E,0x6B,0xC3,0xCF,0x80,0x6A,0xD4,
+ 0x48,0x18,0x2C,0x7B,0x19,0x2E,0x30,0x25,0x16,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,
+ 0x2F,0x6C,0x6F,0x67,0x6F,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,
+ 0x6F,0x6D,0x2F,0x76,0x73,0x6C,0x6F,0x67,0x6F,0x2E,0x67,0x69,0x66,0x30,0x29,0x06,
+ 0x03,0x55,0x1D,0x11,0x04,0x22,0x30,0x20,0xA4,0x1E,0x30,0x1C,0x31,0x1A,0x30,0x18,
+ 0x06,0x03,0x55,0x04,0x03,0x13,0x11,0x43,0x6C,0x61,0x73,0x73,0x33,0x43,0x41,0x32,
+ 0x30,0x34,0x38,0x2D,0x31,0x2D,0x34,0x38,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,
+ 0x18,0x30,0x16,0x80,0x14,0x7F,0xD3,0x65,0xA7,0xC2,0xDD,0xEC,0xBB,0xF0,0x30,0x09,
+ 0xF3,0x43,0x39,0xFA,0x02,0xAF,0x33,0x31,0x33,0x30,0x3D,0x06,0x08,0x2B,0x06,0x01,
+ 0x05,0x05,0x07,0x01,0x01,0x04,0x31,0x30,0x2F,0x30,0x2D,0x06,0x08,0x2B,0x06,0x01,
+ 0x05,0x05,0x07,0x30,0x01,0x86,0x21,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x45,0x56,
+ 0x53,0x65,0x63,0x75,0x72,0x65,0x2D,0x6F,0x63,0x73,0x70,0x2E,0x76,0x65,0x72,0x69,
+ 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x34,0x06,0x03,0x55,0x1D,0x25,0x04,
+ 0x2D,0x30,0x2B,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,0x06,0x0A,
+ 0x60,0x86,0x48,0x01,0x86,0xF8,0x45,0x01,0x08,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x0D,
+ 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,
+ 0x01,0x00,0x27,0x74,0xA6,0x34,0xEA,0x1D,0x9D,0xE1,0x53,0xD6,0x1C,0x9D,0x0C,0xA7,
+ 0x5B,0x4C,0xA9,0x67,0xF2,0xF0,0x32,0xB7,0x01,0x0F,0xFB,0x42,0x18,0x38,0xDE,0xE4,
+ 0xEE,0x49,0xC8,0x13,0xC9,0x0B,0xEC,0x04,0xC3,0x40,0x71,0x18,0x72,0x76,0x43,0x02,
+ 0x23,0x5D,0xAB,0x7B,0xC8,0x48,0x14,0x1A,0xC8,0x7B,0x1D,0xFC,0xF6,0x0A,0x9F,0x36,
+ 0xA1,0xD2,0x09,0x73,0x71,0x66,0x96,0x75,0x51,0x34,0xBF,0x99,0x30,0x51,0x67,0x9D,
+ 0x54,0xB7,0x26,0x45,0xAC,0x73,0x08,0x23,0x86,0x26,0x99,0x71,0xF4,0x8E,0xD7,0xEA,
+ 0x39,0x9B,0x06,0x09,0x23,0xBF,0x62,0xDD,0xA8,0xC4,0xB6,0x7D,0xA4,0x89,0x07,0x3E,
+ 0xF3,0x6D,0xAE,0x40,0x59,0x50,0x79,0x97,0x37,0x3D,0x32,0x78,0x7D,0xB2,0x63,0x4B,
+ 0xF9,0xEA,0x08,0x69,0x0E,0x13,0xED,0xE8,0xCF,0xBB,0xAC,0x05,0x86,0xCA,0x22,0xCF,
+ 0x88,0x62,0x5D,0x3C,0x22,0x49,0xD8,0x63,0xD5,0x24,0xA6,0xBD,0xEF,0x5C,0xE3,0xCC,
+ 0x20,0x3B,0x22,0xEA,0xFC,0x44,0xC6,0xA8,0xE5,0x1F,0xE1,0x86,0xCD,0x0C,0x4D,0x8F,
+ 0x93,0x53,0xD9,0x7F,0xEE,0xA1,0x08,0xA7,0xB3,0x30,0x96,0x49,0x70,0x6E,0xA3,0x6C,
+ 0x3D,0xD0,0x63,0xEF,0x25,0x66,0x63,0xCC,0xAA,0xB7,0x18,0x17,0x4E,0xEA,0x70,0x76,
+ 0xF6,0xBA,0x42,0xA6,0x80,0x37,0x09,0x4E,0x9F,0x66,0x88,0x2E,0x6B,0x33,0x66,0xC8,
+ 0xC0,0x71,0xA4,0x41,0xEB,0x5A,0xE3,0xFC,0x14,0x2E,0x4B,0x88,0xFD,0xAE,0x6E,0x5B,
+ 0x65,0xE9,0x27,0xE4,0xBF,0xE4,0xB0,0x23,0xC1,0xB2,0x7D,0x5B,0x62,0x25,0xD7,0x3E,
+ 0x10,0xD4,
+};
+
+
+/* subject:/C=US/ST=California/L=Cupertino/O=Apple Inc/OU=Internet Operations/CN=xedge2.apple.com
+ issuer :/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority */
+const uint8_t xedge2_certificate[1385]={
+ 0x30,0x82,0x05,0x65,0x30,0x82,0x04,0xCE,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x46,
+ 0x9C,0xDF,0x96,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,
+ 0x05,0x00,0x30,0x81,0xC3,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
+ 0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x45,0x6E,0x74,
+ 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,
+ 0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,
+ 0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,0x6F,0x72,0x70,0x2E,0x20,0x62,
+ 0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,0x6D,0x69,0x74,0x73,0x20,0x6C,
+ 0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,0x13,0x1C,
+ 0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,
+ 0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,0x31,0x3A,0x30,0x38,
+ 0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,
+ 0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72,
+ 0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,
+ 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x1E,0x17,0x0D,0x30,0x38,0x30,0x31,
+ 0x32,0x39,0x31,0x38,0x33,0x33,0x31,0x33,0x5A,0x17,0x0D,0x31,0x30,0x30,0x31,0x32,
+ 0x38,0x31,0x39,0x30,0x33,0x31,0x32,0x5A,0x30,0x81,0x83,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
+ 0x08,0x13,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x12,0x30,
+ 0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,
+ 0x6F,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x41,0x70,0x70,0x6C,
+ 0x65,0x20,0x49,0x6E,0x63,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0B,0x13,0x13,
+ 0x49,0x6E,0x74,0x65,0x72,0x6E,0x65,0x74,0x20,0x4F,0x70,0x65,0x72,0x61,0x74,0x69,
+ 0x6F,0x6E,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13,0x10,0x78,0x65,
+ 0x64,0x67,0x65,0x32,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x81,
+ 0x9F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,
+ 0x03,0x81,0x8D,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xC7,0xF3,0xA1,0x0E,0x0E,
+ 0xA4,0xDF,0xC5,0x3F,0x24,0x87,0xC3,0x6E,0xE7,0xD0,0x7C,0x2B,0x5A,0x1C,0xF3,0x67,
+ 0x6C,0x6B,0x56,0x0A,0x95,0xC9,0xE5,0x13,0x28,0x6E,0x16,0x9D,0x4F,0xB1,0x76,0xFB,
+ 0x7D,0x42,0x5B,0x2A,0x7C,0xCC,0x97,0x75,0xAA,0xA6,0xA9,0xDE,0xB2,0xEC,0xEF,0xE2,
+ 0xAB,0x40,0xAE,0x9A,0x23,0xF0,0x6A,0x10,0xB3,0x75,0x27,0xF0,0xF4,0x7D,0x08,0x67,
+ 0x8F,0xCE,0x41,0x24,0x74,0xAA,0x37,0xB6,0xC1,0x32,0x61,0xCF,0x7D,0x1C,0x21,0xCD,
+ 0xCF,0x7C,0x9E,0xE2,0x48,0x03,0x7E,0x78,0xB3,0x86,0x3D,0x06,0x6B,0x39,0xEC,0xC8,
+ 0x73,0x68,0xDB,0xE7,0x5B,0x97,0xF4,0xF9,0xA3,0xE7,0xFB,0x81,0x2E,0x4D,0x0B,0x3F,
+ 0xA9,0xCA,0xDE,0x32,0x26,0xF3,0xF0,0x97,0x72,0x65,0xAB,0x02,0x03,0x01,0x00,0x01,
+ 0xA3,0x82,0x02,0xA2,0x30,0x82,0x02,0x9E,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,
+ 0x04,0x03,0x02,0x05,0xA0,0x30,0x2B,0x06,0x03,0x55,0x1D,0x10,0x04,0x24,0x30,0x22,
+ 0x80,0x0F,0x32,0x30,0x30,0x38,0x30,0x31,0x32,0x39,0x31,0x38,0x33,0x33,0x31,0x33,
+ 0x5A,0x81,0x0F,0x32,0x30,0x31,0x30,0x30,0x31,0x32,0x38,0x31,0x39,0x30,0x33,0x31,
+ 0x32,0x5A,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,0x04,
+ 0x04,0x03,0x02,0x06,0x40,0x30,0x13,0x06,0x03,0x55,0x1D,0x25,0x04,0x0C,0x30,0x0A,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x82,0x01,0x68,0x06,0x03,
+ 0x55,0x1D,0x20,0x04,0x82,0x01,0x5F,0x30,0x82,0x01,0x5B,0x30,0x82,0x01,0x57,0x06,
+ 0x09,0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x4B,0x02,0x30,0x82,0x01,0x48,0x30,0x26,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1A,0x68,0x74,0x74,0x70,
+ 0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,
+ 0x65,0x74,0x2F,0x63,0x70,0x73,0x30,0x82,0x01,0x1C,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x02,0x02,0x30,0x82,0x01,0x0E,0x1A,0x82,0x01,0x0A,0x54,0x68,0x65,0x20,
+ 0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x20,0x53,0x53,0x4C,0x20,0x57,0x65,0x62,0x20,
+ 0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,
+ 0x74,0x69,0x6F,0x6E,0x20,0x50,0x72,0x61,0x63,0x74,0x69,0x63,0x65,0x20,0x53,0x74,
+ 0x61,0x74,0x65,0x6D,0x65,0x6E,0x74,0x20,0x28,0x43,0x50,0x53,0x29,0x20,0x61,0x76,
+ 0x61,0x69,0x6C,0x61,0x62,0x6C,0x65,0x20,0x61,0x74,0x20,0x77,0x77,0x77,0x2E,0x65,
+ 0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,0x73,0x20,0x20,
+ 0x69,0x73,0x20,0x68,0x65,0x72,0x65,0x62,0x79,0x20,0x69,0x6E,0x63,0x6F,0x72,0x70,
+ 0x6F,0x72,0x61,0x74,0x65,0x64,0x20,0x69,0x6E,0x74,0x6F,0x20,0x79,0x6F,0x75,0x72,
+ 0x20,0x75,0x73,0x65,0x20,0x6F,0x72,0x20,0x72,0x65,0x6C,0x69,0x61,0x6E,0x63,0x65,
+ 0x20,0x6F,0x6E,0x20,0x74,0x68,0x69,0x73,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,
+ 0x63,0x61,0x74,0x65,0x2E,0x20,0x20,0x54,0x68,0x69,0x73,0x20,0x43,0x50,0x53,0x20,
+ 0x63,0x6F,0x6E,0x74,0x61,0x69,0x6E,0x73,0x20,0x6C,0x69,0x6D,0x69,0x74,0x61,0x74,
+ 0x69,0x6F,0x6E,0x73,0x20,0x6F,0x6E,0x20,0x77,0x61,0x72,0x72,0x61,0x6E,0x74,0x69,
+ 0x65,0x73,0x20,0x61,0x6E,0x64,0x20,0x6C,0x69,0x61,0x62,0x69,0x6C,0x69,0x74,0x69,
+ 0x65,0x73,0x2E,0x20,0x43,0x6F,0x70,0x79,0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63,
+ 0x29,0x20,0x32,0x30,0x30,0x32,0x20,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x20,0x4C,
+ 0x69,0x6D,0x69,0x74,0x65,0x64,0x30,0x33,0x06,0x03,0x55,0x1D,0x1F,0x04,0x2C,0x30,
+ 0x2A,0x30,0x28,0xA0,0x26,0xA0,0x24,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,
+ 0x63,0x72,0x6C,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,
+ 0x73,0x65,0x72,0x76,0x65,0x72,0x31,0x2E,0x63,0x72,0x6C,0x30,0x33,0x06,0x08,0x2B,
+ 0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x27,0x30,0x25,0x30,0x23,0x06,0x08,0x2B,
+ 0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x17,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,
+ 0x6F,0x63,0x73,0x70,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,
+ 0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xF0,0x17,0x62,
+ 0x13,0x55,0x3D,0xB3,0xFF,0x0A,0x00,0x6B,0xFB,0x50,0x84,0x97,0xF3,0xED,0x62,0xD0,
+ 0x1A,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x2D,0xEF,0xD9,0xAF,
+ 0x1A,0x89,0x40,0x53,0x75,0x48,0x26,0x59,0x2F,0xEC,0x11,0x18,0xC0,0xD1,0x7A,0x34,
+ 0x30,0x09,0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x19,0x06,0x09,0x2A,
+ 0x86,0x48,0x86,0xF6,0x7D,0x07,0x41,0x00,0x04,0x0C,0x30,0x0A,0x1B,0x04,0x56,0x37,
+ 0x2E,0x31,0x03,0x02,0x03,0x28,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,
+ 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x77,0x33,0x2A,0x69,0x45,0x5A,0xB2,
+ 0xF5,0x74,0xF7,0xDF,0xC7,0x08,0x85,0x86,0x88,0x98,0x41,0x7F,0x57,0x49,0x01,0xBA,
+ 0x13,0x21,0x40,0xD0,0x0A,0x5C,0xA7,0x37,0xDF,0xB3,0x7E,0xF8,0xED,0x04,0x63,0xC3,
+ 0xE8,0x0F,0xA0,0xE5,0xC4,0x4F,0x3A,0x90,0xE4,0x87,0x5F,0xEC,0xDB,0x65,0x8B,0x6E,
+ 0x88,0x6E,0x6E,0xE4,0xBC,0x6A,0x7E,0x37,0x47,0x04,0xFF,0x09,0xC6,0x70,0xE1,0x65,
+ 0x8F,0xE3,0xE9,0x60,0xEB,0xE8,0x8E,0x29,0xAE,0xF9,0x81,0xCA,0x9A,0x97,0x3C,0x6F,
+ 0x7C,0xFA,0xA8,0x49,0xB4,0x33,0x76,0x9C,0x65,0x92,0x12,0xF6,0x7F,0x6A,0x62,0x84,
+ 0x29,0x5F,0x14,0x26,0x6E,0x07,0x6F,0x5C,0xB5,0x7C,0x21,0x64,0x7C,0xD9,0x93,0xF4,
+ 0x9C,0xC8,0xE7,0xEC,0xC6,0xAC,0x13,0xC4,0xF0
+};
+
+const uint8_t entrust1024RootCA[1244]={
+ 0x30,0x82,0x04,0xD8,0x30,0x82,0x04,0x41,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x37,
+ 0x4A,0xD2,0x43,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,
+ 0x05,0x00,0x30,0x81,0xC3,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
+ 0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x45,0x6E,0x74,
+ 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,
+ 0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,
+ 0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,0x6F,0x72,0x70,0x2E,0x20,0x62,
+ 0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,0x6D,0x69,0x74,0x73,0x20,0x6C,
+ 0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,0x13,0x1C,
+ 0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,
+ 0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,0x31,0x3A,0x30,0x38,
+ 0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,
+ 0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72,
+ 0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,
+ 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x1E,0x17,0x0D,0x39,0x39,0x30,0x35,
+ 0x32,0x35,0x31,0x36,0x30,0x39,0x34,0x30,0x5A,0x17,0x0D,0x31,0x39,0x30,0x35,0x32,
+ 0x35,0x31,0x36,0x33,0x39,0x34,0x30,0x5A,0x30,0x81,0xC3,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,
+ 0x0A,0x13,0x0B,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,
+ 0x30,0x39,0x06,0x03,0x55,0x04,0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,
+ 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,
+ 0x6F,0x72,0x70,0x2E,0x20,0x62,0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,
+ 0x6D,0x69,0x74,0x73,0x20,0x6C,0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,
+ 0x03,0x55,0x04,0x0B,0x13,0x1C,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,
+ 0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,
+ 0x65,0x64,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,
+ 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,
+ 0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,
+ 0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x81,
+ 0x9D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,
+ 0x03,0x81,0x8B,0x00,0x30,0x81,0x87,0x02,0x81,0x81,0x00,0xCD,0x28,0x83,0x34,0x54,
+ 0x1B,0x89,0xF3,0x0F,0xAF,0x37,0x91,0x31,0xFF,0xAF,0x31,0x60,0xC9,0xA8,0xE8,0xB2,
+ 0x10,0x68,0xED,0x9F,0xE7,0x93,0x36,0xF1,0x0A,0x64,0xBB,0x47,0xF5,0x04,0x17,0x3F,
+ 0x23,0x47,0x4D,0xC5,0x27,0x19,0x81,0x26,0x0C,0x54,0x72,0x0D,0x88,0x2D,0xD9,0x1F,
+ 0x9A,0x12,0x9F,0xBC,0xB3,0x71,0xD3,0x80,0x19,0x3F,0x47,0x66,0x7B,0x8C,0x35,0x28,
+ 0xD2,0xB9,0x0A,0xDF,0x24,0xDA,0x9C,0xD6,0x50,0x79,0x81,0x7A,0x5A,0xD3,0x37,0xF7,
+ 0xC2,0x4A,0xD8,0x29,0x92,0x26,0x64,0xD1,0xE4,0x98,0x6C,0x3A,0x00,0x8A,0xF5,0x34,
+ 0x9B,0x65,0xF8,0xED,0xE3,0x10,0xFF,0xFD,0xB8,0x49,0x58,0xDC,0xA0,0xDE,0x82,0x39,
+ 0x6B,0x81,0xB1,0x16,0x19,0x61,0xB9,0x54,0xB6,0xE6,0x43,0x02,0x01,0x03,0xA3,0x82,
+ 0x01,0xD7,0x30,0x82,0x01,0xD3,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,
+ 0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x82,0x01,0x19,0x06,0x03,0x55,
+ 0x1D,0x1F,0x04,0x82,0x01,0x10,0x30,0x82,0x01,0x0C,0x30,0x81,0xDE,0xA0,0x81,0xDB,
+ 0xA0,0x81,0xD8,0xA4,0x81,0xD5,0x30,0x81,0xD2,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,
+ 0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,
+ 0x0B,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,0x30,0x39,
+ 0x06,0x03,0x55,0x04,0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,
+ 0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,0x6F,0x72,
+ 0x70,0x2E,0x20,0x62,0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,0x6D,0x69,
+ 0x74,0x73,0x20,0x6C,0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,0x03,0x55,
+ 0x04,0x0B,0x13,0x1C,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,0x6E,0x74,
+ 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,
+ 0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,0x72,0x75,
+ 0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,
+ 0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,
+ 0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x0D,0x30,0x0B,
+ 0x06,0x03,0x55,0x04,0x03,0x13,0x04,0x43,0x52,0x4C,0x31,0x30,0x29,0xA0,0x27,0xA0,
+ 0x25,0x86,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x65,0x6E,
+ 0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x43,0x52,0x4C,0x2F,0x6E,0x65,
+ 0x74,0x31,0x2E,0x63,0x72,0x6C,0x30,0x2B,0x06,0x03,0x55,0x1D,0x10,0x04,0x24,0x30,
+ 0x22,0x80,0x0F,0x31,0x39,0x39,0x39,0x30,0x35,0x32,0x35,0x31,0x36,0x30,0x39,0x34,
+ 0x30,0x5A,0x81,0x0F,0x32,0x30,0x31,0x39,0x30,0x35,0x32,0x35,0x31,0x36,0x30,0x39,
+ 0x34,0x30,0x5A,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x01,0x06,
+ 0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xF0,0x17,0x62,
+ 0x13,0x55,0x3D,0xB3,0xFF,0x0A,0x00,0x6B,0xFB,0x50,0x84,0x97,0xF3,0xED,0x62,0xD0,
+ 0x1A,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xF0,0x17,0x62,0x13,
+ 0x55,0x3D,0xB3,0xFF,0x0A,0x00,0x6B,0xFB,0x50,0x84,0x97,0xF3,0xED,0x62,0xD0,0x1A,
+ 0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x19,
+ 0x06,0x09,0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x41,0x00,0x04,0x0C,0x30,0x0A,0x1B,
+ 0x04,0x56,0x34,0x2E,0x30,0x03,0x02,0x04,0x90,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x90,0xDC,0x30,0x02,
+ 0xFA,0x64,0x74,0xC2,0xA7,0x0A,0xA5,0x7C,0x21,0x8D,0x34,0x17,0xA8,0xFB,0x47,0x0E,
+ 0xFF,0x25,0x7C,0x8D,0x13,0x0A,0xFB,0xE4,0x98,0xB5,0xEF,0x8C,0xF8,0xC5,0x10,0x0D,
+ 0xF7,0x92,0xBE,0xF1,0xC3,0xD5,0xD5,0x95,0x6A,0x04,0xBB,0x2C,0xCE,0x26,0x36,0x65,
+ 0xC8,0x31,0xC6,0xE7,0xEE,0x3F,0xE3,0x57,0x75,0x84,0x7A,0x11,0xEF,0x46,0x4F,0x18,
+ 0xF4,0xD3,0x98,0xBB,0xA8,0x87,0x32,0xBA,0x72,0xF6,0x3C,0xE2,0x3D,0x9F,0xD7,0x1D,
+ 0xD9,0xC3,0x60,0x43,0x8C,0x58,0x0E,0x22,0x96,0x2F,0x62,0xA3,0x2C,0x1F,0xBA,0xAD,
+ 0x05,0xEF,0xAB,0x32,0x78,0x87,0xA0,0x54,0x73,0x19,0xB5,0x5C,0x05,0xF9,0x52,0x3E,
+ 0x6D,0x2D,0x45,0x0B,0xF7,0x0A,0x93,0xEA,0xED,0x06,0xF9,0xB2,
+};
+
+
+/* subject:/CN=garthc2.apple.com/O=Apple Inc./OU=DTS/ST=California/C=US/L=Cupertino/emailAddress=gcummings@apple.com
+ issuer :/CN=garthc2.apple.com/O=Apple Inc./OU=DTS/ST=California/C=US/L=Cupertino/emailAddress=gcummings@apple.com */
+const uint8_t garthc2_certificate[730]={
+ 0x30,0x82,0x02,0xD6,0x30,0x82,0x02,0x3F,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
+ 0x30,0x0B,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x30,0x81,0x99,
+ 0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x67,0x61,0x72,0x74,0x68,
+ 0x63,0x32,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x13,0x30,0x11,
+ 0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,
+ 0x2E,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x0B,0x0C,0x03,0x44,0x54,0x53,0x31,
+ 0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,
+ 0x72,0x6E,0x69,0x61,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,
+ 0x53,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65,
+ 0x72,0x74,0x69,0x6E,0x6F,0x31,0x22,0x30,0x20,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x09,0x01,0x16,0x13,0x67,0x63,0x75,0x6D,0x6D,0x69,0x6E,0x67,0x73,0x40,
+ 0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,0x0D,0x30,0x39,0x30,
+ 0x37,0x31,0x36,0x32,0x32,0x34,0x39,0x31,0x30,0x5A,0x17,0x0D,0x31,0x30,0x30,0x37,
+ 0x31,0x36,0x32,0x32,0x34,0x39,0x31,0x30,0x5A,0x30,0x81,0x99,0x31,0x1A,0x30,0x18,
+ 0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x67,0x61,0x72,0x74,0x68,0x63,0x32,0x2E,0x61,
+ 0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,
+ 0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0C,0x30,
+ 0x0A,0x06,0x03,0x55,0x04,0x0B,0x0C,0x03,0x44,0x54,0x53,0x31,0x13,0x30,0x11,0x06,
+ 0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x12,0x30,
+ 0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,
+ 0x6F,0x31,0x22,0x30,0x20,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,
+ 0x16,0x13,0x67,0x63,0x75,0x6D,0x6D,0x69,0x6E,0x67,0x73,0x40,0x61,0x70,0x70,0x6C,
+ 0x65,0x2E,0x63,0x6F,0x6D,0x30,0x81,0x9F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
+ 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8D,0x00,0x30,0x81,0x89,0x02,0x81,
+ 0x81,0x00,0xCF,0x30,0xD9,0x9D,0x9C,0xD5,0x6F,0xCB,0xB1,0xD1,0xC2,0x73,0xE2,0xB4,
+ 0x06,0xC3,0x16,0x6D,0x0E,0x68,0x40,0x5E,0x92,0xFC,0xD9,0x14,0xD2,0x5E,0x21,0x50,
+ 0x66,0x41,0x96,0x3A,0x76,0x26,0xF6,0x6C,0x3C,0xA2,0xD4,0x84,0x91,0x09,0x2E,0x23,
+ 0x2D,0x07,0x38,0x48,0x58,0x31,0xE5,0x00,0x08,0xB1,0x6C,0x5D,0x39,0x50,0x30,0xF7,
+ 0x68,0x12,0x99,0xB5,0x4C,0x86,0x1E,0xA5,0xF4,0x0C,0xCB,0xCB,0x25,0xB0,0x7C,0x6A,
+ 0xFE,0x28,0xD4,0x34,0xA5,0xD2,0x94,0x5E,0xBE,0x5F,0xC1,0x61,0xAE,0xB5,0xD2,0xD2,
+ 0x18,0x34,0x07,0x02,0xA8,0x56,0xAC,0x55,0x4D,0x87,0x56,0x8A,0xBA,0x1B,0x17,0x26,
+ 0x11,0x9B,0xF8,0x88,0xD1,0x4F,0x94,0x03,0x01,0xCC,0x01,0xE7,0x0B,0x9B,0x14,0x43,
+ 0x25,0xFB,0x02,0x03,0x01,0x00,0x01,0xA3,0x2E,0x30,0x2C,0x30,0x0B,0x06,0x03,0x55,
+ 0x1D,0x0F,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,
+ 0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B,
+ 0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9D,0x8A,0x8A,0x9F,0xA5,0x36,
+ 0xA2,0xE6,0x1D,0xA9,0xF1,0x10,0xDF,0xC8,0xFC,0x1A,0x2B,0xA0,0x01,0x07,0x58,0xA4,
+ 0xD0,0x41,0xE1,0x32,0xD8,0xA9,0x84,0x9E,0xF3,0xE2,0xDE,0x48,0xD3,0x03,0xD7,0xC9,
+ 0x40,0x58,0x5A,0x91,0x85,0x70,0xF6,0xC7,0x34,0x90,0x3C,0x1B,0x06,0x8F,0x0C,0xEE,
+ 0xDD,0x79,0x14,0x42,0x72,0x4F,0x41,0xF9,0xB0,0xEC,0x04,0x9F,0xD6,0x75,0x68,0x06,
+ 0xA0,0xEA,0x11,0x0C,0xE9,0x16,0x2F,0x9E,0x23,0xFA,0x5D,0xC2,0x02,0x92,0x2A,0xDD,
+ 0xE8,0xBD,0xA1,0x8F,0x33,0x96,0x84,0xFA,0xFD,0x3C,0x70,0xD4,0x9D,0x43,0xA4,0xA0,
+ 0xE9,0xF4,0x49,0xB2,0xF4,0xCB,0x9F,0x43,0x87,0x04,0x8D,0xD0,0xEA,0xAC,0x21,0x24,
+ 0x2C,0x4C,0x36,0x5C,0x34,0x8C,0x61,0xA4,0xF4,0xB8,
+};
+
+const uint8_t prt_forest_fi_certificate[1797] = {
+ 0x30, 0x82, 0x07, 0x01, 0x30, 0x82, 0x05, 0xe9, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x11, 0x00, 0xfa, 0x69, 0x1a, 0xa7, 0xbf, 0x1b, 0x93, 0xbe,
+ 0x97, 0x11, 0xb0, 0xfe, 0xfc, 0xa8, 0x8d, 0x8c, 0x30, 0x0d, 0x06, 0x09,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
+ 0x39, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+ 0x46, 0x49, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
+ 0x06, 0x53, 0x6f, 0x6e, 0x65, 0x72, 0x61, 0x31, 0x19, 0x30, 0x17, 0x06,
+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x53, 0x6f, 0x6e, 0x65, 0x72, 0x61,
+ 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x32, 0x20, 0x43, 0x41, 0x30, 0x1e,
+ 0x17, 0x0d, 0x31, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x39, 0x33, 0x39,
+ 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x31, 0x33, 0x30, 0x30,
+ 0x39, 0x33, 0x39, 0x33, 0x33, 0x5a, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x46, 0x49, 0x31, 0x16, 0x30,
+ 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x50, 0x52, 0x54, 0x2d,
+ 0x46, 0x6f, 0x72, 0x65, 0x73, 0x74, 0x20, 0x4f, 0x79, 0x31, 0x16, 0x30,
+ 0x14, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0d, 0x54, 0x69, 0x65, 0x74,
+ 0x6f, 0x68, 0x61, 0x6c, 0x6c, 0x69, 0x6e, 0x74, 0x6f, 0x31, 0x18, 0x30,
+ 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x2a, 0x2e, 0x70, 0x72,
+ 0x74, 0x2d, 0x66, 0x6f, 0x72, 0x65, 0x73, 0x74, 0x2e, 0x66, 0x69, 0x30,
+ 0x82, 0x04, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x04, 0x0f, 0x00, 0x30,
+ 0x82, 0x04, 0x0a, 0x02, 0x82, 0x04, 0x01, 0x00, 0xbc, 0x62, 0x25, 0x57,
+ 0xbc, 0x71, 0xb8, 0xa9, 0x5b, 0x0e, 0x04, 0xbc, 0xc4, 0x0e, 0xf1, 0x0e,
+ 0x1f, 0x20, 0xd2, 0xf4, 0x4f, 0x23, 0xfe, 0x14, 0x54, 0x34, 0x81, 0xd3,
+ 0x5b, 0xdd, 0x74, 0xed, 0xa1, 0xbe, 0x91, 0x99, 0x9d, 0x02, 0xb9, 0x36,
+ 0x70, 0x43, 0x5d, 0x73, 0xa6, 0xe5, 0x70, 0x7b, 0x0e, 0x0c, 0x3f, 0x33,
+ 0xbb, 0x71, 0xd6, 0xd4, 0x22, 0xb0, 0xeb, 0xf5, 0x6e, 0x07, 0x7c, 0xe7,
+ 0xc7, 0xd1, 0x20, 0x64, 0x72, 0x4e, 0xae, 0x5e, 0xae, 0xaf, 0x08, 0xfb,
+ 0x7d, 0x6d, 0xdb, 0x69, 0x5a, 0x31, 0x73, 0x7d, 0xbd, 0x53, 0xcb, 0x04,
+ 0x69, 0x6d, 0x74, 0x56, 0x6c, 0xbc, 0x84, 0xa6, 0x01, 0x39, 0x37, 0x0c,
+ 0xb9, 0x5c, 0x2e, 0x78, 0x50, 0x3a, 0x8d, 0x1f, 0xa2, 0x33, 0xf1, 0xd2,
+ 0xc2, 0x87, 0x51, 0xf4, 0x92, 0xc3, 0xa7, 0xaa, 0xc8, 0x36, 0x51, 0x1c,
+ 0xfb, 0x77, 0xbf, 0xcf, 0x24, 0x11, 0xfe, 0xf4, 0x11, 0x2f, 0x5c, 0xdf,
+ 0x26, 0xf6, 0xb9, 0x15, 0xc1, 0x46, 0x75, 0x83, 0x40, 0x77, 0xa4, 0x83,
+ 0x74, 0xce, 0xc0, 0x29, 0x31, 0xd3, 0xd8, 0x68, 0xfa, 0x2e, 0xcc, 0x15,
+ 0x2c, 0x59, 0x5c, 0xa7, 0x96, 0x65, 0x8f, 0x34, 0x87, 0x29, 0x22, 0x1d,
+ 0xde, 0x65, 0xc7, 0x1c, 0x5c, 0xd8, 0x33, 0x22, 0xf7, 0x93, 0xd9, 0xcd,
+ 0x96, 0x76, 0x22, 0xab, 0x75, 0x18, 0x04, 0xe7, 0x65, 0x2a, 0xeb, 0x42,
+ 0x75, 0x17, 0x13, 0x12, 0x00, 0xe3, 0xf4, 0xd9, 0xde, 0xd1, 0x9f, 0x1c,
+ 0x61, 0xee, 0xf6, 0xb9, 0xf9, 0x50, 0xb3, 0x1b, 0x79, 0x77, 0x38, 0x3c,
+ 0x6a, 0xcc, 0xa0, 0x1d, 0xe4, 0xd7, 0x43, 0xca, 0x8b, 0x22, 0xbf, 0x77,
+ 0x33, 0xea, 0xaa, 0x01, 0xcf, 0x1e, 0xd0, 0x0d, 0x04, 0x2b, 0xec, 0x42,
+ 0x7b, 0xec, 0x53, 0xed, 0xc7, 0x4f, 0x0c, 0xac, 0x29, 0xb7, 0x8b, 0x92,
+ 0x14, 0x3f, 0x9b, 0xc6, 0xd8, 0xa1, 0x30, 0x4d, 0x5a, 0x07, 0x0e, 0x1e,
+ 0x80, 0x5f, 0x38, 0x66, 0x4d, 0xc1, 0xad, 0x2f, 0xee, 0xae, 0x94, 0x50,
+ 0x8e, 0x38, 0x2a, 0x00, 0x80, 0xe2, 0xc4, 0x43, 0x2e, 0xd5, 0xcd, 0xca,
+ 0x3f, 0x3d, 0xcb, 0x35, 0x13, 0x96, 0xd2, 0xdc, 0x0e, 0xe7, 0x45, 0x57,
+ 0x4b, 0x8f, 0xee, 0xa1, 0xce, 0xe6, 0x57, 0x52, 0xcd, 0xd0, 0x82, 0xca,
+ 0x3b, 0x87, 0xf4, 0x22, 0xff, 0x81, 0x4b, 0xf5, 0xa3, 0xda, 0xc5, 0xb6,
+ 0x67, 0xb8, 0xf4, 0xaf, 0xff, 0x8d, 0x4e, 0x80, 0xb5, 0x22, 0x80, 0x3c,
+ 0x70, 0xe4, 0xa0, 0xae, 0xdc, 0xcf, 0x44, 0xff, 0x00, 0x98, 0x3f, 0x19,
+ 0x7b, 0x4c, 0x3d, 0xd8, 0xa5, 0xd8, 0xe0, 0x05, 0x73, 0x54, 0x06, 0x0c,
+ 0x4d, 0x50, 0xf8, 0xd8, 0x85, 0x0b, 0xa8, 0x49, 0xaa, 0x97, 0x87, 0x3b,
+ 0x32, 0xe8, 0x58, 0x22, 0xee, 0x34, 0x1c, 0x9f, 0xe3, 0x18, 0xba, 0x93,
+ 0x43, 0xea, 0xb7, 0x78, 0x35, 0xa2, 0xb5, 0x1e, 0x19, 0x16, 0x3b, 0xb3,
+ 0xf5, 0x12, 0xe8, 0x26, 0x62, 0x2d, 0xd7, 0x45, 0xc3, 0xa4, 0x4b, 0xda,
+ 0x38, 0x48, 0x00, 0x3f, 0x68, 0x62, 0xa2, 0x83, 0x9d, 0x32, 0x76, 0x27,
+ 0x40, 0x5d, 0x0e, 0x75, 0xb1, 0x08, 0xdb, 0x58, 0xfa, 0x20, 0x62, 0xf1,
+ 0x3f, 0xbd, 0x86, 0x2f, 0x7c, 0x07, 0x01, 0x14, 0x1d, 0x19, 0x61, 0xee,
+ 0x0a, 0x85, 0xbf, 0xc7, 0x4f, 0x4a, 0x06, 0xc0, 0xaf, 0x44, 0x5d, 0x6f,
+ 0xc3, 0x53, 0x23, 0xcb, 0xdf, 0x40, 0x7a, 0x18, 0xa1, 0x34, 0x80, 0x18,
+ 0x86, 0xfe, 0xe3, 0x87, 0xce, 0x30, 0x53, 0x33, 0x1c, 0x45, 0x4a, 0xb4,
+ 0xe1, 0x8c, 0x9b, 0x4b, 0xf5, 0x2c, 0x7c, 0x13, 0x56, 0x37, 0x8a, 0x94,
+ 0x24, 0xdb, 0x3a, 0x4b, 0x80, 0xb1, 0x26, 0x57, 0x5a, 0x75, 0x1c, 0x44,
+ 0xc5, 0xf7, 0x67, 0xb4, 0x61, 0x87, 0xe8, 0x2e, 0xd9, 0xe1, 0xb9, 0x45,
+ 0xcc, 0xdc, 0xdf, 0x3b, 0x8c, 0xce, 0xd0, 0x46, 0x6b, 0x87, 0xb5, 0xa9,
+ 0xfe, 0x35, 0x87, 0xe0, 0xca, 0xc6, 0x7d, 0xc8, 0x86, 0xc2, 0xfe, 0x89,
+ 0xec, 0xa9, 0x86, 0x33, 0x81, 0xdc, 0x41, 0xb3, 0xe7, 0xc4, 0x82, 0x3a,
+ 0x81, 0x05, 0xbd, 0x8b, 0x92, 0xb2, 0x6a, 0x2c, 0x3c, 0xca, 0xd0, 0x22,
+ 0xff, 0xc8, 0x8f, 0xf0, 0x5f, 0x0e, 0xfb, 0x0b, 0x36, 0x64, 0x6a, 0x12,
+ 0x77, 0x2d, 0x8a, 0x38, 0xde, 0x7d, 0xed, 0xc9, 0xa7, 0xc1, 0x85, 0x41,
+ 0xa2, 0x7b, 0xa5, 0xdc, 0x30, 0x96, 0xda, 0xf8, 0xb3, 0xc8, 0x21, 0x56,
+ 0x3c, 0xdb, 0xe4, 0x8c, 0xb0, 0xfb, 0xec, 0x0e, 0x58, 0x49, 0x3c, 0x75,
+ 0x3c, 0xc2, 0x41, 0xbd, 0xc0, 0x81, 0x37, 0xc7, 0x69, 0x5a, 0x41, 0x86,
+ 0x18, 0xe9, 0x41, 0x7f, 0xba, 0xff, 0xc3, 0x52, 0x56, 0xf9, 0x7c, 0x60,
+ 0x14, 0xf9, 0x66, 0x4c, 0x60, 0xb6, 0x3e, 0x23, 0xcd, 0xd1, 0x2d, 0x4f,
+ 0x43, 0x97, 0xea, 0xa3, 0x37, 0xa4, 0x2a, 0xa7, 0x81, 0x49, 0x90, 0xe3,
+ 0xb6, 0x12, 0x1b, 0xac, 0x78, 0x57, 0x20, 0x51, 0xb4, 0x16, 0x5e, 0x58,
+ 0x61, 0x0f, 0x1e, 0x35, 0xbc, 0x3f, 0x44, 0xc2, 0x85, 0xa5, 0x61, 0x8a,
+ 0x0a, 0x7c, 0x2e, 0xb0, 0x11, 0x12, 0xc6, 0xc0, 0xc8, 0xcb, 0xd8, 0x13,
+ 0xc3, 0x58, 0xf1, 0xcd, 0x06, 0x5f, 0x90, 0xa5, 0xd7, 0x74, 0xbc, 0x1a,
+ 0x9c, 0xdc, 0xab, 0xde, 0xea, 0x36, 0x67, 0x41, 0x4f, 0x62, 0x86, 0xc6,
+ 0xfe, 0x63, 0x14, 0x83, 0x11, 0xab, 0xfb, 0x61, 0x38, 0x11, 0xce, 0x01,
+ 0xe8, 0xee, 0x3a, 0x21, 0xbc, 0xaa, 0x4b, 0xb0, 0x8f, 0x2f, 0xcf, 0x58,
+ 0xe6, 0x55, 0x61, 0x38, 0xa7, 0xc3, 0xaa, 0x3b, 0xb0, 0x8c, 0xf4, 0x82,
+ 0xa0, 0x96, 0xc4, 0x13, 0x4a, 0xc0, 0xc8, 0x93, 0xb7, 0x3d, 0x28, 0x05,
+ 0xb9, 0xc8, 0x4c, 0xe8, 0x57, 0xda, 0x56, 0x8b, 0xda, 0x27, 0xab, 0xbf,
+ 0x7e, 0x66, 0x43, 0xdc, 0x57, 0x09, 0xdc, 0x88, 0x8e, 0xfb, 0xa7, 0x63,
+ 0x41, 0xfb, 0xf1, 0x67, 0xb5, 0xe1, 0x84, 0x5d, 0x1d, 0xe3, 0xb4, 0xc6,
+ 0x40, 0x97, 0xf8, 0x4d, 0xfc, 0x00, 0xcd, 0x56, 0xc2, 0xab, 0xff, 0x49,
+ 0x93, 0xff, 0x46, 0x56, 0x9b, 0xee, 0x6d, 0xa0, 0x5d, 0xf4, 0x78, 0x36,
+ 0x0e, 0xf6, 0xc9, 0x9c, 0x79, 0x89, 0xf9, 0x9c, 0xa7, 0x3e, 0xa0, 0x8d,
+ 0x62, 0x7c, 0xdc, 0x83, 0x0a, 0xfc, 0x46, 0x96, 0x31, 0xd3, 0x56, 0xc6,
+ 0xea, 0x7f, 0x1d, 0xaa, 0x49, 0xd1, 0x8b, 0x54, 0xa2, 0x6e, 0x59, 0x8c,
+ 0x2a, 0xec, 0x3a, 0xd7, 0xda, 0xd2, 0xc1, 0xfc, 0x1d, 0x78, 0x55, 0xce,
+ 0xd8, 0x0c, 0x1d, 0x7e, 0x99, 0xf8, 0x5e, 0x3c, 0x2d, 0xec, 0x63, 0xe2,
+ 0xda, 0xa1, 0x68, 0x6f, 0x28, 0x2e, 0xb4, 0xef, 0x07, 0xc4, 0xa8, 0x65,
+ 0xc7, 0xfd, 0x6b, 0x0f, 0x83, 0x23, 0xf8, 0xc2, 0xc9, 0x55, 0xfa, 0xa4,
+ 0xa8, 0x6a, 0xab, 0x12, 0xf4, 0x89, 0x42, 0x26, 0x72, 0xd1, 0x82, 0x2f,
+ 0x62, 0x14, 0xb6, 0x04, 0x23, 0x20, 0xb6, 0xd4, 0xef, 0x59, 0x8a, 0x40,
+ 0x43, 0xd7, 0x72, 0xe0, 0x5b, 0x0c, 0xb0, 0x73, 0x6f, 0x6a, 0x87, 0xc1,
+ 0x82, 0x50, 0x20, 0xdb, 0xaa, 0xf8, 0x8d, 0x70, 0xb6, 0x39, 0x46, 0xe0,
+ 0x68, 0xc4, 0xab, 0xea, 0xd1, 0x31, 0xad, 0xf7, 0x05, 0xfb, 0x3a, 0x3c,
+ 0x2e, 0x66, 0x4f, 0xc6, 0x0d, 0xf9, 0xb8, 0x29, 0xec, 0xdc, 0xfc, 0x81,
+ 0x56, 0x2b, 0xb0, 0xad, 0xd2, 0x12, 0x8f, 0x69, 0x70, 0x18, 0x27, 0x16,
+ 0xf9, 0xf0, 0x40, 0x93, 0xef, 0x6b, 0x95, 0x96, 0xcd, 0x5f, 0xe9, 0x5a,
+ 0x7b, 0xad, 0x7f, 0x98, 0xa7, 0x6a, 0xe5, 0x17, 0xeb, 0xc3, 0xdd, 0xc9,
+ 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xe5, 0x30, 0x81, 0xe2, 0x30,
+ 0x13, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x0c, 0x30, 0x0a, 0x80, 0x08,
+ 0x4a, 0xa0, 0xaa, 0x58, 0x84, 0xd3, 0x5e, 0x3c, 0x30, 0x19, 0x06, 0x03,
+ 0x55, 0x1d, 0x20, 0x04, 0x12, 0x30, 0x10, 0x30, 0x0e, 0x06, 0x0c, 0x2b,
+ 0x06, 0x01, 0x04, 0x01, 0x82, 0x0f, 0x02, 0x03, 0x01, 0x01, 0x02, 0x30,
+ 0x72, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x6b, 0x30, 0x69, 0x30, 0x67,
+ 0xa0, 0x65, 0xa0, 0x63, 0x86, 0x61, 0x6c, 0x64, 0x61, 0x70, 0x3a, 0x2f,
+ 0x2f, 0x31, 0x39, 0x34, 0x2e, 0x32, 0x35, 0x32, 0x2e, 0x31, 0x32, 0x34,
+ 0x2e, 0x32, 0x34, 0x31, 0x3a, 0x33, 0x38, 0x39, 0x2f, 0x63, 0x6e, 0x3d,
+ 0x53, 0x6f, 0x6e, 0x65, 0x72, 0x61, 0x25, 0x32, 0x30, 0x43, 0x6c, 0x61,
+ 0x73, 0x73, 0x32, 0x25, 0x32, 0x30, 0x43, 0x41, 0x2c, 0x6f, 0x3d, 0x53,
+ 0x6f, 0x6e, 0x65, 0x72, 0x61, 0x2c, 0x63, 0x3d, 0x46, 0x49, 0x3f, 0x63,
+ 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x72, 0x65,
+ 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x6c, 0x69, 0x73, 0x74,
+ 0x3b, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x30, 0x1d, 0x06, 0x03, 0x55,
+ 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
+ 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
+ 0x03, 0x02, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
+ 0x14, 0x85, 0xc2, 0x31, 0x35, 0x4f, 0x93, 0x92, 0x9d, 0x8a, 0xbc, 0x32,
+ 0x7d, 0x1b, 0xf0, 0xaa, 0x96, 0xb1, 0x03, 0x86, 0x71, 0x30, 0x0d, 0x06,
+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
+ 0x03, 0x82, 0x01, 0x01, 0x00, 0x00, 0x9e, 0x75, 0x2b, 0x95, 0x6a, 0x96,
+ 0x12, 0x24, 0xd5, 0x04, 0x6c, 0x34, 0x0a, 0x58, 0x5a, 0x7d, 0x59, 0xb9,
+ 0x03, 0x23, 0x13, 0xc3, 0xf5, 0x24, 0x57, 0x33, 0x8d, 0xca, 0x5f, 0xd8,
+ 0x26, 0xff, 0x64, 0x46, 0x13, 0x40, 0xe5, 0x04, 0xb2, 0xba, 0x92, 0xa5,
+ 0xa6, 0xa3, 0xd9, 0x2b, 0xff, 0x05, 0xef, 0xce, 0x3c, 0x28, 0xe8, 0x1b,
+ 0xa3, 0x10, 0x8a, 0xdd, 0x3d, 0x3a, 0x0a, 0xe1, 0x07, 0x3c, 0xb4, 0xf6,
+ 0xbb, 0xeb, 0xb5, 0xf2, 0x05, 0xe8, 0xd7, 0x16, 0x3e, 0xe5, 0x15, 0x49,
+ 0xdf, 0x8d, 0x34, 0xb8, 0x1b, 0xd4, 0xf2, 0x65, 0xa0, 0x70, 0x80, 0xd0,
+ 0xbf, 0xa5, 0x74, 0x5d, 0xfb, 0xd4, 0x52, 0x3b, 0x54, 0xca, 0x32, 0xba,
+ 0xf7, 0xe3, 0x90, 0xa5, 0xa8, 0xad, 0xd0, 0xe5, 0x5d, 0x18, 0x18, 0x87,
+ 0x60, 0xb0, 0xf3, 0xf9, 0x62, 0x20, 0x77, 0xaa, 0x0f, 0xdd, 0x16, 0x4c,
+ 0x01, 0x3a, 0xb1, 0x1f, 0x85, 0x7e, 0x01, 0x04, 0x5f, 0xf1, 0x37, 0x36,
+ 0xe3, 0x3a, 0xc1, 0xa3, 0x7c, 0x33, 0xca, 0xce, 0x0b, 0xb9, 0x34, 0xe2,
+ 0xe1, 0xe6, 0xed, 0x24, 0xc1, 0xc3, 0xc7, 0x74, 0x8f, 0x22, 0x2c, 0x6e,
+ 0xcb, 0x5c, 0x7a, 0x61, 0x99, 0xde, 0xea, 0x13, 0xe1, 0xa8, 0xa1, 0x94,
+ 0xd0, 0x85, 0x65, 0x65, 0xed, 0x97, 0x14, 0x6e, 0x97, 0xc9, 0xcf, 0x34,
+ 0x7c, 0xf2, 0x68, 0xeb, 0xc2, 0x7d, 0x03, 0x53, 0xf5, 0xdb, 0xa1, 0x11,
+ 0x8d, 0xda, 0xcc, 0x26, 0x13, 0xaa, 0x43, 0x76, 0x04, 0x9b, 0x85, 0x89,
+ 0xc3, 0x29, 0xd8, 0xb5, 0x54, 0x81, 0x09, 0xf5, 0x18, 0x52, 0xa5, 0x38,
+ 0x4a, 0x00, 0xc6, 0x1d, 0x4d, 0x5a, 0x15, 0xa0, 0xfd, 0xf7, 0x58, 0x27,
+ 0xcd, 0x6b, 0x56, 0x6b, 0xee, 0x7d, 0x73, 0xd3, 0xfd, 0x6c, 0xb6, 0xb1,
+ 0x3b, 0xbd, 0xbf, 0x5b, 0x4a, 0x6c, 0xd3, 0x1c, 0x47
+};
+
+/* SHA1 Fingerprint=62:45:08:9B:4A:CC:45:58:8B:0F:A1:E8:E3:AE:61:5B:4B:FF:80:93 */
+/* subject:/C=US/ST=CA/O=Apple Inc./OU=ETS/CN=Escrow Service Key 5DBB9DF79A4272CB07F127CBAFFC5B9D2E7111EA68BF926199D828329535AFF1 */
+/* issuer :/serialNumber=101/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Escrow Service Root CA */
+
+const uint8_t longleaf[1036]={
+ 0x30,0x82,0x04,0x08,0x30,0x82,0x02,0xF0,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x5D,
+ 0xBB,0x9D,0xF7,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,
+ 0x05,0x00,0x30,0x79,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x05,0x13,0x03,0x31,
+ 0x30,0x31,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,
+ 0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,
+ 0x49,0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41,
+ 0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,
+ 0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x1F,0x30,0x1D,
+ 0x06,0x03,0x55,0x04,0x03,0x13,0x16,0x45,0x73,0x63,0x72,0x6F,0x77,0x20,0x53,0x65,
+ 0x72,0x76,0x69,0x63,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x20,0x17,
+ 0x0D,0x31,0x34,0x30,0x34,0x30,0x32,0x32,0x32,0x35,0x33,0x35,0x39,0x5A,0x18,0x0F,
+ 0x39,0x39,0x39,0x39,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,
+ 0x81,0x9B,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,
+ 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x13,0x30,0x11,
+ 0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,
+ 0x2E,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x0B,0x13,0x03,0x45,0x54,0x53,0x31,
+ 0x5C,0x30,0x5A,0x06,0x03,0x55,0x04,0x03,0x13,0x53,0x45,0x73,0x63,0x72,0x6F,0x77,
+ 0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x20,0x4B,0x65,0x79,0x20,0x35,0x44,0x42,
+ 0x42,0x39,0x44,0x46,0x37,0x39,0x41,0x34,0x32,0x37,0x32,0x43,0x42,0x30,0x37,0x46,
+ 0x31,0x32,0x37,0x43,0x42,0x41,0x46,0x46,0x43,0x35,0x42,0x39,0x44,0x32,0x45,0x37,
+ 0x31,0x31,0x31,0x45,0x41,0x36,0x38,0x42,0x46,0x39,0x32,0x36,0x31,0x39,0x39,0x44,
+ 0x38,0x32,0x38,0x33,0x32,0x39,0x35,0x33,0x35,0x41,0x46,0x46,0x31,0x30,0x82,0x01,
+ 0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,
+ 0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0x85,0xDE,
+ 0xE9,0x68,0x2D,0x62,0x22,0x91,0xEC,0x24,0x65,0x90,0x94,0x5F,0xDC,0x17,0x22,0xAC,
+ 0xDF,0x76,0xD7,0x2F,0x20,0xE1,0xE0,0x3A,0x8A,0xE1,0x9C,0xF0,0x45,0x35,0xBE,0xB4,
+ 0xA5,0xD1,0x04,0xDB,0xAA,0x26,0x30,0xC0,0xBD,0x58,0x79,0x56,0x91,0xCE,0xC4,0xF2,
+ 0x48,0xE0,0xB2,0xCE,0xCC,0x30,0xCF,0xFE,0x32,0x7C,0xBE,0xB6,0x75,0x40,0x94,0xBC,
+ 0xCC,0x66,0xBD,0x4A,0xDC,0x7A,0x56,0x8F,0x70,0x67,0x33,0xC0,0x26,0xC4,0xF0,0x85,
+ 0xDB,0xF1,0x0F,0x8D,0x38,0xE0,0xA9,0x1E,0x22,0xB8,0xA2,0x53,0xEC,0x1A,0xD0,0xFC,
+ 0xB2,0x47,0xD4,0x3C,0xCE,0xA6,0x92,0xA0,0x85,0x32,0x28,0xFF,0x52,0x01,0xE1,0x32,
+ 0x51,0x4B,0x50,0x1E,0x1E,0x52,0x93,0x5B,0x32,0xA0,0x7C,0xF6,0x92,0xFF,0x48,0x96,
+ 0x3C,0x32,0x60,0x01,0x38,0xC4,0xA1,0xEE,0x9F,0xBB,0x19,0x45,0xE2,0xCA,0xE8,0xF0,
+ 0x5A,0xF6,0x4A,0xB2,0x56,0x8F,0x3A,0xD2,0xF0,0xCF,0x50,0x73,0xE5,0xB7,0x6D,0xC8,
+ 0x1F,0x30,0x3A,0x24,0xCB,0x43,0xDF,0xDE,0x5F,0xE0,0x74,0xCD,0xDB,0xDA,0x1E,0x57,
+ 0xAB,0x08,0x26,0xBC,0x22,0x31,0xD7,0x2B,0xF6,0xCE,0x21,0x4A,0x31,0x2B,0x75,0x22,
+ 0xD5,0x4B,0xB6,0x07,0x57,0x6F,0xBC,0x2C,0xD4,0xE4,0x69,0x3D,0x90,0x0B,0x3C,0x44,
+ 0xFB,0x4E,0x63,0x0C,0x72,0x75,0xEC,0x5C,0x83,0x83,0x16,0x85,0xCA,0xA5,0x94,0x0E,
+ 0x65,0x50,0x77,0x15,0xFE,0x1A,0x11,0xAF,0x96,0x62,0x19,0xEF,0x47,0x21,0x33,0x9C,
+ 0x07,0x48,0x5B,0xB6,0xC6,0x18,0x5F,0x8D,0x23,0x12,0x76,0x26,0x82,0x61,0x02,0x03,
+ 0x01,0x00,0x01,0xA3,0x73,0x30,0x71,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,
+ 0xFF,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,
+ 0x04,0x03,0x02,0x05,0x20,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,
+ 0xE9,0x6C,0x86,0x1C,0xA8,0x51,0xA8,0xFC,0x96,0x53,0xBA,0x47,0x3D,0x75,0xAC,0x40,
+ 0x6C,0x98,0x90,0x92,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,
+ 0x14,0x17,0xE6,0x9A,0xB2,0xDD,0x97,0x13,0x41,0x71,0xD6,0x51,0x5E,0xBF,0xC0,0x24,
+ 0x2E,0x92,0x2D,0x0F,0x63,0x30,0x11,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,
+ 0x06,0x17,0x01,0x04,0x03,0x02,0x01,0x0A,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
+ 0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x4B,0x2D,0x7A,0xF7,
+ 0x90,0xE5,0x0F,0x9A,0xD1,0xBD,0x9F,0x71,0xFC,0x73,0xE1,0x7B,0x4C,0x0F,0xBE,0x21,
+ 0x9D,0x84,0x67,0x46,0x0E,0x1F,0x00,0x13,0x3C,0x86,0x92,0xFD,0x20,0x72,0x6B,0x60,
+ 0xE3,0xCD,0xEF,0x89,0x1A,0x20,0x7D,0xFB,0x9D,0x6A,0x36,0x05,0xD6,0x42,0xC8,0x39,
+ 0x15,0xF5,0x8D,0x60,0x2E,0x4E,0x71,0x12,0xE1,0x9A,0x8C,0x3F,0xDE,0x0D,0xD5,0x35,
+ 0x26,0xFA,0xA0,0xDB,0xDA,0xCF,0xD8,0xF4,0xAE,0x75,0x6A,0xB1,0x57,0x34,0x5A,0x03,
+ 0x36,0x28,0xAA,0x71,0xE2,0x09,0x7D,0x9B,0x2F,0x17,0xD6,0x9E,0x5F,0x4D,0x9B,0x3E,
+ 0x19,0xA9,0xC7,0xEA,0x35,0xA7,0xCB,0x03,0xA8,0x8E,0xF8,0x6E,0xAD,0xD6,0x30,0xEC,
+ 0x2F,0xEA,0x16,0x65,0x1C,0xCF,0x57,0x65,0xC3,0xC6,0xD0,0xD3,0x22,0xE8,0x69,0x4E,
+ 0x32,0xA3,0x2B,0xDE,0xDE,0xB6,0xE7,0xBA,0x6F,0x82,0x6E,0x0C,0x82,0xDF,0x82,0xB4,
+ 0xB5,0x42,0x59,0xD2,0xEC,0x8C,0x22,0x4D,0xE7,0x38,0xC2,0x7A,0x75,0x1C,0x38,0x29,
+ 0x2D,0x01,0xE2,0xF8,0x27,0x05,0x26,0xB8,0xCC,0x1A,0xAA,0xA9,0xB0,0xCE,0x85,0x94,
+ 0x07,0x0C,0x24,0x4B,0xE4,0x67,0x47,0xA8,0x34,0xF5,0x82,0x4E,0xD7,0x23,0xA2,0x71,
+ 0x71,0x50,0x1A,0x44,0xE0,0x2F,0x54,0xCB,0x0E,0xD9,0xBA,0xDA,0x3B,0xE7,0x16,0xC5,
+ 0x58,0x8D,0xA9,0x5D,0x11,0xC9,0xA0,0x72,0xE6,0xB0,0x5D,0x33,0xA3,0xC3,0x4D,0xE0,
+ 0xDC,0x38,0x80,0xCF,0xAC,0x41,0xD6,0xE8,0xF8,0x8A,0xCC,0x62,0xB0,0xC8,0x02,0x50,
+ 0x31,0x45,0xD0,0x43,0x5A,0x93,0x7C,0x52,0x05,0xFD,0x43,0x4B,
+};
+
+/* SHA1 Fingerprint=51:12:47:75:89:D8:47:B9:88:47:6F:31:E0:B3:03:EF:1B:B5:79:62 */
+/* subject:/serialNumber=101/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Escrow Service Root CA */
+/* issuer :/serialNumber=101/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Escrow Service Root CA */
+
+const uint8_t longroot[982]={
+ 0x30,0x82,0x03,0xD2,0x30,0x82,0x02,0xBA,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x65,
+ 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,
+ 0x79,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x05,0x13,0x03,0x31,0x30,0x31,0x31,
+ 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,
+ 0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,
+ 0x2E,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41,0x70,0x70,0x6C,
+ 0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,
+ 0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,
+ 0x04,0x03,0x13,0x16,0x45,0x73,0x63,0x72,0x6F,0x77,0x20,0x53,0x65,0x72,0x76,0x69,
+ 0x63,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x20,0x17,0x0D,0x31,0x34,
+ 0x30,0x34,0x30,0x32,0x32,0x32,0x35,0x33,0x35,0x37,0x5A,0x18,0x0F,0x39,0x39,0x39,
+ 0x39,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x79,0x31,0x0C,
+ 0x30,0x0A,0x06,0x03,0x55,0x04,0x05,0x13,0x03,0x31,0x30,0x31,0x31,0x0B,0x30,0x09,
+ 0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,
+ 0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x26,
+ 0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43,
+ 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,
+ 0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x03,0x13,
+ 0x16,0x45,0x73,0x63,0x72,0x6F,0x77,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x20,
+ 0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,
+ 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,
+ 0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0x9C,0x7D,0xD4,0x09,0x41,0xF9,0x9A,0x92,
+ 0x70,0x0A,0xD8,0x67,0x2C,0xC7,0x55,0xAD,0xCD,0x10,0xF3,0x27,0x1B,0xF6,0x7B,0xA3,
+ 0x09,0x2D,0x78,0xED,0xF3,0xF4,0xFB,0x16,0x37,0xF0,0xB3,0x36,0x1C,0xE5,0x18,0xC8,
+ 0x25,0xB0,0xE7,0x50,0xA5,0x5D,0xF1,0xC4,0x7C,0xEA,0x83,0xCD,0x71,0x87,0x4A,0xE7,
+ 0xEE,0x6D,0xFD,0xD8,0x03,0xA6,0xBA,0x02,0x9C,0x9D,0x5D,0xFE,0xD0,0x0D,0x0C,0xDE,
+ 0x8C,0x65,0x56,0xE4,0xC6,0x87,0x90,0xE0,0xF2,0x6B,0xA8,0x05,0x14,0xEF,0xDE,0x9C,
+ 0xFF,0xF3,0x81,0x21,0xD1,0x29,0x6E,0xA0,0xF1,0xDA,0xD1,0x0A,0xE6,0x7B,0x3C,0xD2,
+ 0x78,0x1A,0xE3,0xC1,0x1F,0xF7,0xE2,0x2C,0x11,0x1F,0x3D,0x95,0x29,0xE1,0x0C,0x0D,
+ 0x80,0xF3,0xDA,0xF4,0xCE,0xCF,0xF7,0x33,0x8D,0xAC,0x81,0xDA,0xDA,0xDF,0xAC,0x5D,
+ 0xE0,0x5A,0x00,0x8E,0xDB,0xDC,0x92,0x6C,0x0F,0x1B,0xA5,0xAF,0x2D,0x7F,0x2D,0x4B,
+ 0x6E,0xC1,0xC5,0xF2,0xFA,0x6D,0xF6,0x5D,0xAA,0x66,0x55,0xF9,0x7A,0x39,0xB9,0x35,
+ 0x8C,0xA4,0x74,0x21,0x3E,0xA1,0xDC,0x37,0xFC,0x78,0x08,0xE5,0xC2,0xB3,0x6A,0xBE,
+ 0xD9,0xA9,0x1C,0xE8,0xF2,0x53,0x1C,0x58,0xFD,0x21,0xB6,0x5C,0x91,0xC7,0x85,0x40,
+ 0xD5,0x2E,0x94,0xD6,0x4D,0x99,0xCA,0x3B,0xD8,0xB0,0x18,0x4E,0x07,0xCE,0x2A,0xE6,
+ 0xD5,0x9E,0x21,0xD1,0xCF,0x81,0xDD,0xF2,0xCF,0x09,0xB3,0xD3,0x16,0xCF,0x5B,0x03,
+ 0xF6,0xCD,0xFD,0xB5,0xE4,0x8A,0xD7,0xBB,0x19,0x66,0x9F,0xA6,0x77,0x70,0x4D,0x90,
+ 0x42,0x2C,0x96,0x2E,0x4A,0x71,0x9C,0x77,0x02,0x03,0x01,0x00,0x01,0xA3,0x63,0x30,
+ 0x61,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,
+ 0x01,0xFF,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,
+ 0x01,0x06,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x17,0xE6,0x9A,
+ 0xB2,0xDD,0x97,0x13,0x41,0x71,0xD6,0x51,0x5E,0xBF,0xC0,0x24,0x2E,0x92,0x2D,0x0F,
+ 0x63,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x17,0xE6,
+ 0x9A,0xB2,0xDD,0x97,0x13,0x41,0x71,0xD6,0x51,0x5E,0xBF,0xC0,0x24,0x2E,0x92,0x2D,
+ 0x0F,0x63,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,
+ 0x00,0x03,0x82,0x01,0x01,0x00,0x22,0x04,0x6E,0x53,0x16,0xE9,0x82,0x69,0x28,0x1A,
+ 0x1C,0xC8,0xF4,0xE0,0x8C,0xC0,0xAC,0xDF,0xB2,0x5C,0xCD,0xD0,0xEC,0x57,0xB1,0x4C,
+ 0x77,0xD4,0xBB,0xE2,0xFC,0x19,0x0D,0xEA,0x16,0xAE,0xAE,0x16,0xA1,0x89,0xA4,0x87,
+ 0xAB,0x45,0x3A,0x9F,0xA5,0x82,0xB1,0x17,0x19,0x74,0x0C,0x04,0xB1,0x22,0xB2,0x63,
+ 0xB6,0x79,0xA3,0x4C,0x96,0x7A,0x17,0x34,0x9C,0x6C,0xA6,0x07,0x9E,0xA9,0x0E,0xD3,
+ 0x55,0xDE,0xA7,0x1E,0xEF,0x1A,0x5B,0x8E,0x6C,0x8D,0xB9,0x9F,0x4D,0xE6,0xB1,0xE4,
+ 0xCF,0xB8,0xF5,0x78,0x14,0xEC,0xDE,0x7E,0x1B,0xC8,0xC2,0xA9,0x2D,0x72,0xD3,0x43,
+ 0x7F,0xE1,0x38,0xF8,0x91,0x43,0xA6,0x81,0x71,0xBA,0x7C,0x12,0xBD,0x81,0x8A,0x6B,
+ 0x2D,0x77,0xC0,0xDA,0xE8,0xE8,0xF1,0xDA,0xE2,0xF6,0xF2,0x45,0xDE,0x3F,0xA8,0x09,
+ 0x29,0x98,0x7D,0xB1,0x67,0x3D,0x7A,0x14,0x7E,0xDD,0x0D,0x23,0x15,0x42,0x5B,0x21,
+ 0x1E,0x77,0x5D,0xF8,0x88,0x4D,0xFE,0x61,0x5A,0x6D,0xB4,0x73,0x5D,0x77,0x1B,0xC5,
+ 0xAC,0x97,0x78,0x5A,0xCD,0x35,0x0C,0x21,0x82,0x3D,0x0D,0xFD,0x30,0xDA,0x1B,0x19,
+ 0xC7,0xB7,0x68,0xFF,0xE0,0xA1,0x56,0x1D,0xE9,0x12,0x17,0x44,0x39,0x2C,0x0A,0x11,
+ 0xA5,0x69,0xBC,0xDF,0x12,0xA6,0x8F,0x43,0x1B,0xED,0x43,0x31,0xAA,0x0D,0xC6,0xE4,
+ 0x8F,0x35,0x4E,0x8D,0x17,0x0B,0xC5,0xBA,0xAD,0x81,0x9B,0x0C,0x54,0x74,0x25,0x7D,
+ 0xFC,0x8D,0x37,0x00,0xA6,0x47,0x89,0x40,0xC1,0x00,0x09,0x9E,0x7B,0x87,0xF6,0x32,
+ 0x91,0x57,0x4A,0x9C,0x99,0x26,
+};
+
int si_24_sectrust_passbook(int argc, char *const *argv)
{
-#if TARGET_OS_SIMULATOR
plan_tests(30);
-#else
- plan_tests(31);
-#endif
tests();
--- /dev/null
+/*
+ * Copyright (c) 2015 Apple Inc. All Rights Reserved.
+ */
+
+#include <CoreFoundation/CoreFoundation.h>
+#include <Security/SecCertificate.h>
+#include <Security/SecCertificatePriv.h>
+#include <Security/SecInternal.h>
+#include <Security/SecPolicyPriv.h>
+#include <Security/SecTrustPriv.h>
+#include <Security/SecItem.h>
+#include <ipc/securityd_client.h>
+#include <utilities/array_size.h>
+#include <utilities/SecCFWrappers.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "Security_regressions.h"
+
+#include "si-87-sectrust-name-constraints.h"
+
+static void test_att(void)
+{
+ SecTrustRef trust = NULL;
+ SecPolicyRef policy = NULL;
+ SecCertificateRef leaf, int1, int2, cert3, root;
+ SecTrustResultType trustResult;
+
+ isnt(leaf = SecCertificateCreateWithBytes(NULL, att_leaf, sizeof(att_leaf)), NULL, "create att leaf");
+ isnt(int1 = SecCertificateCreateWithBytes(NULL, att_intermediate1, sizeof(att_intermediate1)), NULL, "create att intermediate 1");
+ isnt(int2 = SecCertificateCreateWithBytes(NULL, att_intermediate2, sizeof(att_intermediate2)), NULL, "create att intermediate 2");
+ isnt(cert3 = SecCertificateCreateWithBytes(NULL, att_intermediate3, sizeof(att_intermediate3)), NULL, "create att intermediate 3");
+ isnt(root = SecCertificateCreateWithBytes(NULL, att_root, sizeof(att_root)), NULL, "create att root");
+
+ const void *v_certs[] = { leaf, int1, int2, cert3 };
+ const void *v_roots[] = { root };
+ CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
+ CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
+
+ /* Create SSL policy with specific hostname. */
+ isnt(policy = SecPolicyCreateSSL(true, CFSTR("nmd.mcd06643.sjc.wayport.net")), NULL, "create policy");
+
+ /* Create trust reference. */
+ ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
+
+ /* Set explicit verify date: Aug 14 2015. */
+ CFDateRef date = NULL;
+ isnt(date = CFDateCreateForGregorianZuluMoment(NULL, 2015, 8, 14, 12, 0, 0), NULL, "create verify date");
+ ok_status(SecTrustSetVerifyDate(trust, date), "set date");
+
+ /* Provide root certificate. */
+ ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
+
+ ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
+ is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
+ is(SecTrustGetCertificateCount(trust), 5, "cert count is 5");
+
+ CFReleaseSafe(date);
+ CFReleaseSafe(trust);
+ CFReleaseSafe(policy);
+ CFReleaseSafe(certs);
+ CFReleaseSafe(roots);
+ CFReleaseSafe(root);
+ CFReleaseSafe(cert3);
+ CFReleaseSafe(int2);
+ CFReleaseSafe(int1);
+ CFReleaseSafe(leaf);
+}
+
+static void test_intel1(void)
+{
+ SecTrustRef trust = NULL;
+ SecPolicyRef policy = NULL;
+ SecCertificateRef leaf, int1, int2, root;
+ SecTrustResultType trustResult;
+
+ isnt(leaf = SecCertificateCreateWithBytes(NULL, intel1_leaf, sizeof(intel1_leaf)), NULL, "create intel 1 leaf");
+ isnt(int1 = SecCertificateCreateWithBytes(NULL, intel1_intermediate1, sizeof(intel1_intermediate1)), NULL, "create intel 1 intermediate 1");
+ isnt(int2 = SecCertificateCreateWithBytes(NULL, intel_intermediate2, sizeof(intel_intermediate2)), NULL, "create intel intermediate 2");
+ isnt(root = SecCertificateCreateWithBytes(NULL, intel_root, sizeof(intel_root)), NULL, "create intel root");
+
+ const void *v_certs[] = { leaf, int1, int2 };
+ const void *v_roots[] = { root };
+ CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
+ CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
+
+ /* Create SSL policy with specific hostname. */
+ isnt(policy = SecPolicyCreateSSL(true, CFSTR("myctx.intel.com")), NULL, "create policy");
+
+ /* Create trust reference. */
+ ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
+
+ /* Set explicit verify date: Sep 3 2015. */
+ CFDateRef date = NULL;
+ isnt(date = CFDateCreate(NULL, 463037436.0), NULL, "create verify date");
+ ok_status(SecTrustSetVerifyDate(trust, date), "set date");
+
+ /* Provide root certificate. */
+ ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
+
+ ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
+ is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
+ is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
+
+ CFReleaseSafe(date);
+ CFReleaseSafe(trust);
+ CFReleaseSafe(policy);
+ CFReleaseSafe(certs);
+ CFReleaseSafe(roots);
+ CFReleaseSafe(root);
+ CFReleaseSafe(int2);
+ CFReleaseSafe(int1);
+ CFReleaseSafe(leaf);
+}
+
+static void test_intel2(void)
+{
+ SecTrustRef trust = NULL;
+ SecPolicyRef policy = NULL;
+ SecCertificateRef leaf, int1, int2, root;
+ SecTrustResultType trustResult;
+
+ isnt(leaf = SecCertificateCreateWithBytes(NULL, intel2_leaf, sizeof(intel2_leaf)), NULL, "create intel 2 leaf");
+ isnt(int1 = SecCertificateCreateWithBytes(NULL, intel2_intermediate1, sizeof(intel2_intermediate1)), NULL, "create intel 2 intermediate 1");
+ isnt(int2 = SecCertificateCreateWithBytes(NULL, intel_intermediate2, sizeof(intel_intermediate2)), NULL, "create intel intermediate 2");
+ isnt(root = SecCertificateCreateWithBytes(NULL, intel_root, sizeof(intel_root)), NULL, "create intel root");
+
+ const void *v_certs[] = { leaf, int1, int2 };
+ const void *v_roots[] = { root };
+ CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
+ CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
+
+ /* Create SSL policy with specific hostname. */
+ isnt(policy = SecPolicyCreateSSL(true, CFSTR("contact.intel.com")), NULL, "create policy");
+
+ /* Create trust reference. */
+ ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
+
+ /* Set explicit verify date: Sep 3 2015. */
+ CFDateRef date = NULL;
+ isnt(date = CFDateCreate(NULL, 463037436.0), NULL, "create verify date");
+ ok_status(SecTrustSetVerifyDate(trust, date), "set date");
+
+ /* Provide root certificate. */
+ ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
+
+ ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
+ is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
+ is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
+
+ CFReleaseSafe(date);
+ CFReleaseSafe(trust);
+ CFReleaseSafe(policy);
+ CFReleaseSafe(certs);
+ CFReleaseSafe(roots);
+ CFReleaseSafe(root);
+ CFReleaseSafe(int2);
+ CFReleaseSafe(int1);
+ CFReleaseSafe(leaf);
+}
+
+static void test_abb(void)
+{
+ SecTrustRef trust = NULL;
+ SecPolicyRef policy = NULL;
+ SecCertificateRef leaf, int1, int2, root;
+ SecTrustResultType trustResult;
+
+ isnt(leaf = SecCertificateCreateWithBytes(NULL, _ABB_PKI_cert, sizeof(_ABB_PKI_cert)), NULL, "create ABB leaf");
+ isnt(int1 = SecCertificateCreateWithBytes(NULL, _ABBIssuingCA6, sizeof(_ABBIssuingCA6)), NULL, "create ABB intermediate 1");
+ isnt(int2 = SecCertificateCreateWithBytes(NULL, _ABBIntermediateCA3, sizeof(_ABBIntermediateCA3)), NULL, "create ABB intermediate 2");
+ isnt(root = SecCertificateCreateWithBytes(NULL, _ABBRootCA, sizeof(_ABBRootCA)), NULL, "create ABB root");
+
+ const void *v_certs[] = { leaf, int1, int2 };
+ const void *v_roots[] = { root };
+ CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
+ CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
+
+ /* Create SSL policy with specific hostname. */
+ isnt(policy = SecPolicyCreateSSL(true, CFSTR("pki.abb.com")), NULL, "create policy");
+
+ /* Create trust reference. */
+ ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
+
+ /* Set explicit verify date: Sep 16 2015. */
+ CFDateRef date = NULL;
+ isnt(date = CFDateCreate(NULL, 464128479.0), NULL, "create verify date");
+ ok_status(SecTrustSetVerifyDate(trust, date), "set date");
+
+ /* Provide root certificate. */
+ ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
+
+ ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
+ is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
+ is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
+
+ CFReleaseSafe(date);
+ CFReleaseSafe(trust);
+ CFReleaseSafe(policy);
+ CFReleaseSafe(certs);
+ CFReleaseSafe(roots);
+ CFReleaseSafe(root);
+ CFReleaseSafe(int2);
+ CFReleaseSafe(int1);
+ CFReleaseSafe(leaf);
+}
+
+static void test_bechtel1(void)
+{
+ SecTrustRef trust = NULL;
+ SecPolicyRef policy = NULL;
+ SecCertificateRef leaf, int1, int2, root;
+ SecTrustResultType trustResult;
+
+ isnt(leaf = SecCertificateCreateWithBytes(NULL, _bechtel_leaf_a, sizeof(_bechtel_leaf_a)), NULL, "create Bechtel leaf a");
+ isnt(int1 = SecCertificateCreateWithBytes(NULL, _bechtel_int2a, sizeof(_bechtel_int2a)), NULL, "create Bechtel intermediate 2a");
+ isnt(int2 = SecCertificateCreateWithBytes(NULL, _bechtel_int1, sizeof(_bechtel_int1)), NULL, "create Bechtel intermediate 1");
+ isnt(root = SecCertificateCreateWithBytes(NULL, _bechtel_root, sizeof(_bechtel_root)), NULL, "create Bechtel root");
+
+ const void *v_certs[] = { leaf, int1, int2 };
+ const void *v_roots[] = { root };
+ CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
+ CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
+
+ /* Create SSL policy with specific hostname. */
+ isnt(policy = SecPolicyCreateSSL(true, CFSTR("supplier.bechtel.com")), NULL, "create policy");
+
+ /* Create trust reference. */
+ ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
+
+ /* Set explicit verify date: Sep 29 2015. */
+ CFDateRef date = NULL;
+ isnt(date = CFDateCreate(NULL, 465253810.0), NULL, "create verify date");
+ ok_status(SecTrustSetVerifyDate(trust, date), "set date");
+
+ /* Provide root certificate. */
+ ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
+
+ ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
+ is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
+ is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
+
+ CFReleaseSafe(date);
+ CFReleaseSafe(trust);
+ CFReleaseSafe(policy);
+ CFReleaseSafe(certs);
+ CFReleaseSafe(roots);
+ CFReleaseSafe(root);
+ CFReleaseSafe(int2);
+ CFReleaseSafe(int1);
+ CFReleaseSafe(leaf);
+}
+
+static void test_bechtel2(void)
+{
+ SecTrustRef trust = NULL;
+ SecPolicyRef policy = NULL;
+ SecCertificateRef leaf, int1, int2, root;
+ SecTrustResultType trustResult;
+
+ isnt(leaf = SecCertificateCreateWithBytes(NULL, _bechtel_leaf_b, sizeof(_bechtel_leaf_b)), NULL, "create Bechtel leaf b");
+ isnt(int1 = SecCertificateCreateWithBytes(NULL, _bechtel_int2b, sizeof(_bechtel_int2b)), NULL, "create Bechtel intermediate 2b");
+ isnt(int2 = SecCertificateCreateWithBytes(NULL, _bechtel_int1, sizeof(_bechtel_int1)), NULL, "create Bechtel intermediate 1");
+ isnt(root = SecCertificateCreateWithBytes(NULL, _bechtel_root, sizeof(_bechtel_root)), NULL, "create Bechtel root");
+
+ const void *v_certs[] = { leaf, int1, int2 };
+ const void *v_roots[] = { root };
+ CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks);
+ CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks);
+
+ /* Create SSL policy with specific hostname. */
+ isnt(policy = SecPolicyCreateSSL(true, CFSTR("login.becpsn.com")), NULL, "create policy");
+
+ /* Create trust reference. */
+ ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
+
+ /* Set explicit verify date: Sep 29 2015. */
+ CFDateRef date = NULL;
+ isnt(date = CFDateCreate(NULL, 465253810.0), NULL, "create verify date");
+ ok_status(SecTrustSetVerifyDate(trust, date), "set date");
+
+ /* Provide root certificate. */
+ ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors");
+
+ ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
+ is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
+ is(SecTrustGetCertificateCount(trust), 4, "cert count is 4");
+
+ CFReleaseSafe(date);
+ CFReleaseSafe(trust);
+ CFReleaseSafe(policy);
+ CFReleaseSafe(certs);
+ CFReleaseSafe(roots);
+ CFReleaseSafe(root);
+ CFReleaseSafe(int2);
+ CFReleaseSafe(int1);
+ CFReleaseSafe(leaf);
+}
+
+int si_87_sectrust_name_constraints(int argc, char *const *argv)
+{
+ plan_tests(73);
+
+ test_att();
+ test_intel1();
+ test_intel2();
+ test_abb();
+ test_bechtel1();
+ test_bechtel2();
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Apple Inc. All Rights Reserved.
+ */
+
+/* subject:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=nmd.mcd06643.sjc.wayport.net */
+/* issuer :/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=AWS Managed Device CA G2 */
+
+static unsigned char att_leaf[1582]={
+ 0x30,0x82,0x06,0x2A,0x30,0x82,0x05,0x12,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x0B,
+ 0x3B,0x5F,0x62,0x39,0x50,0xB5,0x6E,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x78,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
+ 0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,
+ 0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,
+ 0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,
+ 0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x13,0x12,0x41,0x54,0x54,0x20,0x57,
+ 0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x21,0x30,
+ 0x1F,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x41,0x57,0x53,0x20,0x4D,0x61,0x6E,0x61,
+ 0x67,0x65,0x64,0x20,0x44,0x65,0x76,0x69,0x63,0x65,0x20,0x43,0x41,0x20,0x47,0x32,
+ 0x30,0x1E,0x17,0x0D,0x31,0x35,0x30,0x38,0x31,0x32,0x30,0x32,0x30,0x35,0x31,0x31,
+ 0x5A,0x17,0x0D,0x31,0x35,0x30,0x38,0x32,0x32,0x30,0x32,0x30,0x35,0x31,0x31,0x5A,
+ 0x30,0x7C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,
+ 0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,0x54,0x65,0x78,0x61,0x73,0x31,
+ 0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x41,0x54,0x54,0x20,0x53,0x65,
+ 0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0x31,0x1B,0x30,0x19,0x06,0x03,
+ 0x55,0x04,0x0B,0x13,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,
+ 0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x03,
+ 0x13,0x1C,0x6E,0x6D,0x64,0x2E,0x6D,0x63,0x64,0x30,0x36,0x36,0x34,0x33,0x2E,0x73,
+ 0x6A,0x63,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x82,
+ 0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,
+ 0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xD0,
+ 0x65,0xD5,0x7A,0x99,0xB8,0x19,0x83,0x22,0x9F,0xE0,0x0E,0xDA,0x16,0x37,0x74,0x2A,
+ 0xDD,0xDA,0xD3,0x5A,0xBE,0xBC,0xDC,0xF7,0x3F,0xBC,0x16,0x24,0x94,0x3A,0xDA,0x51,
+ 0xD6,0xB4,0xA6,0x0E,0x2F,0xC6,0x87,0x74,0x50,0x0F,0x60,0xDD,0x6C,0xD5,0xD6,0x5B,
+ 0x0C,0x69,0x54,0x06,0x51,0x70,0xB7,0xA3,0x4D,0x2A,0x81,0x07,0xC8,0xE6,0xFB,0x08,
+ 0x0D,0x4B,0xA3,0xBE,0xC8,0x1D,0x83,0xBB,0x8D,0xD4,0xB6,0x67,0x5A,0x41,0x03,0xF4,
+ 0x14,0x31,0x23,0x14,0x25,0xF9,0x59,0xAA,0x0D,0x32,0xAF,0xA7,0x4E,0x65,0xDE,0x24,
+ 0x76,0x06,0x50,0x6D,0xF0,0x0A,0x2A,0x7F,0x88,0xA9,0x6A,0x52,0x1C,0xB0,0xFE,0xF3,
+ 0xD3,0xE2,0x33,0xBD,0x4E,0xBC,0xB8,0xFB,0x27,0xD0,0x24,0x1F,0x17,0xAF,0xA9,0xDE,
+ 0x5D,0x40,0xAD,0x20,0xBB,0xF8,0x88,0x90,0x4E,0x34,0x9F,0xEF,0x21,0x70,0xBB,0xB2,
+ 0x15,0x1C,0xB7,0x86,0x37,0x34,0x31,0x8F,0x73,0xBE,0x97,0xDF,0x25,0xE5,0x8F,0x2F,
+ 0x0D,0xB8,0xAA,0x24,0x8B,0x73,0x3D,0x73,0xD2,0xFB,0x50,0x0D,0x02,0x31,0x32,0xFC,
+ 0x8E,0x8E,0x45,0xC7,0x97,0x61,0x68,0xB0,0xFC,0xF3,0xD1,0x49,0xCE,0x66,0x83,0x6A,
+ 0x15,0x30,0xAF,0x3F,0x8D,0x8F,0xFC,0x0E,0x2D,0xA4,0x05,0x9E,0xAC,0xDF,0xFD,0xB9,
+ 0xF3,0x83,0x69,0x4A,0xEB,0xA9,0x0E,0x3F,0x32,0xA8,0x25,0x95,0xB5,0x10,0xFF,0xF9,
+ 0x29,0x1B,0x15,0xA7,0x23,0x35,0x65,0xA5,0x74,0xB3,0x1D,0x0D,0x18,0xE2,0x02,0x5C,
+ 0xEA,0xD7,0xB6,0x50,0x61,0x0C,0x2B,0x90,0x01,0xED,0x69,0xFA,0xEE,0xE8,0xD1,0x02,
+ 0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0xB2,0x30,0x82,0x02,0xAE,0x30,0x73,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x67,0x30,0x65,0x30,0x33,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x27,0x68,0x74,0x74,0x70,0x3A,0x2F,
+ 0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,
+ 0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x6D,0x64,0x63,0x61,0x67,0x32,0x2E,0x63,0x72,
+ 0x74,0x30,0x2E,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x22,0x68,
+ 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2D,0x62,0x2E,0x70,0x6B,0x69,
+ 0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x3A,0x32,0x35,0x36,
+ 0x30,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x94,0x0A,0xF3,0x3D,
+ 0x5A,0x66,0xC1,0x2C,0x8B,0x68,0xD9,0x26,0xBB,0xD9,0x09,0x22,0x7F,0x34,0x85,0x96,
+ 0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,0x1F,
+ 0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x83,0x85,0x8B,0x92,0x05,
+ 0x1B,0x41,0x9E,0x45,0xAB,0xAB,0xB2,0xE3,0xFD,0xD5,0x44,0xCA,0x41,0xBD,0xE7,0x30,
+ 0x81,0xD4,0x06,0x03,0x55,0x1D,0x20,0x04,0x81,0xCC,0x30,0x81,0xC9,0x30,0x81,0xC6,
+ 0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,0x48,0x83,0x7D,0x01,0x01,0x30,0x81,0xB6,
+ 0x30,0x81,0x80,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x74,0x1E,
+ 0x72,0x00,0x43,0x00,0x6F,0x00,0x70,0x00,0x79,0x00,0x72,0x00,0x69,0x00,0x67,0x00,
+ 0x68,0x00,0x74,0x00,0x20,0x00,0x28,0x00,0x63,0x00,0x29,0x00,0x20,0x00,0x32,0x00,
+ 0x30,0x00,0x31,0x00,0x33,0x00,0x20,0x00,0x41,0x00,0x54,0x00,0x54,0x00,0x20,0x00,
+ 0x57,0x00,0x69,0x00,0x2D,0x00,0x46,0x00,0x69,0x00,0x20,0x00,0x53,0x00,0x65,0x00,
+ 0x72,0x00,0x76,0x00,0x69,0x00,0x63,0x00,0x65,0x00,0x73,0x00,0x20,0x00,0x41,0x00,
+ 0x6C,0x00,0x6C,0x00,0x20,0x00,0x52,0x00,0x69,0x00,0x67,0x00,0x68,0x00,0x74,0x00,
+ 0x73,0x00,0x20,0x00,0x52,0x00,0x65,0x00,0x73,0x00,0x65,0x00,0x72,0x00,0x76,0x00,
+ 0x65,0x00,0x64,0x30,0x31,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,
+ 0x25,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,
+ 0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,
+ 0x73,0x2E,0x68,0x74,0x6D,0x6C,0x30,0x81,0xB9,0x06,0x03,0x55,0x1D,0x1F,0x04,0x81,
+ 0xB1,0x30,0x81,0xAE,0x30,0x81,0xAB,0xA0,0x2B,0xA0,0x29,0x86,0x27,0x68,0x74,0x74,
+ 0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,
+ 0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x6D,0x64,0x63,0x61,0x67,0x32,
+ 0x2E,0x63,0x72,0x6C,0xA2,0x7C,0xA4,0x7A,0x30,0x78,0x31,0x21,0x30,0x1F,0x06,0x03,
+ 0x55,0x04,0x03,0x0C,0x18,0x41,0x57,0x53,0x20,0x4D,0x61,0x6E,0x61,0x67,0x65,0x64,
+ 0x20,0x44,0x65,0x76,0x69,0x63,0x65,0x20,0x43,0x41,0x20,0x47,0x32,0x31,0x1B,0x30,
+ 0x19,0x06,0x03,0x55,0x04,0x0B,0x0C,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,
+ 0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x19,0x30,0x17,0x06,0x03,
+ 0x55,0x04,0x0A,0x0C,0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,
+ 0x73,0x20,0x49,0x6E,0x63,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x0C,0x05,
+ 0x54,0x65,0x78,0x61,0x73,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
+ 0x55,0x53,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,
+ 0x03,0xA8,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,
+ 0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,
+ 0x02,0x30,0x27,0x06,0x03,0x55,0x1D,0x11,0x04,0x20,0x30,0x1E,0x82,0x1C,0x6E,0x6D,
+ 0x64,0x2E,0x6D,0x63,0x64,0x30,0x36,0x36,0x34,0x33,0x2E,0x73,0x6A,0x63,0x2E,0x77,
+ 0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86,
+ 0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x19,0x90,
+ 0xD6,0x10,0xBA,0x3E,0x55,0x07,0x1B,0x4E,0x71,0x94,0x9F,0xCE,0x80,0xD7,0x1F,0x90,
+ 0x2A,0x23,0x79,0x45,0xFB,0x61,0x47,0x19,0xBD,0x32,0x58,0xB2,0x58,0xC5,0x37,0xE9,
+ 0x01,0x63,0x61,0x6B,0x1E,0x17,0x54,0xC5,0xE9,0x5F,0x2A,0x9F,0xF3,0x01,0x0A,0x4C,
+ 0x61,0x7C,0x18,0x9A,0x3E,0x91,0x7F,0x14,0x8E,0xDF,0xB2,0x2C,0xB8,0xEC,0x3B,0x7C,
+ 0xC7,0xE5,0x62,0xC4,0x72,0x22,0x42,0xBB,0x61,0x9C,0xB0,0x5D,0x49,0x44,0x47,0x90,
+ 0x8E,0xBF,0x85,0x88,0xFF,0x36,0x7A,0x4C,0xCE,0x35,0x1B,0x88,0x93,0xE4,0x0A,0xB4,
+ 0xD1,0x24,0x44,0x43,0x8E,0xC0,0xFC,0x7F,0xE8,0x03,0xCD,0x91,0xF5,0x21,0x6F,0x4B,
+ 0xB7,0x9C,0x06,0xDC,0xE0,0xE4,0x5A,0xFD,0x3C,0x33,0xC4,0xE1,0xFB,0xB7,0xC4,0xF5,
+ 0xD4,0xC4,0xFD,0x63,0x43,0xD8,0x9B,0x2C,0x6C,0x5D,0x45,0xBE,0xD2,0x25,0x80,0xF7,
+ 0x5D,0x4A,0x73,0xB5,0xB4,0xF0,0xEF,0xDD,0x91,0x11,0xEF,0xAB,0x85,0xD6,0xDF,0x92,
+ 0xC0,0xA6,0x3E,0xBE,0x7A,0x2B,0xC5,0xD0,0x6C,0x48,0x6C,0x2A,0x9E,0x7D,0x7B,0xFC,
+ 0x93,0x9D,0x80,0xD1,0xCB,0x2F,0x2C,0x3E,0x94,0x46,0x5B,0xF3,0x8A,0xE8,0xE9,0xC7,
+ 0x1A,0x49,0x67,0x2B,0xE7,0xDD,0x73,0x05,0x1C,0x83,0x08,0xC5,0xBB,0xBC,0x47,0x5D,
+ 0x90,0x38,0x08,0xAC,0x49,0x82,0xE7,0xA9,0x28,0xA2,0x42,0x3E,0xFD,0x15,0x5C,0xF9,
+ 0x63,0x50,0x18,0xCA,0x76,0x1B,0x9C,0x88,0xF7,0x4D,0x7C,0xF4,0x5B,0x0E,0x93,0x53,
+ 0xBC,0xFD,0x25,0x90,0x88,0x06,0xB7,0xDE,0x33,0x33,0x5D,0xD6,0x9C,0x03,
+};
+
+
+/* subject:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=AWS Managed Device CA G2 */
+/* issuer :/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Root Certificate Authority G2 */
+
+static unsigned char att_intermediate1[1578]={
+ 0x30,0x82,0x06,0x26,0x30,0x82,0x05,0x0E,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x19,
+ 0x54,0xAA,0x5A,0x22,0x2C,0x5B,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0x90,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,
+ 0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,
+ 0x05,0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,
+ 0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,
+ 0x63,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x13,0x12,0x41,0x54,0x54,0x20,
+ 0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x39,
+ 0x30,0x37,0x06,0x03,0x55,0x04,0x03,0x13,0x30,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,
+ 0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x52,0x6F,0x6F,0x74,
+ 0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74,
+ 0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x47,0x32,0x30,0x1E,0x17,0x0D,0x31,0x33,0x30,
+ 0x36,0x30,0x35,0x31,0x38,0x33,0x30,0x31,0x35,0x5A,0x17,0x0D,0x31,0x38,0x30,0x35,
+ 0x33,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x30,0x78,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,
+ 0x08,0x13,0x05,0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,
+ 0x0A,0x13,0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,
+ 0x49,0x6E,0x63,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x13,0x12,0x41,0x54,
+ 0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,
+ 0x31,0x21,0x30,0x1F,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x41,0x57,0x53,0x20,0x4D,
+ 0x61,0x6E,0x61,0x67,0x65,0x64,0x20,0x44,0x65,0x76,0x69,0x63,0x65,0x20,0x43,0x41,
+ 0x20,0x47,0x32,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,
+ 0x82,0x01,0x01,0x00,0x8C,0xE4,0xEB,0x2B,0x6D,0x51,0x1E,0xFE,0xBE,0xB9,0x1D,0x72,
+ 0x6D,0xD9,0x0C,0xBB,0x30,0x58,0x28,0xA2,0xA2,0x03,0x5B,0x99,0xCF,0x12,0x8B,0xF5,
+ 0xAD,0x91,0x66,0x30,0xEC,0x33,0xDE,0x2D,0xF2,0x8C,0x27,0xD9,0x46,0xCC,0xC5,0x32,
+ 0x46,0x31,0xC5,0xCA,0x13,0x9A,0xE2,0xD2,0x5E,0x8F,0xCD,0x3C,0x77,0x91,0x71,0x88,
+ 0xD9,0xD9,0xA1,0x31,0x8F,0xDA,0x32,0x5E,0x61,0x19,0x65,0x80,0xE6,0x3B,0x0C,0xD8,
+ 0x85,0xBC,0x26,0x4F,0x89,0x6D,0x4F,0xFF,0x3D,0x02,0x8D,0xA7,0x81,0x26,0xF9,0xD5,
+ 0x2F,0xFD,0x1B,0x30,0xF4,0x7B,0x67,0x51,0x37,0xE3,0x45,0x88,0x2B,0xCF,0x49,0x4E,
+ 0xDD,0x22,0xFC,0x93,0xA7,0x25,0x4E,0xDE,0x1D,0x61,0x0D,0x8D,0xF4,0xF0,0xD4,0x65,
+ 0x89,0xAD,0xC0,0xBA,0x7E,0xB4,0x8F,0x05,0x02,0xA9,0xDA,0x48,0x1B,0xE0,0x9E,0x06,
+ 0x7C,0xC0,0x9C,0x50,0xFB,0x59,0x16,0x09,0xB2,0x91,0xAF,0xC6,0xAD,0x7D,0x18,0x41,
+ 0x0E,0x41,0xAC,0xBC,0x22,0xFD,0x78,0xF6,0xF7,0xA3,0x02,0x34,0x77,0x5D,0x11,0x47,
+ 0xC2,0x3B,0xAA,0x60,0x38,0x06,0xCA,0xAF,0x18,0xD5,0xC0,0x1E,0x97,0x4F,0x96,0xD4,
+ 0x65,0x37,0x23,0xD7,0xAA,0xF1,0xCB,0x27,0xB0,0x53,0xFF,0x74,0x76,0x66,0xEE,0x25,
+ 0x1A,0xE0,0x18,0x6C,0xFD,0x29,0x15,0xAE,0x89,0x86,0x6D,0xA1,0x56,0x41,0x5D,0x81,
+ 0x68,0x5A,0xC4,0x4A,0x43,0x30,0x38,0xDB,0x61,0x9B,0xDC,0x9A,0x83,0x26,0xF5,0xCE,
+ 0x64,0x48,0x1C,0x1A,0x9B,0xE3,0xCB,0xB1,0x8C,0x1C,0x51,0x6C,0x94,0x7C,0x88,0x73,
+ 0xDB,0x71,0xED,0x57,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0x99,0x30,0x82,0x02,
+ 0x95,0x30,0x70,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x64,0x30,
+ 0x62,0x30,0x35,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x29,0x68,
+ 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,
+ 0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x72,0x6F,0x6F,0x74,
+ 0x63,0x61,0x67,0x32,0x2E,0x63,0x72,0x74,0x30,0x29,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x30,0x01,0x86,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,
+ 0x70,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,
+ 0x6E,0x65,0x74,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x83,0x85,
+ 0x8B,0x92,0x05,0x1B,0x41,0x9E,0x45,0xAB,0xAB,0xB2,0xE3,0xFD,0xD5,0x44,0xCA,0x41,
+ 0xBD,0xE7,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,
+ 0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,
+ 0x16,0x80,0x14,0xF3,0xD3,0xC7,0x5E,0x2C,0x45,0x26,0x7E,0xFD,0xE6,0xE4,0xB4,0x94,
+ 0xB8,0x04,0x0F,0x39,0x3B,0x10,0xDE,0x30,0x81,0xE3,0x06,0x03,0x55,0x1D,0x20,0x04,
+ 0x81,0xDB,0x30,0x81,0xD8,0x30,0x81,0xC6,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,
+ 0x48,0x83,0x7D,0x01,0x01,0x30,0x81,0xB6,0x30,0x81,0x80,0x06,0x08,0x2B,0x06,0x01,
+ 0x05,0x05,0x07,0x02,0x02,0x30,0x74,0x1E,0x72,0x00,0x43,0x00,0x6F,0x00,0x70,0x00,
+ 0x79,0x00,0x72,0x00,0x69,0x00,0x67,0x00,0x68,0x00,0x74,0x00,0x20,0x00,0x28,0x00,
+ 0x63,0x00,0x29,0x00,0x20,0x00,0x32,0x00,0x30,0x00,0x31,0x00,0x33,0x00,0x20,0x00,
+ 0x41,0x00,0x54,0x00,0x54,0x00,0x20,0x00,0x57,0x00,0x69,0x00,0x2D,0x00,0x46,0x00,
+ 0x69,0x00,0x20,0x00,0x53,0x00,0x65,0x00,0x72,0x00,0x76,0x00,0x69,0x00,0x63,0x00,
+ 0x65,0x00,0x73,0x00,0x20,0x00,0x41,0x00,0x6C,0x00,0x6C,0x00,0x20,0x00,0x52,0x00,
+ 0x69,0x00,0x67,0x00,0x68,0x00,0x74,0x00,0x73,0x00,0x20,0x00,0x52,0x00,0x65,0x00,
+ 0x73,0x00,0x65,0x00,0x72,0x00,0x76,0x00,0x65,0x00,0x64,0x30,0x31,0x06,0x08,0x2B,
+ 0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x25,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,
+ 0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,
+ 0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,0x73,0x2E,0x68,0x74,0x6D,0x6C,0x30,0x0D,
+ 0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,0x48,0x83,0x7D,0x01,0x02,0x30,0x81,0xD6,
+ 0x06,0x03,0x55,0x1D,0x1F,0x04,0x81,0xCE,0x30,0x81,0xCB,0x30,0x81,0xC8,0xA0,0x2D,
+ 0xA0,0x2B,0x86,0x29,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,
+ 0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,
+ 0x2F,0x72,0x6F,0x6F,0x74,0x63,0x61,0x67,0x32,0x2E,0x63,0x72,0x6C,0xA2,0x81,0x96,
+ 0xA4,0x81,0x93,0x30,0x81,0x90,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,
+ 0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x0C,0x05,0x54,0x65,
+ 0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x0C,0x10,0x41,0x54,
+ 0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0x31,0x1B,
+ 0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x0C,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,
+ 0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x39,0x30,0x37,0x06,
+ 0x03,0x55,0x04,0x03,0x0C,0x30,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,
+ 0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x65,
+ 0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,
+ 0x69,0x74,0x79,0x20,0x47,0x32,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,
+ 0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,
+ 0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x79,0xE7,0x9C,0xD0,0x93,0x93,
+ 0xB8,0xD6,0xC5,0x58,0x85,0xD4,0xDA,0xC1,0x22,0x73,0x87,0x2F,0x97,0x9C,0x79,0x9B,
+ 0x61,0xC1,0x87,0xBB,0xA8,0xFD,0x9F,0x07,0x0C,0x3D,0xA1,0xD3,0xFC,0x17,0x46,0x04,
+ 0x1E,0xBE,0xEF,0x8B,0x9A,0xB1,0x17,0x82,0x75,0x25,0x41,0x68,0xD6,0x46,0x13,0x7A,
+ 0x9E,0xFB,0x13,0xCE,0x01,0xCA,0x1F,0xD2,0x3F,0x7F,0xF1,0xF3,0xCB,0xC5,0xF7,0x8A,
+ 0xAA,0x0F,0x63,0x8E,0xC9,0x68,0x31,0xDB,0x3D,0x69,0x4C,0x55,0xC6,0x34,0x24,0x52,
+ 0x76,0xC0,0x51,0xF9,0x29,0x2B,0xB2,0x3C,0x3C,0x95,0x11,0x20,0x92,0x1A,0x25,0xB8,
+ 0x10,0x3E,0x45,0xA3,0x4F,0x27,0x51,0xA3,0x8A,0x1D,0xEC,0x00,0x40,0x35,0x3F,0xAC,
+ 0x2D,0x49,0xD0,0x20,0x85,0x01,0xAE,0xF7,0x7D,0xFC,0x62,0x4E,0x49,0x9C,0xAA,0x99,
+ 0x27,0x6A,0x14,0xE3,0x51,0x9D,0x1B,0x1F,0xA9,0x32,0x33,0x4E,0xA9,0xA2,0x55,0x21,
+ 0xDB,0xFF,0x57,0x5A,0x3D,0xC7,0x80,0x6F,0xF1,0x75,0x3F,0x38,0x09,0x52,0x80,0xD5,
+ 0x5D,0xFE,0x6D,0x84,0x3A,0x9B,0xA7,0x53,0x62,0x48,0x96,0xA9,0x75,0xB0,0xEA,0x6A,
+ 0x78,0xB4,0x92,0x1F,0xC4,0xD2,0x46,0x59,0xEA,0xE0,0x14,0x01,0x38,0xD7,0x6B,0x5D,
+ 0x7F,0xB3,0x30,0x15,0x34,0x11,0x52,0xD1,0xF9,0xFB,0xFF,0x21,0xDB,0x06,0xD4,0x3D,
+ 0xB8,0x69,0xA0,0x95,0x34,0x20,0x1E,0xA1,0x31,0xF5,0xBD,0x18,0x1E,0x08,0xD8,0x55,
+ 0x06,0xB3,0x28,0x3B,0xF8,0x58,0x94,0x0C,0xBB,0x23,0xCB,0x9E,0x10,0x28,0x64,0x2D,
+ 0xB9,0x19,0x86,0xB6,0x29,0x2C,0xF2,0xA5,0x36,0x6B,
+};
+
+
+/* subject:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Root Certificate Authority G2 */
+/* issuer :/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA G2 */
+
+static unsigned char att_intermediate2[1833]={
+ 0x30,0x82,0x07,0x25,0x30,0x82,0x06,0x0D,0xA0,0x03,0x02,0x01,0x02,0x02,0x11,0x5C,
+ 0xD7,0xD8,0x96,0xBA,0xD5,0xC9,0x77,0x11,0xBC,0x14,0xCF,0x0E,0xD3,0x5F,0x20,0x62,
+ 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,
+ 0x5C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x42,0x45,0x31,0x15,
+ 0x30,0x13,0x06,0x03,0x55,0x04,0x0B,0x13,0x0C,0x54,0x72,0x75,0x73,0x74,0x65,0x64,
+ 0x20,0x52,0x6F,0x6F,0x74,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,
+ 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,0x2D,0x73,0x61,
+ 0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,0x54,0x72,0x75,0x73,0x74,
+ 0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x20,0x47,0x32,0x30,0x1E,0x17,
+ 0x0D,0x31,0x33,0x30,0x35,0x33,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,
+ 0x31,0x38,0x30,0x35,0x33,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x30,0x81,0x90,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,
+ 0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,
+ 0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,
+ 0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,
+ 0x0B,0x13,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,
+ 0x76,0x69,0x63,0x65,0x73,0x31,0x39,0x30,0x37,0x06,0x03,0x55,0x04,0x03,0x13,0x30,
+ 0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,
+ 0x65,0x73,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
+ 0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x47,0x32,
+ 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,
+ 0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,
+ 0x00,0x83,0x87,0xD2,0xCE,0xE7,0xA6,0x57,0x09,0xA0,0x0A,0x5D,0xD3,0xBF,0x66,0x2B,
+ 0x82,0x7E,0xB2,0x8B,0xC2,0x32,0x68,0x61,0x36,0x7D,0xC4,0x96,0xCF,0x2A,0x64,0x7E,
+ 0xA7,0x9C,0x3F,0x67,0x3C,0x3E,0x50,0x6F,0x33,0x75,0x16,0x8E,0x81,0x70,0x67,0x5C,
+ 0x37,0x07,0xBD,0xD4,0xD4,0x70,0xD7,0x26,0x3B,0x38,0x25,0x3E,0xB4,0xB6,0x5E,0xCF,
+ 0x9A,0x89,0x45,0xA0,0x35,0xDE,0x15,0x83,0x36,0x9F,0x22,0x87,0xEA,0xFE,0xC8,0x4F,
+ 0xE8,0x6C,0x67,0xAA,0xEC,0xBC,0xA9,0xDA,0xA7,0xA4,0x3A,0xEB,0xB9,0xD5,0x31,0x4F,
+ 0x08,0x15,0x8A,0xCB,0x92,0x1B,0xFC,0xA2,0x5E,0xC6,0x6F,0x6B,0xA3,0x8E,0x9A,0x4C,
+ 0xAB,0x47,0xA3,0x75,0x06,0xED,0xB9,0xFA,0xD6,0xF4,0xA1,0x29,0xEA,0x3D,0xE1,0x8C,
+ 0xE5,0x85,0xCF,0x8E,0x35,0x81,0x20,0x9B,0x68,0x46,0x55,0x0F,0xA0,0x38,0x07,0xAF,
+ 0x6F,0x4F,0xAE,0xFD,0x7F,0x98,0xB6,0x6E,0x06,0xA8,0x14,0xCC,0x5B,0x8D,0xDD,0x4C,
+ 0xA7,0xC7,0x5A,0x4D,0xFA,0x17,0xFD,0xEC,0x77,0xD4,0x0D,0xA1,0xE8,0xFF,0x33,0x01,
+ 0x14,0x10,0xBC,0x82,0x38,0xEF,0xEF,0xBC,0xCE,0x8C,0x11,0x0A,0xFC,0xFE,0x55,0xA5,
+ 0x5B,0xA7,0x37,0xD6,0xBB,0xB2,0x5F,0x85,0x06,0xF6,0x96,0xFB,0x24,0x32,0xF4,0x51,
+ 0xB9,0x4D,0x1D,0x27,0x6A,0xB5,0xD2,0xC0,0x12,0x4B,0x8A,0x33,0xE0,0xC5,0x45,0x3D,
+ 0xD9,0x38,0xD6,0xE3,0xEF,0x28,0x32,0x77,0xD5,0x72,0xEE,0x99,0x06,0x6A,0xB0,0x05,
+ 0x43,0x4D,0xA2,0xB1,0x5F,0x22,0x92,0xD3,0x26,0xAC,0x0F,0x5C,0x91,0x6F,0x17,0x85,
+ 0x17,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,0xAB,0x30,0x82,0x03,0xA7,0x30,0x0E,
+ 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x82,
+ 0x01,0x0B,0x06,0x03,0x55,0x1D,0x20,0x04,0x82,0x01,0x02,0x30,0x81,0xFF,0x30,0x71,
+ 0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0xA0,0x32,0x01,0x3C,0x01,0x30,0x63,0x30,0x32,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x26,0x68,0x74,0x74,0x70,
+ 0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,
+ 0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,
+ 0x79,0x2F,0x30,0x2D,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x21,
+ 0x0C,0x1F,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,
+ 0x73,0x74,0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x20,0x50,0x72,0x6F,0x67,0x72,0x61,
+ 0x6D,0x30,0x81,0x89,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,0x48,0x83,0x7D,0x01,
+ 0x01,0x30,0x7A,0x30,0x2F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,
+ 0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70,0x6B,0x69,0x2E,
+ 0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,0x73,0x2E,
+ 0x68,0x74,0x6D,0x6C,0x30,0x47,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,
+ 0x30,0x3B,0x0C,0x39,0x43,0x6F,0x70,0x79,0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63,
+ 0x29,0x20,0x32,0x30,0x31,0x33,0x20,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,
+ 0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x41,0x6C,0x6C,0x20,0x52,0x69,
+ 0x67,0x68,0x74,0x73,0x20,0x52,0x65,0x73,0x65,0x72,0x76,0x65,0x64,0x30,0x12,0x06,
+ 0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,
+ 0x01,0x30,0x82,0x01,0x4B,0x06,0x03,0x55,0x1D,0x1E,0x04,0x82,0x01,0x42,0x30,0x82,
+ 0x01,0x3E,0xA0,0x82,0x01,0x08,0x30,0x0D,0x82,0x0B,0x77,0x61,0x79,0x70,0x6F,0x72,
+ 0x74,0x2E,0x6E,0x65,0x74,0x30,0x0D,0x82,0x0B,0x61,0x74,0x74,0x77,0x69,0x66,0x69,
+ 0x2E,0x63,0x6F,0x6D,0x30,0x10,0x82,0x0E,0x73,0x75,0x70,0x65,0x72,0x63,0x6C,0x69,
+ 0x63,0x6B,0x2E,0x6E,0x65,0x74,0x30,0x10,0x82,0x0E,0x73,0x75,0x70,0x65,0x72,0x63,
+ 0x6C,0x69,0x63,0x6B,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x81,0x0B,0x77,0x61,0x79,0x70,
+ 0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x0E,0x81,0x0C,0x2E,0x77,0x61,0x79,0x70,
+ 0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x0D,0x81,0x0B,0x61,0x74,0x74,0x77,0x69,
+ 0x66,0x69,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x81,0x0C,0x2E,0x61,0x74,0x74,0x77,0x69,
+ 0x66,0x69,0x2E,0x63,0x6F,0x6D,0x30,0x10,0x81,0x0E,0x73,0x75,0x70,0x65,0x72,0x63,
+ 0x6C,0x69,0x63,0x6B,0x2E,0x6E,0x65,0x74,0x30,0x11,0x81,0x0F,0x2E,0x73,0x75,0x70,
+ 0x65,0x72,0x63,0x6C,0x69,0x63,0x6B,0x2E,0x6E,0x65,0x74,0x30,0x10,0x81,0x0E,0x73,
+ 0x75,0x70,0x65,0x72,0x63,0x6C,0x69,0x63,0x6B,0x2E,0x63,0x6F,0x6D,0x30,0x11,0x81,
+ 0x0F,0x2E,0x73,0x75,0x70,0x65,0x72,0x63,0x6C,0x69,0x63,0x6B,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x3C,0xA4,0x3A,0x30,0x38,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,
+ 0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,0x54,0x65,
+ 0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x41,0x54,
+ 0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0xA1,0x30,
+ 0x30,0x0A,0x87,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x22,0x87,0x20,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,
+ 0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,
+ 0x3D,0x06,0x03,0x55,0x1D,0x1F,0x04,0x36,0x30,0x34,0x30,0x32,0xA0,0x30,0xA0,0x2E,
+ 0x86,0x2C,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x67,0x6C,0x6F,
+ 0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x67,0x73,0x2F,0x74,
+ 0x72,0x75,0x73,0x74,0x72,0x6F,0x6F,0x74,0x67,0x32,0x2E,0x63,0x72,0x6C,0x30,0x81,
+ 0x84,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x78,0x30,0x76,0x30,
+ 0x33,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x27,0x68,0x74,0x74,
+ 0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x32,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,
+ 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x74,0x72,0x75,0x73,0x74,0x72,0x6F,
+ 0x6F,0x74,0x67,0x32,0x30,0x3F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,
+ 0x86,0x33,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x65,0x63,0x75,0x72,0x65,0x2E,
+ 0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x63,
+ 0x61,0x63,0x65,0x72,0x74,0x2F,0x74,0x72,0x75,0x73,0x74,0x72,0x6F,0x6F,0x74,0x67,
+ 0x32,0x2E,0x63,0x72,0x74,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,
+ 0xF3,0xD3,0xC7,0x5E,0x2C,0x45,0x26,0x7E,0xFD,0xE6,0xE4,0xB4,0x94,0xB8,0x04,0x0F,
+ 0x39,0x3B,0x10,0xDE,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,
+ 0x14,0x14,0xF6,0xE5,0x8B,0x31,0xB6,0x45,0x80,0x4A,0x4C,0x6D,0xFC,0xC2,0x87,0x89,
+ 0xCA,0x36,0xC3,0x90,0x62,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,
+ 0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x85,0xDE,0x66,0x4A,0x3A,0x3B,0xAD,
+ 0x8A,0xC7,0x32,0xFF,0x2D,0xD3,0x81,0x69,0x1D,0x1C,0xDE,0xE5,0x1E,0x87,0xE6,0x33,
+ 0xFE,0x34,0x80,0x1E,0xCF,0xC8,0xF8,0x93,0x38,0x12,0x9B,0x42,0xC4,0x9A,0x49,0x8B,
+ 0x98,0xAF,0x52,0xEC,0xD7,0x10,0xC4,0x44,0xEA,0x57,0xE6,0xA5,0xA5,0xC4,0x53,0x15,
+ 0xEB,0xEA,0x3D,0x8A,0xB2,0x9F,0xF2,0x90,0x1A,0x03,0xBA,0xB7,0xC8,0x89,0xCD,0x88,
+ 0x26,0xF6,0xA3,0xFD,0x41,0x3C,0x70,0x01,0xE1,0x03,0x99,0x33,0xFA,0xF6,0xB1,0x92,
+ 0xED,0x3C,0xF9,0x03,0xC5,0x28,0xBB,0x18,0xD8,0x25,0x8F,0x6C,0x13,0x12,0x70,0xFA,
+ 0x38,0x1E,0xB2,0xC8,0xC9,0x60,0x51,0x3A,0x43,0x86,0x4F,0x27,0xEF,0xAD,0x03,0x58,
+ 0x52,0xCC,0xAF,0x6F,0x03,0xDB,0x7B,0x3B,0xDA,0xF2,0xBC,0xE7,0x40,0x0D,0xE6,0xD9,
+ 0x8C,0x36,0x2E,0xEA,0x01,0xA9,0x66,0xCA,0x26,0x41,0x71,0x57,0x84,0xE0,0x38,0xA4,
+ 0x13,0xDE,0x05,0xC4,0xC4,0x0A,0x79,0xCF,0x5F,0xE3,0x8E,0xDE,0xCC,0xD8,0x8E,0x6E,
+ 0xBC,0x4F,0x50,0x2C,0xD4,0x68,0xDF,0xB6,0xA8,0x61,0x80,0x0B,0x03,0x74,0xF3,0xFF,
+ 0x09,0x4A,0x13,0xA0,0x57,0x96,0x0B,0xCB,0x62,0x09,0xB4,0x18,0xFB,0x07,0xD2,0x93,
+ 0x17,0x50,0xCF,0xFE,0x5B,0x50,0x03,0xCE,0x9F,0x19,0x65,0x1E,0x9D,0xAD,0xA1,0x49,
+ 0x0C,0xC0,0x3D,0xFC,0x1F,0xE9,0xA4,0xEF,0x2D,0x6C,0xFA,0x0C,0xF5,0x0D,0xBB,0x2D,
+ 0xCA,0x36,0x22,0x5B,0xCE,0xEB,0xC4,0x4F,0xF7,0x78,0xCD,0x3F,0xCC,0xCE,0xA8,0xCF,
+ 0x4F,0x0B,0x14,0x49,0x6E,0xA0,0xE7,0xF1,0x60,
+};
+
+
+/* subject:/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA G2 */
+/* issuer :/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA */
+
+static unsigned char att_intermediate3[1121]={
+ 0x30,0x82,0x04,0x5D,0x30,0x82,0x03,0x45,0xA0,0x03,0x02,0x01,0x02,0x02,0x0B,0x04,
+ 0x00,0x00,0x00,0x00,0x01,0x36,0xE9,0x3A,0x3A,0xB3,0x30,0x0D,0x06,0x09,0x2A,0x86,
+ 0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x57,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x06,0x13,0x02,0x42,0x45,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,
+ 0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,
+ 0x2D,0x73,0x61,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x0B,0x13,0x07,0x52,0x6F,
+ 0x6F,0x74,0x20,0x43,0x41,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,
+ 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x52,0x6F,0x6F,0x74,0x20,
+ 0x43,0x41,0x30,0x1E,0x17,0x0D,0x31,0x32,0x30,0x34,0x32,0x35,0x31,0x31,0x30,0x30,
+ 0x30,0x30,0x5A,0x17,0x0D,0x32,0x37,0x30,0x34,0x32,0x35,0x31,0x31,0x30,0x30,0x30,
+ 0x30,0x5A,0x30,0x5C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x42,
+ 0x45,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0B,0x13,0x0C,0x54,0x72,0x75,0x73,
+ 0x74,0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,
+ 0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,
+ 0x2D,0x73,0x61,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,0x54,0x72,
+ 0x75,0x73,0x74,0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x20,0x47,0x32,
+ 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,
+ 0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,
+ 0x00,0xAC,0xAE,0xBE,0xAA,0xED,0x70,0xCA,0xFB,0x83,0xB1,0x2E,0x35,0xBB,0xB8,0xB0,
+ 0xAC,0x31,0x33,0x5D,0xBB,0x52,0xC0,0xA6,0xC7,0x54,0x71,0x6F,0x1C,0x60,0x70,0x0A,
+ 0xC6,0x4B,0xBA,0xE3,0x89,0xE7,0xE9,0x04,0x7F,0xF0,0xE0,0xB6,0x2B,0xCA,0x68,0xDF,
+ 0xBD,0xCC,0x35,0xB9,0xEC,0x8C,0x36,0x8A,0x8B,0xA3,0xD9,0xC9,0x33,0x3F,0xCE,0x45,
+ 0x7B,0xA9,0x6F,0x7E,0x4D,0x35,0xF1,0x3A,0xEB,0xBA,0x6B,0x41,0x81,0xDA,0xFA,0xD4,
+ 0xE3,0x97,0x52,0x22,0x2A,0x90,0x7B,0x41,0x4C,0x2D,0xDF,0x05,0xCF,0xB9,0x33,0x05,
+ 0x25,0xAD,0x6D,0x5E,0xD8,0xCA,0xCE,0x4A,0x89,0xCA,0xE2,0x65,0x36,0xE3,0xCA,0x4F,
+ 0xBE,0x87,0x72,0x38,0x0D,0xAA,0x05,0x75,0xB3,0xDA,0x86,0xE3,0x83,0x03,0xE4,0x8D,
+ 0x89,0xBC,0x8D,0x76,0x76,0xEF,0x33,0x23,0x56,0xE0,0x75,0x0F,0xA5,0xFC,0xAB,0x17,
+ 0x91,0x37,0xDB,0x1A,0x35,0x2F,0x84,0xE2,0xCE,0x95,0x53,0x56,0x55,0x00,0xE9,0x2F,
+ 0xE6,0x0C,0x22,0xB1,0xAA,0x80,0x16,0x31,0xCB,0x94,0xD4,0x36,0x0A,0xC0,0x71,0x1B,
+ 0x70,0xA4,0xD7,0x52,0xD8,0xA9,0x05,0xE6,0x8B,0x52,0x98,0xCC,0x1E,0x55,0xBE,0x64,
+ 0x86,0x85,0x15,0xBF,0x7B,0xBC,0x53,0x14,0x07,0xFD,0x65,0x9B,0x36,0x11,0xEA,0xD5,
+ 0x1A,0xC8,0x96,0x0F,0xF4,0xAC,0x15,0x1F,0x8B,0xFC,0xE2,0x4A,0x16,0x05,0x48,0x1E,
+ 0xD4,0xF9,0xA2,0xF1,0xE4,0x3C,0x4F,0xA6,0x14,0xC5,0x06,0x20,0xEA,0xB9,0x01,0xA9,
+ 0xB4,0x1F,0x85,0x0B,0x82,0x6F,0x9E,0xE9,0x03,0x4A,0xD1,0x62,0x85,0x90,0x99,0xD5,
+ 0x1F,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x23,0x30,0x82,0x01,0x1F,0x30,0x0E,
+ 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0F,
+ 0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,
+ 0x47,0x06,0x03,0x55,0x1D,0x20,0x04,0x40,0x30,0x3E,0x30,0x3C,0x06,0x04,0x55,0x1D,
+ 0x20,0x00,0x30,0x34,0x30,0x32,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,
+ 0x16,0x26,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x67,0x6C,
+ 0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,
+ 0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,
+ 0x16,0x04,0x14,0x14,0xF6,0xE5,0x8B,0x31,0xB6,0x45,0x80,0x4A,0x4C,0x6D,0xFC,0xC2,
+ 0x87,0x89,0xCA,0x36,0xC3,0x90,0x62,0x30,0x33,0x06,0x03,0x55,0x1D,0x1F,0x04,0x2C,
+ 0x30,0x2A,0x30,0x28,0xA0,0x26,0xA0,0x24,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F,
+ 0x2F,0x63,0x72,0x6C,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,
+ 0x6E,0x65,0x74,0x2F,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x72,0x6C,0x30,0x3E,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x32,0x30,0x30,0x30,0x2E,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F,
+ 0x2F,0x6F,0x63,0x73,0x70,0x32,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,
+ 0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x6F,0x6F,0x74,0x72,0x31,0x30,0x1F,0x06,0x03,
+ 0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x60,0x7B,0x66,0x1A,0x45,0x0D,0x97,
+ 0xCA,0x89,0x50,0x2F,0x7D,0x04,0xCD,0x34,0xA8,0xFF,0xFC,0xFD,0x4B,0x30,0x0D,0x06,
+ 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,
+ 0x00,0xBE,0xC8,0x1B,0x49,0x7E,0x93,0x82,0xE4,0x72,0x92,0x3E,0x6B,0xF9,0x2F,0x66,
+ 0xC4,0x91,0xC1,0x23,0x38,0xB8,0x0E,0xB3,0x19,0x7D,0xF8,0x7B,0xBF,0x00,0xDA,0x8C,
+ 0xAD,0xAF,0xC4,0x46,0xF1,0xB2,0x70,0x55,0xBF,0x3E,0x00,0x73,0x14,0x0F,0xE5,0xDE,
+ 0xDA,0x46,0x1D,0x87,0xF5,0x23,0xFF,0x06,0x90,0x5D,0xFA,0x91,0xD0,0xE8,0x31,0x41,
+ 0x72,0xFD,0x0A,0xDE,0x19,0x33,0xE2,0x65,0x47,0x56,0xAF,0xB0,0xD2,0x97,0x58,0xBE,
+ 0x40,0xC1,0x85,0xC0,0x5C,0x23,0x81,0xDC,0x9E,0x4F,0x5B,0x65,0xCE,0x72,0x4E,0xC7,
+ 0x67,0x0D,0x2F,0x45,0xB1,0x90,0x86,0x35,0xA3,0x43,0x1F,0x81,0xE0,0xA3,0x94,0x16,
+ 0x0D,0x5B,0xDE,0x8B,0xFF,0xCF,0xA5,0xE4,0xAF,0x7C,0x9A,0x09,0xF4,0x50,0x85,0x78,
+ 0x7B,0x28,0x2D,0x01,0x73,0x44,0x57,0x3C,0xF1,0xB9,0x36,0xFE,0x65,0x09,0x6F,0xB3,
+ 0xB5,0xB6,0xE0,0xD3,0x33,0x26,0xDE,0x4C,0x9F,0x40,0x84,0xD1,0xBA,0xC3,0x12,0x83,
+ 0xA2,0x01,0xB0,0x32,0x6A,0x3A,0x78,0xDA,0x89,0xA2,0x90,0x45,0xC5,0xE2,0x0F,0x44,
+ 0xA4,0xE3,0x76,0x57,0x6F,0x66,0xD4,0x28,0xCC,0x42,0xEF,0xE4,0xDD,0xDD,0x02,0xF8,
+ 0x47,0x21,0xDC,0x58,0x96,0xD0,0xED,0x8C,0xA5,0x2D,0x34,0xBF,0xC7,0xE8,0xF1,0x58,
+ 0x87,0x0E,0x43,0x4A,0x0E,0xE7,0xFE,0x78,0xB7,0x93,0xD3,0x43,0x5E,0x27,0x79,0x88,
+ 0x4E,0xCF,0xDC,0x78,0x81,0x49,0x36,0x01,0x80,0x16,0xE9,0xDD,0x6F,0x78,0xFC,0x1B,
+ 0x85,0xC0,0xBC,0xAE,0x84,0x30,0x90,0x74,0xFB,0x1E,0xF7,0xD8,0x06,0x87,0x3B,0xE0,
+ 0x53,
+};
+
+
+/* subject:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA */
+/* issuer :/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA */
+
+static unsigned char att_root[889]={
+ 0x30,0x82,0x03,0x75,0x30,0x82,0x02,0x5D,0xA0,0x03,0x02,0x01,0x02,0x02,0x0B,0x04,
+ 0x00,0x00,0x00,0x00,0x01,0x15,0x4B,0x5A,0xC3,0x94,0x30,0x0D,0x06,0x09,0x2A,0x86,
+ 0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x57,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x06,0x13,0x02,0x42,0x45,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,
+ 0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,
+ 0x2D,0x73,0x61,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x0B,0x13,0x07,0x52,0x6F,
+ 0x6F,0x74,0x20,0x43,0x41,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,
+ 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x52,0x6F,0x6F,0x74,0x20,
+ 0x43,0x41,0x30,0x1E,0x17,0x0D,0x39,0x38,0x30,0x39,0x30,0x31,0x31,0x32,0x30,0x30,
+ 0x30,0x30,0x5A,0x17,0x0D,0x32,0x38,0x30,0x31,0x32,0x38,0x31,0x32,0x30,0x30,0x30,
+ 0x30,0x5A,0x30,0x57,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x42,
+ 0x45,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,
+ 0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,0x2D,0x73,0x61,0x31,0x10,0x30,0x0E,
+ 0x06,0x03,0x55,0x04,0x0B,0x13,0x07,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x31,0x1B,
+ 0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,
+ 0x69,0x67,0x6E,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,
+ 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,
+ 0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xDA,0x0E,0xE6,0x99,
+ 0x8D,0xCE,0xA3,0xE3,0x4F,0x8A,0x7E,0xFB,0xF1,0x8B,0x83,0x25,0x6B,0xEA,0x48,0x1F,
+ 0xF1,0x2A,0xB0,0xB9,0x95,0x11,0x04,0xBD,0xF0,0x63,0xD1,0xE2,0x67,0x66,0xCF,0x1C,
+ 0xDD,0xCF,0x1B,0x48,0x2B,0xEE,0x8D,0x89,0x8E,0x9A,0xAF,0x29,0x80,0x65,0xAB,0xE9,
+ 0xC7,0x2D,0x12,0xCB,0xAB,0x1C,0x4C,0x70,0x07,0xA1,0x3D,0x0A,0x30,0xCD,0x15,0x8D,
+ 0x4F,0xF8,0xDD,0xD4,0x8C,0x50,0x15,0x1C,0xEF,0x50,0xEE,0xC4,0x2E,0xF7,0xFC,0xE9,
+ 0x52,0xF2,0x91,0x7D,0xE0,0x6D,0xD5,0x35,0x30,0x8E,0x5E,0x43,0x73,0xF2,0x41,0xE9,
+ 0xD5,0x6A,0xE3,0xB2,0x89,0x3A,0x56,0x39,0x38,0x6F,0x06,0x3C,0x88,0x69,0x5B,0x2A,
+ 0x4D,0xC5,0xA7,0x54,0xB8,0x6C,0x89,0xCC,0x9B,0xF9,0x3C,0xCA,0xE5,0xFD,0x89,0xF5,
+ 0x12,0x3C,0x92,0x78,0x96,0xD6,0xDC,0x74,0x6E,0x93,0x44,0x61,0xD1,0x8D,0xC7,0x46,
+ 0xB2,0x75,0x0E,0x86,0xE8,0x19,0x8A,0xD5,0x6D,0x6C,0xD5,0x78,0x16,0x95,0xA2,0xE9,
+ 0xC8,0x0A,0x38,0xEB,0xF2,0x24,0x13,0x4F,0x73,0x54,0x93,0x13,0x85,0x3A,0x1B,0xBC,
+ 0x1E,0x34,0xB5,0x8B,0x05,0x8C,0xB9,0x77,0x8B,0xB1,0xDB,0x1F,0x20,0x91,0xAB,0x09,
+ 0x53,0x6E,0x90,0xCE,0x7B,0x37,0x74,0xB9,0x70,0x47,0x91,0x22,0x51,0x63,0x16,0x79,
+ 0xAE,0xB1,0xAE,0x41,0x26,0x08,0xC8,0x19,0x2B,0xD1,0x46,0xAA,0x48,0xD6,0x64,0x2A,
+ 0xD7,0x83,0x34,0xFF,0x2C,0x2A,0xC1,0x6C,0x19,0x43,0x4A,0x07,0x85,0xE7,0xD3,0x7C,
+ 0xF6,0x21,0x68,0xEF,0xEA,0xF2,0x52,0x9F,0x7F,0x93,0x90,0xCF,0x02,0x03,0x01,0x00,
+ 0x01,0xA3,0x42,0x30,0x40,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,
+ 0x04,0x03,0x02,0x01,0x06,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,
+ 0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,
+ 0x14,0x60,0x7B,0x66,0x1A,0x45,0x0D,0x97,0xCA,0x89,0x50,0x2F,0x7D,0x04,0xCD,0x34,
+ 0xA8,0xFF,0xFC,0xFD,0x4B,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,
+ 0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0xD6,0x73,0xE7,0x7C,0x4F,0x76,0xD0,
+ 0x8D,0xBF,0xEC,0xBA,0xA2,0xBE,0x34,0xC5,0x28,0x32,0xB5,0x7C,0xFC,0x6C,0x9C,0x2C,
+ 0x2B,0xBD,0x09,0x9E,0x53,0xBF,0x6B,0x5E,0xAA,0x11,0x48,0xB6,0xE5,0x08,0xA3,0xB3,
+ 0xCA,0x3D,0x61,0x4D,0xD3,0x46,0x09,0xB3,0x3E,0xC3,0xA0,0xE3,0x63,0x55,0x1B,0xF2,
+ 0xBA,0xEF,0xAD,0x39,0xE1,0x43,0xB9,0x38,0xA3,0xE6,0x2F,0x8A,0x26,0x3B,0xEF,0xA0,
+ 0x50,0x56,0xF9,0xC6,0x0A,0xFD,0x38,0xCD,0xC4,0x0B,0x70,0x51,0x94,0x97,0x98,0x04,
+ 0xDF,0xC3,0x5F,0x94,0xD5,0x15,0xC9,0x14,0x41,0x9C,0xC4,0x5D,0x75,0x64,0x15,0x0D,
+ 0xFF,0x55,0x30,0xEC,0x86,0x8F,0xFF,0x0D,0xEF,0x2C,0xB9,0x63,0x46,0xF6,0xAA,0xFC,
+ 0xDF,0xBC,0x69,0xFD,0x2E,0x12,0x48,0x64,0x9A,0xE0,0x95,0xF0,0xA6,0xEF,0x29,0x8F,
+ 0x01,0xB1,0x15,0xB5,0x0C,0x1D,0xA5,0xFE,0x69,0x2C,0x69,0x24,0x78,0x1E,0xB3,0xA7,
+ 0x1C,0x71,0x62,0xEE,0xCA,0xC8,0x97,0xAC,0x17,0x5D,0x8A,0xC2,0xF8,0x47,0x86,0x6E,
+ 0x2A,0xC4,0x56,0x31,0x95,0xD0,0x67,0x89,0x85,0x2B,0xF9,0x6C,0xA6,0x5D,0x46,0x9D,
+ 0x0C,0xAA,0x82,0xE4,0x99,0x51,0xDD,0x70,0xB7,0xDB,0x56,0x3D,0x61,0xE4,0x6A,0xE1,
+ 0x5C,0xD6,0xF6,0xFE,0x3D,0xDE,0x41,0xCC,0x07,0xAE,0x63,0x52,0xBF,0x53,0x53,0xF4,
+ 0x2B,0xE9,0xC7,0xFD,0xB6,0xF7,0x82,0x5F,0x85,0xD2,0x41,0x18,0xDB,0x81,0xB3,0x04,
+ 0x1C,0xC5,0x1F,0xA4,0x80,0x6F,0x15,0x20,0xC9,0xDE,0x0C,0x88,0x0A,0x1D,0xD6,0x66,
+ 0x55,0xE2,0xFC,0x48,0xC9,0x29,0x26,0x69,0xE0,
+};
+
+/* subject:/C=US/ST=CA/L=Santa Clara/O=Intel Corporation/CN=myctx.intel.com */
+/* issuer :/C=US/ST=CA/L=Santa Clara/O=Intel Corporation/CN=Intel External Basic Issuing CA 3A */
+unsigned char intel1_leaf[1644]={
+ 0x30,0x82,0x06,0x68,0x30,0x82,0x05,0x50,0xA0,0x03,0x02,0x01,0x02,0x02,0x13,0x33,
+ 0x00,0x00,0xAC,0x1A,0x2A,0x79,0x37,0xC7,0x7C,0x92,0x90,0x70,0x00,0x03,0x00,0x00,
+ 0xAC,0x1A,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,
+ 0x00,0x30,0x79,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30,
+ 0x12,0x06,0x03,0x55,0x04,0x07,0x13,0x0B,0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C,
+ 0x61,0x72,0x61,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,
+ 0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,
+ 0x2B,0x30,0x29,0x06,0x03,0x55,0x04,0x03,0x13,0x22,0x49,0x6E,0x74,0x65,0x6C,0x20,
+ 0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x49,
+ 0x73,0x73,0x75,0x69,0x6E,0x67,0x20,0x43,0x41,0x20,0x33,0x41,0x30,0x1E,0x17,0x0D,
+ 0x31,0x33,0x31,0x31,0x31,0x31,0x30,0x31,0x30,0x31,0x31,0x33,0x5A,0x17,0x0D,0x31,
+ 0x36,0x31,0x30,0x32,0x36,0x30,0x31,0x30,0x31,0x31,0x33,0x5A,0x30,0x66,0x31,0x0B,
+ 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,
+ 0x07,0x13,0x0B,0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C,0x61,0x72,0x61,0x31,0x1A,
+ 0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43,
+ 0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x18,0x30,0x16,0x06,0x03,
+ 0x55,0x04,0x03,0x13,0x0F,0x6D,0x79,0x63,0x74,0x78,0x2E,0x69,0x6E,0x74,0x65,0x6C,
+ 0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
+ 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,
+ 0x02,0x82,0x01,0x01,0x00,0xB5,0x28,0x2C,0x28,0x93,0x36,0x61,0x9D,0x2E,0xA9,0x69,
+ 0x3D,0xF6,0x28,0x32,0x06,0x63,0x0D,0x74,0x11,0xCF,0xAD,0x68,0x10,0xE4,0x99,0xCA,
+ 0x24,0x93,0xE2,0x06,0xA0,0xB7,0xC9,0xB4,0xCD,0x43,0xD7,0x2C,0xA0,0xC4,0x36,0x60,
+ 0x40,0x1D,0x89,0xD2,0xD7,0x71,0x92,0xB5,0x36,0xA3,0x7F,0xC5,0x4B,0x3A,0x85,0x61,
+ 0x2D,0xED,0x08,0x0E,0x7E,0x33,0xF2,0x48,0x5D,0x30,0x9E,0x8B,0xFB,0xA2,0x6E,0x8A,
+ 0xE0,0xD2,0xE8,0x21,0xBE,0x5F,0x0D,0xAB,0x41,0x06,0xFE,0xB6,0xCE,0x26,0x02,0x3E,
+ 0xFC,0xF8,0x12,0x62,0xB5,0xDC,0x89,0xA1,0x93,0xB7,0x11,0xAF,0x57,0x24,0xE4,0xB5,
+ 0x88,0x75,0x4D,0xFB,0xB8,0x14,0x3C,0xD6,0x1A,0x64,0x55,0x1D,0xE6,0xBE,0x54,0x84,
+ 0xD9,0x44,0x1C,0x9F,0xC4,0x4B,0xB2,0x11,0x42,0x27,0xC1,0xE6,0x0A,0x9A,0x0E,0x92,
+ 0xD1,0x38,0xEF,0x98,0x5F,0x22,0xF4,0xD9,0x43,0x97,0x8D,0x85,0x77,0x62,0x8B,0xB0,
+ 0x6E,0xEC,0xB1,0x7B,0x42,0x40,0x74,0xB3,0x46,0x95,0x20,0x40,0x5A,0xE7,0xCB,0x94,
+ 0x1E,0xAA,0xC5,0xFB,0x4D,0x32,0x05,0x5E,0x5E,0x24,0x1F,0x63,0x8A,0x32,0xFD,0x1E,
+ 0xC5,0xAD,0x71,0xBC,0x87,0xEB,0x16,0x55,0xD6,0xE9,0x6E,0xBF,0x69,0x1D,0x99,0xC9,
+ 0x85,0x5D,0xF9,0xC9,0xAB,0x97,0xEB,0x5F,0xF9,0x3B,0x9F,0xDB,0x88,0x92,0x4F,0xFB,
+ 0x41,0x44,0x18,0x12,0xBA,0x3F,0x37,0x62,0x64,0x07,0x6B,0xD7,0x0F,0x32,0x05,0x80,
+ 0xB2,0xF0,0x70,0xC3,0xAA,0xFA,0x98,0xE2,0xF8,0xE8,0x0E,0x5D,0x25,0xEB,0x47,0x33,
+ 0xA4,0xF2,0xCC,0xE4,0x7F,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0xFA,0x30,0x82,
+ 0x02,0xF6,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,
+ 0x3D,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x07,0x04,0x30,0x30,0x2E,
+ 0x06,0x26,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x08,0x86,0xC3,0x8C,0x75,0x84,
+ 0x99,0xE5,0x51,0x83,0xFD,0x81,0x28,0x85,0x8E,0x9F,0x53,0x82,0x91,0xC0,0x09,0x67,
+ 0x82,0xFC,0xFB,0x17,0x85,0x9B,0xFA,0x24,0x02,0x01,0x64,0x02,0x01,0x0C,0x30,0x1D,
+ 0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x71,0x4F,0x14,0x9A,0x04,0x37,0x44,
+ 0x3B,0x7E,0xB1,0x8A,0xC7,0xB0,0x6F,0x94,0x0A,0xDD,0x79,0x28,0xE2,0x30,0x1F,0x06,
+ 0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x33,0x38,0x3D,0x81,0xCA,0xC4,
+ 0xA5,0xCC,0x51,0xBA,0xC5,0x83,0x68,0x84,0xAB,0x0A,0x61,0x6E,0xC9,0x98,0x30,0x81,
+ 0xCF,0x06,0x03,0x55,0x1D,0x1F,0x04,0x81,0xC7,0x30,0x81,0xC4,0x30,0x81,0xC1,0xA0,
+ 0x81,0xBE,0xA0,0x81,0xBB,0x86,0x57,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,
+ 0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,
+ 0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x43,0x52,0x4C,0x2F,0x49,0x6E,0x74,0x65,0x6C,
+ 0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,
+ 0x73,0x69,0x63,0x25,0x32,0x30,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x25,0x32,0x30,
+ 0x43,0x41,0x25,0x32,0x30,0x33,0x41,0x28,0x33,0x29,0x2E,0x63,0x72,0x6C,0x86,0x60,
+ 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,
+ 0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,
+ 0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x43,0x52,0x4C,0x2F,0x49,0x6E,0x74,
+ 0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,
+ 0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x25,
+ 0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x33,0x41,0x28,0x33,0x29,0x2E,0x63,0x72,0x6C,
+ 0x30,0x81,0xF5,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x81,0xE8,
+ 0x30,0x81,0xE5,0x30,0x6C,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,
+ 0x60,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,
+ 0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,
+ 0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,
+ 0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,
+ 0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,
+ 0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x33,0x41,0x28,0x33,0x29,0x2E,0x63,0x72,
+ 0x74,0x30,0x75,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x69,0x68,
+ 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,
+ 0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,
+ 0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
+ 0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,
+ 0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,
+ 0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x33,
+ 0x41,0x28,0x33,0x29,0x2E,0x63,0x72,0x74,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,
+ 0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B,
+ 0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x27,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,
+ 0x82,0x37,0x15,0x0A,0x04,0x1A,0x30,0x18,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x03,0x02,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,
+ 0x30,0x56,0x06,0x03,0x55,0x1D,0x11,0x04,0x4F,0x30,0x4D,0x82,0x12,0x6D,0x79,0x63,
+ 0x74,0x78,0x2D,0x66,0x6D,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x82,
+ 0x12,0x6D,0x79,0x63,0x74,0x78,0x2D,0x69,0x72,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,
+ 0x63,0x6F,0x6D,0x82,0x12,0x6D,0x79,0x63,0x74,0x78,0x2D,0x70,0x67,0x2E,0x69,0x6E,
+ 0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x0F,0x6D,0x79,0x63,0x74,0x78,0x2E,0x69,
+ 0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,
+ 0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x64,0xDC,0x71,0x94,
+ 0x8A,0x02,0xAF,0xA1,0xEB,0x83,0x15,0x8B,0xCB,0xB4,0x59,0x39,0x25,0x2D,0xB7,0xCC,
+ 0x44,0x76,0x03,0x16,0x77,0xED,0x33,0xE6,0x71,0x70,0xBA,0x56,0x75,0x44,0xD9,0x40,
+ 0x8B,0x1F,0xA0,0xCF,0x50,0x98,0x98,0xFD,0xE2,0x29,0x1A,0xC5,0x6D,0x7D,0x71,0xC5,
+ 0xF5,0x73,0x16,0x4B,0x89,0xF3,0x13,0xE1,0xBE,0x7C,0x77,0x01,0xD7,0xBC,0xC6,0x65,
+ 0xED,0xBC,0x7F,0x55,0x42,0xB8,0x32,0xEA,0x82,0x7F,0xE1,0xEF,0x91,0x31,0x92,0x10,
+ 0xCA,0xC3,0x21,0x0C,0x65,0x26,0xAB,0xBF,0xDB,0x5C,0xF1,0xC1,0x5F,0x54,0x7F,0xBE,
+ 0x78,0x7F,0x7E,0x1E,0x27,0x49,0xFA,0x86,0xE5,0x52,0x13,0x2D,0x49,0xE8,0x33,0x6F,
+ 0x71,0x87,0xB6,0x2A,0x94,0x71,0x81,0x40,0x46,0xD9,0xA3,0x3F,0x0D,0x5C,0x07,0x01,
+ 0x79,0x9D,0x5C,0x15,0x31,0xBC,0x33,0x38,0x41,0x29,0xC9,0x3D,0xDD,0x69,0xA1,0xB7,
+ 0x94,0x65,0x6F,0xC9,0x72,0x5F,0xAF,0x18,0x9A,0xE8,0xCC,0x4B,0x2D,0xB6,0x05,0x95,
+ 0x05,0xD8,0xA0,0x6A,0xA7,0x22,0xBD,0xA0,0x2D,0xCC,0x21,0x0B,0x25,0xD1,0x0B,0xF2,
+ 0x61,0xBE,0xE6,0xD0,0x6F,0xF1,0x16,0xF8,0x12,0xBD,0x95,0x2A,0xD5,0x90,0xE5,0x1D,
+ 0x79,0x51,0x29,0xBD,0xC9,0x19,0xEE,0xD6,0x88,0xDB,0xE3,0xD0,0x3A,0x85,0x53,0xA5,
+ 0xDC,0xC3,0xC0,0x93,0x34,0x48,0x41,0xC8,0x98,0xE2,0x82,0x85,0x76,0x7E,0xF7,0xFA,
+ 0x50,0x55,0xD8,0xEF,0xED,0xF8,0x71,0x1A,0x0D,0x3F,0xBA,0x51,0x91,0xBD,0x7F,0x41,
+ 0xD6,0x19,0x96,0x66,0x7B,0x97,0x8F,0x0C,0x9F,0x14,0x51,0x89,
+};
+
+/* subject:/C=US/ST=CA/L=Santa Clara/O=Intel Corporation/CN=Intel External Basic Issuing CA 3A */
+/* issuer :/C=US/O=Intel Corporation/CN=Intel External Basic Policy CA */
+unsigned char intel1_intermediate1[1725]={
+ 0x30,0x82,0x06,0xB9,0x30,0x82,0x05,0xA1,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x61,
+ 0x2C,0x37,0xF2,0x00,0x01,0x00,0x00,0x00,0x0F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x52,0x31,0x0B,0x30,0x09,0x06,0x03,
+ 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x0A,
+ 0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,
+ 0x69,0x6F,0x6E,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x03,0x13,0x1E,0x49,0x6E,
+ 0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x42,0x61,0x73,
+ 0x69,0x63,0x20,0x50,0x6F,0x6C,0x69,0x63,0x79,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,
+ 0x31,0x33,0x30,0x32,0x30,0x38,0x32,0x32,0x32,0x30,0x33,0x32,0x5A,0x17,0x0D,0x31,
+ 0x38,0x30,0x32,0x30,0x38,0x32,0x32,0x33,0x30,0x33,0x32,0x5A,0x30,0x79,0x31,0x0B,
+ 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,
+ 0x07,0x13,0x0B,0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C,0x61,0x72,0x61,0x31,0x1A,
+ 0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43,
+ 0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x2B,0x30,0x29,0x06,0x03,
+ 0x55,0x04,0x03,0x13,0x22,0x49,0x6E,0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72,
+ 0x6E,0x61,0x6C,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x49,0x73,0x73,0x75,0x69,0x6E,
+ 0x67,0x20,0x43,0x41,0x20,0x33,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,
+ 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,
+ 0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA6,0x7F,0x0B,0xB7,0x72,0xEB,0xBA,0x00,
+ 0x19,0x22,0xD7,0x22,0x56,0xF7,0x90,0x51,0x90,0x66,0x8E,0x54,0x9F,0x25,0x70,0x70,
+ 0xBD,0x3F,0x72,0xD0,0x44,0xE4,0x0F,0xEA,0x09,0x11,0x63,0xD6,0x4E,0x9F,0x5D,0x1E,
+ 0x2A,0x0F,0xB7,0x92,0x0E,0x72,0x26,0xAB,0x95,0xED,0x46,0xA7,0xC8,0x08,0xFA,0x5A,
+ 0xD3,0x5A,0x70,0xF8,0xBB,0xBF,0x14,0xEF,0x35,0x8D,0x15,0x9C,0x8F,0x42,0xBC,0xED,
+ 0x42,0xBB,0xE8,0xA9,0x17,0x39,0xB7,0x7B,0xC8,0x56,0x98,0x3D,0xF0,0x95,0x81,0x67,
+ 0x51,0x6B,0xEA,0x99,0xB6,0x60,0x72,0x44,0x87,0x26,0xD0,0x42,0x38,0x03,0x4D,0xC7,
+ 0x46,0x3D,0x6B,0xE1,0xB4,0xE9,0x82,0xEF,0x39,0xBE,0xFF,0x7D,0x63,0xD4,0x73,0x81,
+ 0x14,0x59,0xC8,0x32,0x42,0x21,0x53,0x43,0x1B,0x6C,0x1B,0x84,0x34,0x9D,0xBE,0x2F,
+ 0x87,0x31,0x5B,0x5D,0x65,0xF7,0xCC,0xB0,0x59,0xDC,0x94,0x39,0xAB,0xDF,0xAC,0xB2,
+ 0xC5,0xAB,0x9B,0xC7,0x69,0xD0,0xE8,0x0D,0xF5,0x7E,0x53,0x84,0x0A,0xA5,0xEB,0x25,
+ 0x1E,0xD1,0xB2,0xBB,0x84,0x55,0x19,0xE1,0x9F,0xD6,0x21,0xC7,0x44,0x68,0x18,0x87,
+ 0x45,0x60,0x05,0x3A,0xFC,0x5E,0x66,0xF9,0x20,0xD8,0x1B,0xF2,0xA9,0xC3,0x7C,0xBC,
+ 0x15,0xB6,0x34,0xB7,0x7C,0xDD,0x68,0xFC,0x7E,0xF7,0x1A,0xCA,0xED,0x0A,0x41,0x59,
+ 0xE0,0xDB,0xB1,0x32,0x64,0xB1,0xE1,0xCF,0x35,0x72,0xFF,0x24,0x58,0x81,0x8E,0x1B,
+ 0x0B,0x02,0x11,0x5C,0xD3,0x61,0x85,0x3D,0x23,0x32,0x58,0x31,0x72,0xC8,0x8C,0xCA,
+ 0xDA,0xFC,0xDC,0xFF,0x3F,0xF9,0x5B,0xD1,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,
+ 0x68,0x30,0x82,0x03,0x64,0x30,0x12,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,
+ 0x15,0x01,0x04,0x05,0x02,0x03,0x03,0x00,0x03,0x30,0x23,0x06,0x09,0x2B,0x06,0x01,
+ 0x04,0x01,0x82,0x37,0x15,0x02,0x04,0x16,0x04,0x14,0x4D,0x79,0xA3,0xAC,0x3C,0x5C,
+ 0xA2,0x96,0x30,0x07,0xC0,0xC5,0xE5,0xBD,0x91,0x39,0x8C,0xD9,0x1B,0x7B,0x30,0x1D,
+ 0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x33,0x38,0x3D,0x81,0xCA,0xC4,0xA5,
+ 0xCC,0x51,0xBA,0xC5,0x83,0x68,0x84,0xAB,0x0A,0x61,0x6E,0xC9,0x98,0x30,0x81,0xFA,
+ 0x06,0x03,0x55,0x1D,0x20,0x04,0x81,0xF2,0x30,0x81,0xEF,0x30,0x81,0xEC,0x06,0x0A,
+ 0x2A,0x86,0x48,0x86,0xF8,0x4D,0x01,0x05,0x01,0x69,0x30,0x81,0xDD,0x30,0x81,0x9C,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x81,0x8F,0x1E,0x81,0x8C,
+ 0x00,0x49,0x00,0x6E,0x00,0x74,0x00,0x65,0x00,0x6C,0x00,0x20,0x00,0x43,0x00,0x6F,
+ 0x00,0x72,0x00,0x70,0x00,0x6F,0x00,0x72,0x00,0x61,0x00,0x74,0x00,0x69,0x00,0x6F,
+ 0x00,0x6E,0x00,0x20,0x00,0x45,0x00,0x78,0x00,0x74,0x00,0x65,0x00,0x72,0x00,0x6E,
+ 0x00,0x61,0x00,0x6C,0x00,0x20,0x00,0x42,0x00,0x61,0x00,0x73,0x00,0x69,0x00,0x63,
+ 0x00,0x20,0x00,0x50,0x00,0x6F,0x00,0x6C,0x00,0x69,0x00,0x63,0x00,0x79,0x00,0x20,
+ 0x00,0x43,0x00,0x65,0x00,0x72,0x00,0x74,0x00,0x69,0x00,0x66,0x00,0x69,0x00,0x63,
+ 0x00,0x61,0x00,0x74,0x00,0x65,0x00,0x20,0x00,0x50,0x00,0x72,0x00,0x61,0x00,0x63,
+ 0x00,0x74,0x00,0x69,0x00,0x63,0x00,0x65,0x00,0x20,0x00,0x53,0x00,0x74,0x00,0x61,
+ 0x00,0x74,0x00,0x65,0x00,0x6D,0x00,0x65,0x00,0x6E,0x00,0x74,0x30,0x3C,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x30,0x68,0x74,0x74,0x70,0x3A,0x2F,
+ 0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,
+ 0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x70,0x6B,0x69,0x63,0x70,0x73,
+ 0x2F,0x69,0x6E,0x64,0x65,0x78,0x2E,0x68,0x74,0x6D,0x30,0x19,0x06,0x09,0x2B,0x06,
+ 0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x04,0x0C,0x1E,0x0A,0x00,0x53,0x00,0x75,0x00,
+ 0x62,0x00,0x43,0x00,0x41,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,
+ 0x01,0x86,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,
+ 0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,
+ 0x16,0x80,0x14,0x56,0x3A,0x6F,0x17,0xAB,0x24,0x0C,0xE5,0xB7,0x31,0x64,0xB0,0x11,
+ 0xED,0xDB,0xEA,0x23,0xBE,0x5E,0xBC,0x30,0x81,0xC3,0x06,0x03,0x55,0x1D,0x1F,0x04,
+ 0x81,0xBB,0x30,0x81,0xB8,0x30,0x81,0xB5,0xA0,0x81,0xB2,0xA0,0x81,0xAF,0x86,0x51,
+ 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,
+ 0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,
+ 0x43,0x52,0x4C,0x2F,0x49,0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,
+ 0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x50,
+ 0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43,0x41,0x28,0x31,0x29,0x2E,0x63,0x72,
+ 0x6C,0x86,0x5A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,
+ 0x69,0x63,0x61,0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,
+ 0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x43,0x52,0x4C,0x2F,
+ 0x49,0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,
+ 0x25,0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,
+ 0x79,0x25,0x32,0x30,0x43,0x41,0x28,0x31,0x29,0x2E,0x63,0x72,0x6C,0x30,0x81,0xE9,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x81,0xDC,0x30,0x81,0xD9,
+ 0x30,0x66,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x5A,0x68,0x74,
+ 0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,
+ 0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x63,0x65,
+ 0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,0x74,0x65,0x6C,
+ 0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,
+ 0x73,0x69,0x63,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43,
+ 0x41,0x28,0x31,0x29,0x2E,0x63,0x72,0x74,0x30,0x6F,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x30,0x02,0x86,0x63,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,
+ 0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,
+ 0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x63,
+ 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,0x74,0x65,
+ 0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,
+ 0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,
+ 0x43,0x41,0x28,0x31,0x29,0x2E,0x63,0x72,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x0B,0x3F,0x6F,
+ 0x3B,0xCC,0xC6,0x8E,0x21,0x82,0x96,0x87,0xCA,0xDC,0x9D,0x44,0x78,0x37,0x93,0x76,
+ 0xD7,0xAB,0x7E,0xDD,0xC3,0xF4,0x80,0xFD,0x35,0x4E,0xA8,0x0A,0xCA,0xCC,0x15,0xA9,
+ 0x5B,0xD9,0x6B,0x5C,0x6C,0x7B,0xE3,0xE5,0xF7,0xE0,0x28,0x44,0xE7,0x22,0x55,0x46,
+ 0xF1,0x12,0x34,0x20,0x8E,0xDA,0xF7,0x3A,0x6B,0xBC,0xD3,0x17,0x08,0x35,0xA5,0xCF,
+ 0xAB,0xF1,0x03,0xAE,0xAF,0x85,0x3D,0x4A,0xA1,0x5B,0x4E,0x07,0x98,0xAD,0x0C,0xDB,
+ 0xFC,0xEE,0xB1,0x2E,0xB9,0x9D,0xE4,0xFE,0xB5,0xC6,0x53,0xAB,0xC0,0xC2,0x92,0xE3,
+ 0x51,0x60,0xEA,0x87,0x7A,0xB0,0x3F,0x41,0x0E,0x92,0x76,0x54,0xFD,0x90,0x4F,0x5F,
+ 0xDA,0x0E,0x54,0x1A,0x43,0xF0,0x11,0xC6,0x42,0x99,0x1B,0xBA,0xA9,0xA0,0x69,0xCF,
+ 0xD1,0x3E,0x0D,0xE8,0xC7,0x0A,0x8D,0x07,0xD0,0x20,0x26,0xFC,0x49,0x46,0x65,0xC0,
+ 0xF2,0x1C,0x28,0x42,0xC7,0x49,0x2F,0x04,0x52,0xBA,0x64,0xAC,0xF8,0x4B,0x48,0x66,
+ 0x21,0x55,0x59,0x18,0x98,0x0B,0x08,0xAA,0x94,0x15,0x7E,0x78,0xB9,0x70,0xF5,0xA0,
+ 0xCD,0x30,0xE1,0x18,0x84,0xC0,0x0D,0xF2,0xBD,0xF3,0x67,0x5B,0x22,0x5F,0xE3,0xDF,
+ 0x3B,0x4C,0x9F,0xAD,0x96,0x07,0xB5,0xC3,0x21,0x95,0x03,0x40,0x08,0x20,0xF6,0x89,
+ 0x56,0xF6,0x11,0x6C,0x2A,0x65,0x87,0xAD,0xC6,0xF0,0x38,0xF1,0xE8,0x31,0x12,0xAF,
+ 0xAE,0xC8,0xE9,0x82,0x75,0xD4,0x41,0x50,0x01,0x26,0xCF,0x6F,0xC7,0x7D,0x40,0x20,
+ 0x4B,0x3C,0x15,0xC1,0x3E,0xD1,0xFE,0x92,0x07,0x71,0xF0,0x76,0xB4,
+};
+
+/* subject:/C=US/ST=CA/L=Santa Clara/O=Intel Corporation/CN=contact.intel.com */
+/* issuer :/C=US/ST=CA/L=Santa Clara/O=Intel Corporation/CN=Intel External Basic Issuing CA 3B */
+unsigned char intel2_leaf[1725]={
+ 0x30,0x82,0x06,0xB9,0x30,0x82,0x05,0xA1,0xA0,0x03,0x02,0x01,0x02,0x02,0x13,0x33,
+ 0x00,0x00,0xB6,0x06,0x88,0x89,0x35,0x62,0x16,0x48,0xF1,0x1D,0x00,0x02,0x00,0x00,
+ 0xB6,0x06,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,
+ 0x00,0x30,0x79,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30,
+ 0x12,0x06,0x03,0x55,0x04,0x07,0x13,0x0B,0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C,
+ 0x61,0x72,0x61,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,
+ 0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,
+ 0x2B,0x30,0x29,0x06,0x03,0x55,0x04,0x03,0x13,0x22,0x49,0x6E,0x74,0x65,0x6C,0x20,
+ 0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x49,
+ 0x73,0x73,0x75,0x69,0x6E,0x67,0x20,0x43,0x41,0x20,0x33,0x42,0x30,0x1E,0x17,0x0D,
+ 0x31,0x35,0x30,0x33,0x30,0x36,0x31,0x32,0x30,0x30,0x30,0x36,0x5A,0x17,0x0D,0x31,
+ 0x36,0x30,0x38,0x32,0x37,0x31,0x32,0x30,0x30,0x30,0x36,0x5A,0x30,0x68,0x31,0x0B,
+ 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,
+ 0x07,0x13,0x0B,0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C,0x61,0x72,0x61,0x31,0x1A,
+ 0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43,
+ 0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1A,0x30,0x18,0x06,0x03,
+ 0x55,0x04,0x03,0x13,0x11,0x63,0x6F,0x6E,0x74,0x61,0x63,0x74,0x2E,0x69,0x6E,0x74,
+ 0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,
+ 0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,
+ 0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xE8,0xAD,0x3F,0x95,0x76,0xD6,0x63,0xB4,0x9B,
+ 0x87,0x0C,0xF8,0x27,0x04,0xF8,0x0B,0x69,0x3B,0xE2,0xC1,0xA6,0xF7,0x28,0xFE,0x0E,
+ 0x7C,0x66,0x05,0x6C,0xBF,0xFE,0x3E,0x25,0x12,0xA0,0xAD,0x03,0x2F,0x77,0xAC,0x44,
+ 0x04,0xE8,0xB6,0x57,0x07,0x1D,0xF8,0x0B,0x67,0x35,0x13,0x3D,0x81,0x22,0x7E,0xE1,
+ 0x0D,0xFE,0x14,0x5B,0x4F,0x94,0x31,0x3C,0xB4,0xA5,0xE4,0xB5,0x6B,0x4E,0x73,0x48,
+ 0xE0,0x79,0xDD,0x37,0xDF,0xB9,0x26,0xC5,0x5C,0xAC,0x3B,0xB6,0x99,0x6E,0x56,0x4A,
+ 0x77,0x2A,0x55,0xBD,0xF6,0x71,0x71,0x50,0xBC,0xFC,0x33,0xD2,0x50,0x6E,0x37,0x71,
+ 0xFF,0x0E,0xFF,0x51,0x12,0xAF,0x19,0xAE,0xA3,0x64,0x1E,0xBA,0x10,0x0A,0xDE,0x9E,
+ 0xFA,0xEE,0xFE,0x41,0xAD,0xBB,0x15,0xCE,0x61,0x11,0x5A,0x1B,0xA4,0xA4,0x76,0x4A,
+ 0x32,0x0C,0xC6,0x9A,0x23,0xD2,0x7F,0xF0,0x62,0x94,0x60,0x29,0x38,0x56,0xBD,0xDE,
+ 0x52,0xDF,0xE6,0x23,0x1F,0xE0,0x2F,0x9D,0x75,0x04,0xF0,0xCA,0x13,0x68,0x9D,0xE1,
+ 0x80,0xD5,0x20,0x20,0x1F,0x11,0x7B,0xB0,0xCA,0x29,0x81,0xCC,0x15,0xA4,0xE1,0x4C,
+ 0xA4,0x0D,0xB2,0x20,0x63,0x7E,0xCD,0xB0,0xBC,0xD3,0x04,0x22,0x27,0x93,0x94,0x60,
+ 0x51,0x8D,0x30,0xB7,0x3D,0x29,0x06,0xBC,0x55,0x3D,0x31,0x8F,0x6B,0xED,0x26,0x98,
+ 0x6F,0xCB,0x40,0xF1,0xB5,0x22,0xC1,0xA8,0x33,0x0A,0x42,0x93,0x9E,0xCA,0xFA,0x04,
+ 0x72,0x0B,0xD5,0x31,0x5B,0x63,0x1C,0x35,0xD2,0x0D,0x03,0x37,0x29,0x2F,0xD9,0x79,
+ 0xF6,0xDA,0x07,0x7E,0x8D,0x31,0xC9,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,0x49,
+ 0x30,0x82,0x03,0x45,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x05,
+ 0xA0,0x30,0x3D,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x07,0x04,0x30,
+ 0x30,0x2E,0x06,0x26,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x08,0x86,0xC3,0x8C,
+ 0x75,0x84,0x99,0xE5,0x51,0x83,0xFD,0x81,0x28,0x85,0x8E,0x9F,0x53,0x82,0x91,0xC0,
+ 0x09,0x67,0x82,0xFC,0xFB,0x17,0x85,0x9B,0xFA,0x24,0x02,0x01,0x64,0x02,0x01,0x0D,
+ 0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x4B,0x63,0x62,0x54,0x47,
+ 0xF3,0xCF,0x7F,0x7F,0x7A,0x8B,0x5D,0xC1,0x14,0x0E,0xD8,0x47,0x6C,0x3F,0x4A,0x30,
+ 0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xE5,0x9C,0x00,0xAE,
+ 0x43,0x00,0xBD,0x1A,0x5A,0x4A,0xB7,0x89,0xB6,0xE7,0x88,0xD0,0x0E,0x77,0x2D,0x22,
+ 0x30,0x81,0xCF,0x06,0x03,0x55,0x1D,0x1F,0x04,0x81,0xC7,0x30,0x81,0xC4,0x30,0x81,
+ 0xC1,0xA0,0x81,0xBE,0xA0,0x81,0xBB,0x86,0x57,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,
+ 0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,
+ 0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x43,0x52,0x4C,0x2F,0x49,0x6E,0x74,
+ 0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,
+ 0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x25,
+ 0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x33,0x42,0x28,0x32,0x29,0x2E,0x63,0x72,0x6C,
+ 0x86,0x60,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,
+ 0x63,0x61,0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,
+ 0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x43,0x52,0x4C,0x2F,0x49,
+ 0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,
+ 0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x49,0x73,0x73,0x75,0x69,0x6E,
+ 0x67,0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x33,0x42,0x28,0x32,0x29,0x2E,0x63,
+ 0x72,0x6C,0x30,0x82,0x01,0x1B,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,
+ 0x04,0x82,0x01,0x0D,0x30,0x82,0x01,0x09,0x30,0x6C,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x30,0x02,0x86,0x60,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,
+ 0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,
+ 0x69,0x74,0x6F,0x72,0x79,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,
+ 0x65,0x73,0x2F,0x49,0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,
+ 0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x49,0x73,
+ 0x73,0x75,0x69,0x6E,0x67,0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x33,0x42,0x28,
+ 0x32,0x29,0x2E,0x63,0x72,0x74,0x30,0x75,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
+ 0x30,0x02,0x86,0x69,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x69,
+ 0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,
+ 0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x63,0x65,0x72,
+ 0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,0x74,0x65,0x6C,0x25,
+ 0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,0x73,
+ 0x69,0x63,0x25,0x32,0x30,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x25,0x32,0x30,0x43,
+ 0x41,0x25,0x32,0x30,0x33,0x42,0x28,0x32,0x29,0x2E,0x63,0x72,0x74,0x30,0x22,0x06,
+ 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x16,0x68,0x74,0x74,0x70,0x3A,
+ 0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,
+ 0x2F,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,
+ 0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,
+ 0x30,0x27,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x0A,0x04,0x1A,0x30,
+ 0x18,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x0A,0x06,
+ 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x7E,0x06,0x03,0x55,0x1D,0x11,
+ 0x04,0x77,0x30,0x75,0x82,0x11,0x63,0x6F,0x6E,0x74,0x61,0x63,0x74,0x2E,0x69,0x6E,
+ 0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x17,0x6D,0x79,0x70,0x68,0x6F,0x6E,0x65,
+ 0x61,0x74,0x77,0x6F,0x72,0x6B,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,
+ 0x82,0x11,0x6D,0x69,0x61,0x64,0x6D,0x69,0x6E,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,
+ 0x63,0x6F,0x6D,0x82,0x19,0x66,0x6D,0x73,0x76,0x73,0x70,0x70,0x72,0x6F,0x64,0x30,
+ 0x32,0x2E,0x66,0x6D,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x19,
+ 0x6A,0x66,0x73,0x76,0x73,0x70,0x70,0x72,0x6F,0x64,0x30,0x32,0x2E,0x6A,0x66,0x2E,
+ 0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x51,0xB1,0x05,
+ 0xDD,0xB7,0x55,0x8B,0xAC,0x41,0x7C,0x45,0x05,0x31,0x74,0x08,0x74,0x79,0xB3,0xD3,
+ 0x2C,0x61,0x82,0xAF,0x3E,0x73,0x44,0x6F,0xFD,0xF1,0x3C,0xEF,0x5C,0xC4,0xCF,0xA3,
+ 0x8D,0xEB,0x17,0x1F,0x04,0x66,0x41,0xF0,0x1C,0x4E,0x6D,0xEA,0x67,0xC7,0xFC,0x4E,
+ 0x36,0x68,0xC8,0x17,0xE5,0x8E,0x34,0xE5,0x09,0x4E,0x3E,0x43,0xA8,0xF7,0x4B,0x84,
+ 0xD7,0x10,0x0E,0x65,0x7B,0xB0,0x07,0xED,0xA1,0x0F,0x73,0x31,0x29,0xDB,0x88,0xFA,
+ 0xD6,0x87,0x51,0x7A,0x37,0xD9,0x64,0x60,0x25,0xB9,0x0F,0x49,0x0E,0xF7,0xC4,0x10,
+ 0x61,0xE1,0x47,0x41,0x13,0xEC,0x7D,0xE9,0xBB,0x69,0x51,0x27,0xDC,0x2B,0xAC,0x23,
+ 0x9A,0x00,0x44,0xE3,0xE8,0x22,0x38,0x06,0xA3,0x53,0x2F,0x8F,0x2D,0x0B,0x70,0xE2,
+ 0x79,0xC1,0x62,0x12,0xB7,0x89,0xE1,0x05,0x4E,0xA3,0xDF,0x84,0x39,0x29,0xD1,0xBB,
+ 0x70,0x22,0xA5,0x5A,0xB2,0x8B,0x5D,0xA4,0x95,0x5A,0x7E,0x7A,0xFB,0x36,0xFC,0x6A,
+ 0xC8,0x29,0xE0,0x7E,0x77,0x1E,0xE6,0x63,0x31,0x09,0x7D,0x42,0x94,0xF4,0xF4,0x6B,
+ 0x92,0x36,0xF6,0x5B,0x38,0x31,0xC8,0x65,0x35,0xEA,0xE6,0x5E,0x45,0xBC,0x7E,0xF8,
+ 0x6D,0xF4,0x8C,0x01,0xC2,0xAC,0xAF,0xAD,0xAC,0x56,0xCA,0x08,0x23,0xBB,0x06,0x0B,
+ 0xD1,0xC9,0xC9,0x8A,0x2C,0x49,0xDD,0xE6,0x34,0xF2,0xB9,0x0F,0x24,0x3F,0x26,0x7B,
+ 0xFC,0xA4,0xE2,0x86,0xFC,0xE1,0x83,0x35,0x1E,0xB2,0xCD,0xA4,0x01,0xFE,0x14,0xFE,
+ 0xC1,0x90,0xEF,0x87,0xD3,0x9F,0xB2,0xFC,0x9A,0xDA,0xEB,0x6A,0x6C,
+};
+
+/* subject:/C=US/ST=CA/L=Santa Clara/O=Intel Corporation/CN=Intel External Basic Issuing CA 3B */
+/* issuer :/C=US/O=Intel Corporation/CN=Intel External Basic Policy CA */
+unsigned char intel2_intermediate1[1725]={
+ 0x30,0x82,0x06,0xB9,0x30,0x82,0x05,0xA1,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x61,
+ 0x2C,0xFF,0x88,0x00,0x01,0x00,0x00,0x00,0x10,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x52,0x31,0x0B,0x30,0x09,0x06,0x03,
+ 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x0A,
+ 0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,
+ 0x69,0x6F,0x6E,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x03,0x13,0x1E,0x49,0x6E,
+ 0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x42,0x61,0x73,
+ 0x69,0x63,0x20,0x50,0x6F,0x6C,0x69,0x63,0x79,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,
+ 0x31,0x33,0x30,0x32,0x30,0x38,0x32,0x32,0x32,0x31,0x32,0x33,0x5A,0x17,0x0D,0x31,
+ 0x38,0x30,0x32,0x30,0x38,0x32,0x32,0x33,0x31,0x32,0x33,0x5A,0x30,0x79,0x31,0x0B,
+ 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,
+ 0x07,0x13,0x0B,0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C,0x61,0x72,0x61,0x31,0x1A,
+ 0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43,
+ 0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x2B,0x30,0x29,0x06,0x03,
+ 0x55,0x04,0x03,0x13,0x22,0x49,0x6E,0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72,
+ 0x6E,0x61,0x6C,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x49,0x73,0x73,0x75,0x69,0x6E,
+ 0x67,0x20,0x43,0x41,0x20,0x33,0x42,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,
+ 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,
+ 0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xB0,0x00,0x93,0xAE,0xF2,0xCA,0x6C,0xA6,
+ 0x4D,0xCC,0x48,0xBF,0x4A,0x23,0xFC,0x2A,0x9B,0xC8,0x6E,0xED,0x0B,0x83,0x07,0xB1,
+ 0x3C,0x67,0x39,0x75,0x62,0x80,0x6D,0x10,0xD1,0xA8,0xF0,0xD6,0xA7,0x33,0xA0,0x98,
+ 0xD8,0x85,0xFA,0x85,0xCF,0x0A,0xEB,0xC9,0xF5,0xBD,0x9B,0x0B,0xB4,0xF7,0xB8,0xB3,
+ 0xC1,0x64,0xE3,0x9F,0x60,0x3F,0xD0,0x4B,0x2D,0x9C,0x3F,0xBB,0x3E,0x1F,0xD6,0x8B,
+ 0x8A,0x68,0xA8,0x93,0x71,0xFE,0x30,0xD2,0xE5,0x97,0xAC,0xEF,0x20,0x86,0x15,0xEA,
+ 0xB1,0xF7,0x6E,0x43,0x7F,0x6D,0xF3,0x00,0x9E,0x73,0xA7,0xD7,0xA1,0xD4,0xA3,0x58,
+ 0xDB,0x6D,0x61,0xC2,0xBE,0x51,0x6A,0xA3,0x24,0xFA,0x6F,0x80,0x27,0x32,0xA0,0x12,
+ 0xD8,0x7C,0x9C,0xF6,0x46,0x58,0xB6,0xC8,0x1D,0x61,0x6A,0x05,0xAA,0x85,0xF7,0x28,
+ 0xE1,0x08,0x29,0xCB,0x02,0xA4,0xDF,0x73,0x76,0x2A,0xFB,0x1D,0xAE,0x98,0xBF,0xEB,
+ 0xD8,0x7F,0x09,0x1A,0x62,0x3B,0xBF,0xB1,0x0E,0x06,0xCB,0x8C,0x8C,0xE2,0xEA,0xCC,
+ 0x45,0x81,0xB2,0x95,0xE3,0xFA,0x87,0xF4,0xA8,0x17,0xEA,0xEC,0xBF,0x08,0x0F,0x7F,
+ 0xB1,0x40,0x0F,0x4F,0x7B,0xBC,0xE9,0xB6,0xAA,0x33,0xE2,0x64,0xC6,0x43,0x6F,0x12,
+ 0xAE,0x18,0xA9,0x72,0x04,0x1A,0xE5,0x26,0x10,0x13,0xF7,0xE1,0x2B,0x51,0x50,0xB0,
+ 0x16,0x9C,0x52,0x19,0x16,0x0A,0x24,0x0A,0x06,0xBB,0x26,0xDD,0xF0,0x1A,0xD3,0x1D,
+ 0x5E,0x31,0xAC,0xE0,0xC4,0xE7,0x2A,0xB3,0xFB,0x18,0x9F,0xCA,0xD3,0x05,0xC7,0x9D,
+ 0xDD,0x6F,0x6A,0x69,0xA9,0xB2,0x7E,0x85,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,
+ 0x68,0x30,0x82,0x03,0x64,0x30,0x12,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,
+ 0x15,0x01,0x04,0x05,0x02,0x03,0x02,0x00,0x02,0x30,0x23,0x06,0x09,0x2B,0x06,0x01,
+ 0x04,0x01,0x82,0x37,0x15,0x02,0x04,0x16,0x04,0x14,0x06,0x65,0x8B,0xA6,0x92,0xAB,
+ 0x43,0xBC,0x42,0x5A,0x90,0x2D,0xF5,0xCB,0x91,0x68,0x96,0x06,0x79,0xCF,0x30,0x1D,
+ 0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xE5,0x9C,0x00,0xAE,0x43,0x00,0xBD,
+ 0x1A,0x5A,0x4A,0xB7,0x89,0xB6,0xE7,0x88,0xD0,0x0E,0x77,0x2D,0x22,0x30,0x81,0xFA,
+ 0x06,0x03,0x55,0x1D,0x20,0x04,0x81,0xF2,0x30,0x81,0xEF,0x30,0x81,0xEC,0x06,0x0A,
+ 0x2A,0x86,0x48,0x86,0xF8,0x4D,0x01,0x05,0x01,0x69,0x30,0x81,0xDD,0x30,0x81,0x9C,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x81,0x8F,0x1E,0x81,0x8C,
+ 0x00,0x49,0x00,0x6E,0x00,0x74,0x00,0x65,0x00,0x6C,0x00,0x20,0x00,0x43,0x00,0x6F,
+ 0x00,0x72,0x00,0x70,0x00,0x6F,0x00,0x72,0x00,0x61,0x00,0x74,0x00,0x69,0x00,0x6F,
+ 0x00,0x6E,0x00,0x20,0x00,0x45,0x00,0x78,0x00,0x74,0x00,0x65,0x00,0x72,0x00,0x6E,
+ 0x00,0x61,0x00,0x6C,0x00,0x20,0x00,0x42,0x00,0x61,0x00,0x73,0x00,0x69,0x00,0x63,
+ 0x00,0x20,0x00,0x50,0x00,0x6F,0x00,0x6C,0x00,0x69,0x00,0x63,0x00,0x79,0x00,0x20,
+ 0x00,0x43,0x00,0x65,0x00,0x72,0x00,0x74,0x00,0x69,0x00,0x66,0x00,0x69,0x00,0x63,
+ 0x00,0x61,0x00,0x74,0x00,0x65,0x00,0x20,0x00,0x50,0x00,0x72,0x00,0x61,0x00,0x63,
+ 0x00,0x74,0x00,0x69,0x00,0x63,0x00,0x65,0x00,0x20,0x00,0x53,0x00,0x74,0x00,0x61,
+ 0x00,0x74,0x00,0x65,0x00,0x6D,0x00,0x65,0x00,0x6E,0x00,0x74,0x30,0x3C,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x30,0x68,0x74,0x74,0x70,0x3A,0x2F,
+ 0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,
+ 0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x70,0x6B,0x69,0x63,0x70,0x73,
+ 0x2F,0x69,0x6E,0x64,0x65,0x78,0x2E,0x68,0x74,0x6D,0x30,0x19,0x06,0x09,0x2B,0x06,
+ 0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x04,0x0C,0x1E,0x0A,0x00,0x53,0x00,0x75,0x00,
+ 0x62,0x00,0x43,0x00,0x41,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,
+ 0x01,0x86,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,
+ 0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,
+ 0x16,0x80,0x14,0x56,0x3A,0x6F,0x17,0xAB,0x24,0x0C,0xE5,0xB7,0x31,0x64,0xB0,0x11,
+ 0xED,0xDB,0xEA,0x23,0xBE,0x5E,0xBC,0x30,0x81,0xC3,0x06,0x03,0x55,0x1D,0x1F,0x04,
+ 0x81,0xBB,0x30,0x81,0xB8,0x30,0x81,0xB5,0xA0,0x81,0xB2,0xA0,0x81,0xAF,0x86,0x51,
+ 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,
+ 0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,
+ 0x43,0x52,0x4C,0x2F,0x49,0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,
+ 0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x50,
+ 0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43,0x41,0x28,0x31,0x29,0x2E,0x63,0x72,
+ 0x6C,0x86,0x5A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,
+ 0x69,0x63,0x61,0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,
+ 0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x43,0x52,0x4C,0x2F,
+ 0x49,0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,
+ 0x25,0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,
+ 0x79,0x25,0x32,0x30,0x43,0x41,0x28,0x31,0x29,0x2E,0x63,0x72,0x6C,0x30,0x81,0xE9,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x81,0xDC,0x30,0x81,0xD9,
+ 0x30,0x66,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x5A,0x68,0x74,
+ 0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,
+ 0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x63,0x65,
+ 0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,0x74,0x65,0x6C,
+ 0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,
+ 0x73,0x69,0x63,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43,
+ 0x41,0x28,0x31,0x29,0x2E,0x63,0x72,0x74,0x30,0x6F,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x30,0x02,0x86,0x63,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,
+ 0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,
+ 0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x63,
+ 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,0x74,0x65,
+ 0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,
+ 0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,
+ 0x43,0x41,0x28,0x31,0x29,0x2E,0x63,0x72,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x47,0xBB,0x93,
+ 0xE6,0x03,0xB1,0xD9,0x57,0x0E,0xFF,0x60,0xE9,0x0F,0xC7,0x5E,0x86,0xE6,0x23,0xF7,
+ 0xDE,0xFA,0x6D,0xC2,0x77,0x32,0xEF,0x23,0xF6,0x8F,0xCC,0x6F,0x25,0x72,0xD4,0xA9,
+ 0x4B,0xAD,0x11,0xA2,0x73,0xBB,0x8B,0xD2,0xB7,0xB8,0x87,0x94,0x74,0x89,0x0C,0xCC,
+ 0x5C,0xEA,0x3A,0x9A,0xC0,0x75,0x3A,0x97,0x59,0x7C,0x22,0x00,0x3D,0x7A,0xC7,0xC5,
+ 0x5B,0xE8,0xD4,0x93,0x13,0xEC,0x8F,0x94,0xCD,0xA8,0x33,0xDF,0xA4,0xD7,0x9A,0xA1,
+ 0xC8,0xD8,0xA3,0xB4,0x49,0x7E,0x17,0x3A,0x02,0xE9,0x66,0x56,0x97,0x8D,0x16,0xB4,
+ 0x70,0xAB,0xBC,0x6B,0x10,0x48,0xE7,0x45,0x7B,0x13,0xC7,0x4D,0x05,0xBC,0xA0,0x2C,
+ 0x05,0x16,0xBE,0x06,0x7E,0xF6,0x79,0x67,0x8F,0x9C,0x34,0x54,0xE6,0x7E,0xEA,0x19,
+ 0x77,0x14,0xF1,0x9D,0x3B,0x55,0xE4,0x33,0x9F,0x69,0xBB,0xA7,0xA7,0x22,0x54,0x51,
+ 0x2C,0x67,0x7D,0x04,0x52,0xAA,0x7B,0x66,0xDE,0xA9,0x6A,0xAD,0x8C,0xA1,0x5C,0x79,
+ 0x39,0xCD,0x1C,0x85,0xEC,0x89,0x06,0x99,0x85,0x46,0x27,0xA0,0x01,0x57,0x6E,0x93,
+ 0x36,0x51,0x45,0xE1,0x5A,0x3A,0x59,0xAF,0x5B,0x41,0xF9,0x70,0x9D,0xC4,0x16,0x0E,
+ 0x05,0xE7,0x95,0xB4,0x01,0xB4,0x93,0x1A,0x59,0x0B,0x8A,0x31,0xF7,0xB6,0x48,0xC8,
+ 0x6A,0xF6,0x22,0x8C,0x9E,0x92,0x28,0x6F,0xA8,0x93,0xB4,0xA7,0x72,0x53,0x3A,0xDA,
+ 0x2C,0xFA,0xD4,0x3D,0xBF,0x09,0x23,0x7F,0xDF,0xCC,0x65,0x2A,0xD0,0x91,0xAA,0x50,
+ 0x31,0xC8,0x65,0xF5,0x38,0x58,0xD4,0xB3,0x9B,0xE6,0x31,0x10,0x08,
+};
+
+/* subject:/C=US/O=Intel Corporation/CN=Intel External Basic Policy CA */
+/* issuer :/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root */
+unsigned char intel_intermediate2[2397]={
+ 0x30,0x82,0x09,0x59,0x30,0x82,0x08,0x41,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x79,
+ 0x17,0x4A,0xA9,0x14,0x17,0x36,0xFE,0x15,0xA7,0xCA,0x9F,0x2C,0xFF,0x45,0x88,0x30,
+ 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x6F,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x53,0x45,0x31,0x14,0x30,
+ 0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74,
+ 0x20,0x41,0x42,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41,0x64,
+ 0x64,0x54,0x72,0x75,0x73,0x74,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,
+ 0x54,0x54,0x50,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x22,0x30,0x20,0x06,
+ 0x03,0x55,0x04,0x03,0x13,0x19,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x20,0x45,
+ 0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x43,0x41,0x20,0x52,0x6F,0x6F,0x74,0x30,
+ 0x1E,0x17,0x0D,0x31,0x33,0x30,0x32,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,
+ 0x17,0x0D,0x32,0x30,0x30,0x35,0x33,0x30,0x31,0x30,0x34,0x38,0x33,0x38,0x5A,0x30,
+ 0x52,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1A,
+ 0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43,
+ 0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x27,0x30,0x25,0x06,0x03,
+ 0x55,0x04,0x03,0x13,0x1E,0x49,0x6E,0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72,
+ 0x6E,0x61,0x6C,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x50,0x6F,0x6C,0x69,0x63,0x79,
+ 0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,
+ 0x82,0x01,0x01,0x00,0xC2,0xB8,0x84,0x95,0x42,0x2D,0xDC,0xB0,0xAA,0x98,0x93,0x9B,
+ 0xB3,0xEC,0x83,0xA1,0x63,0xC3,0x17,0x92,0x2A,0x81,0x69,0x3A,0x9A,0x82,0x28,0x6D,
+ 0x88,0xCF,0x7D,0xEC,0x6D,0x66,0x26,0x14,0xE8,0x8D,0xC4,0x7E,0xF0,0x30,0xA0,0xDC,
+ 0x4F,0x0E,0x43,0x76,0x5A,0x8C,0x1C,0xA1,0xC5,0x19,0x30,0x96,0xC4,0x78,0x4A,0xB9,
+ 0x79,0xB0,0x64,0xB0,0x59,0xF1,0x7F,0x5D,0xA0,0x07,0x19,0x48,0x56,0x22,0x18,0xC1,
+ 0x90,0x33,0xBB,0xB6,0x85,0xBE,0x10,0xCC,0xC8,0xF2,0x90,0x23,0x70,0xBC,0x08,0x6D,
+ 0x19,0x48,0x2F,0x40,0x05,0x9D,0x44,0xDE,0xE9,0x9D,0x03,0x70,0x84,0xB9,0xE3,0x4E,
+ 0x98,0xFF,0xD3,0x0A,0x13,0x6A,0x0A,0x5D,0xB7,0xF8,0x11,0xB5,0x41,0xBF,0xCF,0x26,
+ 0x4A,0x40,0x3B,0xE1,0x9F,0xA5,0x64,0x95,0x85,0x37,0x15,0xE7,0x73,0x1F,0xFD,0xC2,
+ 0xAF,0x14,0x77,0x23,0x18,0xDA,0xF1,0xCD,0xD4,0xA8,0xAB,0xD7,0xF2,0x5B,0xB6,0xBA,
+ 0x81,0xF7,0x06,0x11,0x06,0x34,0x2D,0x59,0x26,0xC0,0x55,0x94,0x7C,0x9D,0x30,0x4F,
+ 0xC9,0x1A,0x78,0xBA,0xF4,0x13,0x4B,0x68,0xCE,0x42,0x1F,0xA3,0x4D,0x4A,0x35,0x63,
+ 0x73,0xBF,0xA3,0x5C,0x60,0xFF,0x34,0x40,0xE0,0x51,0x0E,0x50,0x29,0x5A,0xEF,0x4E,
+ 0x0E,0x61,0x15,0x24,0x73,0xC3,0x6E,0x5C,0x78,0x8F,0x34,0xD0,0xDC,0x92,0xDA,0xFB,
+ 0x80,0xEF,0x04,0xD3,0xA3,0x55,0x43,0xA9,0xFA,0x68,0x11,0x9A,0x38,0x96,0xD2,0xB2,
+ 0xDD,0xAF,0x1C,0x0E,0xC4,0x8A,0x88,0x3B,0x03,0x63,0xC1,0xE3,0x02,0xA7,0xF8,0x60,
+ 0xC5,0x7F,0xE1,0x4D,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x06,0x0C,0x30,0x82,0x06,
+ 0x08,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xAD,0xBD,
+ 0x98,0x7A,0x34,0xB4,0x26,0xF7,0xFA,0xC4,0x26,0x54,0xEF,0x03,0xBD,0xE0,0x24,0xCB,
+ 0x54,0x1A,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x56,0x3A,0x6F,
+ 0x17,0xAB,0x24,0x0C,0xE5,0xB7,0x31,0x64,0xB0,0x11,0xED,0xDB,0xEA,0x23,0xBE,0x5E,
+ 0xBC,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,
+ 0x86,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,
+ 0x01,0xFF,0x02,0x01,0x01,0x30,0x5E,0x06,0x03,0x55,0x1D,0x25,0x04,0x57,0x30,0x55,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x03,0x02,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
+ 0x03,0x08,0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,0x06,0x0A,
+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x0C,0x06,0x09,0x2B,0x06,0x01,0x04,
+ 0x01,0x82,0x37,0x15,0x05,0x30,0x17,0x06,0x03,0x55,0x1D,0x20,0x04,0x10,0x30,0x0E,
+ 0x30,0x0C,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF8,0x4D,0x01,0x05,0x01,0x69,0x30,0x49,
+ 0x06,0x03,0x55,0x1D,0x1F,0x04,0x42,0x30,0x40,0x30,0x3E,0xA0,0x3C,0xA0,0x3A,0x86,
+ 0x38,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x74,0x72,0x75,0x73,
+ 0x74,0x2D,0x70,0x72,0x6F,0x76,0x69,0x64,0x65,0x72,0x2E,0x63,0x6F,0x6D,0x2F,0x41,
+ 0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x43,
+ 0x41,0x52,0x6F,0x6F,0x74,0x2E,0x63,0x72,0x6C,0x30,0x81,0xC2,0x06,0x08,0x2B,0x06,
+ 0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x81,0xB5,0x30,0x81,0xB2,0x30,0x44,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x38,0x68,0x74,0x74,0x70,0x3A,0x2F,
+ 0x2F,0x63,0x72,0x74,0x2E,0x74,0x72,0x75,0x73,0x74,0x2D,0x70,0x72,0x6F,0x76,0x69,
+ 0x64,0x65,0x72,0x2E,0x63,0x6F,0x6D,0x2F,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74,
+ 0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x43,0x41,0x52,0x6F,0x6F,0x74,0x2E,0x70,
+ 0x37,0x63,0x30,0x3E,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x32,
+ 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x74,0x2E,0x74,0x72,0x75,0x73,0x74,
+ 0x2D,0x70,0x72,0x6F,0x76,0x69,0x64,0x65,0x72,0x2E,0x63,0x6F,0x6D,0x2F,0x41,0x64,
+ 0x64,0x54,0x72,0x75,0x73,0x74,0x55,0x54,0x4E,0x53,0x47,0x43,0x43,0x41,0x2E,0x63,
+ 0x72,0x74,0x30,0x2A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x1E,
+ 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x74,0x72,0x75,0x73,
+ 0x74,0x2D,0x70,0x72,0x6F,0x76,0x69,0x64,0x65,0x72,0x2E,0x63,0x6F,0x6D,0x30,0x82,
+ 0x04,0x17,0x06,0x03,0x55,0x1D,0x1E,0x04,0x82,0x04,0x0E,0x30,0x82,0x04,0x0A,0xA0,
+ 0x82,0x03,0xD4,0x30,0x0B,0x81,0x09,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x0B,0x82,0x09,0x61,0x70,0x70,0x75,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x82,
+ 0x0C,0x63,0x6C,0x6F,0x75,0x64,0x6E,0x70,0x6F,0x2E,0x6F,0x72,0x67,0x30,0x13,0x82,
+ 0x11,0x65,0x64,0x61,0x63,0x61,0x64,0x74,0x6F,0x6F,0x6C,0x6B,0x69,0x74,0x2E,0x6F,
+ 0x72,0x67,0x30,0x0B,0x82,0x09,0x66,0x74,0x6C,0x31,0x30,0x2E,0x63,0x6F,0x6D,0x30,
+ 0x0B,0x82,0x09,0x69,0x68,0x63,0x6D,0x73,0x2E,0x6E,0x65,0x74,0x30,0x0E,0x82,0x0C,
+ 0x69,0x6E,0x63,0x2D,0x6E,0x65,0x73,0x74,0x2E,0x6E,0x65,0x74,0x30,0x16,0x82,0x14,
+ 0x69,0x6E,0x64,0x69,0x61,0x65,0x64,0x75,0x73,0x65,0x72,0x76,0x69,0x63,0x65,0x73,
+ 0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x82,0x0B,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,
+ 0x2E,0x6A,0x70,0x30,0x0D,0x82,0x0B,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x2E,
+ 0x6B,0x72,0x30,0x0D,0x82,0x0B,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x2E,0x75,
+ 0x6B,0x30,0x0B,0x82,0x09,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0A,
+ 0x82,0x08,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x66,0x72,0x30,0x0B,0x82,0x09,0x69,0x6E,
+ 0x74,0x65,0x6C,0x2E,0x6E,0x65,0x74,0x30,0x13,0x82,0x11,0x69,0x6E,0x74,0x65,0x6C,
+ 0x61,0x6C,0x6C,0x69,0x61,0x6E,0x63,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,
+ 0x69,0x6E,0x74,0x65,0x6C,0x61,0x70,0x61,0x63,0x73,0x74,0x6F,0x72,0x65,0x2E,0x63,
+ 0x6F,0x6D,0x30,0x16,0x82,0x14,0x69,0x6E,0x74,0x65,0x6C,0x61,0x73,0x73,0x65,0x74,
+ 0x66,0x69,0x6E,0x64,0x65,0x72,0x2E,0x63,0x6F,0x6D,0x30,0x19,0x82,0x17,0x69,0x6E,
+ 0x74,0x65,0x6C,0x62,0x65,0x74,0x74,0x65,0x72,0x74,0x6F,0x67,0x65,0x74,0x68,0x65,
+ 0x72,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x69,0x6E,0x74,0x65,0x6C,0x63,0x68,
+ 0x61,0x6C,0x6C,0x65,0x6E,0x67,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x13,0x82,0x11,0x69,
+ 0x6E,0x74,0x65,0x6C,0x63,0x6C,0x6F,0x75,0x64,0x73,0x73,0x6F,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x1E,0x82,0x1C,0x69,0x6E,0x74,0x65,0x6C,0x63,0x6F,0x6E,0x73,0x75,0x6D,0x65,
+ 0x72,0x65,0x6C,0x65,0x63,0x74,0x72,0x6F,0x6E,0x69,0x63,0x73,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x12,0x82,0x10,0x69,0x6E,0x74,0x65,0x6C,0x63,0x6F,0x72,0x65,0x32,0x30,0x31,
+ 0x30,0x2E,0x72,0x75,0x30,0x16,0x82,0x14,0x69,0x6E,0x74,0x65,0x6C,0x66,0x65,0x6C,
+ 0x6C,0x6F,0x77,0x73,0x68,0x69,0x70,0x73,0x2E,0x63,0x6F,0x6D,0x30,0x16,0x82,0x14,
+ 0x69,0x6E,0x74,0x65,0x6C,0x68,0x79,0x62,0x72,0x69,0x64,0x63,0x6C,0x6F,0x75,0x64,
+ 0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x69,0x6E,0x74,0x65,0x6C,0x70,0x6F,0x72,
+ 0x74,0x66,0x6F,0x6C,0x69,0x6F,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x82,0x0C,0x69,0x6E,
+ 0x74,0x65,0x6C,0x2D,0x72,0x61,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x69,0x6E,
+ 0x74,0x65,0x6C,0x2D,0x72,0x65,0x73,0x65,0x61,0x72,0x63,0x68,0x2E,0x6E,0x65,0x74,
+ 0x30,0x14,0x82,0x12,0x69,0x6E,0x74,0x65,0x6C,0x72,0x6D,0x61,0x73,0x75,0x72,0x76,
+ 0x65,0x79,0x2E,0x63,0x6F,0x6D,0x30,0x18,0x82,0x16,0x69,0x6E,0x74,0x65,0x6C,0x73,
+ 0x6D,0x61,0x6C,0x6C,0x62,0x75,0x73,0x69,0x6E,0x65,0x73,0x73,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x11,0x82,0x0F,0x6D,0x79,0x69,0x6E,0x74,0x65,0x6C,0x65,0x64,0x67,0x65,0x2E,
+ 0x63,0x6F,0x6D,0x30,0x11,0x82,0x0F,0x6D,0x79,0x2D,0x6C,0x61,0x70,0x74,0x6F,0x70,
+ 0x2E,0x63,0x6F,0x2E,0x75,0x6B,0x30,0x12,0x82,0x10,0x6F,0x72,0x69,0x67,0x69,0x6E,
+ 0x2D,0x61,0x70,0x70,0x75,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x82,0x1C,0x6F,0x72,
+ 0x69,0x67,0x69,0x6E,0x2D,0x69,0x6E,0x74,0x65,0x67,0x72,0x61,0x74,0x69,0x6F,0x6E,
+ 0x2D,0x61,0x70,0x70,0x75,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x08,0x82,0x06,0x70,0x63,
+ 0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x70,0x63,0x74,0x68,0x65,0x66,0x74,0x64,
+ 0x65,0x66,0x65,0x6E,0x63,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x70,0x63,
+ 0x74,0x68,0x65,0x66,0x74,0x64,0x65,0x66,0x65,0x6E,0x73,0x65,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x0E,0x82,0x0C,0x70,0x76,0x61,0x74,0x72,0x69,0x61,0x6C,0x2E,0x6E,0x65,0x74,
+ 0x30,0x19,0x82,0x17,0x72,0x65,0x64,0x65,0x66,0x69,0x6E,0x65,0x79,0x6F,0x75,0x72,
+ 0x6E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x2E,0x63,0x6F,0x6D,0x30,0x0F,0x82,0x0D,0x72,
+ 0x65,0x74,0x61,0x69,0x6C,0x2D,0x69,0x61,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,
+ 0x73,0x65,0x72,0x76,0x65,0x72,0x2D,0x69,0x6E,0x73,0x69,0x67,0x68,0x74,0x2E,0x63,
+ 0x6F,0x6D,0x30,0x13,0x82,0x11,0x74,0x68,0x65,0x69,0x6E,0x74,0x65,0x6C,0x73,0x74,
+ 0x6F,0x72,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1D,0x82,0x1B,0x74,0x68,0x72,0x65,0x61,
+ 0x64,0x69,0x6E,0x67,0x62,0x75,0x69,0x6C,0x64,0x69,0x6E,0x67,0x62,0x6C,0x6F,0x63,
+ 0x6B,0x73,0x2E,0x6F,0x72,0x67,0x30,0x1B,0x82,0x19,0x74,0x68,0x75,0x6E,0x64,0x65,
+ 0x72,0x62,0x6F,0x6C,0x74,0x74,0x65,0x63,0x68,0x6E,0x6F,0x6C,0x6F,0x67,0x79,0x2E,
+ 0x6E,0x65,0x74,0x30,0x20,0x82,0x1E,0x75,0x6C,0x74,0x72,0x61,0x62,0x6F,0x6F,0x6B,
+ 0x2D,0x73,0x6F,0x66,0x74,0x77,0x61,0x72,0x65,0x2D,0x63,0x6F,0x6E,0x74,0x65,0x73,
+ 0x74,0x2E,0x63,0x6F,0x6D,0x30,0x50,0xA4,0x4E,0x30,0x4C,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
+ 0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x07,0x13,0x0B,
+ 0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C,0x61,0x72,0x61,0x31,0x1A,0x30,0x18,0x06,
+ 0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,
+ 0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0xA1,0x30,0x30,0x0A,0x87,0x08,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x30,0x22,0x87,0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x58,0x6F,0xBF,
+ 0xCD,0x43,0x07,0x42,0x13,0xFC,0xB8,0xD0,0xAD,0x81,0x21,0xF2,0x8A,0x6F,0xEF,0x87,
+ 0xBC,0x26,0x8A,0x7C,0x00,0xBD,0x68,0x0C,0x2B,0x19,0x64,0x2C,0x11,0x67,0xB3,0xA9,
+ 0xD9,0x79,0x0A,0xAC,0x39,0x5D,0x65,0x00,0x16,0x3B,0x53,0x46,0x6E,0xA2,0xA6,0xB5,
+ 0x67,0x99,0xDB,0xE8,0xBF,0xA2,0x25,0xAE,0x04,0x95,0x11,0x09,0x3A,0x2F,0xDE,0xAC,
+ 0xB7,0x3D,0xB8,0xBC,0x01,0x74,0x30,0x80,0x47,0x48,0x54,0x4C,0xA0,0xFB,0x6B,0xA8,
+ 0xB8,0xA2,0x84,0xB7,0xF4,0x34,0xE5,0x7B,0xCE,0xDC,0x52,0x78,0xF4,0x31,0x6D,0x42,
+ 0x51,0xAE,0x87,0xBF,0x94,0xAC,0xBE,0x96,0x16,0xFB,0x55,0xE5,0x79,0x82,0x64,0xFD,
+ 0xAC,0x50,0x38,0xE4,0xDC,0xCB,0x81,0x2C,0xE7,0x77,0x6F,0x9D,0x9B,0x23,0x5C,0x7D,
+ 0x04,0x03,0xF4,0x07,0x9E,0x7E,0xD4,0x57,0xE2,0x66,0x94,0x4D,0xEB,0xB5,0x5C,0x5C,
+ 0x62,0x9E,0x8C,0x2D,0x83,0xE6,0x46,0x14,0xE2,0xA1,0x13,0x80,0xFD,0xDA,0xE0,0x86,
+ 0x27,0x11,0x92,0x2B,0xBD,0x87,0x17,0x4F,0xCB,0x19,0x18,0x4B,0x5E,0x8C,0xE6,0x0D,
+ 0xD9,0x8F,0x7D,0x23,0x76,0x6F,0xA4,0xFF,0xA0,0xBA,0x3D,0xE3,0x6D,0x37,0xD6,0x26,
+ 0x38,0xE8,0x1A,0x9C,0x23,0x92,0xC8,0x56,0x1F,0x1A,0x1A,0x8E,0x00,0xD6,0x33,0xA6,
+ 0x6B,0x95,0xFA,0x82,0x1E,0x74,0x0B,0x0F,0xA4,0x86,0xDF,0x23,0x33,0x7C,0x9E,0x36,
+ 0x14,0xB3,0x5C,0xE2,0xA3,0xED,0x48,0xA0,0x8E,0x28,0xF1,0xD7,0x4C,0xF6,0xC0,0x9B,
+ 0xB4,0xF5,0x3C,0xA3,0xE5,0xA8,0x63,0xA2,0x2C,0x08,0xA5,0xD5,0xFE,
+};
+
+/* subject:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root */
+/* issuer :/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root */
+unsigned char intel_root[1082]={
+ 0x30,0x82,0x04,0x36,0x30,0x82,0x03,0x1E,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x01,
+ 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,
+ 0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x53,0x45,0x31,0x14,
+ 0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x41,0x64,0x64,0x54,0x72,0x75,0x73,
+ 0x74,0x20,0x41,0x42,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41,
+ 0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,
+ 0x20,0x54,0x54,0x50,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x22,0x30,0x20,
+ 0x06,0x03,0x55,0x04,0x03,0x13,0x19,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x20,
+ 0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x43,0x41,0x20,0x52,0x6F,0x6F,0x74,
+ 0x30,0x1E,0x17,0x0D,0x30,0x30,0x30,0x35,0x33,0x30,0x31,0x30,0x34,0x38,0x33,0x38,
+ 0x5A,0x17,0x0D,0x32,0x30,0x30,0x35,0x33,0x30,0x31,0x30,0x34,0x38,0x33,0x38,0x5A,
+ 0x30,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x53,0x45,0x31,
+ 0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x41,0x64,0x64,0x54,0x72,0x75,
+ 0x73,0x74,0x20,0x41,0x42,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,
+ 0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,
+ 0x6C,0x20,0x54,0x54,0x50,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x22,0x30,
+ 0x20,0x06,0x03,0x55,0x04,0x03,0x13,0x19,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74,
+ 0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x43,0x41,0x20,0x52,0x6F,0x6F,
+ 0x74,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,
+ 0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,
+ 0x01,0x00,0xB7,0xF7,0x1A,0x33,0xE6,0xF2,0x00,0x04,0x2D,0x39,0xE0,0x4E,0x5B,0xED,
+ 0x1F,0xBC,0x6C,0x0F,0xCD,0xB5,0xFA,0x23,0xB6,0xCE,0xDE,0x9B,0x11,0x33,0x97,0xA4,
+ 0x29,0x4C,0x7D,0x93,0x9F,0xBD,0x4A,0xBC,0x93,0xED,0x03,0x1A,0xE3,0x8F,0xCF,0xE5,
+ 0x6D,0x50,0x5A,0xD6,0x97,0x29,0x94,0x5A,0x80,0xB0,0x49,0x7A,0xDB,0x2E,0x95,0xFD,
+ 0xB8,0xCA,0xBF,0x37,0x38,0x2D,0x1E,0x3E,0x91,0x41,0xAD,0x70,0x56,0xC7,0xF0,0x4F,
+ 0x3F,0xE8,0x32,0x9E,0x74,0xCA,0xC8,0x90,0x54,0xE9,0xC6,0x5F,0x0F,0x78,0x9D,0x9A,
+ 0x40,0x3C,0x0E,0xAC,0x61,0xAA,0x5E,0x14,0x8F,0x9E,0x87,0xA1,0x6A,0x50,0xDC,0xD7,
+ 0x9A,0x4E,0xAF,0x05,0xB3,0xA6,0x71,0x94,0x9C,0x71,0xB3,0x50,0x60,0x0A,0xC7,0x13,
+ 0x9D,0x38,0x07,0x86,0x02,0xA8,0xE9,0xA8,0x69,0x26,0x18,0x90,0xAB,0x4C,0xB0,0x4F,
+ 0x23,0xAB,0x3A,0x4F,0x84,0xD8,0xDF,0xCE,0x9F,0xE1,0x69,0x6F,0xBB,0xD7,0x42,0xD7,
+ 0x6B,0x44,0xE4,0xC7,0xAD,0xEE,0x6D,0x41,0x5F,0x72,0x5A,0x71,0x08,0x37,0xB3,0x79,
+ 0x65,0xA4,0x59,0xA0,0x94,0x37,0xF7,0x00,0x2F,0x0D,0xC2,0x92,0x72,0xDA,0xD0,0x38,
+ 0x72,0xDB,0x14,0xA8,0x45,0xC4,0x5D,0x2A,0x7D,0xB7,0xB4,0xD6,0xC4,0xEE,0xAC,0xCD,
+ 0x13,0x44,0xB7,0xC9,0x2B,0xDD,0x43,0x00,0x25,0xFA,0x61,0xB9,0x69,0x6A,0x58,0x23,
+ 0x11,0xB7,0xA7,0x33,0x8F,0x56,0x75,0x59,0xF5,0xCD,0x29,0xD7,0x46,0xB7,0x0A,0x2B,
+ 0x65,0xB6,0xD3,0x42,0x6F,0x15,0xB2,0xB8,0x7B,0xFB,0xEF,0xE9,0x5D,0x53,0xD5,0x34,
+ 0x5A,0x27,0x02,0x03,0x01,0x00,0x01,0xA3,0x81,0xDC,0x30,0x81,0xD9,0x30,0x1D,0x06,
+ 0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xAD,0xBD,0x98,0x7A,0x34,0xB4,0x26,0xF7,
+ 0xFA,0xC4,0x26,0x54,0xEF,0x03,0xBD,0xE0,0x24,0xCB,0x54,0x1A,0x30,0x0B,0x06,0x03,
+ 0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,
+ 0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x81,0x99,0x06,0x03,0x55,
+ 0x1D,0x23,0x04,0x81,0x91,0x30,0x81,0x8E,0x80,0x14,0xAD,0xBD,0x98,0x7A,0x34,0xB4,
+ 0x26,0xF7,0xFA,0xC4,0x26,0x54,0xEF,0x03,0xBD,0xE0,0x24,0xCB,0x54,0x1A,0xA1,0x73,
+ 0xA4,0x71,0x30,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x53,
+ 0x45,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x41,0x64,0x64,0x54,
+ 0x72,0x75,0x73,0x74,0x20,0x41,0x42,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,
+ 0x13,0x1D,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x20,0x45,0x78,0x74,0x65,0x72,
+ 0x6E,0x61,0x6C,0x20,0x54,0x54,0x50,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,
+ 0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x13,0x19,0x41,0x64,0x64,0x54,0x72,0x75,
+ 0x73,0x74,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x43,0x41,0x20,0x52,
+ 0x6F,0x6F,0x74,0x82,0x01,0x01,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,
+ 0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0xB0,0x9B,0xE0,0x85,0x25,0xC2,
+ 0xD6,0x23,0xE2,0x0F,0x96,0x06,0x92,0x9D,0x41,0x98,0x9C,0xD9,0x84,0x79,0x81,0xD9,
+ 0x1E,0x5B,0x14,0x07,0x23,0x36,0x65,0x8F,0xB0,0xD8,0x77,0xBB,0xAC,0x41,0x6C,0x47,
+ 0x60,0x83,0x51,0xB0,0xF9,0x32,0x3D,0xE7,0xFC,0xF6,0x26,0x13,0xC7,0x80,0x16,0xA5,
+ 0xBF,0x5A,0xFC,0x87,0xCF,0x78,0x79,0x89,0x21,0x9A,0xE2,0x4C,0x07,0x0A,0x86,0x35,
+ 0xBC,0xF2,0xDE,0x51,0xC4,0xD2,0x96,0xB7,0xDC,0x7E,0x4E,0xEE,0x70,0xFD,0x1C,0x39,
+ 0xEB,0x0C,0x02,0x51,0x14,0x2D,0x8E,0xBD,0x16,0xE0,0xC1,0xDF,0x46,0x75,0xE7,0x24,
+ 0xAD,0xEC,0xF4,0x42,0xB4,0x85,0x93,0x70,0x10,0x67,0xBA,0x9D,0x06,0x35,0x4A,0x18,
+ 0xD3,0x2B,0x7A,0xCC,0x51,0x42,0xA1,0x7A,0x63,0xD1,0xE6,0xBB,0xA1,0xC5,0x2B,0xC2,
+ 0x36,0xBE,0x13,0x0D,0xE6,0xBD,0x63,0x7E,0x79,0x7B,0xA7,0x09,0x0D,0x40,0xAB,0x6A,
+ 0xDD,0x8F,0x8A,0xC3,0xF6,0xF6,0x8C,0x1A,0x42,0x05,0x51,0xD4,0x45,0xF5,0x9F,0xA7,
+ 0x62,0x21,0x68,0x15,0x20,0x43,0x3C,0x99,0xE7,0x7C,0xBD,0x24,0xD8,0xA9,0x91,0x17,
+ 0x73,0x88,0x3F,0x56,0x1B,0x31,0x38,0x18,0xB4,0x71,0x0F,0x9A,0xCD,0xC8,0x0E,0x9E,
+ 0x8E,0x2E,0x1B,0xE1,0x8C,0x98,0x83,0xCB,0x1F,0x31,0xF1,0x44,0x4C,0xC6,0x04,0x73,
+ 0x49,0x76,0x60,0x0F,0xC7,0xF8,0xBD,0x17,0x80,0x6B,0x2E,0xE9,0xCC,0x4C,0x0E,0x5A,
+ 0x9A,0x79,0x0F,0x20,0x0A,0x2E,0xD5,0x9E,0x63,0x26,0x1E,0x55,0x92,0x94,0xD8,0x82,
+ 0x17,0x5A,0x7B,0xD0,0xBC,0xC7,0x8F,0x4E,0x86,0x04,
+};
+
+/* subject:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */
+/* issuer :/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */
+unsigned char _ABBRootCA[891]={
+ 0x30,0x82,0x03,0x77,0x30,0x82,0x02,0x5F,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x02,
+ 0x00,0x00,0xB9,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,
+ 0x05,0x00,0x30,0x5A,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,
+ 0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x42,0x61,0x6C,0x74,
+ 0x69,0x6D,0x6F,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x13,0x0A,
+ 0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03,
+ 0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x20,0x43,
+ 0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6F,0x6F,0x74,0x30,0x1E,
+ 0x17,0x0D,0x30,0x30,0x30,0x35,0x31,0x32,0x31,0x38,0x34,0x36,0x30,0x30,0x5A,0x17,
+ 0x0D,0x32,0x35,0x30,0x35,0x31,0x32,0x32,0x33,0x35,0x39,0x30,0x30,0x5A,0x30,0x5A,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,0x45,0x31,0x12,0x30,
+ 0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,
+ 0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x13,0x0A,0x43,0x79,0x62,0x65,
+ 0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x13,
+ 0x19,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x20,0x43,0x79,0x62,0x65,0x72,
+ 0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6F,0x6F,0x74,0x30,0x82,0x01,0x22,0x30,0x0D,
+ 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,
+ 0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA3,0x04,0xBB,0x22,0xAB,
+ 0x98,0x3D,0x57,0xE8,0x26,0x72,0x9A,0xB5,0x79,0xD4,0x29,0xE2,0xE1,0xE8,0x95,0x80,
+ 0xB1,0xB0,0xE3,0x5B,0x8E,0x2B,0x29,0x9A,0x64,0xDF,0xA1,0x5D,0xED,0xB0,0x09,0x05,
+ 0x6D,0xDB,0x28,0x2E,0xCE,0x62,0xA2,0x62,0xFE,0xB4,0x88,0xDA,0x12,0xEB,0x38,0xEB,
+ 0x21,0x9D,0xC0,0x41,0x2B,0x01,0x52,0x7B,0x88,0x77,0xD3,0x1C,0x8F,0xC7,0xBA,0xB9,
+ 0x88,0xB5,0x6A,0x09,0xE7,0x73,0xE8,0x11,0x40,0xA7,0xD1,0xCC,0xCA,0x62,0x8D,0x2D,
+ 0xE5,0x8F,0x0B,0xA6,0x50,0xD2,0xA8,0x50,0xC3,0x28,0xEA,0xF5,0xAB,0x25,0x87,0x8A,
+ 0x9A,0x96,0x1C,0xA9,0x67,0xB8,0x3F,0x0C,0xD5,0xF7,0xF9,0x52,0x13,0x2F,0xC2,0x1B,
+ 0xD5,0x70,0x70,0xF0,0x8F,0xC0,0x12,0xCA,0x06,0xCB,0x9A,0xE1,0xD9,0xCA,0x33,0x7A,
+ 0x77,0xD6,0xF8,0xEC,0xB9,0xF1,0x68,0x44,0x42,0x48,0x13,0xD2,0xC0,0xC2,0xA4,0xAE,
+ 0x5E,0x60,0xFE,0xB6,0xA6,0x05,0xFC,0xB4,0xDD,0x07,0x59,0x02,0xD4,0x59,0x18,0x98,
+ 0x63,0xF5,0xA5,0x63,0xE0,0x90,0x0C,0x7D,0x5D,0xB2,0x06,0x7A,0xF3,0x85,0xEA,0xEB,
+ 0xD4,0x03,0xAE,0x5E,0x84,0x3E,0x5F,0xFF,0x15,0xED,0x69,0xBC,0xF9,0x39,0x36,0x72,
+ 0x75,0xCF,0x77,0x52,0x4D,0xF3,0xC9,0x90,0x2C,0xB9,0x3D,0xE5,0xC9,0x23,0x53,0x3F,
+ 0x1F,0x24,0x98,0x21,0x5C,0x07,0x99,0x29,0xBD,0xC6,0x3A,0xEC,0xE7,0x6E,0x86,0x3A,
+ 0x6B,0x97,0x74,0x63,0x33,0xBD,0x68,0x18,0x31,0xF0,0x78,0x8D,0x76,0xBF,0xFC,0x9E,
+ 0x8E,0x5D,0x2A,0x86,0xA7,0x4D,0x90,0xDC,0x27,0x1A,0x39,0x02,0x03,0x01,0x00,0x01,
+ 0xA3,0x45,0x30,0x43,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xE5,
+ 0x9D,0x59,0x30,0x82,0x47,0x58,0xCC,0xAC,0xFA,0x08,0x54,0x36,0x86,0x7B,0x3A,0xB5,
+ 0x04,0x4D,0xF0,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,
+ 0x06,0x01,0x01,0xFF,0x02,0x01,0x03,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,
+ 0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x85,0x0C,0x5D,0x8E,0xE4,
+ 0x6F,0x51,0x68,0x42,0x05,0xA0,0xDD,0xBB,0x4F,0x27,0x25,0x84,0x03,0xBD,0xF7,0x64,
+ 0xFD,0x2D,0xD7,0x30,0xE3,0xA4,0x10,0x17,0xEB,0xDA,0x29,0x29,0xB6,0x79,0x3F,0x76,
+ 0xF6,0x19,0x13,0x23,0xB8,0x10,0x0A,0xF9,0x58,0xA4,0xD4,0x61,0x70,0xBD,0x04,0x61,
+ 0x6A,0x12,0x8A,0x17,0xD5,0x0A,0xBD,0xC5,0xBC,0x30,0x7C,0xD6,0xE9,0x0C,0x25,0x8D,
+ 0x86,0x40,0x4F,0xEC,0xCC,0xA3,0x7E,0x38,0xC6,0x37,0x11,0x4F,0xED,0xDD,0x68,0x31,
+ 0x8E,0x4C,0xD2,0xB3,0x01,0x74,0xEE,0xBE,0x75,0x5E,0x07,0x48,0x1A,0x7F,0x70,0xFF,
+ 0x16,0x5C,0x84,0xC0,0x79,0x85,0xB8,0x05,0xFD,0x7F,0xBE,0x65,0x11,0xA3,0x0F,0xC0,
+ 0x02,0xB4,0xF8,0x52,0x37,0x39,0x04,0xD5,0xA9,0x31,0x7A,0x18,0xBF,0xA0,0x2A,0xF4,
+ 0x12,0x99,0xF7,0xA3,0x45,0x82,0xE3,0x3C,0x5E,0xF5,0x9D,0x9E,0xB5,0xC8,0x9E,0x7C,
+ 0x2E,0xC8,0xA4,0x9E,0x4E,0x08,0x14,0x4B,0x6D,0xFD,0x70,0x6D,0x6B,0x1A,0x63,0xBD,
+ 0x64,0xE6,0x1F,0xB7,0xCE,0xF0,0xF2,0x9F,0x2E,0xBB,0x1B,0xB7,0xF2,0x50,0x88,0x73,
+ 0x92,0xC2,0xE2,0xE3,0x16,0x8D,0x9A,0x32,0x02,0xAB,0x8E,0x18,0xDD,0xE9,0x10,0x11,
+ 0xEE,0x7E,0x35,0xAB,0x90,0xAF,0x3E,0x30,0x94,0x7A,0xD0,0x33,0x3D,0xA7,0x65,0x0F,
+ 0xF5,0xFC,0x8E,0x9E,0x62,0xCF,0x47,0x44,0x2C,0x01,0x5D,0xBB,0x1D,0xB5,0x32,0xD2,
+ 0x47,0xD2,0x38,0x2E,0xD0,0xFE,0x81,0xDC,0x32,0x6A,0x1E,0xB5,0xEE,0x3C,0xD5,0xFC,
+ 0xE7,0x81,0x1D,0x19,0xC3,0x24,0x42,0xEA,0x63,0x39,0xA9,
+};
+
+
+/* subject:/C=CH/L=Zurich/O=ABB/CN=ABB Intermediate CA 3 */
+/* issuer :/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */
+unsigned char _ABBIntermediateCA3[1866]={
+ 0x30,0x82,0x07,0x46,0x30,0x82,0x06,0x2E,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x07,
+ 0x27,0xCD,0x79,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,
+ 0x05,0x00,0x30,0x5A,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,
+ 0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x42,0x61,0x6C,0x74,
+ 0x69,0x6D,0x6F,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x13,0x0A,
+ 0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03,
+ 0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x20,0x43,
+ 0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6F,0x6F,0x74,0x30,0x1E,
+ 0x17,0x0D,0x31,0x35,0x30,0x35,0x32,0x31,0x31,0x38,0x35,0x32,0x35,0x33,0x5A,0x17,
+ 0x0D,0x32,0x32,0x30,0x35,0x32,0x31,0x31,0x38,0x35,0x32,0x32,0x30,0x5A,0x30,0x4C,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x0F,0x30,
+ 0x0D,0x06,0x03,0x55,0x04,0x07,0x13,0x06,0x5A,0x75,0x72,0x69,0x63,0x68,0x31,0x0C,
+ 0x30,0x0A,0x06,0x03,0x55,0x04,0x0A,0x13,0x03,0x41,0x42,0x42,0x31,0x1E,0x30,0x1C,
+ 0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x41,0x42,0x42,0x20,0x49,0x6E,0x74,0x65,0x72,
+ 0x6D,0x65,0x64,0x69,0x61,0x74,0x65,0x20,0x43,0x41,0x20,0x33,0x30,0x82,0x01,0x22,
+ 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,
+ 0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xC3,0x8E,0x43,
+ 0xE2,0x4C,0xBA,0xC4,0xD2,0xC4,0xF9,0xD5,0xA5,0xA4,0xC3,0xA4,0xB1,0x1D,0x3D,0x24,
+ 0x09,0xE8,0x6E,0xE6,0x3A,0x74,0x64,0x3E,0x5C,0xAE,0x40,0x93,0x27,0xB0,0xAD,0x01,
+ 0xC8,0xDA,0xF2,0x6F,0x7A,0x27,0xE9,0x17,0xB4,0x6D,0x52,0x94,0xE6,0x36,0x65,0x7A,
+ 0xAB,0x36,0x70,0x69,0xC8,0x0A,0x13,0xEC,0xC7,0xE0,0xA9,0xC2,0x0A,0xCD,0x5A,0x71,
+ 0x1A,0x26,0x27,0x81,0x5A,0xD0,0xB4,0x9C,0xE3,0x4C,0xCE,0x3D,0xB7,0x52,0xAB,0x86,
+ 0xB4,0x60,0xC6,0x15,0x6A,0xBC,0x38,0xE9,0x77,0xDC,0xA5,0xE2,0x1E,0x7D,0x15,0x80,
+ 0xF9,0x6B,0x7C,0x8E,0xA5,0xE7,0x95,0xC8,0x46,0x0C,0x6C,0x88,0x7B,0xF2,0x2E,0x1E,
+ 0xF7,0x4B,0x9E,0x13,0x85,0xB4,0x6E,0xC9,0xAA,0xDD,0x32,0xCF,0x41,0x17,0x4E,0x30,
+ 0xEB,0xD3,0x6D,0xE3,0x2E,0x44,0x8A,0x15,0x1B,0x6E,0x1B,0x32,0x5A,0xEA,0x98,0xA7,
+ 0x4C,0xAF,0xC8,0xAD,0x95,0x48,0xA6,0x67,0x3B,0xE2,0x94,0x81,0xB7,0xBF,0x7A,0xFF,
+ 0x96,0x5B,0xBA,0x83,0x3C,0x09,0x3C,0xF0,0xEA,0xA2,0x49,0x8A,0x5B,0x4B,0xB0,0x3E,
+ 0x98,0x7E,0x9F,0x52,0x9F,0x1B,0xA3,0x51,0x17,0xCB,0x5A,0x25,0x6E,0x60,0xDB,0xE2,
+ 0x90,0x02,0x2A,0x61,0x47,0x35,0x33,0x91,0x26,0x37,0x29,0xB8,0xD4,0xB1,0x41,0xB2,
+ 0xE9,0x3B,0x2B,0x68,0x74,0xBC,0xF3,0xA3,0x4B,0xD9,0x10,0x59,0x16,0x11,0x88,0xA9,
+ 0x31,0xC3,0x2A,0xD4,0x1D,0x5F,0x28,0x37,0xEB,0x45,0xF2,0x6E,0x83,0x91,0x4C,0xE1,
+ 0x82,0x58,0x33,0xCA,0xA5,0xA7,0x64,0x81,0xD8,0x5A,0x74,0xC9,0xC9,0x02,0x03,0x01,
+ 0x00,0x01,0xA3,0x82,0x04,0x20,0x30,0x82,0x04,0x1C,0x30,0x12,0x06,0x03,0x55,0x1D,
+ 0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x01,0x30,0x82,
+ 0x01,0x10,0x06,0x03,0x55,0x1D,0x20,0x04,0x82,0x01,0x07,0x30,0x82,0x01,0x03,0x30,
+ 0x48,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0xB1,0x3E,0x01,0x00,0x30,0x3B,0x30,0x39,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x2D,0x68,0x74,0x74,0x70,
+ 0x3A,0x2F,0x2F,0x63,0x79,0x62,0x65,0x72,0x74,0x72,0x75,0x73,0x74,0x2E,0x6F,0x6D,
+ 0x6E,0x69,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,
+ 0x69,0x74,0x6F,0x72,0x79,0x2E,0x63,0x66,0x6D,0x30,0x3B,0x06,0x0C,0x2B,0x06,0x01,
+ 0x04,0x01,0x81,0xD7,0x07,0x01,0x14,0x0A,0x02,0x30,0x2B,0x30,0x29,0x06,0x08,0x2B,
+ 0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,
+ 0x63,0x70,0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x43,
+ 0x41,0x36,0x5F,0x53,0x53,0x4C,0x30,0x3C,0x06,0x0C,0x2B,0x06,0x01,0x04,0x01,0x81,
+ 0xD7,0x07,0x01,0x14,0x14,0x02,0x30,0x2C,0x30,0x2A,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x02,0x01,0x16,0x1E,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x70,0x2E,
+ 0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x41,0x36,0x5F,
+ 0x55,0x73,0x65,0x72,0x30,0x3C,0x06,0x0C,0x2B,0x06,0x01,0x04,0x01,0x81,0xD7,0x07,
+ 0x01,0x14,0x1E,0x02,0x30,0x2C,0x30,0x2A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
+ 0x02,0x01,0x16,0x1E,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x70,0x2E,0x70,0x6B,
+ 0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x41,0x36,0x5F,0x53,0x69,
+ 0x67,0x6E,0x30,0x73,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x67,
+ 0x30,0x65,0x30,0x32,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x26,
+ 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x6F,0x6D,0x6E,0x69,
+ 0x72,0x6F,0x6F,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x62,0x61,0x6C,0x74,0x69,0x6D,0x6F,
+ 0x72,0x65,0x72,0x6F,0x6F,0x74,0x30,0x2F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
+ 0x30,0x02,0x86,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x61,0x69,0x61,0x2E,0x70,
+ 0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x4F,0x6D,0x6E,0x69,0x72,
+ 0x6F,0x6F,0x74,0x2E,0x63,0x72,0x74,0x30,0x82,0x01,0x6A,0x06,0x03,0x55,0x1D,0x1E,
+ 0x04,0x82,0x01,0x61,0x30,0x82,0x01,0x5D,0xA0,0x82,0x01,0x4B,0x30,0x09,0x82,0x07,
+ 0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x30,0x0A,0x82,0x08,0x2E,0x61,0x62,0x62,0x2E,
+ 0x63,0x6F,0x6D,0x30,0x08,0x82,0x06,0x61,0x62,0x62,0x2E,0x61,0x73,0x30,0x09,0x82,
+ 0x07,0x2E,0x61,0x62,0x62,0x2E,0x61,0x73,0x30,0x0C,0x82,0x0A,0x61,0x62,0x62,0x65,
+ 0x78,0x74,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x82,0x0B,0x2E,0x61,0x62,0x62,0x65,0x78,
+ 0x74,0x2E,0x63,0x6F,0x6D,0x30,0x0C,0x82,0x0A,0x76,0x65,0x6E,0x74,0x79,0x78,0x2E,
+ 0x63,0x6F,0x6D,0x30,0x0D,0x82,0x0B,0x2E,0x76,0x65,0x6E,0x74,0x79,0x78,0x2E,0x63,
+ 0x6F,0x6D,0x30,0x11,0x82,0x0F,0x72,0x6F,0x62,0x6F,0x74,0x73,0x74,0x75,0x64,0x69,
+ 0x6F,0x2E,0x63,0x6F,0x6D,0x30,0x12,0x82,0x10,0x2E,0x72,0x6F,0x62,0x6F,0x74,0x73,
+ 0x74,0x75,0x64,0x69,0x6F,0x2E,0x63,0x6F,0x6D,0x30,0x48,0xA4,0x46,0x30,0x44,0x31,
+ 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x0E,0x30,0x0C,
+ 0x06,0x03,0x55,0x04,0x07,0x13,0x05,0x42,0x61,0x64,0x65,0x6E,0x31,0x25,0x30,0x23,
+ 0x06,0x03,0x55,0x04,0x0A,0x13,0x1C,0x41,0x42,0x42,0x20,0x49,0x6E,0x66,0x6F,0x72,
+ 0x6D,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x79,0x73,0x74,0x65,0x6D,0x73,0x20,0x4C,
+ 0x74,0x64,0x2E,0x30,0x40,0xA4,0x3E,0x30,0x3C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,
+ 0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04,0x07,0x13,
+ 0x06,0x5A,0x75,0x72,0x69,0x63,0x68,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,
+ 0x13,0x13,0x41,0x42,0x42,0x20,0x54,0x65,0x63,0x68,0x6E,0x6F,0x6C,0x6F,0x67,0x79,
+ 0x20,0x4C,0x74,0x64,0x2E,0x30,0x30,0xA4,0x2E,0x30,0x2C,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04,
+ 0x07,0x13,0x06,0x5A,0x75,0x72,0x69,0x63,0x68,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,
+ 0x04,0x0A,0x13,0x03,0x41,0x42,0x42,0xA1,0x0C,0x30,0x0A,0x87,0x08,0x00,0x00,0x00,
+ 0x00,0x00,0x00,0x00,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,
+ 0x04,0x03,0x02,0x01,0xE6,0x30,0x50,0x06,0x03,0x55,0x1D,0x25,0x04,0x49,0x30,0x47,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x03,0x02,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
+ 0x03,0x08,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,0x06,0x09,0x2B,0x06,
+ 0x01,0x04,0x01,0x82,0x37,0x15,0x05,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,
+ 0x30,0x16,0x80,0x14,0xE5,0x9D,0x59,0x30,0x82,0x47,0x58,0xCC,0xAC,0xFA,0x08,0x54,
+ 0x36,0x86,0x7B,0x3A,0xB5,0x04,0x4D,0xF0,0x30,0x6D,0x06,0x03,0x55,0x1D,0x1F,0x04,
+ 0x66,0x30,0x64,0x30,0x37,0xA0,0x35,0xA0,0x33,0x86,0x31,0x68,0x74,0x74,0x70,0x3A,
+ 0x2F,0x2F,0x63,0x64,0x70,0x31,0x2E,0x70,0x75,0x62,0x6C,0x69,0x63,0x2D,0x74,0x72,
+ 0x75,0x73,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x52,0x4C,0x2F,0x4F,0x6D,0x6E,0x69,
+ 0x72,0x6F,0x6F,0x74,0x32,0x30,0x32,0x35,0x2E,0x63,0x72,0x6C,0x30,0x29,0xA0,0x27,
+ 0xA0,0x25,0x86,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70,
+ 0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x4F,0x6D,0x6E,0x69,0x72,
+ 0x6F,0x6F,0x74,0x2E,0x63,0x72,0x6C,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,
+ 0x04,0x14,0xD3,0xCB,0xD4,0xD2,0x44,0x75,0x8A,0x17,0x29,0x5E,0xC6,0xD7,0xF4,0x03,
+ 0xDB,0xB2,0x6B,0xB4,0x0C,0x3A,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,
+ 0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0xA2,0x07,0xEA,0xF9,0xB4,0x31,
+ 0xA8,0x40,0x29,0x27,0x49,0x9B,0xE0,0x29,0x0F,0x5C,0x18,0xD5,0x2C,0xEE,0xE2,0xA1,
+ 0xE4,0x1E,0x05,0x88,0xAF,0x16,0xAE,0x05,0xC0,0xCD,0x10,0x10,0xF6,0xDB,0x6A,0xC5,
+ 0xB5,0xBA,0xE5,0x1B,0x95,0x40,0x26,0xC6,0x5F,0x5A,0x50,0xFA,0x7F,0x73,0xFD,0x0D,
+ 0x3F,0xA2,0x4D,0x56,0x3B,0x0B,0xD9,0xB8,0x0B,0x09,0x9F,0xD3,0x41,0xD7,0xCA,0x01,
+ 0xF0,0xCC,0xB2,0x41,0xD9,0xB5,0x8F,0x85,0x27,0xF4,0x1B,0xDB,0x9A,0xA1,0x54,0xB4,
+ 0x0D,0xC1,0x89,0xD7,0x6C,0xA0,0x9E,0xE1,0x7B,0x0F,0xA6,0xDC,0x1A,0x1F,0xD1,0x8F,
+ 0x26,0x1D,0xFB,0x61,0x64,0xBF,0x1A,0x58,0x10,0x6D,0x81,0x10,0x3A,0xBE,0x44,0x3E,
+ 0xC0,0xCB,0xAF,0xC8,0x21,0xD5,0x4C,0x11,0x69,0x8E,0x56,0x12,0x9A,0xF2,0x3B,0x0B,
+ 0x4A,0x11,0xAC,0x5B,0xEE,0x66,0x4F,0xFE,0xE4,0x5A,0x9E,0xFC,0x69,0x77,0x08,0x1C,
+ 0x05,0x13,0xA0,0xE1,0xDA,0x06,0x12,0x8A,0x74,0xEB,0x30,0x52,0xE5,0x7A,0xFD,0x9B,
+ 0x2C,0xAC,0xBA,0xB0,0xC1,0x12,0x9F,0x7E,0xD7,0x7F,0x58,0xCD,0x8E,0xC3,0xE8,0x8D,
+ 0xAE,0xDA,0x35,0x57,0x8E,0xB0,0x6B,0xC8,0x5F,0xE5,0x27,0xA3,0x38,0x58,0x66,0x0D,
+ 0x65,0x66,0xC3,0x4B,0x2E,0x12,0x11,0x31,0x70,0x08,0xFC,0x95,0xFD,0x21,0x0C,0x0F,
+ 0x1F,0x2E,0xCD,0xB8,0xDD,0x39,0xEC,0xE5,0x44,0x2D,0x15,0xF9,0xE6,0xF4,0x11,0xC7,
+ 0x34,0x33,0xFF,0xBB,0xD1,0x20,0xAF,0x5E,0xF1,0xCA,0x1B,0xFC,0x5A,0x67,0x07,0x2B,
+ 0xF8,0xFF,0x56,0x32,0xBD,0x34,0x38,0xD8,0xF0,0xD7,
+};
+
+/* subject:/C=CH/L=Zurich/O=ABB/CN=ABB Issuing CA 6 */
+/* issuer :/C=CH/L=Zurich/O=ABB/CN=ABB Intermediate CA 3 */
+unsigned char _ABBIssuingCA6[1360]={
+ 0x30,0x82,0x05,0x4C,0x30,0x82,0x04,0x34,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x76,
+ 0x8D,0x23,0xB4,0x00,0x00,0x00,0x00,0x00,0x06,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x4C,0x31,0x0B,0x30,0x09,0x06,0x03,
+ 0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04,0x07,
+ 0x13,0x06,0x5A,0x75,0x72,0x69,0x63,0x68,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,
+ 0x0A,0x13,0x03,0x41,0x42,0x42,0x31,0x1E,0x30,0x1C,0x06,0x03,0x55,0x04,0x03,0x13,
+ 0x15,0x41,0x42,0x42,0x20,0x49,0x6E,0x74,0x65,0x72,0x6D,0x65,0x64,0x69,0x61,0x74,
+ 0x65,0x20,0x43,0x41,0x20,0x33,0x30,0x1E,0x17,0x0D,0x31,0x35,0x30,0x33,0x30,0x34,
+ 0x30,0x39,0x34,0x36,0x34,0x33,0x5A,0x17,0x0D,0x32,0x30,0x30,0x33,0x30,0x34,0x30,
+ 0x39,0x35,0x36,0x34,0x33,0x5A,0x30,0x47,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
+ 0x06,0x13,0x02,0x43,0x48,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04,0x07,0x13,0x06,
+ 0x5A,0x75,0x72,0x69,0x63,0x68,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x0A,0x13,
+ 0x03,0x41,0x42,0x42,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13,0x10,0x41,
+ 0x42,0x42,0x20,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x20,0x43,0x41,0x20,0x36,0x30,
+ 0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,
+ 0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,
+ 0xB5,0x9E,0xBF,0x61,0x8C,0xEA,0x40,0x8F,0x15,0x6F,0xC3,0x01,0xE3,0x71,0xDA,0x07,
+ 0x48,0x34,0x25,0x55,0xCB,0x6D,0xCD,0xBC,0xA4,0xA6,0xF9,0xE8,0x58,0x75,0xF8,0x0A,
+ 0x2E,0xA5,0xD7,0xBB,0xEC,0xAA,0x82,0x8B,0xB6,0x85,0xD0,0x3F,0x85,0xFF,0x50,0xFF,
+ 0x42,0x42,0xFB,0x59,0xCD,0x12,0x5F,0x4D,0x74,0xE6,0x00,0x9A,0xE2,0x6A,0xFC,0x8C,
+ 0xEB,0x22,0xA5,0x0D,0xC1,0x3F,0xE1,0x14,0x09,0x7F,0xB9,0x54,0x3C,0x01,0xB9,0x94,
+ 0x8E,0x5D,0x2D,0x9D,0x40,0xA0,0xB3,0x2C,0x63,0x1C,0xA2,0x23,0xCA,0x44,0x08,0x05,
+ 0xE6,0x02,0xEE,0xED,0x79,0xA6,0xF4,0xC7,0xC5,0x38,0xA1,0x71,0x8F,0xDE,0x10,0x7F,
+ 0x46,0x20,0xE9,0x3D,0xF3,0x52,0x25,0x11,0xB2,0x4C,0xCA,0x11,0x00,0xA6,0xFF,0x66,
+ 0xA5,0x6A,0xD1,0x15,0xFC,0x24,0x6A,0xC3,0xE8,0xCB,0xBB,0x7D,0x9D,0xC3,0x5B,0xCC,
+ 0x08,0x80,0xDE,0x95,0x3D,0xA5,0x0D,0x30,0x54,0x0C,0x53,0x83,0xB2,0xE1,0x49,0x73,
+ 0x6F,0xA4,0x1E,0x7A,0x9D,0x4B,0xD4,0xC0,0x46,0xEC,0x8C,0x12,0xC2,0x70,0x47,0x91,
+ 0x64,0x3B,0x94,0x5F,0xE3,0xA4,0x6F,0xA8,0x8F,0xA9,0xB9,0x19,0x65,0x97,0x16,0x82,
+ 0xCF,0x70,0xD2,0x86,0x37,0xCD,0x2A,0x50,0x69,0x6E,0x10,0x4A,0x9C,0x7B,0x6B,0xA2,
+ 0xB2,0x91,0xCE,0xAC,0xD3,0x23,0x2C,0xD7,0xA5,0xD1,0x34,0xD3,0x54,0x7B,0xC0,0x71,
+ 0x05,0x22,0x73,0xDC,0x8B,0x75,0x67,0x1C,0x98,0x2D,0xA6,0x51,0x50,0xC3,0x5D,0xA0,
+ 0x20,0xBD,0xD7,0xE8,0xCC,0xBC,0x40,0xB0,0x90,0xE6,0x10,0x9C,0xFD,0x6F,0x01,0x51,
+ 0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0x33,0x30,0x82,0x02,0x2F,0x30,0x10,0x06,
+ 0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x01,0x04,0x03,0x02,0x01,0x00,0x30,
+ 0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x21,0x98,0x16,0xBF,0x7A,0x05,
+ 0x77,0xA6,0xAD,0xB7,0x7A,0x52,0xD4,0x9E,0x04,0x54,0xB0,0xFE,0xCC,0x51,0x30,0x19,
+ 0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x04,0x0C,0x1E,0x0A,0x00,
+ 0x53,0x00,0x75,0x00,0x62,0x00,0x43,0x00,0x41,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,
+ 0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,
+ 0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,
+ 0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xD3,0xCB,0xD4,0xD2,0x44,0x75,0x8A,0x17,0x29,
+ 0x5E,0xC6,0xD7,0xF4,0x03,0xDB,0xB2,0x6B,0xB4,0x0C,0x3A,0x30,0x81,0xBF,0x06,0x03,
+ 0x55,0x1D,0x1F,0x04,0x81,0xB7,0x30,0x81,0xB4,0x30,0x81,0xB1,0xA0,0x81,0xAE,0xA0,
+ 0x81,0xAB,0x86,0x2D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70,
+ 0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x41,0x42,0x42,0x49,0x6E,
+ 0x74,0x65,0x72,0x6D,0x65,0x64,0x69,0x61,0x74,0x65,0x43,0x41,0x33,0x2E,0x63,0x72,
+ 0x6C,0x86,0x7A,0x6C,0x64,0x61,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70,0x6B,
+ 0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x4E,0x3D,0x41,0x42,0x42,
+ 0x49,0x6E,0x74,0x65,0x72,0x6D,0x65,0x64,0x69,0x61,0x74,0x65,0x43,0x41,0x33,0x2C,
+ 0x43,0x4E,0x3D,0x43,0x44,0x50,0x2C,0x43,0x4E,0x3D,0x50,0x4B,0x49,0x3F,0x63,0x65,
+ 0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x52,0x65,0x76,0x6F,0x63,0x61,0x74,
+ 0x69,0x6F,0x6E,0x4C,0x69,0x73,0x74,0x3F,0x62,0x61,0x73,0x65,0x3F,0x6F,0x62,0x6A,
+ 0x65,0x63,0x74,0x43,0x6C,0x61,0x73,0x73,0x3D,0x63,0x52,0x4C,0x44,0x69,0x73,0x74,
+ 0x72,0x69,0x62,0x75,0x74,0x69,0x6F,0x6E,0x50,0x6F,0x69,0x6E,0x74,0x30,0x81,0xC9,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x81,0xBC,0x30,0x81,0xB9,
+ 0x30,0x39,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x2D,0x68,0x74,
+ 0x74,0x70,0x3A,0x2F,0x2F,0x61,0x69,0x61,0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,
+ 0x2E,0x63,0x6F,0x6D,0x2F,0x41,0x42,0x42,0x49,0x6E,0x74,0x65,0x72,0x6D,0x65,0x64,
+ 0x69,0x61,0x74,0x65,0x43,0x41,0x33,0x2E,0x63,0x72,0x74,0x30,0x7C,0x06,0x08,0x2B,
+ 0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x70,0x6C,0x64,0x61,0x70,0x3A,0x2F,0x2F,
+ 0x61,0x69,0x61,0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,
+ 0x43,0x4E,0x3D,0x41,0x42,0x42,0x49,0x6E,0x74,0x65,0x72,0x6D,0x65,0x64,0x69,0x61,
+ 0x74,0x65,0x43,0x41,0x33,0x2C,0x43,0x4E,0x3D,0x41,0x49,0x41,0x2C,0x43,0x4E,0x3D,
+ 0x50,0x4B,0x49,0x3F,0x63,0x41,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,
+ 0x65,0x3F,0x62,0x61,0x73,0x65,0x3F,0x6F,0x62,0x6A,0x65,0x63,0x74,0x43,0x6C,0x61,
+ 0x73,0x73,0x3D,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,
+ 0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x11,0x06,0x03,0x55,0x1D,0x20,
+ 0x04,0x0A,0x30,0x08,0x30,0x06,0x06,0x04,0x55,0x1D,0x20,0x00,0x30,0x0D,0x06,0x09,
+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,
+ 0x3C,0x9E,0xF8,0xC7,0x59,0x55,0x55,0x4B,0x18,0xE3,0x6D,0x8D,0x9F,0xE4,0x8B,0x58,
+ 0xAE,0x1E,0xA6,0x9C,0xE0,0xCC,0x26,0xE4,0x80,0xD2,0x2A,0x22,0xC3,0x7D,0xE6,0x91,
+ 0x1F,0x7B,0x6C,0xDD,0x1F,0x6D,0x65,0xF9,0xEE,0x03,0x4D,0xE0,0x8C,0x4A,0xF0,0x6F,
+ 0x05,0xBB,0xF6,0xD7,0x8A,0x73,0x3C,0xC2,0x0C,0x73,0x4C,0x2C,0x89,0x33,0x5B,0x67,
+ 0x1E,0x97,0x60,0xB9,0xE8,0x46,0x09,0x5C,0xD0,0x44,0x9A,0xD1,0x88,0x00,0xF2,0x0F,
+ 0x79,0x5C,0x7B,0xFD,0xC5,0xE2,0xD2,0xA6,0x2C,0x1A,0x10,0x0A,0x70,0x78,0x75,0x20,
+ 0xD9,0x4C,0xB5,0xCF,0xF1,0x95,0x99,0xE9,0x71,0x7B,0xCD,0x51,0x1C,0x66,0x30,0x63,
+ 0x32,0xFF,0x78,0x12,0x1B,0x4A,0x44,0xB4,0xC5,0xF7,0x62,0xF5,0x00,0xCC,0x73,0x9B,
+ 0x41,0xBA,0xA5,0xDB,0x0C,0x85,0x7B,0xBC,0xCA,0xDB,0xC7,0xE9,0x11,0xB6,0x73,0x45,
+ 0x38,0xC6,0xF5,0x75,0x2B,0x40,0x18,0xA9,0xBE,0xAA,0x9D,0xA4,0x45,0x9A,0xED,0xB4,
+ 0x95,0xAB,0x53,0x3A,0x44,0x31,0xF3,0xC0,0x09,0x25,0x2E,0x15,0x06,0x12,0x13,0x11,
+ 0xB0,0x6B,0x0C,0xF2,0xD3,0xD1,0x68,0xAB,0x7C,0xFA,0xBC,0xD4,0x5C,0xEB,0xE8,0x24,
+ 0x99,0xE2,0xC5,0xD5,0x34,0xD3,0x72,0x2F,0xF1,0xEB,0x9C,0x52,0x8F,0x66,0xB2,0x05,
+ 0x76,0xDB,0xC2,0x8E,0x6F,0x32,0xE8,0x0A,0xD6,0xC5,0xAB,0x1E,0x78,0xF7,0x1D,0x24,
+ 0x1E,0xE8,0x9D,0x60,0xDA,0xDB,0xBA,0x01,0xFF,0x72,0x5B,0x11,0xE6,0xA5,0x9F,0xBA,
+ 0x11,0xCB,0x4F,0xA0,0x78,0xF7,0x8A,0x14,0x70,0x50,0x0B,0xAF,0x47,0xB3,0x52,0x72,
+};
+
+/* subject:/C=CH/L=Baden/O=ABB Information Systems Ltd./CN=pki.abb.com */
+/* issuer :/C=CH/L=Zurich/O=ABB/CN=ABB Issuing CA 6 */
+unsigned char _ABB_PKI_cert[1889]={
+ 0x30,0x82,0x07,0x5D,0x30,0x82,0x06,0x45,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x1A,
+ 0xDF,0xD6,0x2B,0x00,0x00,0x00,0x00,0x00,0x4C,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x47,0x31,0x0B,0x30,0x09,0x06,0x03,
+ 0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04,0x07,
+ 0x13,0x06,0x5A,0x75,0x72,0x69,0x63,0x68,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,
+ 0x0A,0x13,0x03,0x41,0x42,0x42,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13,
+ 0x10,0x41,0x42,0x42,0x20,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x20,0x43,0x41,0x20,
+ 0x36,0x30,0x1E,0x17,0x0D,0x31,0x35,0x30,0x33,0x30,0x36,0x31,0x34,0x32,0x38,0x34,
+ 0x37,0x5A,0x17,0x0D,0x31,0x37,0x30,0x38,0x32,0x32,0x31,0x34,0x32,0x38,0x34,0x37,
+ 0x5A,0x30,0x5A,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48,
+ 0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x07,0x13,0x05,0x42,0x61,0x64,0x65,0x6E,
+ 0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0A,0x13,0x1C,0x41,0x42,0x42,0x20,0x49,
+ 0x6E,0x66,0x6F,0x72,0x6D,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x79,0x73,0x74,0x65,
+ 0x6D,0x73,0x20,0x4C,0x74,0x64,0x2E,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x03,
+ 0x13,0x0B,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,
+ 0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,
+ 0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA0,0x67,
+ 0x31,0xDC,0xE3,0x2F,0x44,0xA5,0xA1,0xFB,0x47,0xAD,0x4B,0x57,0xDE,0xE1,0x36,0x7E,
+ 0x7F,0x89,0xEB,0x85,0xB5,0x62,0x05,0x62,0x12,0x33,0xE9,0xDC,0xBA,0xD6,0x72,0x17,
+ 0x1C,0xFC,0xB3,0xFF,0x4A,0xE6,0xD1,0x84,0x70,0xDF,0x7E,0xAB,0xA9,0x14,0xD5,0x1E,
+ 0x18,0x82,0x87,0xEE,0x5F,0xC7,0xA7,0xE4,0xC3,0xC1,0xD2,0x15,0xE2,0xD8,0xCF,0x95,
+ 0xF9,0xDD,0xA4,0xD4,0xBE,0x9F,0xB1,0x8F,0x3C,0xCA,0xC2,0x53,0x67,0x8C,0x3D,0x35,
+ 0x8B,0x94,0x40,0xEC,0xF5,0xC6,0x9B,0xA4,0x63,0xBC,0xB5,0x30,0xA2,0x74,0xB9,0x25,
+ 0x62,0xE9,0x8D,0x47,0xC4,0xAE,0x5D,0xEB,0xF8,0x89,0x13,0x38,0x85,0x9E,0x9C,0x7C,
+ 0xF0,0x4B,0x27,0x43,0xC4,0x7D,0xEA,0x2E,0x48,0xD0,0x3F,0xCC,0x73,0xC6,0x7B,0x1F,
+ 0xBF,0xFB,0xCF,0x5A,0x0C,0x25,0xC0,0x4E,0x31,0xAA,0x9B,0xFF,0xFF,0x29,0x21,0x63,
+ 0xA1,0x51,0x81,0x49,0x69,0x6E,0x89,0x81,0x6C,0x41,0xC4,0x17,0xF0,0x65,0x3C,0xFD,
+ 0x4C,0x38,0x78,0x56,0x77,0xB8,0x7F,0x8C,0x3F,0x63,0x6A,0x90,0x1F,0x90,0x8F,0xD5,
+ 0x7A,0x3A,0xD6,0xE9,0xF8,0x5C,0xEC,0x32,0x6E,0xEB,0xFA,0x3B,0x3F,0x9A,0xFC,0xD3,
+ 0x87,0xBC,0xD9,0x2D,0xF5,0xC2,0xB7,0x15,0x8A,0x48,0x37,0x55,0x10,0x5D,0x6F,0x32,
+ 0xE3,0x6D,0xF0,0x79,0xAF,0xE9,0xDC,0xB1,0xAF,0xC6,0x89,0xE0,0x32,0x2E,0xBC,0x70,
+ 0x07,0x2F,0xE6,0xFB,0xF6,0xCB,0x8A,0x90,0x7E,0x23,0x46,0x7A,0xBF,0x5E,0x07,0x87,
+ 0xDD,0xC5,0x77,0xF4,0xEB,0x8B,0x82,0x73,0x9E,0xE6,0x11,0xB8,0xF1,0xBB,0x02,0x03,
+ 0x01,0x00,0x01,0xA3,0x82,0x04,0x36,0x30,0x82,0x04,0x32,0x30,0x0B,0x06,0x03,0x55,
+ 0x1D,0x0F,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,
+ 0x16,0x04,0x14,0x07,0xF0,0xC8,0x84,0x00,0x5D,0x67,0x88,0xA7,0xC0,0xD0,0x02,0x48,
+ 0x38,0xF3,0xEF,0x1B,0xAE,0xBD,0x28,0x30,0x16,0x06,0x03,0x55,0x1D,0x11,0x04,0x0F,
+ 0x30,0x0D,0x82,0x0B,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x30,
+ 0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x21,0x98,0x16,0xBF,
+ 0x7A,0x05,0x77,0xA6,0xAD,0xB7,0x7A,0x52,0xD4,0x9E,0x04,0x54,0xB0,0xFE,0xCC,0x51,
+ 0x30,0x82,0x01,0x62,0x06,0x03,0x55,0x1D,0x1F,0x04,0x82,0x01,0x59,0x30,0x82,0x01,
+ 0x55,0x30,0x82,0x01,0x51,0xA0,0x82,0x01,0x4D,0xA0,0x82,0x01,0x49,0x86,0x28,0x68,
+ 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,
+ 0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x41,0x42,0x42,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,
+ 0x43,0x41,0x36,0x2E,0x63,0x72,0x6C,0x86,0x81,0xA5,0x6C,0x64,0x61,0x70,0x3A,0x2F,
+ 0x2F,0x2F,0x43,0x4E,0x3D,0x41,0x42,0x42,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x43,
+ 0x41,0x36,0x2C,0x43,0x4E,0x3D,0x43,0x44,0x50,0x2C,0x43,0x4E,0x3D,0x50,0x75,0x62,
+ 0x6C,0x69,0x63,0x25,0x32,0x30,0x4B,0x65,0x79,0x25,0x32,0x30,0x53,0x65,0x72,0x76,
+ 0x69,0x63,0x65,0x73,0x2C,0x43,0x4E,0x3D,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,
+ 0x2C,0x43,0x4E,0x3D,0x43,0x6F,0x6E,0x66,0x69,0x67,0x75,0x72,0x61,0x74,0x69,0x6F,
+ 0x6E,0x2C,0x44,0x43,0x3D,0x61,0x62,0x62,0x2C,0x44,0x43,0x3D,0x63,0x6F,0x6D,0x3F,
+ 0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x52,0x65,0x76,0x6F,0x63,
+ 0x61,0x74,0x69,0x6F,0x6E,0x4C,0x69,0x73,0x74,0x3F,0x62,0x61,0x73,0x65,0x3F,0x6F,
+ 0x62,0x6A,0x65,0x63,0x74,0x43,0x6C,0x61,0x73,0x73,0x3D,0x63,0x52,0x4C,0x44,0x69,
+ 0x73,0x74,0x72,0x69,0x62,0x75,0x74,0x69,0x6F,0x6E,0x50,0x6F,0x69,0x6E,0x74,0x86,
+ 0x75,0x6C,0x64,0x61,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70,0x6B,0x69,0x2E,
+ 0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x4E,0x3D,0x41,0x42,0x42,0x49,0x73,
+ 0x73,0x75,0x69,0x6E,0x67,0x43,0x41,0x36,0x2C,0x43,0x4E,0x3D,0x43,0x44,0x50,0x2C,
+ 0x43,0x4E,0x3D,0x50,0x4B,0x49,0x3F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,
+ 0x74,0x65,0x52,0x65,0x76,0x6F,0x63,0x61,0x74,0x69,0x6F,0x6E,0x4C,0x69,0x73,0x74,
+ 0x3F,0x62,0x61,0x73,0x65,0x3F,0x6F,0x62,0x6A,0x65,0x63,0x74,0x43,0x6C,0x61,0x73,
+ 0x73,0x3D,0x63,0x52,0x4C,0x44,0x69,0x73,0x74,0x72,0x69,0x62,0x75,0x74,0x69,0x6F,
+ 0x6E,0x50,0x6F,0x69,0x6E,0x74,0x30,0x82,0x01,0x95,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x01,0x01,0x04,0x82,0x01,0x87,0x30,0x82,0x01,0x83,0x30,0x34,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x28,0x68,0x74,0x74,0x70,0x3A,0x2F,
+ 0x2F,0x61,0x69,0x61,0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,
+ 0x2F,0x41,0x42,0x42,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x43,0x41,0x36,0x2E,0x63,
+ 0x72,0x74,0x30,0x81,0xA8,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,
+ 0x81,0x9B,0x6C,0x64,0x61,0x70,0x3A,0x2F,0x2F,0x2F,0x43,0x4E,0x3D,0x41,0x42,0x42,
+ 0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x43,0x41,0x36,0x2C,0x43,0x4E,0x3D,0x41,0x49,
+ 0x41,0x2C,0x43,0x4E,0x3D,0x50,0x75,0x62,0x6C,0x69,0x63,0x25,0x32,0x30,0x4B,0x65,
+ 0x79,0x25,0x32,0x30,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x2C,0x43,0x4E,0x3D,
+ 0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x2C,0x43,0x4E,0x3D,0x43,0x6F,0x6E,0x66,
+ 0x69,0x67,0x75,0x72,0x61,0x74,0x69,0x6F,0x6E,0x2C,0x44,0x43,0x3D,0x61,0x62,0x62,
+ 0x2C,0x44,0x43,0x3D,0x63,0x6F,0x6D,0x3F,0x63,0x41,0x43,0x65,0x72,0x74,0x69,0x66,
+ 0x69,0x63,0x61,0x74,0x65,0x3F,0x62,0x61,0x73,0x65,0x3F,0x6F,0x62,0x6A,0x65,0x63,
+ 0x74,0x43,0x6C,0x61,0x73,0x73,0x3D,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,
+ 0x74,0x69,0x6F,0x6E,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x77,0x06,
+ 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x6B,0x6C,0x64,0x61,0x70,0x3A,
+ 0x2F,0x2F,0x61,0x69,0x61,0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,
+ 0x6D,0x2F,0x43,0x4E,0x3D,0x41,0x42,0x42,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x43,
+ 0x41,0x36,0x2C,0x43,0x4E,0x3D,0x41,0x49,0x41,0x2C,0x43,0x4E,0x3D,0x50,0x4B,0x49,
+ 0x3F,0x63,0x41,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x3F,0x62,
+ 0x61,0x73,0x65,0x3F,0x6F,0x62,0x6A,0x65,0x63,0x74,0x43,0x6C,0x61,0x73,0x73,0x3D,
+ 0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x41,0x75,0x74,
+ 0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x27,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
+ 0x30,0x01,0x86,0x1B,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x61,0x69,0x61,0x2E,0x70,
+ 0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x6F,0x63,0x73,0x70,0x30,
+ 0x3C,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x07,0x04,0x2F,0x30,0x2D,
+ 0x06,0x25,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x08,0xC7,0xA8,0x26,0x86,0xB0,
+ 0x84,0x7A,0x86,0xB5,0x8B,0x0A,0x82,0xEA,0x8D,0x6A,0x84,0x8F,0xAD,0x21,0x29,0x84,
+ 0xF3,0x8F,0x08,0x86,0xCE,0xF7,0x0F,0x02,0x01,0x64,0x02,0x01,0x16,0x30,0x1D,0x06,
+ 0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
+ 0x03,0x02,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x46,0x06,0x03,
+ 0x55,0x1D,0x20,0x04,0x3F,0x30,0x3D,0x30,0x3B,0x06,0x0C,0x2B,0x06,0x01,0x04,0x01,
+ 0x81,0xD7,0x07,0x01,0x14,0x0A,0x02,0x30,0x2B,0x30,0x29,0x06,0x08,0x2B,0x06,0x01,
+ 0x05,0x05,0x07,0x02,0x01,0x16,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x70,
+ 0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x41,0x36,
+ 0x5F,0x53,0x53,0x4C,0x30,0x27,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,
+ 0x0A,0x04,0x1A,0x30,0x18,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,
+ 0x02,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x0D,0x06,
+ 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,
+ 0x00,0x24,0xB7,0xBE,0x08,0xA4,0x97,0x8C,0x78,0x49,0xC7,0x93,0xB9,0x04,0x18,0xAB,
+ 0x11,0x00,0x39,0xFB,0xA0,0xBE,0xC3,0x39,0xBA,0x04,0x5F,0x3F,0xFE,0xA4,0x6C,0x79,
+ 0xF2,0xD9,0x00,0xC6,0xE0,0x55,0x7B,0xBE,0x93,0xC2,0x46,0x7B,0xFA,0x9E,0x8D,0xDC,
+ 0xA8,0x10,0x54,0xBF,0xC2,0x3F,0xC4,0xB1,0xFD,0x30,0xC2,0x27,0xBC,0x38,0x8D,0xAE,
+ 0x66,0xF4,0xE9,0x62,0x50,0x54,0x4F,0xCD,0x7A,0x2B,0x67,0x17,0xA0,0xA0,0x7E,0x03,
+ 0xE6,0xA6,0x68,0x0A,0x1B,0xD3,0x5E,0x7D,0xEC,0xF0,0x12,0x89,0xDF,0x3D,0xA5,0xB9,
+ 0xAC,0xA4,0x9D,0x62,0x3A,0x99,0x9B,0x67,0xA8,0xD9,0xCE,0x11,0xA7,0xCB,0xE4,0xED,
+ 0x81,0x3F,0xE4,0xDD,0xE7,0xE2,0x0C,0xEB,0x27,0x1E,0x1B,0xEE,0xA2,0x03,0x32,0x79,
+ 0xA3,0x43,0x50,0xBD,0x7D,0x17,0xE1,0x42,0x8F,0x3D,0x20,0x81,0xC9,0xE3,0x58,0x27,
+ 0xEC,0x94,0xA9,0xDA,0xC6,0x23,0xF1,0x31,0xF7,0x47,0xCF,0x48,0x9B,0xFE,0xC2,0x09,
+ 0xAA,0x41,0xFE,0xDE,0x51,0x2B,0x1F,0xBB,0xD1,0xA4,0x62,0xF7,0xA2,0x2C,0x9B,0x4B,
+ 0x3D,0xD5,0xB5,0x47,0x39,0xA1,0x43,0x9C,0x6B,0xDA,0x78,0x63,0x81,0xC4,0xA1,0x93,
+ 0x93,0xB9,0xB6,0xA5,0xC7,0xD5,0xA5,0x47,0xF5,0x47,0xC8,0x7F,0xF7,0x4C,0xE8,0x97,
+ 0xA1,0x99,0xAD,0x78,0x54,0x09,0xF7,0xB7,0xF5,0x2B,0x05,0x1F,0x38,0x32,0xEE,0x4A,
+ 0x1D,0xCC,0x63,0xE1,0x1A,0xB6,0xA6,0x67,0x4B,0xC6,0xC4,0xB9,0xA6,0x97,0xB3,0x41,
+ 0xD3,0x5C,0xBC,0xEB,0xD3,0x18,0xBD,0xFB,0x68,0x1C,0xC2,0xEF,0xEC,0x1B,0x06,0xFC,
+ 0xF0,
+};
+
+/* subject:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */
+/* issuer :/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */
+unsigned char _bechtel_root[891]={
+ 0x30,0x82,0x03,0x77,0x30,0x82,0x02,0x5F,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x02,
+ 0x00,0x00,0xB9,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,
+ 0x05,0x00,0x30,0x5A,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,
+ 0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x42,0x61,0x6C,0x74,
+ 0x69,0x6D,0x6F,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x13,0x0A,
+ 0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03,
+ 0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x20,0x43,
+ 0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6F,0x6F,0x74,0x30,0x1E,
+ 0x17,0x0D,0x30,0x30,0x30,0x35,0x31,0x32,0x31,0x38,0x34,0x36,0x30,0x30,0x5A,0x17,
+ 0x0D,0x32,0x35,0x30,0x35,0x31,0x32,0x32,0x33,0x35,0x39,0x30,0x30,0x5A,0x30,0x5A,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,0x45,0x31,0x12,0x30,
+ 0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,
+ 0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x13,0x0A,0x43,0x79,0x62,0x65,
+ 0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x13,
+ 0x19,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x20,0x43,0x79,0x62,0x65,0x72,
+ 0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6F,0x6F,0x74,0x30,0x82,0x01,0x22,0x30,0x0D,
+ 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,
+ 0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA3,0x04,0xBB,0x22,0xAB,
+ 0x98,0x3D,0x57,0xE8,0x26,0x72,0x9A,0xB5,0x79,0xD4,0x29,0xE2,0xE1,0xE8,0x95,0x80,
+ 0xB1,0xB0,0xE3,0x5B,0x8E,0x2B,0x29,0x9A,0x64,0xDF,0xA1,0x5D,0xED,0xB0,0x09,0x05,
+ 0x6D,0xDB,0x28,0x2E,0xCE,0x62,0xA2,0x62,0xFE,0xB4,0x88,0xDA,0x12,0xEB,0x38,0xEB,
+ 0x21,0x9D,0xC0,0x41,0x2B,0x01,0x52,0x7B,0x88,0x77,0xD3,0x1C,0x8F,0xC7,0xBA,0xB9,
+ 0x88,0xB5,0x6A,0x09,0xE7,0x73,0xE8,0x11,0x40,0xA7,0xD1,0xCC,0xCA,0x62,0x8D,0x2D,
+ 0xE5,0x8F,0x0B,0xA6,0x50,0xD2,0xA8,0x50,0xC3,0x28,0xEA,0xF5,0xAB,0x25,0x87,0x8A,
+ 0x9A,0x96,0x1C,0xA9,0x67,0xB8,0x3F,0x0C,0xD5,0xF7,0xF9,0x52,0x13,0x2F,0xC2,0x1B,
+ 0xD5,0x70,0x70,0xF0,0x8F,0xC0,0x12,0xCA,0x06,0xCB,0x9A,0xE1,0xD9,0xCA,0x33,0x7A,
+ 0x77,0xD6,0xF8,0xEC,0xB9,0xF1,0x68,0x44,0x42,0x48,0x13,0xD2,0xC0,0xC2,0xA4,0xAE,
+ 0x5E,0x60,0xFE,0xB6,0xA6,0x05,0xFC,0xB4,0xDD,0x07,0x59,0x02,0xD4,0x59,0x18,0x98,
+ 0x63,0xF5,0xA5,0x63,0xE0,0x90,0x0C,0x7D,0x5D,0xB2,0x06,0x7A,0xF3,0x85,0xEA,0xEB,
+ 0xD4,0x03,0xAE,0x5E,0x84,0x3E,0x5F,0xFF,0x15,0xED,0x69,0xBC,0xF9,0x39,0x36,0x72,
+ 0x75,0xCF,0x77,0x52,0x4D,0xF3,0xC9,0x90,0x2C,0xB9,0x3D,0xE5,0xC9,0x23,0x53,0x3F,
+ 0x1F,0x24,0x98,0x21,0x5C,0x07,0x99,0x29,0xBD,0xC6,0x3A,0xEC,0xE7,0x6E,0x86,0x3A,
+ 0x6B,0x97,0x74,0x63,0x33,0xBD,0x68,0x18,0x31,0xF0,0x78,0x8D,0x76,0xBF,0xFC,0x9E,
+ 0x8E,0x5D,0x2A,0x86,0xA7,0x4D,0x90,0xDC,0x27,0x1A,0x39,0x02,0x03,0x01,0x00,0x01,
+ 0xA3,0x45,0x30,0x43,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xE5,
+ 0x9D,0x59,0x30,0x82,0x47,0x58,0xCC,0xAC,0xFA,0x08,0x54,0x36,0x86,0x7B,0x3A,0xB5,
+ 0x04,0x4D,0xF0,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,
+ 0x06,0x01,0x01,0xFF,0x02,0x01,0x03,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,
+ 0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x85,0x0C,0x5D,0x8E,0xE4,
+ 0x6F,0x51,0x68,0x42,0x05,0xA0,0xDD,0xBB,0x4F,0x27,0x25,0x84,0x03,0xBD,0xF7,0x64,
+ 0xFD,0x2D,0xD7,0x30,0xE3,0xA4,0x10,0x17,0xEB,0xDA,0x29,0x29,0xB6,0x79,0x3F,0x76,
+ 0xF6,0x19,0x13,0x23,0xB8,0x10,0x0A,0xF9,0x58,0xA4,0xD4,0x61,0x70,0xBD,0x04,0x61,
+ 0x6A,0x12,0x8A,0x17,0xD5,0x0A,0xBD,0xC5,0xBC,0x30,0x7C,0xD6,0xE9,0x0C,0x25,0x8D,
+ 0x86,0x40,0x4F,0xEC,0xCC,0xA3,0x7E,0x38,0xC6,0x37,0x11,0x4F,0xED,0xDD,0x68,0x31,
+ 0x8E,0x4C,0xD2,0xB3,0x01,0x74,0xEE,0xBE,0x75,0x5E,0x07,0x48,0x1A,0x7F,0x70,0xFF,
+ 0x16,0x5C,0x84,0xC0,0x79,0x85,0xB8,0x05,0xFD,0x7F,0xBE,0x65,0x11,0xA3,0x0F,0xC0,
+ 0x02,0xB4,0xF8,0x52,0x37,0x39,0x04,0xD5,0xA9,0x31,0x7A,0x18,0xBF,0xA0,0x2A,0xF4,
+ 0x12,0x99,0xF7,0xA3,0x45,0x82,0xE3,0x3C,0x5E,0xF5,0x9D,0x9E,0xB5,0xC8,0x9E,0x7C,
+ 0x2E,0xC8,0xA4,0x9E,0x4E,0x08,0x14,0x4B,0x6D,0xFD,0x70,0x6D,0x6B,0x1A,0x63,0xBD,
+ 0x64,0xE6,0x1F,0xB7,0xCE,0xF0,0xF2,0x9F,0x2E,0xBB,0x1B,0xB7,0xF2,0x50,0x88,0x73,
+ 0x92,0xC2,0xE2,0xE3,0x16,0x8D,0x9A,0x32,0x02,0xAB,0x8E,0x18,0xDD,0xE9,0x10,0x11,
+ 0xEE,0x7E,0x35,0xAB,0x90,0xAF,0x3E,0x30,0x94,0x7A,0xD0,0x33,0x3D,0xA7,0x65,0x0F,
+ 0xF5,0xFC,0x8E,0x9E,0x62,0xCF,0x47,0x44,0x2C,0x01,0x5D,0xBB,0x1D,0xB5,0x32,0xD2,
+ 0x47,0xD2,0x38,0x2E,0xD0,0xFE,0x81,0xDC,0x32,0x6A,0x1E,0xB5,0xEE,0x3C,0xD5,0xFC,
+ 0xE7,0x81,0x1D,0x19,0xC3,0x24,0x42,0xEA,0x63,0x39,0xA9,
+};
+
+/* subject:/C=US/O=Bechtel Corporation/OU=Information Security/CN=Bechtel External Policy CA 1 */
+/* issuer :/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */
+unsigned char _bechtel_int1[2057]={
+ 0x30,0x82,0x08,0x05,0x30,0x82,0x06,0xED,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x07,
+ 0x27,0xC9,0x87,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,
+ 0x05,0x00,0x30,0x5A,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,
+ 0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x42,0x61,0x6C,0x74,
+ 0x69,0x6D,0x6F,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x13,0x0A,
+ 0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03,
+ 0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x20,0x43,
+ 0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6F,0x6F,0x74,0x30,0x1E,
+ 0x17,0x0D,0x31,0x35,0x30,0x33,0x31,0x38,0x31,0x37,0x34,0x31,0x33,0x32,0x5A,0x17,
+ 0x0D,0x32,0x32,0x30,0x33,0x31,0x38,0x31,0x37,0x34,0x31,0x31,0x30,0x5A,0x30,0x71,
+ 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1C,0x30,
+ 0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,
+ 0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D,0x30,0x1B,0x06,
+ 0x03,0x55,0x04,0x0B,0x13,0x14,0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61,0x74,0x69,0x6F,
+ 0x6E,0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x31,0x25,0x30,0x23,0x06,0x03,
+ 0x55,0x04,0x03,0x13,0x1C,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x45,0x78,0x74,
+ 0x65,0x72,0x6E,0x61,0x6C,0x20,0x50,0x6F,0x6C,0x69,0x63,0x79,0x20,0x43,0x41,0x20,
+ 0x31,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,
+ 0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,
+ 0x01,0x00,0xAD,0x18,0x32,0x22,0xCB,0x4E,0x4E,0x2D,0x8E,0x2D,0xA4,0x1B,0x5E,0x85,
+ 0x63,0x9E,0xF3,0x89,0x3A,0x8A,0x1B,0x85,0x9E,0x59,0xCD,0xB1,0xCC,0x31,0x6D,0x66,
+ 0x20,0xB6,0xA9,0xF9,0xEC,0xD2,0x9D,0x19,0x0B,0x1E,0xEA,0x31,0x2B,0x51,0x4B,0x41,
+ 0x18,0x9C,0x27,0xB0,0xA4,0x08,0x76,0x92,0xE8,0xF4,0x42,0xE6,0xBF,0x11,0x0D,0xF8,
+ 0xF8,0xD2,0x17,0xB8,0x6A,0xAB,0xDA,0x0E,0x50,0xE3,0x93,0xC5,0xE9,0x89,0x7B,0x2B,
+ 0xD7,0xD1,0x69,0xD1,0x71,0x6D,0xE1,0x7F,0x70,0x0D,0x26,0xED,0x4D,0xC7,0x3A,0xBA,
+ 0xAC,0x74,0x39,0x18,0x15,0x8C,0x06,0x4C,0x8F,0xA1,0x27,0xA8,0x39,0x65,0xE1,0x08,
+ 0xDE,0x7E,0x1B,0xF9,0x59,0x27,0x0A,0xCC,0x7A,0xD8,0xD4,0x48,0x37,0x74,0x4E,0x58,
+ 0xAA,0x7B,0x5A,0xD3,0x67,0x15,0x4D,0x66,0xF7,0x86,0xE2,0x8F,0x9E,0xB5,0x19,0x73,
+ 0x5B,0x7E,0xA8,0x6F,0x3C,0xE2,0x9C,0x27,0xD2,0xCC,0x7C,0x2B,0xB9,0x50,0x6D,0xF0,
+ 0x12,0x14,0x47,0x07,0x8B,0xA6,0x7D,0x9F,0xD2,0xCE,0x16,0x77,0x97,0x63,0x37,0x0E,
+ 0xED,0x98,0x09,0xC5,0xF1,0x6A,0x45,0x89,0xCC,0x72,0xE5,0xD3,0xEB,0xEB,0x86,0x4E,
+ 0xE3,0x13,0x77,0x05,0x36,0xAC,0x1F,0x9D,0x9F,0xD7,0x0F,0x67,0xBE,0x0D,0xDC,0x40,
+ 0x2D,0xB8,0xBA,0xF5,0x21,0x0D,0xF4,0x9E,0x2C,0x18,0x58,0x0E,0xB1,0x95,0x08,0x8B,
+ 0xBC,0x5A,0x9D,0xFE,0x1D,0x45,0x57,0xD2,0x62,0x5B,0x91,0xB2,0x02,0x42,0xB8,0x17,
+ 0x7E,0x7D,0x18,0xAE,0x46,0xF4,0xA4,0x22,0xFC,0x91,0xEB,0xB8,0xBE,0x11,0x6C,0x08,
+ 0xC9,0x6B,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x04,0xBA,0x30,0x82,0x04,0xB6,0x30,
+ 0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,
+ 0x02,0x01,0x01,0x30,0x6F,0x06,0x03,0x55,0x1D,0x20,0x04,0x68,0x30,0x66,0x30,0x48,
+ 0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0xB1,0x3E,0x01,0x00,0x30,0x3B,0x30,0x39,0x06,
+ 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x2D,0x68,0x74,0x74,0x70,0x3A,
+ 0x2F,0x2F,0x63,0x79,0x62,0x65,0x72,0x74,0x72,0x75,0x73,0x74,0x2E,0x6F,0x6D,0x6E,
+ 0x69,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,
+ 0x74,0x6F,0x72,0x79,0x2E,0x63,0x66,0x6D,0x30,0x0C,0x06,0x0A,0x2B,0x06,0x01,0x04,
+ 0x01,0xFD,0x52,0x02,0x05,0x01,0x30,0x0C,0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0xFD,
+ 0x52,0x02,0x05,0x02,0x30,0x82,0x03,0x22,0x06,0x03,0x55,0x1D,0x1E,0x04,0x82,0x03,
+ 0x19,0x30,0x82,0x03,0x15,0xA0,0x82,0x03,0x03,0x30,0x0C,0x82,0x0A,0x62,0x65,0x63,
+ 0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x82,0x0B,0x2E,0x62,0x65,0x63,0x70,
+ 0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x0B,0x82,0x09,0x6D,0x79,0x70,0x73,0x6E,0x2E,
+ 0x63,0x6F,0x6D,0x30,0x0C,0x82,0x0A,0x2E,0x6D,0x79,0x70,0x73,0x6E,0x2E,0x63,0x6F,
+ 0x6D,0x30,0x0E,0x82,0x0C,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,
+ 0x6D,0x30,0x0F,0x82,0x0D,0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,
+ 0x6F,0x6D,0x30,0x0D,0x82,0x0B,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,
+ 0x6D,0x30,0x0E,0x82,0x0C,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,
+ 0x6D,0x30,0x0E,0x82,0x0C,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x61,0x73,0x69,
+ 0x61,0x30,0x0F,0x82,0x0D,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x61,0x73,
+ 0x69,0x61,0x30,0x0F,0x82,0x0D,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,
+ 0x2E,0x75,0x6B,0x30,0x10,0x82,0x0E,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,
+ 0x63,0x6F,0x2E,0x75,0x6B,0x30,0x10,0x82,0x0E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,
+ 0x2E,0x63,0x6F,0x6D,0x2E,0x61,0x75,0x30,0x11,0x82,0x0F,0x2E,0x62,0x65,0x63,0x68,
+ 0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2E,0x61,0x75,0x30,0x0D,0x82,0x0B,0x62,0x61,
+ 0x63,0x73,0x72,0x6D,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x82,0x0C,0x2E,0x62,0x61,
+ 0x63,0x73,0x72,0x6D,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x13,0x82,0x11,0x63,0x6E,0x73,
+ 0x74,0x72,0x61,0x6E,0x73,0x69,0x74,0x69,0x6F,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x14,
+ 0x82,0x12,0x2E,0x63,0x6E,0x73,0x74,0x72,0x61,0x6E,0x73,0x69,0x74,0x69,0x6F,0x6E,
+ 0x2E,0x63,0x6F,0x6D,0x30,0x11,0x82,0x0F,0x74,0x7A,0x62,0x70,0x61,0x72,0x74,0x6E,
+ 0x65,0x72,0x73,0x2E,0x63,0x6F,0x6D,0x30,0x12,0x82,0x10,0x2E,0x74,0x7A,0x62,0x70,
+ 0x61,0x72,0x74,0x6E,0x65,0x72,0x73,0x2E,0x63,0x6F,0x6D,0x30,0x13,0x82,0x11,0x63,
+ 0x74,0x69,0x2D,0x6D,0x6F,0x74,0x69,0x76,0x61,0x63,0x65,0x70,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x14,0x82,0x12,0x2E,0x63,0x74,0x69,0x2D,0x6D,0x6F,0x74,0x69,0x76,0x61,0x63,
+ 0x65,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x1C,0x82,0x1A,0x62,0x65,0x63,0x68,0x74,0x65,
+ 0x6C,0x74,0x72,0x61,0x6E,0x73,0x69,0x74,0x70,0x61,0x72,0x74,0x6E,0x65,0x72,0x73,
+ 0x2E,0x63,0x6F,0x6D,0x30,0x1D,0x82,0x1B,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,
+ 0x74,0x72,0x61,0x6E,0x73,0x69,0x74,0x70,0x61,0x72,0x74,0x6E,0x65,0x72,0x73,0x2E,
+ 0x63,0x6F,0x6D,0x30,0x62,0xA4,0x60,0x30,0x5E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,
+ 0x04,0x06,0x13,0x02,0x41,0x55,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x08,0x13,
+ 0x03,0x51,0x4C,0x44,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x42,
+ 0x72,0x69,0x73,0x62,0x61,0x6E,0x65,0x31,0x2E,0x30,0x2C,0x06,0x03,0x55,0x04,0x0A,
+ 0x13,0x25,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x41,0x75,0x73,0x74,0x72,0x61,
+ 0x6C,0x69,0x61,0x20,0x50,0x72,0x6F,0x70,0x72,0x69,0x65,0x74,0x61,0x72,0x79,0x20,
+ 0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,0x30,0x38,0xA4,0x36,0x30,0x34,0x31,0x0B,0x30,
+ 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x47,0x42,0x31,0x0F,0x30,0x0D,0x06,0x03,
+ 0x55,0x04,0x07,0x13,0x06,0x4C,0x6F,0x6E,0x64,0x6F,0x6E,0x31,0x14,0x30,0x12,0x06,
+ 0x03,0x55,0x04,0x0A,0x13,0x0B,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x4C,0x74,
+ 0x64,0x30,0x54,0xA4,0x52,0x30,0x50,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
+ 0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x13,0x02,0x43,
+ 0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x07,0x13,0x0D,0x53,0x61,0x6E,0x20,
+ 0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,
+ 0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,
+ 0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x30,0x0C,0x82,0x0A,0x62,0x65,0x63,0x68,0x74,
+ 0x65,0x6C,0x2E,0x63,0x6C,0x30,0x0D,0x82,0x0B,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,
+ 0x6C,0x2E,0x63,0x6C,0x30,0x0C,0x82,0x0A,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,
+ 0x61,0x65,0x30,0x0D,0x82,0x0B,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x61,
+ 0x65,0x30,0x0B,0x82,0x09,0x62,0x62,0x65,0x68,0x63,0x2E,0x63,0x6F,0x6D,0x30,0x0C,
+ 0x82,0x0A,0x2E,0x62,0x62,0x65,0x68,0x63,0x2E,0x63,0x6F,0x6D,0xA1,0x0C,0x30,0x0A,
+ 0x87,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x42,0x06,0x08,0x2B,0x06,
+ 0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x36,0x30,0x34,0x30,0x32,0x06,0x08,0x2B,0x06,
+ 0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x26,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,
+ 0x63,0x73,0x70,0x2E,0x6F,0x6D,0x6E,0x69,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x6F,0x6D,
+ 0x2F,0x62,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x72,0x6F,0x6F,0x74,0x30,0x0E,
+ 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x31,
+ 0x06,0x03,0x55,0x1D,0x25,0x04,0x2A,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,
+ 0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B,
+ 0x06,0x01,0x05,0x05,0x07,0x03,0x09,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,
+ 0x0E,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xE5,0x9D,
+ 0x59,0x30,0x82,0x47,0x58,0xCC,0xAC,0xFA,0x08,0x54,0x36,0x86,0x7B,0x3A,0xB5,0x04,
+ 0x4D,0xF0,0x30,0x42,0x06,0x03,0x55,0x1D,0x1F,0x04,0x3B,0x30,0x39,0x30,0x37,0xA0,
+ 0x35,0xA0,0x33,0x86,0x31,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x64,0x70,0x31,
+ 0x2E,0x70,0x75,0x62,0x6C,0x69,0x63,0x2D,0x74,0x72,0x75,0x73,0x74,0x2E,0x63,0x6F,
+ 0x6D,0x2F,0x43,0x52,0x4C,0x2F,0x4F,0x6D,0x6E,0x69,0x72,0x6F,0x6F,0x74,0x32,0x30,
+ 0x32,0x35,0x2E,0x63,0x72,0x6C,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,
+ 0x14,0x07,0x88,0x41,0xE1,0x68,0x1D,0x6B,0x15,0x64,0xEE,0x7C,0x4D,0xA1,0x8D,0xFA,
+ 0x67,0xC3,0x53,0x59,0x37,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,
+ 0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x4D,0x7E,0x6A,0x4C,0x46,0x5E,0x32,
+ 0x6E,0x8E,0x77,0x9E,0xD3,0x70,0x7F,0xE2,0x58,0x97,0xE2,0x10,0xB7,0x68,0xC8,0x8A,
+ 0xAC,0x89,0xD0,0x3A,0x9C,0x6F,0x64,0x3B,0xC8,0xC0,0xE5,0x3B,0x9F,0x2C,0xC1,0x0A,
+ 0x10,0x05,0x4C,0xEA,0x02,0xD1,0xEA,0x84,0xA1,0x2E,0x37,0x88,0xC6,0x26,0x9B,0x27,
+ 0xB4,0x71,0x7C,0xBE,0x78,0x81,0x54,0x1F,0xC3,0xEB,0xA3,0x21,0x1B,0x40,0x6A,0x7C,
+ 0x1D,0xDB,0xE7,0x71,0xD2,0xB3,0xB9,0x08,0x8A,0xA4,0x69,0xA4,0x93,0xB8,0xCC,0x97,
+ 0xA9,0xFC,0x11,0x09,0x81,0xEE,0x3E,0x95,0xBE,0xFD,0xC9,0xB0,0xD7,0x8C,0x06,0xBD,
+ 0xFD,0x1B,0xE1,0xA1,0xDA,0xF9,0xD0,0x08,0x81,0x19,0x64,0x30,0xCD,0x22,0xEE,0x51,
+ 0x09,0xD5,0xD9,0xF0,0x74,0x8A,0x53,0x70,0xA4,0xB4,0xB8,0x87,0x81,0xB8,0xC0,0x2A,
+ 0x5C,0xDE,0x4E,0x94,0xA9,0x05,0x86,0xD0,0x4B,0xC9,0x53,0xE9,0xD2,0x3D,0x43,0xB0,
+ 0xE8,0x30,0x4A,0xD9,0x0C,0x31,0x54,0x26,0x44,0xB9,0x3D,0x85,0x42,0xEB,0xA6,0xCD,
+ 0x39,0x7E,0xDD,0x88,0xA4,0x04,0xB5,0xB3,0x35,0x38,0x29,0xAD,0x89,0x4D,0x95,0x49,
+ 0x70,0x31,0xFF,0x9F,0x53,0xC0,0x1E,0x66,0x75,0xD5,0x1D,0x7B,0x37,0xB3,0x3D,0x87,
+ 0xEB,0xD7,0x55,0xEF,0x80,0xAD,0x3D,0xD4,0x02,0x2C,0x19,0x2F,0x5C,0x83,0x4A,0xC9,
+ 0xD3,0xF1,0x2B,0x92,0xB7,0x5A,0xBE,0x2B,0xAD,0x91,0x76,0xCC,0x6A,0xC5,0x8A,0xFE,
+ 0x55,0x49,0x72,0xFA,0x75,0x2C,0x9B,0xF6,0xD9,0xFF,0xAC,0xD0,0xCC,0x60,0xAB,0xA9,
+ 0x09,0x70,0x8A,0xCF,0xC3,0x11,0xCB,0x4F,0x50,
+};
+
+/* subject:/C=US/ST=CA/L=San Francisco/O=Bechtel Corporation/OU=Information Security/CN=IEXTCA-SSL.ibechtel.com */
+/* issuer :/C=US/O=Bechtel Corporation/OU=Information Security/CN=Bechtel External Policy CA 1 */
+/* X509v3 Subject Key Identifier: 76:BB:3A:B1:8F:D3:F9:E8:F2:65:60:C9:3B:9D:EE:BB:ED:46:76:EE */
+unsigned char _bechtel_int2a[1353]={
+ 0x30,0x82,0x05,0x45,0x30,0x82,0x04,0x2D,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x61,
+ 0x2D,0x7E,0x8B,0x00,0x04,0x00,0x00,0x00,0x24,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x71,0x31,0x0B,0x30,0x09,0x06,0x03,
+ 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,
+ 0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,
+ 0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D,0x30,0x1B,0x06,0x03,0x55,0x04,0x0B,0x13,0x14,
+ 0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x63,0x75,
+ 0x72,0x69,0x74,0x79,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x03,0x13,0x1C,0x42,
+ 0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,
+ 0x50,0x6F,0x6C,0x69,0x63,0x79,0x20,0x43,0x41,0x20,0x31,0x30,0x1E,0x17,0x0D,0x31,
+ 0x35,0x30,0x33,0x31,0x39,0x31,0x32,0x35,0x31,0x30,0x37,0x5A,0x17,0x0D,0x32,0x32,
+ 0x30,0x33,0x31,0x38,0x31,0x37,0x34,0x31,0x31,0x30,0x5A,0x30,0x81,0x91,0x31,0x0B,
+ 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,
+ 0x07,0x13,0x0D,0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,
+ 0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74,
+ 0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D,
+ 0x30,0x1B,0x06,0x03,0x55,0x04,0x0B,0x13,0x14,0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61,
+ 0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x31,0x20,0x30,
+ 0x1E,0x06,0x03,0x55,0x04,0x03,0x13,0x17,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53,
+ 0x53,0x4C,0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,
+ 0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,
+ 0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,
+ 0xCF,0x3E,0xCD,0xB4,0xFF,0xC3,0x66,0x2C,0x9E,0x83,0xB7,0x9A,0xD0,0xB7,0x59,0x3A,
+ 0x74,0xB4,0xCE,0x3C,0xF4,0x97,0x67,0x43,0xD1,0xCA,0xFE,0x90,0x7F,0x27,0x35,0x86,
+ 0x9D,0x70,0x4C,0x1A,0x3D,0xD1,0xFE,0xA1,0x98,0x75,0x1C,0x82,0xBF,0x67,0x5F,0xB2,
+ 0xE0,0xF8,0xA0,0x34,0x84,0x06,0x17,0x54,0x5B,0xA3,0x0D,0x3B,0x69,0x87,0x79,0xB3,
+ 0x4E,0xBE,0xCA,0x51,0x15,0xF5,0x1F,0x5D,0x22,0xAE,0x87,0xC9,0x2F,0xE3,0xB0,0x16,
+ 0xFA,0x84,0x90,0xB1,0xED,0xBD,0x71,0xD8,0xDA,0xD9,0xA4,0xCD,0xDF,0x66,0x54,0xB8,
+ 0x20,0xF8,0x5D,0x8C,0xA3,0xD5,0xC4,0xC3,0x68,0xFB,0x07,0xE6,0x5F,0x9F,0xC4,0x2E,
+ 0x26,0xA3,0x4E,0x53,0x8B,0xAB,0xE1,0x80,0x09,0xD1,0x29,0xC4,0x52,0xEA,0xD2,0xEA,
+ 0xF7,0x5D,0x24,0x5F,0x93,0x6D,0x2A,0x93,0x6B,0xF9,0x29,0x23,0x56,0x2D,0x3F,0x17,
+ 0x1B,0x5C,0xE8,0xA3,0xB4,0x8A,0xF1,0x86,0x06,0xF6,0xF6,0xB8,0x6A,0x34,0x6F,0x37,
+ 0x2C,0x4F,0x81,0x1C,0xDF,0x7D,0xD5,0x05,0x10,0xB3,0x93,0x7B,0x2B,0xD7,0xF2,0x9C,
+ 0xD9,0x2E,0xC0,0xB3,0x14,0x37,0x9E,0x79,0xEF,0x40,0x17,0x7A,0xF9,0x28,0x7C,0x6F,
+ 0x29,0x48,0xDE,0x22,0x8A,0xDB,0x57,0x5D,0x52,0xE8,0xC5,0x95,0xD8,0xC0,0x6A,0x63,
+ 0xFD,0x36,0x7A,0xE6,0xA6,0x76,0x2E,0x35,0x8B,0xD5,0x50,0xEB,0xC1,0xA7,0x74,0x3D,
+ 0x15,0x0E,0x7D,0xEA,0xA4,0xD6,0xA9,0xA1,0x73,0xE8,0xD0,0x91,0x0F,0x77,0x10,0x7F,
+ 0x33,0x8F,0x66,0x1F,0x6E,0x1B,0x41,0xF8,0xC1,0x58,0xA8,0x94,0x31,0x2C,0xEA,0x8F,
+ 0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0xBC,0x30,0x82,0x01,0xB8,0x30,0x0B,0x06,
+ 0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x12,0x06,0x09,0x2B,0x06,
+ 0x01,0x04,0x01,0x82,0x37,0x15,0x01,0x04,0x05,0x02,0x03,0x01,0x00,0x01,0x30,0x23,
+ 0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x02,0x04,0x16,0x04,0x14,0x3F,
+ 0xB2,0xF0,0xC3,0x5A,0xC6,0xBA,0xC1,0x34,0xFD,0xBD,0x81,0x03,0xFC,0x0B,0x0E,0x17,
+ 0xB1,0x66,0x73,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x76,0xBB,
+ 0x3A,0xB1,0x8F,0xD3,0xF9,0xE8,0xF2,0x65,0x60,0xC9,0x3B,0x9D,0xEE,0xBB,0xED,0x46,
+ 0x76,0xEE,0x30,0x25,0x06,0x03,0x55,0x1D,0x20,0x04,0x1E,0x30,0x1C,0x30,0x0C,0x06,
+ 0x0A,0x2B,0x06,0x01,0x04,0x01,0xFD,0x52,0x02,0x05,0x01,0x30,0x0C,0x06,0x0A,0x2B,
+ 0x06,0x01,0x04,0x01,0xFD,0x52,0x02,0x05,0x02,0x30,0x19,0x06,0x09,0x2B,0x06,0x01,
+ 0x04,0x01,0x82,0x37,0x14,0x02,0x04,0x0C,0x1E,0x0A,0x00,0x53,0x00,0x75,0x00,0x62,
+ 0x00,0x43,0x00,0x41,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,
+ 0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,
+ 0x18,0x30,0x16,0x80,0x14,0x07,0x88,0x41,0xE1,0x68,0x1D,0x6B,0x15,0x64,0xEE,0x7C,
+ 0x4D,0xA1,0x8D,0xFA,0x67,0xC3,0x53,0x59,0x37,0x30,0x61,0x06,0x03,0x55,0x1D,0x1F,
+ 0x04,0x5A,0x30,0x58,0x30,0x56,0xA0,0x54,0xA0,0x52,0x86,0x50,0x68,0x74,0x74,0x70,
+ 0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x61,0x75,0x74,0x68,0x2E,0x62,0x65,0x63,0x68,
+ 0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x65,0x72,0x74,0x44,0x61,0x74,0x61,
+ 0x2F,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,
+ 0x6E,0x61,0x6C,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43,
+ 0x41,0x25,0x32,0x30,0x31,0x28,0x34,0x29,0x2E,0x63,0x72,0x6C,0x30,0x77,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x6B,0x30,0x69,0x30,0x67,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x5B,0x68,0x74,0x74,0x70,0x3A,0x2F,
+ 0x2F,0x63,0x65,0x72,0x74,0x61,0x75,0x74,0x68,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,
+ 0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x65,0x72,0x74,0x44,0x61,0x74,0x61,0x2F,0x70,
+ 0x6F,0x6C,0x65,0x78,0x74,0x63,0x61,0x30,0x31,0x5F,0x42,0x65,0x63,0x68,0x74,0x65,
+ 0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x50,
+ 0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x31,0x28,0x34,
+ 0x29,0x2E,0x63,0x72,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,
+ 0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x38,0xC9,0xFE,0x7A,0xEF,0xF0,0xD8,
+ 0x24,0x69,0x11,0x68,0x81,0x31,0xEC,0x1C,0x8A,0x9C,0xD9,0x77,0xF6,0xFD,0xC7,0x2E,
+ 0xAC,0x46,0x6A,0xA8,0xB9,0xD7,0x7F,0xB2,0xC7,0x99,0x2D,0xDF,0xFD,0x8D,0x09,0x89,
+ 0x54,0x02,0xB4,0x4D,0xA2,0x8A,0x2B,0xC2,0x2F,0x3F,0xBB,0x8C,0x23,0x57,0xC6,0x06,
+ 0xC0,0x7E,0x2C,0x08,0xEB,0x6A,0x1B,0x04,0x3A,0x89,0xAC,0x20,0x44,0x97,0x85,0x79,
+ 0x59,0x72,0x8A,0xFF,0x9C,0x77,0x49,0x3E,0x3B,0xAF,0x75,0xA1,0x24,0xFC,0xD7,0x1C,
+ 0xAC,0xDE,0x95,0x7F,0x8E,0x50,0x7B,0xED,0x7B,0x6D,0x6C,0x28,0xB7,0x74,0x5F,0x15,
+ 0x5B,0x64,0x93,0x2E,0xD6,0x4F,0x05,0xFA,0x5A,0x32,0xD1,0x0C,0x7C,0x33,0x4A,0x99,
+ 0xAF,0xAB,0xC2,0x2A,0x0C,0x9A,0x76,0x54,0xBE,0xF9,0x6B,0xC7,0x65,0x44,0x7F,0xC8,
+ 0x73,0xE4,0xFB,0x94,0x9C,0x53,0xAF,0xD0,0x66,0xA9,0xF9,0x0D,0xD6,0x26,0x5A,0xBD,
+ 0x2E,0xE9,0xE2,0xFC,0x8C,0x9D,0x78,0x56,0xE8,0xBF,0x87,0xFE,0x3C,0x79,0x41,0x9B,
+ 0xA6,0xBB,0x90,0x92,0x53,0xCC,0x3C,0x84,0x5E,0x14,0x9D,0x3E,0x4F,0x4E,0x80,0x63,
+ 0x4F,0x11,0xFC,0xDF,0x86,0xE3,0x0B,0x03,0x4C,0x41,0x88,0x91,0xE5,0x51,0x0A,0x77,
+ 0x12,0x2F,0x9F,0x5B,0xC5,0x19,0x41,0x96,0xA7,0xA1,0x72,0x11,0x46,0x59,0x4C,0xCB,
+ 0xC7,0x2E,0xF8,0xD5,0x11,0xF8,0x6A,0xB1,0x3A,0x3E,0x37,0x2E,0xA2,0x93,0x75,0xF5,
+ 0x9B,0xE7,0xFA,0xAC,0xB1,0x9D,0xE2,0x76,0x6C,0x6F,0xDE,0x62,0xEE,0x9F,0x26,0x51,
+ 0x38,0x17,0xB2,0x39,0x85,0x14,0x42,0x3A,0x68,
+};
+
+/* subject:/C=US/ST=CA/L=San Francisco/O=Bechtel Corporation/OU=Information Security/CN=IEXTCA-SSL.ibechtel.com */
+/* issuer :/C=US/O=Bechtel Corporation/OU=Information Security/CN=Bechtel External Policy CA 1 */
+/* X509v3 Subject Key Identifier: D9:44:EB:2D:3C:C0:9F:CA:19:3E:3C:6E:23:A0:EF:96:27:9F:DB:42 */
+unsigned char _bechtel_int2b[2242]={
+ 0x30,0x82,0x08,0xBE,0x30,0x82,0x07,0xA6,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x61,
+ 0x12,0xEA,0x4E,0x00,0x04,0x00,0x00,0x00,0x25,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x71,0x31,0x0B,0x30,0x09,0x06,0x03,
+ 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,
+ 0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,
+ 0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D,0x30,0x1B,0x06,0x03,0x55,0x04,0x0B,0x13,0x14,
+ 0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x63,0x75,
+ 0x72,0x69,0x74,0x79,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x03,0x13,0x1C,0x42,
+ 0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,
+ 0x50,0x6F,0x6C,0x69,0x63,0x79,0x20,0x43,0x41,0x20,0x31,0x30,0x1E,0x17,0x0D,0x31,
+ 0x35,0x30,0x39,0x31,0x38,0x31,0x31,0x35,0x33,0x33,0x32,0x5A,0x17,0x0D,0x32,0x32,
+ 0x30,0x33,0x31,0x38,0x31,0x37,0x34,0x31,0x31,0x30,0x5A,0x30,0x81,0x91,0x31,0x0B,
+ 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,
+ 0x07,0x13,0x0D,0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,
+ 0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74,
+ 0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D,
+ 0x30,0x1B,0x06,0x03,0x55,0x04,0x0B,0x13,0x14,0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61,
+ 0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x31,0x20,0x30,
+ 0x1E,0x06,0x03,0x55,0x04,0x03,0x13,0x17,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53,
+ 0x53,0x4C,0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,
+ 0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,
+ 0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,
+ 0x9C,0x41,0x41,0x35,0x28,0x9E,0x70,0x93,0xC9,0xAB,0x3B,0x18,0x46,0x19,0xB6,0x98,
+ 0x4A,0xD8,0xEC,0xE8,0x2C,0x56,0xBC,0xFC,0xF3,0xE4,0xD2,0x62,0x41,0x00,0xC0,0x19,
+ 0x72,0x6B,0xE6,0xFD,0xE7,0x91,0x94,0x0B,0xAC,0x25,0x9B,0xC1,0x0A,0xBB,0x18,0x52,
+ 0x1A,0x60,0x09,0xA5,0x32,0x26,0x36,0xBA,0x1D,0x55,0xDA,0xD8,0xB9,0x81,0x2E,0xF9,
+ 0x9E,0x50,0x19,0xC1,0x3F,0xB3,0xE1,0x99,0xE9,0x9B,0xE7,0x19,0x6E,0x0D,0x50,0xA3,
+ 0x5B,0xEE,0xE1,0xFF,0x7B,0x79,0x61,0xD0,0xE9,0x8E,0xD8,0xF3,0x65,0x5F,0xF3,0xF6,
+ 0xFA,0x70,0xAB,0xF1,0x4A,0xE0,0x61,0x6E,0x54,0xDE,0x98,0xE4,0xD5,0x3E,0x57,0x4E,
+ 0x88,0x93,0x2D,0x65,0x10,0x7C,0x75,0x71,0x88,0x24,0xE7,0x7C,0x37,0x02,0x02,0x53,
+ 0x01,0x79,0x7A,0xB0,0xB2,0xA2,0xEE,0x4B,0xF0,0x2F,0xB2,0xBD,0x6A,0x04,0x30,0xF7,
+ 0x0C,0xD9,0x29,0xB3,0x88,0x49,0x96,0xD6,0xB1,0x3B,0xB5,0x52,0x20,0xE8,0xF4,0xBF,
+ 0xE0,0xF5,0x1D,0x40,0x1F,0xF1,0x86,0xCF,0x1D,0xEB,0xC7,0xFC,0xC1,0xDA,0x7C,0x5F,
+ 0xAB,0x5C,0xC1,0x59,0x95,0x87,0x72,0x1E,0x86,0x13,0x6D,0xE7,0xF5,0x57,0x28,0xDA,
+ 0x83,0xBA,0x53,0x13,0xF7,0x32,0xAC,0xDC,0x70,0xD7,0xC7,0xB8,0x48,0x5D,0x84,0x5E,
+ 0xC6,0x4F,0x6D,0x9B,0x3B,0x79,0xCE,0xE0,0x09,0xE5,0x95,0x15,0xA6,0x5B,0x3A,0xB2,
+ 0x50,0x22,0x39,0xFE,0x0E,0xB7,0x88,0x48,0xDD,0x4E,0x49,0x86,0x33,0xB3,0xAA,0xD2,
+ 0x55,0x4C,0x06,0x21,0x9B,0xF1,0xD4,0xA3,0x60,0x05,0x5E,0xF9,0xDA,0x7B,0xC7,0x8F,
+ 0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x05,0x35,0x30,0x82,0x05,0x31,0x30,0x0B,0x06,
+ 0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x12,0x06,0x09,0x2B,0x06,
+ 0x01,0x04,0x01,0x82,0x37,0x15,0x01,0x04,0x05,0x02,0x03,0x02,0x00,0x02,0x30,0x23,
+ 0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x02,0x04,0x16,0x04,0x14,0xAA,
+ 0xE3,0xDD,0x81,0x94,0xC5,0x93,0x65,0x65,0x2A,0x65,0xB4,0x7C,0x7B,0xC7,0x2E,0x97,
+ 0x95,0xA3,0xA0,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xD9,0x44,
+ 0xEB,0x2D,0x3C,0xC0,0x9F,0xCA,0x19,0x3E,0x3C,0x6E,0x23,0xA0,0xEF,0x96,0x27,0x9F,
+ 0xDB,0x42,0x30,0x25,0x06,0x03,0x55,0x1D,0x20,0x04,0x1E,0x30,0x1C,0x30,0x0C,0x06,
+ 0x0A,0x2B,0x06,0x01,0x04,0x01,0xFD,0x52,0x02,0x05,0x01,0x30,0x0C,0x06,0x0A,0x2B,
+ 0x06,0x01,0x04,0x01,0xFD,0x52,0x02,0x05,0x02,0x30,0x19,0x06,0x09,0x2B,0x06,0x01,
+ 0x04,0x01,0x82,0x37,0x14,0x02,0x04,0x0C,0x1E,0x0A,0x00,0x53,0x00,0x75,0x00,0x62,
+ 0x00,0x43,0x00,0x41,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,
+ 0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,
+ 0x18,0x30,0x16,0x80,0x14,0x07,0x88,0x41,0xE1,0x68,0x1D,0x6B,0x15,0x64,0xEE,0x7C,
+ 0x4D,0xA1,0x8D,0xFA,0x67,0xC3,0x53,0x59,0x37,0x30,0x61,0x06,0x03,0x55,0x1D,0x1F,
+ 0x04,0x5A,0x30,0x58,0x30,0x56,0xA0,0x54,0xA0,0x52,0x86,0x50,0x68,0x74,0x74,0x70,
+ 0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x61,0x75,0x74,0x68,0x2E,0x62,0x65,0x63,0x68,
+ 0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x65,0x72,0x74,0x44,0x61,0x74,0x61,
+ 0x2F,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,
+ 0x6E,0x61,0x6C,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43,
+ 0x41,0x25,0x32,0x30,0x31,0x28,0x34,0x29,0x2E,0x63,0x72,0x6C,0x30,0x77,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x6B,0x30,0x69,0x30,0x67,0x06,0x08,
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x5B,0x68,0x74,0x74,0x70,0x3A,0x2F,
+ 0x2F,0x63,0x65,0x72,0x74,0x61,0x75,0x74,0x68,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,
+ 0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x65,0x72,0x74,0x44,0x61,0x74,0x61,0x2F,0x70,
+ 0x6F,0x6C,0x65,0x78,0x74,0x63,0x61,0x30,0x31,0x5F,0x42,0x65,0x63,0x68,0x74,0x65,
+ 0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x50,
+ 0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x31,0x28,0x34,
+ 0x29,0x2E,0x63,0x72,0x74,0x30,0x82,0x03,0x42,0x06,0x03,0x55,0x1D,0x1E,0x04,0x82,
+ 0x03,0x39,0x30,0x82,0x03,0x35,0xA0,0x82,0x03,0x23,0x30,0x12,0xA0,0x10,0x06,0x0A,
+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,0xA0,0x02,0x0C,0x00,0x30,0x02,
+ 0x81,0x00,0x30,0x0C,0x82,0x0A,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x0D,0x82,0x0B,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x30,
+ 0x0B,0x82,0x09,0x6D,0x79,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x0C,0x82,0x0A,
+ 0x2E,0x6D,0x79,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x82,0x0C,0x69,0x62,
+ 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0F,0x82,0x0D,0x2E,0x69,
+ 0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x82,0x0B,0x62,
+ 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x82,0x0C,0x2E,0x62,
+ 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x82,0x0C,0x62,0x65,
+ 0x63,0x68,0x74,0x65,0x6C,0x2E,0x61,0x73,0x69,0x61,0x30,0x0F,0x82,0x0D,0x2E,0x62,
+ 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x61,0x73,0x69,0x61,0x30,0x0F,0x82,0x0D,0x62,
+ 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x2E,0x75,0x6B,0x30,0x10,0x82,0x0E,
+ 0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x2E,0x75,0x6B,0x30,0x10,
+ 0x82,0x0E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2E,0x61,0x75,
+ 0x30,0x11,0x82,0x0F,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,
+ 0x2E,0x61,0x75,0x30,0x0D,0x82,0x0B,0x62,0x61,0x63,0x73,0x72,0x6D,0x70,0x2E,0x63,
+ 0x6F,0x6D,0x30,0x0E,0x82,0x0C,0x2E,0x62,0x61,0x63,0x73,0x72,0x6D,0x70,0x2E,0x63,
+ 0x6F,0x6D,0x30,0x13,0x82,0x11,0x63,0x6E,0x73,0x74,0x72,0x61,0x6E,0x73,0x69,0x74,
+ 0x69,0x6F,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x2E,0x63,0x6E,0x73,0x74,
+ 0x72,0x61,0x6E,0x73,0x69,0x74,0x69,0x6F,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x11,0x82,
+ 0x0F,0x74,0x7A,0x62,0x70,0x61,0x72,0x74,0x6E,0x65,0x72,0x73,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x12,0x82,0x10,0x2E,0x74,0x7A,0x62,0x70,0x61,0x72,0x74,0x6E,0x65,0x72,0x73,
+ 0x2E,0x63,0x6F,0x6D,0x30,0x13,0x82,0x11,0x63,0x74,0x69,0x2D,0x6D,0x6F,0x74,0x69,
+ 0x76,0x61,0x63,0x65,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x2E,0x63,0x74,
+ 0x69,0x2D,0x6D,0x6F,0x74,0x69,0x76,0x61,0x63,0x65,0x70,0x2E,0x63,0x6F,0x6D,0x30,
+ 0x1C,0x82,0x1A,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x74,0x72,0x61,0x6E,0x73,0x69,
+ 0x74,0x70,0x61,0x72,0x74,0x6E,0x65,0x72,0x73,0x2E,0x63,0x6F,0x6D,0x30,0x1D,0x82,
+ 0x1B,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x74,0x72,0x61,0x6E,0x73,0x69,0x74,
+ 0x70,0x61,0x72,0x74,0x6E,0x65,0x72,0x73,0x2E,0x63,0x6F,0x6D,0x30,0x0C,0x82,0x0A,
+ 0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6C,0x30,0x0D,0x82,0x0B,0x2E,0x62,
+ 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6C,0x30,0x0C,0x82,0x0A,0x62,0x65,0x63,
+ 0x68,0x74,0x65,0x6C,0x2E,0x61,0x65,0x30,0x0D,0x82,0x0B,0x2E,0x62,0x65,0x63,0x68,
+ 0x74,0x65,0x6C,0x2E,0x61,0x65,0x30,0x0B,0x82,0x09,0x62,0x62,0x65,0x68,0x63,0x2E,
+ 0x63,0x6F,0x6D,0x30,0x0C,0x82,0x0A,0x2E,0x62,0x62,0x65,0x68,0x63,0x2E,0x63,0x6F,
+ 0x6D,0x30,0x62,0xA4,0x60,0x30,0x5E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,
+ 0x13,0x02,0x41,0x55,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x08,0x13,0x03,0x51,
+ 0x4C,0x44,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x42,0x72,0x69,
+ 0x73,0x62,0x61,0x6E,0x65,0x31,0x2E,0x30,0x2C,0x06,0x03,0x55,0x04,0x0A,0x13,0x25,
+ 0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x41,0x75,0x73,0x74,0x72,0x61,0x6C,0x69,
+ 0x61,0x20,0x50,0x72,0x6F,0x70,0x72,0x69,0x65,0x74,0x61,0x72,0x79,0x20,0x4C,0x69,
+ 0x6D,0x69,0x74,0x65,0x64,0x30,0x38,0xA4,0x36,0x30,0x34,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x06,0x13,0x02,0x47,0x42,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04,
+ 0x07,0x13,0x06,0x4C,0x6F,0x6E,0x64,0x6F,0x6E,0x31,0x14,0x30,0x12,0x06,0x03,0x55,
+ 0x04,0x0A,0x13,0x0B,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x4C,0x74,0x64,0x30,
+ 0x54,0xA4,0x52,0x30,0x50,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
+ 0x55,0x53,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,
+ 0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x07,0x13,0x0D,0x53,0x61,0x6E,0x20,0x46,0x72,
+ 0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,
+ 0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,
+ 0x61,0x74,0x69,0x6F,0x6E,0x30,0x02,0x86,0x00,0x30,0x02,0x87,0x00,0xA1,0x0C,0x30,
+ 0x0A,0x87,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x31,0x06,0x03,0x55,
+ 0x1D,0x25,0x04,0x2A,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,
+ 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x03,0x09,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0E,0x30,0x0D,
+ 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,
+ 0x01,0x00,0x85,0x1F,0x94,0xB5,0x4E,0x94,0x8F,0xD8,0xEE,0xC5,0x01,0x6A,0x8F,0x19,
+ 0x82,0x94,0x61,0x60,0x8D,0xB5,0xA7,0xD9,0xD5,0xDB,0xFA,0x33,0x3A,0x8C,0xEB,0xD0,
+ 0x2E,0x12,0x74,0x16,0x75,0x1A,0x0B,0x8A,0x15,0x27,0x9E,0x96,0x57,0x2C,0x3E,0x54,
+ 0xF9,0x97,0x4B,0xA1,0xC4,0xFB,0xE8,0x5F,0x2C,0x60,0x80,0xB8,0x1C,0x93,0xB4,0x26,
+ 0x74,0x4D,0x04,0xD9,0xD9,0xDF,0x7A,0xE8,0xA4,0xD4,0xE5,0xF6,0x56,0x99,0x03,0xA1,
+ 0x0C,0x2E,0x55,0xFE,0x01,0xA6,0xC7,0x71,0x25,0xC3,0x75,0x8F,0xFA,0x5D,0x6D,0x77,
+ 0xEC,0x68,0x6A,0xAB,0xFA,0x3E,0xCD,0xAD,0xEB,0xB6,0x68,0x94,0x13,0x22,0x0F,0xB0,
+ 0x22,0xFD,0x66,0xE8,0x79,0xAC,0xB3,0x05,0x30,0x57,0x36,0x6C,0x67,0x70,0x17,0x3F,
+ 0xA9,0xFA,0x4B,0x6F,0xCB,0x08,0xAC,0x81,0x67,0x77,0x41,0xF7,0x3B,0x29,0xA5,0x73,
+ 0xE4,0x3D,0xE4,0x0F,0xC5,0x08,0xB0,0xF9,0x02,0x3B,0x6C,0xCF,0xC9,0x49,0x60,0xAE,
+ 0xAA,0xD8,0xFD,0x51,0x4D,0x2A,0xBC,0x74,0xDC,0x56,0xC5,0xFD,0xAD,0xBF,0x97,0x8F,
+ 0x45,0x99,0x8A,0x2B,0x6C,0xA6,0x3C,0x9B,0xD7,0x87,0xC7,0xC7,0x2F,0x7E,0x0C,0x6E,
+ 0x86,0xC6,0x47,0x35,0x40,0x69,0xA7,0xA2,0x42,0x77,0x1F,0xDD,0x03,0xC8,0x7A,0x44,
+ 0xB8,0x9E,0x59,0xA8,0x1E,0x87,0x30,0xE0,0x7D,0xF7,0x24,0xE0,0xE0,0xD2,0x72,0x5B,
+ 0x87,0x01,0x60,0xF1,0x5B,0x84,0x1E,0xAE,0x1D,0xF6,0x2D,0x69,0x9D,0xC0,0xCE,0x3D,
+ 0x35,0x17,0xDF,0x88,0x65,0xAA,0x1E,0x99,0x3E,0x15,0x36,0xDF,0x44,0xE6,0x8F,0xF3,
+ 0xD6,0xF6,
+};
+
+/* subject:/C=US/ST=CA/L=San Francisco/O=Bechtel Corporation/OU=IS&T/CN=MSAN_supplier.bechtel.com */
+/* issuer :/C=US/ST=CA/L=San Francisco/O=Bechtel Corporation/OU=Information Security/CN=IEXTCA-SSL.ibechtel.com */
+/* X509v3 Authority Key Identifier: keyid:76:BB:3A:B1:8F:D3:F9:E8:F2:65:60:C9:3B:9D:EE:BB:ED:46:76:EE */
+unsigned char _bechtel_leaf_a[1441]={
+ 0x30,0x82,0x05,0x9D,0x30,0x82,0x04,0x85,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x3F,
+ 0xF2,0xCF,0x8E,0x00,0x01,0x00,0x00,0x10,0x1D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x81,0x91,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
+ 0x08,0x13,0x02,0x43,0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x07,0x13,0x0D,
+ 0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,0x31,0x1C,0x30,
+ 0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,
+ 0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D,0x30,0x1B,0x06,
+ 0x03,0x55,0x04,0x0B,0x13,0x14,0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61,0x74,0x69,0x6F,
+ 0x6E,0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x31,0x20,0x30,0x1E,0x06,0x03,
+ 0x55,0x04,0x03,0x13,0x17,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53,0x53,0x4C,0x2E,
+ 0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,0x0D,
+ 0x31,0x35,0x30,0x36,0x32,0x36,0x31,0x36,0x30,0x32,0x30,0x37,0x5A,0x17,0x0D,0x31,
+ 0x37,0x30,0x36,0x32,0x35,0x31,0x36,0x30,0x32,0x30,0x37,0x5A,0x30,0x81,0x83,0x31,
+ 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,
+ 0x06,0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,
+ 0x04,0x07,0x13,0x0D,0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,
+ 0x6F,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,
+ 0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,
+ 0x0D,0x30,0x0B,0x06,0x03,0x55,0x04,0x0B,0x0C,0x04,0x49,0x53,0x26,0x54,0x31,0x22,
+ 0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x0C,0x19,0x4D,0x53,0x41,0x4E,0x5F,0x73,0x75,
+ 0x70,0x70,0x6C,0x69,0x65,0x72,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,
+ 0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,
+ 0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,
+ 0x01,0x01,0x00,0xAC,0xD5,0x28,0xD6,0x28,0x35,0xB7,0x8D,0x51,0x00,0x02,0xB9,0xAE,
+ 0x0C,0x1E,0x7D,0xF7,0xA1,0xE3,0x4E,0xC9,0x22,0x8B,0xE5,0x06,0x9A,0x55,0x6E,0xFD,
+ 0xAA,0x48,0x84,0x68,0x26,0x53,0xE7,0xC7,0x86,0x5C,0x7F,0x93,0xAB,0xE7,0xA0,0x4A,
+ 0xF2,0x26,0x01,0x21,0x43,0xF0,0x2A,0x38,0x69,0x34,0x29,0x09,0xDC,0x5F,0x19,0x84,
+ 0x2E,0x92,0x1F,0xB8,0x25,0x53,0x4A,0xFE,0x38,0x4F,0x8F,0x1D,0x5D,0x8F,0x22,0xD2,
+ 0x2D,0xB6,0xDD,0x81,0x94,0xEE,0x88,0xEE,0x35,0xDA,0x91,0xFA,0x0B,0xA8,0x26,0x35,
+ 0x50,0x87,0x5C,0xA8,0x34,0xE2,0x90,0x58,0x5C,0x99,0x5F,0xA1,0x81,0x53,0x5D,0x2D,
+ 0x31,0x97,0x3D,0xA9,0xC5,0x96,0xCB,0x46,0xB9,0xC9,0xAE,0x08,0xB9,0xDC,0x23,0xAE,
+ 0xCB,0xB7,0x5A,0xB5,0x5F,0x89,0x59,0x36,0x16,0x48,0xFA,0x4A,0x69,0x73,0xA8,0x67,
+ 0x57,0xF1,0xE6,0xA1,0xAC,0x40,0xF2,0x14,0x7E,0xA2,0x29,0xAB,0x03,0x2E,0xC4,0x53,
+ 0xD9,0xF9,0x5A,0xEC,0x5A,0xED,0x3D,0x99,0x62,0x68,0xDD,0x41,0xAD,0x13,0x46,0x8E,
+ 0xDE,0xD9,0x8F,0xCA,0x81,0x7D,0x43,0xF7,0x01,0x8F,0x42,0x1A,0xFD,0x96,0x09,0x93,
+ 0x14,0xBD,0x77,0x6B,0x43,0xBF,0xA3,0x88,0x2C,0xCC,0xF0,0xDF,0x8A,0xBE,0x11,0xE8,
+ 0x15,0x10,0x0C,0x87,0x0B,0x23,0xE9,0x60,0xE7,0x61,0xE4,0x5F,0x01,0x7E,0x4E,0x70,
+ 0x53,0x9A,0x40,0x87,0x8D,0x2A,0x76,0x89,0xE2,0xE7,0x6F,0x08,0xA0,0x34,0xE6,0x20,
+ 0xB8,0x37,0xF5,0xD1,0x36,0x5F,0x13,0x9A,0x15,0x14,0xCA,0x20,0xF4,0x3E,0xD7,0x72,
+ 0x2F,0x64,0xA7,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0x01,0x30,0x82,0x01,0xFD,
+ 0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x3E,0x06,
+ 0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x07,0x04,0x31,0x30,0x2F,0x06,0x27,
+ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x08,0x81,0xA9,0xF0,0x78,0x83,0xE0,0xED,
+ 0x66,0x83,0xE9,0x87,0x15,0x85,0xC8,0xA3,0x18,0x86,0x94,0xF0,0x53,0x81,0x4C,0x82,
+ 0x9D,0xDA,0x36,0x84,0xC6,0xCC,0x1D,0x02,0x01,0x64,0x02,0x01,0x06,0x30,0x1D,0x06,
+ 0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xBF,0x53,0xDA,0xE9,0xE8,0x25,0xCC,0x30,
+ 0x48,0x2D,0x54,0xB9,0x9E,0xE7,0xC9,0x18,0xC5,0xE1,0x0C,0x4F,0x30,0x1F,0x06,0x03,
+ 0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x76,0xBB,0x3A,0xB1,0x8F,0xD3,0xF9,
+ 0xE8,0xF2,0x65,0x60,0xC9,0x3B,0x9D,0xEE,0xBB,0xED,0x46,0x76,0xEE,0x30,0x54,0x06,
+ 0x03,0x55,0x1D,0x1F,0x04,0x4D,0x30,0x4B,0x30,0x49,0xA0,0x47,0xA0,0x45,0x86,0x43,
+ 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x61,0x75,0x74,0x68,0x2E,
+ 0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x65,0x72,0x74,
+ 0x64,0x61,0x74,0x61,0x2F,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53,0x53,0x4C,0x2E,
+ 0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x28,0x31,0x29,0x2E,
+ 0x63,0x72,0x6C,0x30,0x77,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,
+ 0x6B,0x30,0x69,0x30,0x67,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,
+ 0x5B,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x61,0x75,0x74,0x68,
+ 0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x65,0x72,
+ 0x74,0x64,0x61,0x74,0x61,0x2F,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53,0x53,0x4C,
+ 0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x5F,0x49,0x45,
+ 0x58,0x54,0x43,0x41,0x2D,0x53,0x53,0x4C,0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,
+ 0x6C,0x2E,0x63,0x6F,0x6D,0x28,0x31,0x29,0x2E,0x63,0x72,0x74,0x30,0x13,0x06,0x03,
+ 0x55,0x1D,0x25,0x04,0x0C,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,
+ 0x01,0x30,0x1B,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x0A,0x04,0x0E,
+ 0x30,0x0C,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x6D,
+ 0x06,0x03,0x55,0x1D,0x11,0x04,0x66,0x30,0x64,0x82,0x14,0x73,0x75,0x70,0x70,0x6C,
+ 0x69,0x65,0x72,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x82,
+ 0x18,0x73,0x75,0x70,0x70,0x6C,0x69,0x65,0x72,0x32,0x30,0x31,0x32,0x2E,0x62,0x65,
+ 0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x16,0x63,0x6F,0x6E,0x74,0x72,
+ 0x61,0x63,0x74,0x6F,0x72,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,
+ 0x6D,0x82,0x1A,0x63,0x6F,0x6E,0x74,0x72,0x61,0x63,0x74,0x6F,0x72,0x32,0x30,0x31,
+ 0x32,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,
+ 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,
+ 0x00,0xC5,0x7E,0x87,0xF0,0x3E,0x7C,0x26,0xE6,0x75,0x2E,0xA3,0x25,0x5E,0x44,0xB0,
+ 0x1C,0xF7,0x91,0x58,0x7A,0x97,0xC5,0x05,0x39,0x08,0x5E,0x5E,0x39,0x7F,0x65,0x6A,
+ 0x69,0xA3,0x7B,0x13,0xF1,0x7B,0xD7,0x50,0x25,0xD9,0x65,0xC0,0x31,0x6F,0x25,0x2E,
+ 0xCB,0x69,0xB3,0x1B,0xFB,0x19,0xE9,0x22,0x78,0xF0,0x9A,0x61,0xC4,0x3C,0x52,0x92,
+ 0xCE,0xFB,0x12,0xBA,0x58,0x44,0xC9,0xFC,0x4B,0x31,0x49,0x10,0x38,0xC7,0x95,0x08,
+ 0x86,0x43,0xEE,0xCD,0xDB,0x94,0xC7,0xDA,0x98,0x0F,0x00,0x05,0xEB,0xE4,0x98,0x3F,
+ 0x91,0x7E,0x9B,0x13,0x63,0x63,0x0F,0xD4,0x17,0x4C,0xDD,0x2A,0x94,0xEA,0x41,0x15,
+ 0x26,0xFF,0xE4,0xC0,0x77,0x50,0x1D,0x96,0x13,0x4A,0xC8,0x3C,0xBC,0xD7,0x05,0x47,
+ 0x72,0xFD,0x8D,0xBB,0xF3,0x76,0x0E,0x47,0x36,0xA8,0x13,0x8A,0xB0,0xDB,0x7F,0xD3,
+ 0xD1,0x53,0x09,0xFC,0xBE,0x5E,0xE7,0xB0,0x04,0x08,0x6A,0xC6,0x20,0xCE,0xFA,0x92,
+ 0xFB,0xE1,0x0A,0xA2,0xDF,0x3A,0x1C,0x58,0x83,0x5B,0x51,0x80,0x0B,0x48,0x05,0x0D,
+ 0xA2,0x7B,0x10,0xF2,0xF1,0x47,0x51,0x84,0xBA,0x00,0x5F,0x28,0x1F,0xA0,0xC5,0xFA,
+ 0x12,0xC5,0x8A,0x87,0x03,0xD0,0xA7,0x04,0xC5,0x44,0x10,0x4C,0x59,0x05,0x5E,0x5B,
+ 0x4A,0x02,0x04,0xC1,0x07,0x16,0x2D,0xA7,0xF5,0xCB,0x32,0xDE,0x8E,0x7A,0x57,0x0E,
+ 0xE3,0x07,0x3B,0x59,0x92,0x0C,0x20,0x03,0xF0,0xFE,0xC5,0xDB,0xCC,0xCF,0x49,0x11,
+ 0x05,0x90,0xF4,0xC3,0xA8,0x96,0x9B,0xC0,0x38,0x53,0xE1,0x8C,0xCF,0x65,0xFC,0x27,
+ 0xBD,
+};
+
+/* subject:/C=US/ST=CA/L=San Francisco/O=Bechtel Corporation/OU=IS&T/CN=MSAN.becpsn.com */
+/* issuer :/C=US/ST=CA/L=San Francisco/O=Bechtel Corporation/OU=Information Security/CN=IEXTCA-SSL.ibechtel.com */
+/* X509v3 Authority Key Identifier: keyid:D9:44:EB:2D:3C:C0:9F:CA:19:3E:3C:6E:23:A0:EF:96:27:9F:DB:42 */
+unsigned char _bechtel_leaf_b[1684]={
+ 0x30,0x82,0x06,0x90,0x30,0x82,0x05,0x78,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x62,
+ 0xDD,0x4C,0x71,0x00,0x02,0x00,0x00,0x12,0xAA,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,
+ 0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x81,0x91,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,
+ 0x08,0x13,0x02,0x43,0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x07,0x13,0x0D,
+ 0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,0x31,0x1C,0x30,
+ 0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,
+ 0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D,0x30,0x1B,0x06,
+ 0x03,0x55,0x04,0x0B,0x13,0x14,0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61,0x74,0x69,0x6F,
+ 0x6E,0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x31,0x20,0x30,0x1E,0x06,0x03,
+ 0x55,0x04,0x03,0x13,0x17,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53,0x53,0x4C,0x2E,
+ 0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,0x0D,
+ 0x31,0x35,0x30,0x39,0x31,0x38,0x31,0x34,0x34,0x33,0x30,0x33,0x5A,0x17,0x0D,0x31,
+ 0x37,0x30,0x39,0x31,0x37,0x31,0x34,0x34,0x33,0x30,0x33,0x5A,0x30,0x79,0x31,0x0B,
+ 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,
+ 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,
+ 0x07,0x13,0x0D,0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,
+ 0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74,
+ 0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x0D,
+ 0x30,0x0B,0x06,0x03,0x55,0x04,0x0B,0x0C,0x04,0x49,0x53,0x26,0x54,0x31,0x18,0x30,
+ 0x16,0x06,0x03,0x55,0x04,0x03,0x13,0x0F,0x4D,0x53,0x41,0x4E,0x2E,0x62,0x65,0x63,
+ 0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,
+ 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,
+ 0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xD9,0xC9,0x8F,0x11,0x2C,0x09,0x56,0x3D,
+ 0x07,0x48,0x07,0xD1,0x81,0x86,0x12,0xC1,0xD5,0x1B,0xA0,0x88,0xE1,0x12,0xEA,0x95,
+ 0x29,0x2B,0xB4,0x20,0xBB,0xFB,0x6A,0xFE,0x8E,0x99,0xA8,0x5D,0xFE,0x5B,0xD9,0xE4,
+ 0x45,0x87,0xF5,0x26,0x96,0x67,0xC6,0x3A,0xA0,0x40,0xFE,0x63,0x02,0x06,0x29,0xAE,
+ 0x5D,0xDF,0xC7,0xFE,0xFD,0x92,0x88,0x42,0x93,0xCB,0x34,0xC9,0x77,0xC6,0x2D,0xE5,
+ 0xB3,0x6F,0x30,0x66,0xF9,0x5C,0xC3,0xD3,0x5E,0x9E,0x47,0x07,0xE5,0x21,0x20,0xF2,
+ 0xAD,0x97,0x12,0x1D,0xA4,0xA4,0xC7,0xDC,0x7C,0xE8,0xE0,0xBC,0x86,0xE0,0xBD,0x14,
+ 0x11,0x9B,0x62,0x7B,0xC4,0x56,0x99,0x74,0x1F,0xFE,0x15,0x54,0xB4,0x28,0x0F,0x8E,
+ 0x06,0x13,0xA5,0xDE,0xB3,0xAB,0x76,0x9C,0xEA,0x49,0x66,0x39,0x64,0x0D,0x7A,0x4C,
+ 0xB0,0x07,0x5E,0x5F,0x41,0x2E,0x83,0xE1,0x3C,0xD4,0x29,0x1F,0x14,0x81,0xB9,0x03,
+ 0xD5,0xC3,0xC8,0xB9,0xB0,0xF2,0x0C,0x63,0x3B,0x45,0x50,0xB9,0x7A,0x3B,0x75,0xE8,
+ 0x85,0x23,0x06,0xB9,0x5E,0x38,0x98,0x52,0x97,0x09,0x70,0xB6,0x64,0x13,0x8E,0x54,
+ 0x4E,0xB2,0x5B,0x9F,0xCE,0xC3,0x96,0x4E,0x6B,0x23,0xDC,0x5F,0xB4,0x90,0x00,0xE2,
+ 0xFB,0x73,0x87,0xE1,0x00,0x4E,0x61,0x38,0x89,0xE4,0x8B,0xBE,0xEF,0x04,0x26,0xD2,
+ 0x02,0x5A,0xD3,0x3E,0x73,0xE5,0xBF,0x55,0xA1,0x12,0x89,0xA0,0x66,0x7D,0x7D,0xBD,
+ 0xB3,0xDE,0x14,0xCE,0x08,0x1A,0xC0,0x4E,0xC3,0x26,0xBE,0x51,0x78,0x15,0xD4,0xE2,
+ 0xC8,0x3D,0x4F,0x82,0xBD,0xDB,0x19,0xE3,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,
+ 0xFF,0x30,0x82,0x02,0xFB,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,
+ 0x05,0xA0,0x30,0x3E,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x07,0x04,
+ 0x31,0x30,0x2F,0x06,0x27,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x08,0x81,0xA9,
+ 0xF0,0x78,0x83,0xE0,0xED,0x66,0x83,0xE9,0x87,0x15,0x85,0xC8,0xA3,0x18,0x86,0x94,
+ 0xF0,0x53,0x81,0x4C,0x82,0x9D,0xDA,0x36,0x84,0xC6,0xCC,0x1D,0x02,0x01,0x64,0x02,
+ 0x01,0x06,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x8D,0x17,0xB9,
+ 0x2B,0xED,0x8E,0x93,0x41,0xF8,0xD9,0xC9,0xC4,0x38,0x9E,0x9D,0xB0,0x04,0x72,0xF2,
+ 0xF8,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xD9,0x44,
+ 0xEB,0x2D,0x3C,0xC0,0x9F,0xCA,0x19,0x3E,0x3C,0x6E,0x23,0xA0,0xEF,0x96,0x27,0x9F,
+ 0xDB,0x42,0x30,0x54,0x06,0x03,0x55,0x1D,0x1F,0x04,0x4D,0x30,0x4B,0x30,0x49,0xA0,
+ 0x47,0xA0,0x45,0x86,0x43,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,
+ 0x61,0x75,0x74,0x68,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,
+ 0x2F,0x63,0x65,0x72,0x74,0x64,0x61,0x74,0x61,0x2F,0x49,0x45,0x58,0x54,0x43,0x41,
+ 0x2D,0x53,0x53,0x4C,0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,
+ 0x6D,0x28,0x32,0x29,0x2E,0x63,0x72,0x6C,0x30,0x77,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x01,0x01,0x04,0x6B,0x30,0x69,0x30,0x67,0x06,0x08,0x2B,0x06,0x01,0x05,
+ 0x05,0x07,0x30,0x02,0x86,0x5B,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,
+ 0x74,0x61,0x75,0x74,0x68,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,
+ 0x6D,0x2F,0x63,0x65,0x72,0x74,0x64,0x61,0x74,0x61,0x2F,0x49,0x45,0x58,0x54,0x43,
+ 0x41,0x2D,0x53,0x53,0x4C,0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,
+ 0x6F,0x6D,0x5F,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53,0x53,0x4C,0x2E,0x69,0x62,
+ 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x28,0x32,0x29,0x2E,0x63,0x72,
+ 0x74,0x30,0x13,0x06,0x03,0x55,0x1D,0x25,0x04,0x0C,0x30,0x0A,0x06,0x08,0x2B,0x06,
+ 0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x1B,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,
+ 0x37,0x15,0x0A,0x04,0x0E,0x30,0x0C,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,
+ 0x07,0x03,0x01,0x30,0x82,0x01,0x69,0x06,0x03,0x55,0x1D,0x11,0x04,0x82,0x01,0x60,
+ 0x30,0x82,0x01,0x5C,0x82,0x19,0x2A,0x2E,0x61,0x70,0x61,0x63,0x2E,0x73,0x74,0x61,
+ 0x67,0x69,0x6E,0x67,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,
+ 0x14,0x2A,0x2E,0x61,0x70,0x61,0x63,0x2E,0x71,0x61,0x2E,0x62,0x65,0x63,0x70,0x73,
+ 0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x15,0x2A,0x2E,0x61,0x70,0x61,0x63,0x2E,0x64,0x65,
+ 0x76,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x11,0x2A,0x2E,
+ 0x61,0x70,0x61,0x63,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,
+ 0x19,0x2A,0x2E,0x65,0x61,0x6D,0x73,0x2E,0x73,0x74,0x61,0x67,0x69,0x6E,0x67,0x2E,
+ 0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x14,0x2A,0x2E,0x65,0x61,
+ 0x6D,0x73,0x2E,0x71,0x61,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,
+ 0x82,0x15,0x2A,0x2E,0x65,0x61,0x6D,0x73,0x2E,0x64,0x65,0x76,0x2E,0x62,0x65,0x63,
+ 0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x11,0x2A,0x2E,0x65,0x61,0x6D,0x73,0x2E,
+ 0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x1A,0x2A,0x2E,0x61,0x6D,
+ 0x65,0x72,0x73,0x2E,0x73,0x74,0x61,0x67,0x69,0x6E,0x67,0x2E,0x62,0x65,0x63,0x70,
+ 0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x15,0x2A,0x2E,0x61,0x6D,0x65,0x72,0x73,0x2E,
+ 0x71,0x61,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x16,0x2A,
+ 0x2E,0x61,0x6D,0x65,0x72,0x73,0x2E,0x64,0x65,0x76,0x2E,0x62,0x65,0x63,0x70,0x73,
+ 0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x12,0x2A,0x2E,0x61,0x6D,0x65,0x72,0x73,0x2E,0x62,
+ 0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x14,0x2A,0x2E,0x73,0x74,0x61,
+ 0x67,0x69,0x6E,0x67,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,
+ 0x0F,0x2A,0x2E,0x71,0x61,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,
+ 0x82,0x10,0x2A,0x2E,0x64,0x65,0x76,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,
+ 0x6F,0x6D,0x82,0x0C,0x2A,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,
+ 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,
+ 0x82,0x01,0x01,0x00,0x24,0xAF,0x6F,0x43,0x26,0x70,0x05,0x1C,0x0D,0x3E,0x1C,0xFE,
+ 0x42,0x65,0x9B,0x8C,0xF0,0xCD,0x31,0x89,0x2F,0x55,0xAE,0xB4,0xA9,0x0E,0x94,0xA2,
+ 0x8D,0x32,0x38,0x65,0xC8,0xE3,0x32,0x30,0x47,0xAE,0x05,0x1C,0xB0,0xDC,0x2B,0x47,
+ 0xB0,0x4E,0x56,0x8E,0x01,0x93,0xAC,0x47,0xAC,0x1C,0x2D,0xF5,0x8A,0xBE,0x35,0x15,
+ 0x66,0xE8,0x45,0xFC,0x06,0xBD,0x98,0xA3,0x59,0x06,0x0B,0x20,0x8B,0x6C,0xF5,0xAA,
+ 0x08,0x79,0x16,0x9B,0x0A,0x08,0xE1,0x9E,0xEB,0x98,0xF7,0x82,0x4B,0x54,0x03,0xF5,
+ 0x22,0x60,0xF3,0x8E,0x3A,0xCB,0x1D,0x62,0x7A,0x65,0xA9,0x35,0xDF,0xCF,0x3F,0x2B,
+ 0x5B,0x0F,0x96,0x8B,0x70,0xAF,0xBF,0x9E,0x23,0x5F,0x1E,0x60,0x64,0x26,0x22,0xBE,
+ 0xC6,0xED,0x5E,0xA0,0x37,0xDD,0xDB,0xDF,0x23,0x3E,0xC9,0x4D,0xC8,0x4A,0x23,0xBB,
+ 0x5B,0x87,0x7E,0x65,0xD5,0x32,0x9A,0x5C,0xA6,0xCA,0x1A,0x7B,0xDF,0x08,0x65,0xD8,
+ 0x13,0xC6,0x9B,0x7E,0xA7,0x5E,0xCC,0x21,0x38,0x6A,0x3B,0xAE,0x6F,0xE7,0x73,0x74,
+ 0x56,0x18,0xB2,0xD6,0x39,0xA0,0xDD,0xAE,0x1E,0x8D,0x2D,0xE9,0xB2,0x54,0x45,0x71,
+ 0x8C,0xCC,0xD4,0xED,0x8C,0xCE,0x3D,0x4D,0xD8,0xCD,0x68,0x25,0x8D,0x0E,0xCE,0xD2,
+ 0x58,0x18,0x8A,0x1B,0x80,0xB9,0xA7,0xC8,0xFE,0x99,0x9A,0xDF,0x03,0xA7,0x6B,0x23,
+ 0x1D,0xBF,0xB8,0xF6,0x45,0x33,0x44,0xD1,0x9E,0xC5,0xBE,0x76,0xA4,0xFF,0xD3,0xE1,
+ 0x83,0x65,0x56,0x31,0x6D,0x3C,0xAA,0xC6,0xAB,0x55,0xD3,0x4E,0x94,0x60,0x3F,0xAE,
+ 0x5D,0x0C,0x18,0xED,
+};
--- /dev/null
+/*
+ * Copyright (c) 2015 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+#include <CoreFoundation/CoreFoundation.h>
+#include <Security/Security.h>
+#include <Security/SecCertificatePriv.h>
+#include <Security/SecPolicyPriv.h>
+
+#include "utilities/SecCFRelease.h"
+#include "utilities/SecCFWrappers.h"
+
+#include "Security_regressions.h"
+
+
+#include "si-88-sectrust-vpnprofile.h"
+
+static void tests(void)
+{
+ SecTrustRef trust = NULL;
+ SecPolicyRef policy = NULL;
+ SecCertificateRef cert0, cert1, cert2, cert3, rootcert;
+ SecTrustResultType trustResult;
+
+ //Evaluation should succeed for cert0 and cert1
+
+ isnt(cert0 = SecCertificateCreateWithBytes(NULL, c0, sizeof(c0)), NULL, "create cert0");
+ isnt(cert1 = SecCertificateCreateWithBytes(NULL, c1, sizeof(c1)), NULL, "create cert1");
+ isnt(rootcert = SecCertificateCreateWithBytes(NULL, root, sizeof(root)), NULL, "create root cert");
+
+ const void *v_certs[] = { cert0, cert1 };
+ CFArrayRef certs = CFArrayCreate(NULL, v_certs, sizeof(v_certs)/sizeof(*v_certs), &kCFTypeArrayCallBacks);
+ CFArrayRef anchor_certs = CFArrayCreate(NULL, (const void**)&rootcert, 1, &kCFTypeArrayCallBacks);
+
+ /* Create AppleTV VPN profile signing policy instance. */
+ isnt(policy = SecPolicyCreateAppleATVVPNProfileSigning(), NULL, "create policy");
+
+ /* Create trust reference. */
+ ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
+
+ ok_status(SecTrustSetAnchorCertificates(trust, anchor_certs), "set anchor");
+
+ ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
+ is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified");
+ is(SecTrustGetCertificateCount(trust), 3, "cert count is 3");
+
+
+ CFReleaseSafe(trust);
+ CFReleaseSafe(policy);
+ CFReleaseSafe(certs);
+ CFReleaseSafe(cert1);
+ CFReleaseSafe(cert0);
+
+ //Evaluation should fail for cert2 and cert3 (wrong OID, not Apple anchor)
+
+ isnt(cert2 = SecCertificateCreateWithBytes(NULL, c2, sizeof(c2)), NULL, "create cert2");
+ isnt(cert3 = SecCertificateCreateWithBytes(NULL, c3, sizeof(c3)), NULL, "create cert3");
+
+ const void *v_certs2[] = { cert2, cert3 };
+ certs = CFArrayCreate(NULL, v_certs2, sizeof(v_certs2)/sizeof(*v_certs2), &kCFTypeArrayCallBacks);
+
+ isnt(policy = SecPolicyCreateAppleATVVPNProfileSigning(), NULL, "create policy");
+ ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust");
+
+ ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust");
+ is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trustResult is kSecTrustResultRecoverableTrustFailure");
+
+ CFReleaseSafe(trust);
+ CFReleaseSafe(policy);
+ CFReleaseSafe(certs);
+ CFReleaseSafe(cert3);
+ CFReleaseSafe(cert2);
+}
+
+
+
+int si_88_sectrust_vpnprofile(int argc, char *const *argv);
+
+int si_88_sectrust_vpnprofile(int argc, char *const *argv)
+{
+ plan_tests(15);
+
+ tests();
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+#ifndef si_88_sectrust_vpnprofile_h
+#define si_88_sectrust_vpnprofile_h
+
+#include <stdio.h>
+
+
+/*
+ * Subject: CN=Apple TV OS VPN Profile Signing, OU=IS&T, O=Apple Inc., C=US
+ * Issuer: CN=Test Apple System Integration 2 Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US
+ */
+
+static unsigned char c0[] = {
+ 0x30,0x82,0x04,0x20,0x30,0x82,0x03,0x08,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x33,
+ 0xb5,0x72,0x55,0xd4,0x16,0x04,0x76,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
+ 0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,0x81,0x8c,0x31,0x40,0x30,0x3e,0x06,0x03,0x55,
+ 0x04,0x03,0x0c,0x37,0x54,0x65,0x73,0x74,0x20,0x41,0x70,0x70,0x6c,0x65,0x20,0x53,
+ 0x79,0x73,0x74,0x65,0x6d,0x20,0x49,0x6e,0x74,0x65,0x67,0x72,0x61,0x74,0x69,0x6f,
+ 0x6e,0x20,0x32,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,
+ 0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x26,0x30,0x24,0x06,
+ 0x03,0x55,0x04,0x0b,0x0c,0x1d,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x65,0x72,0x74,
+ 0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,
+ 0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,
+ 0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,
+ 0x06,0x13,0x02,0x55,0x53,0x30,0x1e,0x17,0x0d,0x31,0x35,0x31,0x30,0x30,0x38,0x30,
+ 0x38,0x33,0x37,0x33,0x35,0x5a,0x17,0x0d,0x31,0x37,0x31,0x31,0x30,0x36,0x30,0x38,
+ 0x33,0x37,0x33,0x35,0x5a,0x30,0x5b,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x03,
+ 0x0c,0x1f,0x41,0x70,0x70,0x6c,0x65,0x20,0x54,0x56,0x20,0x4f,0x53,0x20,0x56,0x50,
+ 0x4e,0x20,0x50,0x72,0x6f,0x66,0x69,0x6c,0x65,0x20,0x53,0x69,0x67,0x6e,0x69,0x6e,
+ 0x67,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0b,0x0c,0x04,0x49,0x53,0x26,0x54,
+ 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70,0x6c,0x65,
+ 0x20,0x49,0x6e,0x63,0x2e,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,
+ 0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,
+ 0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,
+ 0x01,0x01,0x00,0xdb,0x85,0xf8,0x04,0xc4,0xaf,0x59,0x41,0x4e,0xd5,0xd5,0xe8,0x25,
+ 0x32,0x6f,0x58,0x52,0x53,0x7f,0xca,0xe0,0x27,0xab,0x50,0xb0,0x17,0xd9,0x51,0x46,
+ 0xa1,0x5d,0xf6,0xb8,0xbb,0x20,0xb7,0xab,0x68,0x0c,0x75,0xc0,0x4a,0x67,0x9f,0x1e,
+ 0xd9,0x52,0x3a,0xa5,0x37,0x72,0xb6,0x45,0x2a,0x43,0x3b,0xe9,0x6d,0xd7,0xca,0x9b,
+ 0x59,0xc5,0xdd,0xe5,0x81,0xef,0xf4,0x11,0xe1,0xc5,0x76,0x05,0xe5,0xc3,0xf2,0x60,
+ 0x3b,0x3d,0xff,0x9e,0x5f,0x99,0x72,0x9f,0x73,0x90,0x6f,0x43,0x5b,0xe6,0x07,0xae,
+ 0xb2,0x60,0x18,0x35,0x69,0x2c,0xb5,0x2c,0x94,0xe6,0xb9,0x89,0x43,0xce,0x98,0x6d,
+ 0xa3,0x4e,0x01,0xbc,0x75,0x48,0x85,0xcf,0xff,0x78,0x84,0x45,0xf3,0x5a,0xa6,0x34,
+ 0x0e,0x05,0xc1,0x1c,0xb8,0xc9,0x96,0x6c,0xf4,0x47,0x07,0xb5,0xc0,0xe1,0x2d,0x5c,
+ 0x80,0x44,0x8f,0x9e,0x6a,0xf7,0x6d,0x11,0xd8,0x8c,0x47,0x82,0x02,0xec,0x3b,0x15,
+ 0x73,0x28,0x8e,0xdb,0x4f,0xaa,0x66,0x37,0x23,0x9f,0xf6,0x60,0x91,0xd2,0x74,0x30,
+ 0xa5,0x7c,0xd1,0x6a,0x29,0x69,0x72,0xcb,0xc8,0x54,0x1e,0x65,0x45,0x88,0xfc,0xae,
+ 0xb1,0x77,0x93,0x41,0xe4,0xff,0xf4,0x2c,0xae,0xfd,0x77,0x24,0x26,0x7e,0x35,0x95,
+ 0xa0,0x83,0x72,0x8d,0x3a,0x7e,0x45,0x1e,0xbc,0x9b,0x60,0x31,0x4d,0x26,0x8f,0x28,
+ 0xfe,0xd9,0x47,0x15,0xe4,0x90,0x21,0x4f,0xc3,0x09,0xa4,0x64,0x72,0x4b,0xfa,0x5b,
+ 0xf4,0xf8,0x41,0x6d,0x75,0x8b,0x3f,0xec,0xc5,0x8e,0xf5,0x3b,0x82,0x66,0xb3,0xee,
+ 0x57,0x96,0xb9,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xb5,0x30,0x81,0xb2,0x30,0x41,
+ 0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x35,0x30,0x33,0x30,0x31,
+ 0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x25,0x68,0x74,0x74,0x70,
+ 0x3a,0x2f,0x2f,0x6f,0x63,0x73,0x70,0x2e,0x61,0x70,0x70,0x6c,0x65,0x2e,0x63,0x6f,
+ 0x6d,0x2f,0x6f,0x63,0x73,0x70,0x30,0x34,0x2d,0x61,0x73,0x69,0x32,0x63,0x61,0x30,
+ 0x31,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x71,0xb8,0xd1,0xe1,
+ 0x65,0xc1,0x45,0xa6,0xd1,0x68,0x50,0x68,0x20,0x78,0x8c,0x90,0xff,0x53,0x5f,0x5f,
+ 0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,0x1f,
+ 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xfd,0x1a,0x95,0xb8,0x3f,
+ 0x63,0x8a,0x39,0xa1,0x32,0x9e,0xae,0x33,0xa5,0x79,0xd3,0x5e,0xa1,0xb3,0xd4,0x30,
+ 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x07,0x80,0x30,
+ 0x0f,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x63,0x64,0x06,0x2b,0x04,0x02,0x05,0x00,
+ 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,
+ 0x82,0x01,0x01,0x00,0x70,0xb2,0xd9,0xf4,0x23,0xfc,0x51,0x3e,0x2f,0xf6,0x24,0xbb,
+ 0x2a,0x0b,0xa6,0x61,0xa8,0xb5,0x73,0x57,0x0f,0x9c,0xa0,0x23,0xe4,0x6d,0x0a,0xef,
+ 0xa1,0x6c,0x2b,0xa7,0x62,0x0c,0xca,0x0e,0x7a,0x28,0xcd,0xe3,0xe4,0xc5,0x05,0x61,
+ 0x27,0x59,0xf8,0xde,0xf5,0xf1,0x6a,0x97,0xc8,0x7c,0x53,0x0f,0x9c,0x05,0xda,0x59,
+ 0xce,0x43,0x9b,0x5e,0x8c,0xbd,0xe2,0xa8,0xcf,0x36,0xe3,0xfd,0x8d,0x4d,0x71,0x6d,
+ 0x08,0xb6,0xef,0x0d,0x77,0x90,0x24,0xd2,0x84,0x14,0xfd,0x13,0x59,0x49,0x7c,0xd7,
+ 0xa8,0xbc,0x75,0x03,0xda,0x7d,0xa6,0xb2,0x9e,0x61,0x8d,0x56,0xba,0x09,0x38,0x7c,
+ 0x69,0x92,0xf4,0x23,0x0a,0x78,0xce,0xd6,0xe5,0x90,0xb7,0xa7,0x07,0xb0,0x29,0xd2,
+ 0x03,0x36,0xa3,0x38,0x08,0xf7,0x9d,0xe6,0x3c,0x60,0x38,0x3f,0x81,0x4d,0x9b,0xb8,
+ 0x7d,0xe4,0xe2,0x97,0x70,0x62,0xed,0x00,0xa2,0x7e,0xed,0xd4,0x81,0xcc,0xc4,0x5d,
+ 0x99,0x23,0xb1,0x27,0x1b,0xb7,0xf6,0x74,0x0a,0xca,0x4d,0x6a,0x47,0x57,0xe2,0x7d,
+ 0xdb,0xb6,0xd8,0xb3,0xc6,0xc7,0xb4,0xbc,0x92,0xc9,0x09,0x2f,0xb9,0x00,0x3e,0x7e,
+ 0x2d,0x01,0xd7,0x79,0x69,0xdb,0x21,0xf2,0x03,0x44,0xf4,0xa0,0xb8,0x78,0x82,0x5b,
+ 0x29,0xd7,0x95,0x1c,0xcb,0x2a,0x10,0xf3,0xf5,0x78,0x82,0x73,0x10,0xc4,0x14,0x7b,
+ 0x7b,0x3d,0xca,0xa0,0xb6,0x35,0x89,0x8b,0x6b,0x54,0x97,0x7b,0xcc,0x64,0x39,0xa2,
+ 0xec,0x46,0xdb,0x47,0x6c,0x18,0x98,0x4b,0xda,0x00,0x7a,0x6b,0xf1,0xcf,0x09,0x1b,
+ 0x71,0xe6,0x4d,0x61};
+
+/*
+ * Subject: CN=Test Apple System Integration 2 Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US
+ * Issuer: C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Test Apple Root CA
+ */
+static unsigned char c1[] = {
+ 0x30,0x82,0x04,0x2a,0x30,0x82,0x03,0x12,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x4b,
+ 0x50,0x1c,0xd1,0xe0,0xd2,0x2a,0xd7,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,
+ 0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,0x67,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,
+ 0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,
+ 0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x26,0x30,0x24,0x06,0x03,
+ 0x55,0x04,0x0b,0x0c,0x1d,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69,
+ 0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,
+ 0x74,0x79,0x31,0x1b,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x0c,0x12,0x54,0x65,0x73,
+ 0x74,0x20,0x41,0x70,0x70,0x6c,0x65,0x20,0x52,0x6f,0x6f,0x74,0x20,0x43,0x41,0x30,
+ 0x1e,0x17,0x0d,0x31,0x35,0x30,0x36,0x30,0x39,0x30,0x31,0x31,0x31,0x32,0x34,0x5a,
+ 0x17,0x0d,0x32,0x37,0x30,0x39,0x31,0x33,0x32,0x32,0x33,0x35,0x33,0x37,0x5a,0x30,
+ 0x81,0x8c,0x31,0x40,0x30,0x3e,0x06,0x03,0x55,0x04,0x03,0x0c,0x37,0x54,0x65,0x73,
+ 0x74,0x20,0x41,0x70,0x70,0x6c,0x65,0x20,0x53,0x79,0x73,0x74,0x65,0x6d,0x20,0x49,
+ 0x6e,0x74,0x65,0x67,0x72,0x61,0x74,0x69,0x6f,0x6e,0x20,0x32,0x20,0x43,0x65,0x72,
+ 0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,
+ 0x72,0x69,0x74,0x79,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0b,0x0c,0x1d,0x41,
+ 0x70,0x70,0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,
+ 0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11,
+ 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,
+ 0x2e,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82,
+ 0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05,
+ 0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xab,
+ 0x4b,0x9c,0x5d,0x27,0xad,0xd5,0x99,0x83,0x0d,0x6c,0x73,0x9d,0xb6,0x29,0x16,0x47,
+ 0x4e,0xa1,0xcf,0x24,0x3a,0x08,0x68,0xc8,0x18,0x5f,0xa0,0x50,0x8f,0xb8,0x79,0x44,
+ 0x25,0x6c,0x7a,0x46,0xc7,0xae,0x43,0xb0,0xe5,0x1f,0xf3,0x55,0x08,0x70,0xb6,0xe4,
+ 0xad,0xa1,0xad,0x1a,0xac,0xb8,0x8e,0x6a,0xd2,0xc6,0x0f,0x2f,0x6f,0xe0,0xcf,0xc6,
+ 0x97,0x4c,0x0a,0x62,0xd6,0x10,0x88,0x21,0x04,0xaa,0x8f,0xdb,0x17,0x82,0x83,0xcc,
+ 0xde,0xa5,0xd4,0x10,0x75,0x96,0x61,0x52,0x97,0xda,0x3c,0x00,0x2b,0x41,0x7a,0xe6,
+ 0xd6,0xda,0xa2,0x7f,0x77,0x44,0x31,0x96,0xc2,0x1b,0xd3,0x4c,0x42,0x0e,0x43,0x0a,
+ 0xa4,0x69,0xe0,0xea,0x84,0xf6,0x6c,0x74,0xc5,0xeb,0x37,0xe0,0xee,0xb5,0x59,0xbd,
+ 0xa8,0xaa,0xdb,0x8c,0x1e,0x44,0x79,0x4b,0x19,0x62,0x70,0x99,0xed,0x89,0x72,0x8c,
+ 0xfc,0x39,0x37,0xdf,0x3c,0x08,0x57,0x0b,0xfb,0x05,0xa6,0x34,0xdc,0x40,0x9b,0x2a,
+ 0x88,0x78,0xa1,0xd8,0x28,0x4d,0x1b,0xf9,0x42,0x8f,0xd8,0xfb,0x4f,0x32,0xbb,0xfb,
+ 0xc7,0xfa,0x01,0x80,0xff,0xbc,0x7c,0xaa,0x48,0x3f,0x0b,0x46,0x79,0x40,0xf4,0xa6,
+ 0x16,0x11,0x9d,0xb1,0x36,0x28,0xaf,0x5e,0x09,0xfe,0x61,0x5e,0x82,0x1b,0x6c,0xf5,
+ 0xad,0xd6,0x1a,0x2b,0x66,0xec,0xf7,0xe4,0x73,0x65,0x7c,0xe8,0x18,0x06,0x52,0x38,
+ 0xc9,0x16,0x00,0x13,0x50,0x5a,0x30,0xcd,0x03,0x37,0x3e,0x3a,0xd2,0x01,0x15,0xe0,
+ 0x56,0xb9,0x6e,0x99,0x00,0x3a,0x29,0x1e,0x95,0x23,0x5c,0xfc,0x2f,0xb5,0xe1,0x02,
+ 0x03,0x01,0x00,0x01,0xa3,0x81,0xb3,0x30,0x81,0xb0,0x30,0x1d,0x06,0x03,0x55,0x1d,
+ 0x0e,0x04,0x16,0x04,0x14,0xfd,0x1a,0x95,0xb8,0x3f,0x63,0x8a,0x39,0xa1,0x32,0x9e,
+ 0xae,0x33,0xa5,0x79,0xd3,0x5e,0xa1,0xb3,0xd4,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13,
+ 0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1f,0x06,0x03,0x55,0x1d,
+ 0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x59,0xb8,0x2b,0x94,0x3a,0x1b,0xba,0xf1,0x00,
+ 0xae,0xee,0x50,0x52,0x23,0x33,0xc9,0x59,0xc3,0x54,0x98,0x30,0x3b,0x06,0x03,0x55,
+ 0x1d,0x1f,0x04,0x34,0x30,0x32,0x30,0x30,0xa0,0x2e,0xa0,0x2c,0x86,0x2a,0x68,0x74,
+ 0x74,0x70,0x3a,0x2f,0x2f,0x63,0x72,0x6c,0x2d,0x75,0x61,0x74,0x2e,0x63,0x6f,0x72,
+ 0x70,0x2e,0x61,0x70,0x70,0x6c,0x65,0x2e,0x63,0x6f,0x6d,0x2f,0x74,0x65,0x73,0x74,
+ 0x72,0x6f,0x6f,0x74,0x2e,0x63,0x72,0x6c,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,
+ 0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x10,0x06,0x0a,0x2a,0x86,0x48,0x86,
+ 0xf7,0x63,0x64,0x06,0x02,0x0a,0x04,0x02,0x05,0x00,0x30,0x0d,0x06,0x09,0x2a,0x86,
+ 0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x8e,0x39,
+ 0x3b,0xb3,0x24,0x07,0x5b,0x3a,0xce,0x2d,0x3e,0x6d,0x80,0x67,0x88,0x99,0x38,0xe3,
+ 0x5e,0x0f,0x5a,0x07,0xea,0xe4,0x50,0x2d,0x34,0xf0,0x7d,0x69,0xd3,0x9d,0x83,0x39,
+ 0x9f,0xf8,0xfd,0xae,0x94,0x4a,0x59,0xd9,0xd5,0x1a,0xf3,0xe6,0xba,0x2d,0xdc,0xbd,
+ 0x15,0x33,0xa0,0x66,0x13,0x05,0x4d,0xb4,0x46,0x41,0x1d,0x90,0xa3,0x84,0x03,0x5d,
+ 0x0c,0x6e,0xc7,0x65,0x67,0x4f,0xec,0x96,0xf2,0xdf,0x17,0x1e,0xa9,0xa0,0xa0,0xb9,
+ 0x65,0x79,0x85,0x7d,0x42,0x92,0x7d,0xfa,0xc7,0xfc,0x0a,0xa0,0xe4,0xab,0x25,0xe3,
+ 0x85,0x2e,0x92,0xc5,0x8f,0xd5,0x27,0xb4,0x71,0x32,0x07,0x3e,0x01,0x53,0x02,0x72,
+ 0x32,0x41,0x72,0x1e,0x4f,0x39,0xef,0xeb,0xc0,0x46,0x43,0xee,0xe7,0xab,0x68,0xf2,
+ 0x64,0x44,0x2c,0x99,0x0a,0x25,0xc2,0x53,0x58,0xdb,0x4a,0x64,0x14,0x7e,0x1a,0x04,
+ 0x12,0x18,0xf8,0xe8,0x2e,0x7a,0x38,0xc3,0x62,0xae,0x9c,0x9a,0x56,0x66,0x98,0x8d,
+ 0x33,0xb4,0x90,0x44,0xec,0xd1,0x03,0x2d,0xa8,0x0e,0x4d,0x50,0x2a,0xb7,0xa0,0x17,
+ 0xa4,0xd2,0x24,0xcf,0xab,0x2a,0x28,0x7b,0x53,0x74,0x7e,0x41,0xad,0x0e,0xf0,0xa3,
+ 0x2a,0x16,0x46,0x89,0x72,0xf6,0x7b,0xf2,0x77,0xd7,0x97,0x52,0xc2,0xcc,0x12,0x2a,
+ 0x1b,0xf5,0x47,0x6f,0x06,0xa6,0x16,0x59,0x52,0xf9,0xc6,0x9c,0xfa,0x76,0x5f,0xa7,
+ 0x4f,0x30,0xe9,0xa1,0x76,0x41,0x44,0x3d,0x3e,0x12,0x18,0xf1,0x4c,0xfd,0xfb,0x96,
+ 0xb5,0x81,0xae,0xc8,0xf5,0x7c,0x7b,0x4c,0xd2,0x4d,0x0c,0x44,0xdb,0xf2};
+
+/* SHA1 Fingerprint=45:27:70:FE:5F:E9:C2:DD:F9:77:17:29:F7:2B:71:DC:23:37:D1:1B */
+/* subject:/CN=Mac OS X Provisioning Profile Signing/O=Apple Inc./C=US */
+/* issuer :/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority */
+
+static unsigned char c2[1334]={
+ 0x30,0x82,0x05,0x32,0x30,0x82,0x04,0x1A,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x1A,
+ 0xA6,0x77,0xFE,0x20,0xB7,0x68,0x2E,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0x96,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,
+ 0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,
+ 0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x2C,0x30,0x2A,0x06,
+ 0x03,0x55,0x04,0x0B,0x0C,0x23,0x41,0x70,0x70,0x6C,0x65,0x20,0x57,0x6F,0x72,0x6C,
+ 0x64,0x77,0x69,0x64,0x65,0x20,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x20,
+ 0x52,0x65,0x6C,0x61,0x74,0x69,0x6F,0x6E,0x73,0x31,0x44,0x30,0x42,0x06,0x03,0x55,
+ 0x04,0x03,0x0C,0x3B,0x41,0x70,0x70,0x6C,0x65,0x20,0x57,0x6F,0x72,0x6C,0x64,0x77,
+ 0x69,0x64,0x65,0x20,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x20,0x52,0x65,
+ 0x6C,0x61,0x74,0x69,0x6F,0x6E,0x73,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,
+ 0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,
+ 0x1E,0x17,0x0D,0x31,0x31,0x30,0x34,0x30,0x38,0x32,0x32,0x31,0x32,0x32,0x35,0x5A,
+ 0x17,0x0D,0x31,0x36,0x30,0x32,0x30,0x36,0x32,0x32,0x31,0x32,0x32,0x35,0x5A,0x30,
+ 0x52,0x31,0x2E,0x30,0x2C,0x06,0x03,0x55,0x04,0x03,0x0C,0x25,0x4D,0x61,0x63,0x20,
+ 0x4F,0x53,0x20,0x58,0x20,0x50,0x72,0x6F,0x76,0x69,0x73,0x69,0x6F,0x6E,0x69,0x6E,
+ 0x67,0x20,0x50,0x72,0x6F,0x66,0x69,0x6C,0x65,0x20,0x53,0x69,0x67,0x6E,0x69,0x6E,
+ 0x67,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,
+ 0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,
+ 0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,
+ 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,
+ 0x82,0x01,0x01,0x00,0xA6,0x4C,0x9D,0xD8,0xC4,0xF8,0x64,0x71,0xBB,0x53,0xAE,0xD6,
+ 0x76,0x93,0x70,0x22,0xA0,0xD1,0xB9,0x18,0x85,0x90,0x4A,0x50,0xB9,0x5A,0x68,0x59,
+ 0xCA,0x9C,0x71,0x40,0xD3,0x21,0xCA,0x0E,0x99,0xD5,0x44,0x1C,0xD8,0xE3,0x2B,0x77,
+ 0x21,0x6B,0x0D,0x92,0x19,0xEA,0x7C,0xE5,0x05,0xB9,0x1E,0x95,0xD8,0xAD,0xB4,0x1F,
+ 0xE6,0xAE,0xBB,0xF3,0x0B,0x29,0x44,0x40,0x4D,0x10,0xA5,0x37,0x48,0x26,0x56,0x37,
+ 0xD8,0x50,0xC1,0x5F,0x87,0x4E,0xE2,0x4D,0xD6,0xD6,0x7F,0x0D,0x39,0xA7,0xBB,0xB0,
+ 0x06,0x90,0x39,0xAB,0xB2,0x96,0x2C,0x4A,0x07,0x2F,0x17,0xEA,0x3C,0x00,0xBF,0x8F,
+ 0xEB,0xD3,0xE7,0x5E,0x5F,0x05,0x59,0x42,0xC2,0x24,0x59,0x29,0x81,0xEF,0x4E,0xB1,
+ 0x1F,0x82,0xB5,0x57,0x66,0xC7,0x37,0xBD,0xA9,0xED,0x21,0xB9,0xCB,0xC4,0x27,0xC2,
+ 0x58,0x37,0x8D,0x8A,0xF4,0x4B,0xBD,0x3F,0xFC,0x41,0x08,0x67,0x42,0x4B,0x3A,0xCA,
+ 0x72,0xFA,0x38,0xA8,0x77,0xF3,0xD3,0x6C,0x46,0xF7,0x73,0x5D,0x83,0xBA,0xD3,0x86,
+ 0x6A,0xEB,0x4E,0x61,0x6D,0x8A,0xCE,0x90,0xEC,0x0E,0xE7,0x39,0x69,0xDD,0x49,0xA0,
+ 0x7E,0xB3,0xD9,0x7E,0x2B,0x4C,0x51,0x5A,0x1D,0xDA,0x54,0x16,0xE5,0xA6,0xF1,0xB0,
+ 0x04,0x80,0xAC,0x87,0x77,0x11,0x2C,0x6D,0x5B,0x78,0x38,0x9C,0x71,0x4E,0xF6,0x0E,
+ 0xCD,0x78,0x2C,0x03,0x42,0xAC,0x4C,0x3B,0x3E,0xE2,0xBE,0xD2,0xBC,0x70,0x5B,0x00,
+ 0x6A,0xAA,0xA3,0x66,0xAB,0xBA,0x44,0x33,0x96,0x76,0xEC,0x37,0xA3,0x33,0xC8,0x2C,
+ 0xED,0x6E,0x37,0xB5,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0xC5,0x30,0x82,0x01,
+ 0xC1,0x30,0x3D,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x31,0x30,
+ 0x2F,0x30,0x2D,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x21,0x68,
+ 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65,
+ 0x2E,0x63,0x6F,0x6D,0x2F,0x6F,0x63,0x73,0x70,0x2D,0x77,0x77,0x64,0x72,0x30,0x33,
+ 0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x16,0x40,0x54,0xF8,0x17,
+ 0x37,0x2C,0x46,0xE4,0x5F,0x75,0x8C,0xF9,0x55,0x70,0x0E,0xEF,0x1E,0xE7,0xF1,0x30,
+ 0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,0x1F,0x06,
+ 0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x88,0x27,0x17,0x09,0xA9,0xB6,
+ 0x18,0x60,0x8B,0xEC,0xEB,0xBA,0xF6,0x47,0x59,0xC5,0x52,0x54,0xA3,0xB7,0x30,0x82,
+ 0x01,0x0F,0x06,0x03,0x55,0x1D,0x20,0x04,0x82,0x01,0x06,0x30,0x82,0x01,0x02,0x30,
+ 0x81,0xFF,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x05,0x01,0x30,0x81,0xF1,
+ 0x30,0x81,0xC3,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x81,0xB6,
+ 0x0C,0x81,0xB3,0x52,0x65,0x6C,0x69,0x61,0x6E,0x63,0x65,0x20,0x6F,0x6E,0x20,0x74,
+ 0x68,0x69,0x73,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,
+ 0x62,0x79,0x20,0x61,0x6E,0x79,0x20,0x70,0x61,0x72,0x74,0x79,0x20,0x61,0x73,0x73,
+ 0x75,0x6D,0x65,0x73,0x20,0x61,0x63,0x63,0x65,0x70,0x74,0x61,0x6E,0x63,0x65,0x20,
+ 0x6F,0x66,0x20,0x74,0x68,0x65,0x20,0x74,0x68,0x65,0x6E,0x20,0x61,0x70,0x70,0x6C,
+ 0x69,0x63,0x61,0x62,0x6C,0x65,0x20,0x73,0x74,0x61,0x6E,0x64,0x61,0x72,0x64,0x20,
+ 0x74,0x65,0x72,0x6D,0x73,0x20,0x61,0x6E,0x64,0x20,0x63,0x6F,0x6E,0x64,0x69,0x74,
+ 0x69,0x6F,0x6E,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x2C,0x20,0x63,0x65,0x72,
+ 0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x70,0x6F,0x6C,0x69,0x63,0x79,0x20,
+ 0x61,0x6E,0x64,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,
+ 0x6E,0x20,0x70,0x72,0x61,0x63,0x74,0x69,0x63,0x65,0x20,0x73,0x74,0x61,0x74,0x65,
+ 0x6D,0x65,0x6E,0x74,0x73,0x2E,0x30,0x29,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,
+ 0x02,0x01,0x16,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x61,
+ 0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x70,0x70,0x6C,0x65,0x63,0x61,
+ 0x2F,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x07,
+ 0x80,0x30,0x0F,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x04,0x0B,0x04,0x02,
+ 0x05,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,
+ 0x00,0x03,0x82,0x01,0x01,0x00,0x41,0x76,0x9C,0x4B,0x42,0x36,0x40,0x75,0xF4,0x68,
+ 0x51,0x76,0x3F,0x77,0xBE,0x7A,0x66,0x04,0x08,0xA3,0xA8,0xDA,0xD9,0x60,0x30,0xA4,
+ 0x3A,0x5E,0x2D,0xF8,0x10,0x06,0x96,0x9B,0xD7,0x10,0x14,0x8C,0x95,0x71,0x26,0xC9,
+ 0x01,0x83,0xB2,0x27,0xA9,0x74,0xA6,0xDB,0x5F,0xB5,0xA9,0x39,0x67,0x54,0x6F,0x08,
+ 0x43,0x9E,0x4C,0x46,0xA1,0xA8,0x22,0xBF,0x58,0x49,0xB3,0x1C,0xC6,0xF0,0xAA,0xF3,
+ 0x67,0x89,0x5E,0xA6,0x79,0x3E,0x25,0xB7,0xE9,0x00,0x2B,0xD9,0xEE,0xED,0x6F,0xF8,
+ 0x48,0x3B,0x97,0x4A,0x54,0x27,0x38,0x54,0xC2,0x4A,0xBF,0x35,0x36,0x6F,0x92,0x02,
+ 0x65,0x35,0x2A,0x63,0x3D,0x13,0xA8,0x06,0x5D,0x51,0x7E,0x61,0x10,0xF7,0xF5,0x56,
+ 0x22,0xFB,0x28,0xA3,0x8F,0xAE,0xE6,0x28,0x4B,0xEA,0x7C,0x22,0x70,0x49,0x61,0x76,
+ 0x51,0xFC,0x9C,0x64,0x9A,0x88,0x8B,0x6C,0x4B,0x1A,0x22,0xF0,0xE8,0xB3,0xD2,0xF6,
+ 0x2C,0x31,0xD7,0xC4,0x30,0xBF,0x82,0xDD,0x22,0x93,0x14,0x20,0x73,0xAA,0xB8,0xD1,
+ 0x17,0x1E,0x3F,0x36,0x4F,0x94,0x9C,0xF3,0xF9,0x3B,0x9A,0xDB,0x69,0x1A,0x91,0x6D,
+ 0x56,0x60,0x2A,0x86,0xBD,0x25,0x68,0x24,0xCC,0x11,0x09,0x17,0x88,0xCE,0x27,0xA1,
+ 0xE1,0x6B,0x30,0xB2,0x8C,0xB9,0xA8,0xA0,0xB7,0xF0,0xAA,0x46,0xA4,0x95,0x21,0x13,
+ 0xC8,0x4F,0xE9,0xA9,0xB1,0x35,0x12,0x57,0xE6,0x04,0xD0,0x3D,0xFF,0x12,0xDC,0xEB,
+ 0xDA,0xC5,0xD9,0x85,0xD6,0xBC,0x96,0xCF,0x90,0x02,0xC7,0x66,0xC7,0xF7,0x78,0x77,
+ 0xDA,0xA6,0xD7,0x89,0x1B,0xAF,
+};
+
+/* SHA1 Fingerprint=09:50:B6:CD:3D:2F:37:EA:24:6A:1A:AA:20:DF:AA:DB:D6:FE:1F:75 */
+/* subject:/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority */
+/* issuer :/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA */
+
+static unsigned char c3[1063]={
+ 0x30,0x82,0x04,0x23,0x30,0x82,0x03,0x0B,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x19,
+ 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,
+ 0x62,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,
+ 0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,
+ 0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41,0x70,
+ 0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,
+ 0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x16,0x30,0x14,0x06,
+ 0x03,0x55,0x04,0x03,0x13,0x0D,0x41,0x70,0x70,0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74,
+ 0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,0x30,0x38,0x30,0x32,0x31,0x34,0x31,0x38,0x35,
+ 0x36,0x33,0x35,0x5A,0x17,0x0D,0x31,0x36,0x30,0x32,0x31,0x34,0x31,0x38,0x35,0x36,
+ 0x33,0x35,0x5A,0x30,0x81,0x96,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,
+ 0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,
+ 0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x2C,0x30,0x2A,0x06,0x03,0x55,0x04,
+ 0x0B,0x0C,0x23,0x41,0x70,0x70,0x6C,0x65,0x20,0x57,0x6F,0x72,0x6C,0x64,0x77,0x69,
+ 0x64,0x65,0x20,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x20,0x52,0x65,0x6C,
+ 0x61,0x74,0x69,0x6F,0x6E,0x73,0x31,0x44,0x30,0x42,0x06,0x03,0x55,0x04,0x03,0x0C,
+ 0x3B,0x41,0x70,0x70,0x6C,0x65,0x20,0x57,0x6F,0x72,0x6C,0x64,0x77,0x69,0x64,0x65,
+ 0x20,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x20,0x52,0x65,0x6C,0x61,0x74,
+ 0x69,0x6F,0x6E,0x73,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,
+ 0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x82,0x01,0x22,
+ 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,
+ 0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xCA,0x38,0x54,
+ 0xA6,0xCB,0x56,0xAA,0xC8,0x24,0x39,0x48,0xE9,0x8C,0xEE,0xEC,0x5F,0xB8,0x7F,0x26,
+ 0x91,0xBC,0x34,0x53,0x7A,0xCE,0x7C,0x63,0x80,0x61,0x77,0x64,0x5E,0xA5,0x07,0x23,
+ 0xB6,0x39,0xFE,0x50,0x2D,0x15,0x56,0x58,0x70,0x2D,0x7E,0xC4,0x6E,0xC1,0x4A,0x85,
+ 0x3E,0x2F,0xF0,0xDE,0x84,0x1A,0xA1,0x57,0xC9,0xAF,0x7B,0x18,0xFF,0x6A,0xFA,0x15,
+ 0x12,0x49,0x15,0x08,0x19,0xAC,0xAA,0xDB,0x2A,0x32,0xED,0x96,0x63,0x68,0x52,0x15,
+ 0x3D,0x8C,0x8A,0xEC,0xBF,0x6B,0x18,0x95,0xE0,0x03,0xAC,0x01,0x7D,0x97,0x05,0x67,
+ 0xCE,0x0E,0x85,0x95,0x37,0x6A,0xED,0x09,0xB6,0xAE,0x67,0xCD,0x51,0x64,0x9F,0xC6,
+ 0x5C,0xD1,0xBC,0x57,0x6E,0x67,0x35,0x80,0x76,0x36,0xA4,0x87,0x81,0x6E,0x38,0x8F,
+ 0xD8,0x2B,0x15,0x4E,0x7B,0x25,0xD8,0x5A,0xBF,0x4E,0x83,0xC1,0x8D,0xD2,0x93,0xD5,
+ 0x1A,0x71,0xB5,0x60,0x9C,0x9D,0x33,0x4E,0x55,0xF9,0x12,0x58,0x0C,0x86,0xB8,0x16,
+ 0x0D,0xC1,0xE5,0x77,0x45,0x8D,0x50,0x48,0xBA,0x2B,0x2D,0xE4,0x94,0x85,0xE1,0xE8,
+ 0xC4,0x9D,0xC6,0x68,0xA5,0xB0,0xA3,0xFC,0x67,0x7E,0x70,0xBA,0x02,0x59,0x4B,0x77,
+ 0x42,0x91,0x39,0xB9,0xF5,0xCD,0xE1,0x4C,0xEF,0xC0,0x3B,0x48,0x8C,0xA6,0xE5,0x21,
+ 0x5D,0xFD,0x6A,0x6A,0xBB,0xA7,0x16,0x35,0x60,0xD2,0xE6,0xAD,0xF3,0x46,0x29,0xC9,
+ 0xE8,0xC3,0x8B,0xE9,0x79,0xC0,0x6A,0x61,0x67,0x15,0xB2,0xF0,0xFD,0xE5,0x68,0xBC,
+ 0x62,0x5F,0x6E,0xCF,0x99,0xDD,0xEF,0x1B,0x63,0xFE,0x92,0x65,0xAB,0x02,0x03,0x01,
+ 0x00,0x01,0xA3,0x81,0xAE,0x30,0x81,0xAB,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,
+ 0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,
+ 0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,
+ 0x04,0x16,0x04,0x14,0x88,0x27,0x17,0x09,0xA9,0xB6,0x18,0x60,0x8B,0xEC,0xEB,0xBA,
+ 0xF6,0x47,0x59,0xC5,0x52,0x54,0xA3,0xB7,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,
+ 0x18,0x30,0x16,0x80,0x14,0x2B,0xD0,0x69,0x47,0x94,0x76,0x09,0xFE,0xF4,0x6B,0x8D,
+ 0x2E,0x40,0xA6,0xF7,0x47,0x4D,0x7F,0x08,0x5E,0x30,0x36,0x06,0x03,0x55,0x1D,0x1F,
+ 0x04,0x2F,0x30,0x2D,0x30,0x2B,0xA0,0x29,0xA0,0x27,0x86,0x25,0x68,0x74,0x74,0x70,
+ 0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,
+ 0x2F,0x61,0x70,0x70,0x6C,0x65,0x63,0x61,0x2F,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x72,
+ 0x6C,0x30,0x10,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x06,0x02,0x01,0x04,
+ 0x02,0x05,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,
+ 0x05,0x00,0x03,0x82,0x01,0x01,0x00,0xDA,0x32,0x00,0x96,0xC5,0x54,0x94,0xD3,0x3B,
+ 0x82,0x37,0x66,0x7D,0x2E,0x68,0xD5,0xC3,0xC6,0xB8,0xCB,0x26,0x8C,0x48,0x90,0xCF,
+ 0x13,0x24,0x6A,0x46,0x8E,0x63,0xD4,0xF0,0xD0,0x13,0x06,0xDD,0xD8,0xC4,0xC1,0x37,
+ 0x15,0xF2,0x33,0x13,0x39,0x26,0x2D,0xCE,0x2E,0x55,0x40,0xE3,0x0B,0x03,0xAF,0xFA,
+ 0x12,0xC2,0xE7,0x0D,0x21,0xB8,0xD5,0x80,0xCF,0xAC,0x28,0x2F,0xCE,0x2D,0xB3,0x4E,
+ 0xAF,0x86,0x19,0x04,0xC6,0xE9,0x50,0xDD,0x4C,0x29,0x47,0x10,0x23,0xFC,0x6C,0xBB,
+ 0x1B,0x98,0x6B,0x48,0x89,0xE1,0x5B,0x9D,0xDE,0x46,0xDB,0x35,0x85,0x35,0xEF,0x3E,
+ 0xD0,0xE2,0x58,0x4B,0x38,0xF4,0xED,0x75,0x5A,0x1F,0x5C,0x70,0x1D,0x56,0x39,0x12,
+ 0xE5,0xE1,0x0D,0x11,0xE4,0x89,0x25,0x06,0xBD,0xD5,0xB4,0x15,0x8E,0x5E,0xD0,0x59,
+ 0x97,0x90,0xE9,0x4B,0x81,0xE2,0xDF,0x18,0xAF,0x44,0x74,0x1E,0x19,0xA0,0x3A,0x47,
+ 0xCC,0x91,0x1D,0x3A,0xEB,0x23,0x5A,0xFE,0xA5,0x2D,0x97,0xF7,0x7B,0xBB,0xD6,0x87,
+ 0x46,0x42,0x85,0xEB,0x52,0x3D,0x26,0xB2,0x63,0xA8,0xB4,0xB1,0xCA,0x8F,0xF4,0xCC,
+ 0xE2,0xB3,0xC8,0x47,0xE0,0xBF,0x9A,0x59,0x83,0xFA,0xDA,0x98,0x53,0x2A,0x82,0xF5,
+ 0x7C,0x65,0x2E,0x95,0xD9,0x33,0x5D,0xF5,0xED,0x65,0xCC,0x31,0x37,0xC5,0x5A,0x04,
+ 0xE8,0x6B,0xE1,0xE7,0x88,0x03,0x4A,0x75,0x9E,0x9B,0x28,0xCB,0x4A,0x40,0x88,0x65,
+ 0x43,0x75,0xDD,0xCB,0x3A,0x25,0x23,0xC5,0x9E,0x57,0xF8,0x2E,0xCE,0xD2,0xA9,0x92,
+ 0x5E,0x73,0x2E,0x2F,0x25,0x75,0x15,
+};
+
+static unsigned char root[] = {
+ 0x30, 0x82, 0x04, 0xcc, 0x30, 0x82, 0x03, 0xb4, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x08, 0x3d, 0x00, 0x4b, 0x90, 0x3e, 0xde, 0xe0, 0xd0, 0x30,
+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
+ 0x05, 0x00, 0x30, 0x67, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
+ 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
+ 0x04, 0x0a, 0x0c, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e,
+ 0x63, 0x2e, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c,
+ 0x1d, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
+ 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74,
+ 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03,
+ 0x55, 0x04, 0x03, 0x0c, 0x12, 0x54, 0x65, 0x73, 0x74, 0x20, 0x41, 0x70,
+ 0x70, 0x6c, 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30,
+ 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x34, 0x32, 0x32, 0x30, 0x32, 0x31,
+ 0x35, 0x34, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x35, 0x30, 0x32, 0x30, 0x39,
+ 0x32, 0x31, 0x34, 0x30, 0x33, 0x36, 0x5a, 0x30, 0x67, 0x31, 0x0b, 0x30,
+ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13,
+ 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x41, 0x70, 0x70,
+ 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x26, 0x30, 0x24, 0x06,
+ 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x1d, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20,
+ 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31,
+ 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x54, 0x65,
+ 0x73, 0x74, 0x20, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x52, 0x6f, 0x6f,
+ 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
+ 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
+ 0x00, 0xc7, 0xd1, 0x43, 0x53, 0x7f, 0x0d, 0x88, 0x6b, 0xe6, 0xb1, 0x67,
+ 0x9d, 0xee, 0x67, 0xb6, 0xe7, 0x77, 0x12, 0x81, 0xc4, 0xdf, 0x24, 0x6b,
+ 0x7a, 0x75, 0x24, 0xf7, 0x01, 0x09, 0xce, 0x34, 0x92, 0xf5, 0x38, 0x08,
+ 0x42, 0x7e, 0xec, 0x9d, 0xf2, 0x5d, 0x38, 0x91, 0xb4, 0x93, 0x98, 0x35,
+ 0x11, 0x3c, 0x98, 0x00, 0x77, 0xd9, 0xd7, 0xf3, 0x4a, 0xf8, 0xf0, 0xbc,
+ 0xeb, 0x97, 0x5d, 0x4b, 0x61, 0x2e, 0xfb, 0xc5, 0xcc, 0x68, 0xb7, 0x6d,
+ 0x69, 0x10, 0xcc, 0xa5, 0x61, 0x78, 0xa8, 0x81, 0x02, 0x9e, 0xe7, 0x63,
+ 0xc5, 0xff, 0x29, 0x22, 0x82, 0x68, 0xaa, 0xaa, 0x0e, 0xfb, 0xa9, 0xd8,
+ 0x16, 0x73, 0x25, 0xbf, 0x9d, 0x08, 0x62, 0x2f, 0x78, 0x04, 0xf6, 0xf6,
+ 0x44, 0x07, 0x37, 0x6e, 0x99, 0x1b, 0x93, 0xd8, 0x7f, 0xee, 0x72, 0xde,
+ 0xe8, 0x32, 0xf6, 0x6d, 0x78, 0x04, 0xa0, 0xa8, 0x21, 0x26, 0x8a, 0x32,
+ 0xe3, 0xb1, 0x65, 0x85, 0xa1, 0x7b, 0x1a, 0xa9, 0x02, 0xb2, 0xbb, 0xee,
+ 0xdd, 0xdd, 0x8f, 0x41, 0x49, 0xc8, 0x3f, 0xdc, 0x1e, 0xdf, 0x21, 0xa3,
+ 0x95, 0x99, 0xbb, 0xfc, 0x29, 0xba, 0x40, 0x43, 0xb9, 0x1c, 0xcd, 0xc9,
+ 0x21, 0x45, 0x73, 0xad, 0xff, 0xfd, 0xa2, 0x6c, 0x5c, 0x3b, 0x1c, 0x37,
+ 0x91, 0x34, 0x8e, 0x5c, 0xd3, 0xd5, 0x03, 0x58, 0x28, 0xc7, 0xf2, 0x76,
+ 0x6f, 0x11, 0xc0, 0xb5, 0xbd, 0x7e, 0xef, 0x23, 0xb3, 0x3d, 0xb8, 0xbd,
+ 0x38, 0x66, 0x8c, 0xf2, 0x78, 0x95, 0xc1, 0x8b, 0x32, 0x65, 0x3a, 0x9b,
+ 0x49, 0x1a, 0x5c, 0x41, 0x3c, 0xc6, 0x85, 0x50, 0xec, 0x85, 0xf0, 0x59,
+ 0x17, 0x81, 0xe8, 0x96, 0xe8, 0x6a, 0xcc, 0xb3, 0xc7, 0x46, 0xbf, 0x81,
+ 0x48, 0xd1, 0x09, 0x1b, 0xbc, 0x73, 0x1e, 0xd7, 0xe8, 0x27, 0xa8, 0x49,
+ 0x48, 0xa2, 0x1c, 0x41, 0x1d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82,
+ 0x01, 0x7a, 0x30, 0x82, 0x01, 0x76, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
+ 0x0e, 0x04, 0x16, 0x04, 0x14, 0x59, 0xb8, 0x2b, 0x94, 0x3a, 0x1b, 0xba,
+ 0xf1, 0x00, 0xae, 0xee, 0x50, 0x52, 0x23, 0x33, 0xc9, 0x59, 0xc3, 0x54,
+ 0x98, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
+ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
+ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x59, 0xb8, 0x2b, 0x94, 0x3a,
+ 0x1b, 0xba, 0xf1, 0x00, 0xae, 0xee, 0x50, 0x52, 0x23, 0x33, 0xc9, 0x59,
+ 0xc3, 0x54, 0x98, 0x30, 0x82, 0x01, 0x11, 0x06, 0x03, 0x55, 0x1d, 0x20,
+ 0x04, 0x82, 0x01, 0x08, 0x30, 0x82, 0x01, 0x04, 0x30, 0x82, 0x01, 0x00,
+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x63, 0x64, 0x05, 0x01, 0x30,
+ 0x81, 0xf2, 0x30, 0x2a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
+ 0x02, 0x01, 0x16, 0x1e, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f,
+ 0x77, 0x77, 0x77, 0x2e, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f,
+ 0x6d, 0x2f, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x63, 0x61, 0x2f, 0x30, 0x81,
+ 0xc3, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, 0x30,
+ 0x81, 0xb6, 0x0c, 0x81, 0xb3, 0x52, 0x65, 0x6c, 0x69, 0x61, 0x6e, 0x63,
+ 0x65, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x63, 0x65,
+ 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x62, 0x79,
+ 0x20, 0x61, 0x6e, 0x79, 0x20, 0x70, 0x61, 0x72, 0x74, 0x79, 0x20, 0x61,
+ 0x73, 0x73, 0x75, 0x6d, 0x65, 0x73, 0x20, 0x61, 0x63, 0x63, 0x65, 0x70,
+ 0x74, 0x61, 0x6e, 0x63, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x74, 0x68, 0x65, 0x6e, 0x20, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63,
+ 0x61, 0x62, 0x6c, 0x65, 0x20, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72,
+ 0x64, 0x20, 0x74, 0x65, 0x72, 0x6d, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20,
+ 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x6f,
+ 0x66, 0x20, 0x75, 0x73, 0x65, 0x2c, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69,
+ 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x70, 0x6f, 0x6c, 0x69, 0x63,
+ 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66,
+ 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x70, 0x72, 0x61, 0x63,
+ 0x74, 0x69, 0x63, 0x65, 0x20, 0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65,
+ 0x6e, 0x74, 0x73, 0x2e, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
+ 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0d, 0x06, 0x09,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03,
+ 0x82, 0x01, 0x01, 0x00, 0x10, 0x5e, 0x6c, 0x69, 0xfc, 0xa6, 0x0f, 0xe2,
+ 0x09, 0xd5, 0x94, 0x90, 0xa6, 0x7c, 0x22, 0xdc, 0xee, 0xb0, 0x8f, 0x24,
+ 0x22, 0x4f, 0xb3, 0x67, 0xdb, 0x32, 0xb0, 0xd6, 0x24, 0x87, 0xe6, 0xf3,
+ 0xea, 0x9e, 0xd0, 0x95, 0x75, 0xaa, 0xa7, 0x08, 0xff, 0xb0, 0x35, 0xd7,
+ 0x1f, 0xa3, 0xbf, 0x89, 0x55, 0x0c, 0x1c, 0xa4, 0xd0, 0xf8, 0x00, 0x17,
+ 0x44, 0x94, 0x36, 0x63, 0x3b, 0x83, 0xfe, 0x4e, 0xe5, 0xb3, 0xec, 0x7b,
+ 0x7d, 0xce, 0xfe, 0xa9, 0x54, 0xed, 0xbb, 0x12, 0xa6, 0x72, 0x2b, 0xb3,
+ 0x48, 0x00, 0xc7, 0x8e, 0xf5, 0x5b, 0x68, 0xc9, 0x24, 0x22, 0x7f, 0xa1,
+ 0x4d, 0xfc, 0x54, 0xd9, 0xd0, 0x5d, 0x82, 0x53, 0x71, 0x29, 0x66, 0xcf,
+ 0x0f, 0x6d, 0x32, 0xa6, 0x3f, 0xae, 0x54, 0x27, 0xc2, 0x8c, 0x12, 0x4c,
+ 0xf0, 0xd6, 0xc1, 0x80, 0x75, 0xc3, 0x33, 0x19, 0xd1, 0x8b, 0x58, 0xe6,
+ 0x00, 0x69, 0x76, 0xe7, 0xe5, 0x3d, 0x47, 0xf9, 0xc0, 0x9c, 0xe7, 0x19,
+ 0x1e, 0x95, 0xbc, 0x52, 0x15, 0xce, 0x94, 0xf8, 0x30, 0x14, 0x0b, 0x39,
+ 0x0e, 0x8b, 0xaf, 0x29, 0x30, 0x56, 0xaf, 0x5a, 0x28, 0xac, 0xe1, 0x0f,
+ 0x51, 0x76, 0x76, 0x9a, 0xe7, 0xb9, 0x7d, 0xa3, 0x30, 0xe8, 0xe3, 0x71,
+ 0x15, 0xe8, 0xbf, 0x0d, 0x4f, 0x12, 0x9b, 0x65, 0xab, 0xef, 0xa4, 0xe9,
+ 0x42, 0xf0, 0xd2, 0x4d, 0x20, 0x55, 0x29, 0x88, 0x58, 0x5c, 0x82, 0x67,
+ 0x63, 0x20, 0x50, 0xc6, 0xca, 0x04, 0xe8, 0xbc, 0x3d, 0x93, 0x06, 0x21,
+ 0xb2, 0xc0, 0xbf, 0x53, 0x1e, 0xe1, 0x8b, 0x48, 0xa9, 0xb9, 0xd7, 0xe6,
+ 0x5f, 0x4e, 0x5a, 0x2f, 0x43, 0xac, 0x35, 0xbd, 0x26, 0x60, 0x2f, 0x01,
+ 0xd5, 0x86, 0x6b, 0x64, 0xfa, 0x67, 0x05, 0x44, 0x55, 0x83, 0x5b, 0x93,
+ 0x9c, 0x7c, 0xa7, 0x26, 0x4e, 0x02, 0x2b, 0x48
+};
+
+
+#endif /* si_88_sectrust_vpnprofile_h */
policyQualifierId PolicyQualifierId,
qualifier ANY DEFINED BY policyQualifierId }
*/
+/* maximum number of policies of 8192 seems more than adequate */
+#define MAX_CERTIFICATE_POLICIES 8192
static void SecCEPCertificatePolicies(SecCertificateRef certificate,
const SecCertificateExtension *extn) {
secdebug("cert", "critical: %s", extn->critical ? "yes" : "no");
require_quiet(tag == ASN1_CONSTR_SEQUENCE, badDER);
DERDecodedInfo piContent;
DERSize policy_count = 0;
- while ((drtn = DERDecodeSeqNext(&piSeq, &piContent)) == DR_Success) {
+ while ((policy_count < MAX_CERTIFICATE_POLICIES) &&
+ (drtn = DERDecodeSeqNext(&piSeq, &piContent)) == DR_Success) {
require_quiet(piContent.tag == ASN1_CONSTR_SEQUENCE, badDER);
policy_count++;
}
* (policy_count > 0 ? policy_count : 1));
DERDecodeSeqInit(&extn->extnValue, &tag, &piSeq);
DERSize policy_ix = 0;
- while ((drtn = DERDecodeSeqNext(&piSeq, &piContent)) == DR_Success) {
+ while ((policy_ix < (policy_count > 0 ? policy_count : 1)) &&
+ (drtn = DERDecodeSeqNext(&piSeq, &piContent)) == DR_Success) {
DERPolicyInformation pi;
drtn = DERParseSequenceContent(&piContent.content,
DERNumPolicyInformationItemSpecs,
if (month > 2)
day += is_leap_year;
- CFAbsoluteTime absTime = (CFAbsoluteTime)((day * 24 + hour) * 60 + minute) * 60 + second;
+ CFAbsoluteTime absTime = (CFAbsoluteTime)((day * 24.0 + hour) * 60.0 + minute) * 60.0 + second;
return absTime - timeZoneOffset;
}
_kSecPolicyAppleTestPPQSigning
_kSecPolicyAppleATVAppSigning
_kSecPolicyAppleTestATVAppSigning
+_kSecPolicyAppleATVVPNProfileSigning
_kSecPolicyApplePayIssuerEncryption
_kSecPolicyAppleAnchorIncludeTestRoots
_kSecPolicyCheckAnchorSHA1
_SecPolicyCreateiPhoneProfileApplicationSigning
_SecPolicyCreateiPhoneProvisioningProfileSigning
_SecPolicyCreateAppleTVOSApplicationSigning
+_SecPolicyCreateAppleATVVPNProfileSigning
_SecPolicyCreateiTunesStoreURLBag
_SecPolicyCreateLockdownPairing
_SecPolicyCreateMobileAsset
CFTypeRef queryResult = NULL;
CFDictionaryRef query = NULL;
- require_action_quiet(publicKey != NULL, errOut, SecError(errSecParam, error, NULL, CFSTR("Null Public Key")));
+ require_action_quiet(publicKey != NULL, errOut, SecError(errSecParam, error, CFSTR("Null Public Key")));
query = CreatePrivateKeyMatchingQuery(publicKey, false);
SEC_CONST_DECL (kSecPolicyAppleTestATVAppSigning, "1.2.840.113625.100.1.38");
SEC_CONST_DECL (kSecPolicyApplePayIssuerEncryption, "1.2.840.113625.100.1.39");
SEC_CONST_DECL (kSecPolicyAppleOSXProvisioningProfileSigning, "1.2.840.113625.100.1.40");
+SEC_CONST_DECL (kSecPolicyAppleATVVPNProfileSigning, "1.2.840.113625.100.1.41");
+// TODO need confirmation that OID for kSecPolicyAppleATVVPNProfileSigning is reserved
SEC_CONST_DECL (kSecPolicyOid, "SecPolicyOid");
SEC_CONST_DECL (kSecPolicyName, "SecPolicyName");
static CFStringRef kSecPolicyOIDAppleTestATVAppSigning = CFSTR("AppleTestATVAppSigning");
static CFStringRef kSecPolicyOIDApplePayIssuerEncryption = CFSTR("ApplePayIssuerEncryption");
static CFStringRef kSecPolicyOIDAppleOSXProvisioningProfileSigning = CFSTR("AppleOSXProvisioningProfileSigning");
+static CFStringRef kSecPolicyOIDAppleATVVPNProfileSigning = CFSTR("AppleATVVPNProfileSigning");
/* Policies will now change to multiple categories of checks.
}
else if (CFEqual(policyIdentifier, kSecPolicyApplePayIssuerEncryption)) {
policy = SecPolicyCreateApplePayIssuerEncryption();
+ }
+ else if (CFEqual(policyIdentifier, kSecPolicyAppleATVVPNProfileSigning)) {
+ policy = SecPolicyCreateAppleATVVPNProfileSigning();
}
else {
secerror("ERROR: policy \"%@\" is unsupported", policyIdentifier);
else if (CFEqual(oid, kSecPolicyOIDAppleOSXProvisioningProfileSigning)) {
outOid = kSecPolicyAppleOSXProvisioningProfileSigning;
}
+ else if (CFEqual(oid, kSecPolicyOIDAppleATVVPNProfileSigning)) {
+ outOid = kSecPolicyAppleATVVPNProfileSigning;
+ }
// Set kSecPolicyOid
CFDictionarySetValue(properties, (const void *)kSecPolicyOid,
CFReleaseSafe(options);
return result;
}
+
+/*!
+ @function SecPolicyCreateAppleATVVPNProfileSigning
+ @abstract Check for leaf marker OID 1.2.840.113635.100.6.43,
+ intermediate marker OID 1.2.840.113635.100.6.2.10,
+ chains to Apple Root CA, path length 3
+ */
+SecPolicyRef SecPolicyCreateAppleATVVPNProfileSigning(void)
+{
+ SecPolicyRef result = NULL;
+ CFMutableDictionaryRef options = NULL;
+ CFMutableDictionaryRef appleAnchorOptions = NULL;
+ require(options = CFDictionaryCreateMutable(kCFAllocatorDefault, 0,
+ &kCFTypeDictionaryKeyCallBacks,
+ &kCFTypeDictionaryValueCallBacks), errOut);
+
+ SecPolicyAddBasicCertOptions(options);
+
+ // Require pinning to the Apple CAs (including test CA for internal releases)
+ appleAnchorOptions = CFDictionaryCreateMutableForCFTypes(NULL);
+ require(appleAnchorOptions, errOut);
+
+ if (SecIsInternalRelease()) {
+ CFDictionarySetValue(appleAnchorOptions,
+ kSecPolicyAppleAnchorIncludeTestRoots, kCFBooleanTrue);
+ }
+
+ add_element(options, kSecPolicyCheckAnchorApple, appleAnchorOptions);
+
+ // Cert chain length 3
+ require(SecPolicyAddChainLengthOptions(options, 3), errOut);
+
+ // Check leaf for Apple ATV VPN Profile Signing OID (1.2.840.113635.100.6.43)
+ add_leaf_marker(options, &oidAppleCertExtATVVPNProfileSigning);
+
+ // Check intermediate for Apple System Integration 2 CA intermediate marker (1.2.840.113635.100.6.2.10)
+ add_oid(options, kSecPolicyCheckIntermediateMarkerOid, &oidAppleIntmMarkerAppleSystemIntg2);
+
+ // Ensure that revocation is checked (OCSP only)
+ CFDictionaryAddValue(options, kSecPolicyCheckRevocation, kCFBooleanFalse);
+
+ require(result = SecPolicyCreate(kSecPolicyAppleATVVPNProfileSigning, options), errOut);
+
+errOut:
+ CFReleaseSafe(options);
+ CFReleaseSafe(appleAnchorOptions);
+ return result;
+}
SecPolicyRef SecPolicyCreateApplePayIssuerEncryption(void)
__OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+
+/*!
+ @function SecPolicyCreateAppleATVVPNProfileSigning
+ @abstract Check for leaf marker OID 1.2.840.113635.100.6.43,
+ intermediate marker OID 1.2.840.113635.100.6.2.10,
+ chains to Apple Root CA, path length 3
+ */
+SecPolicyRef SecPolicyCreateAppleATVVPNProfileSigning(void)
+__OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0);
+
__END_DECLS
#endif /* !_SECURITY_SECPOLICYPRIV_H_ */
return hash_pubkey_data;
}
-static void generate_sender_nonce(CFMutableDictionaryRef dict)
+static int generate_sender_nonce(CFMutableDictionaryRef dict)
{
/* random sender nonce, to be verified against recipient nonce in reply */
CFDataRef senderNonce_oid_data = scep_oid(senderNonce);
uint8_t senderNonce_value[18] = { 4, 16, };
- SecRandomCopyBytes(kSecRandomDefault, sizeof(senderNonce_value) - 2, senderNonce_value + 2);
+ int status = SecRandomCopyBytes(kSecRandomDefault, sizeof(senderNonce_value) - 2, senderNonce_value + 2);
CFDataRef senderNonce_value_data = CFDataCreate(kCFAllocatorDefault,
senderNonce_value, sizeof(senderNonce_value));
if (senderNonce_oid_data && senderNonce_value_data)
CFDictionarySetValue(dict, senderNonce_oid_data, senderNonce_value_data);
CFReleaseNull(senderNonce_oid_data);
CFReleaseNull(senderNonce_value_data);
+ return status;
}
SecIdentityRef SecSCEPCreateTemporaryIdentity(SecKeyRef publicKey, SecKeyRef privateKey)
CFReleaseNull(msgtype_value_data);
/* random sender nonce, to be verified against recipient nonce in reply */
- generate_sender_nonce(simple_attr);
+ require(generate_sender_nonce(simple_attr) == errSecSuccess, out);
/* XXX/cs remove auto-generation once managedconfig is no longer using this */
if (signer) {
tf->hostnameMismatch = true;
} else if (CFEqual(key, kSecPolicyCheckValidIntermediates)
|| CFEqual(key, kSecPolicyCheckValidLeaf)
- || CFEqual(key, kSecPolicyCheckValidLeaf)) {
+ || CFEqual(key, kSecPolicyCheckValidRoot)) {
tf->invalidCert = true;
} else
/* Anything else is a policy failure. */
}
const uint8_t *der_end = der + size;
- der = der_decode_plist(kCFAllocatorDefault, kCFPropertyListImmutable,
+ /* use the sensitive allocator so that the dictionary is zeroized upon deallocation */
+ const uint8_t *decode_end = der_decode_plist(CFAllocatorSensitive(), kCFPropertyListImmutable,
&cfobject, error, der, der_end);
- if (der != der_end) {
+ if (decode_end != der_end) {
SecError(errSecParam, error, CFSTR("trailing garbage after der decoded object for key %s"), key);
CFReleaseNull(cfobject);
}
+
+ /* zeroize xpc value as it may have contained raw key material */
+ cc_clear(size, (void *)der);
+
return cfobject;
}
" -s scope_list set log scopes to scope_list.\n"
" -c scope_list set log scopes to scope_list for all devices in circle.\n",
"control logging settings")
+
+SECURITY_COMMAND_IOS("verify-cert", verify_cert,
+ "[options]\n"
+ " -c certFile Certificate to verify. Can be specified multiple times.\n"
+ " -r rootCertFile Root Certificate. Can be specified multiple times.\n"
+ " -p policy Verify policy (basic, ssl, smime, eap, IPSec, appleID,\n"
+ " codeSign, timestamp, revocation).\n"
+ " -d date Set date and time to use when verifying certificate,\n"
+ " provided in the form of YYYY-MM-DD-hh:mm:ss (time optional) in GMT.\n"
+ " e.g: 2016-04-25-15:59:59 for April 25, 2016 at 3:59:59 pm in GMT\n"
+ " -L Local certs only.\n"
+ " -n Name of the host (ssl, IPSec, smime)\n"
+ " -q Quiet.\n"
+ " -C Set client to true. Otherwise, verify-cert defaults to server (ssl, IPSec, eap).\n",
+ "Verify certificate(s).")
-//
-//
-//
-//
-
-
+/*
+ * Copyright (c) 2003-2007,2009-2010,2013-2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ *
+ * keychain_find.c
+ */
#include <CoreFoundation/CoreFoundation.h>
-//
-// log_control.c
-//
-// sec
-//
+/*
+ * Copyright (c) 2003-2007,2009-2010,2013-2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ *
+ * log_control.c
+ */
#include <string.h>
#include <getopt.h>
--- /dev/null
+/*
+ * Copyright (c) 2003-2007,2009-2010,2013-2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ *
+ * verify-cert.c
+ */
+
+#define CFRELEASE(cf) if (cf) { CFRelease(cf); }
+
+#include <Security/SecCertificate.h>
+#include <Security/SecTrust.h>
+#include <Security/SecPolicy.h>
+
+#include <sys/stat.h>
+#include <stdio.h>
+#include <time.h>
+
+int readFile(const char *fileName, unsigned char **bytes, unsigned *numBytes);
+CFStringRef policyToConstant(const char *policy);
+int verify_cert(int argc, char * const *argv);
+
+/* Read an entire file. Copied from cuFileIo.c */
+int readFile(
+ const char *fileName,
+ unsigned char **bytes, /* malloc'd and returned */
+ unsigned *numBytes) /* returned */
+{
+ int rtn;
+ int fd;
+ unsigned char *buf;
+ struct stat sb;
+ unsigned size;
+
+ *numBytes = 0;
+ *bytes = NULL;
+ fd = open(fileName, O_RDONLY, 0);
+ if (fd < 0) {
+ return errno;
+ }
+
+ rtn = fstat(fd, &sb);
+ if (rtn) {
+ goto errOut;
+ }
+ size = (unsigned)sb.st_size;
+ buf = malloc(size);
+ if (buf == NULL) {
+ rtn = ENOMEM;
+ goto errOut;
+ }
+
+ rtn = (int)lseek(fd, 0, SEEK_SET);
+ if (rtn < 0) {
+ free(buf);
+ goto errOut;
+ }
+
+ rtn = (int)read(fd, buf, (size_t)size);
+ if (rtn != (int)size) {
+ if (rtn >= 0) {
+ printf("readFile: short read\n");
+ }
+ free(buf);
+ rtn = EIO;
+ }
+ else {
+ rtn = 0;
+ *bytes = buf;
+ *numBytes = size;
+ }
+errOut:
+ close(fd);
+ return rtn;
+}
+
+static int addCertFile(const char *fileName, CFMutableArrayRef *array) {
+ SecCertificateRef certRef = NULL;
+ CFDataRef dataRef = NULL;
+ unsigned char *buf = NULL;
+ unsigned int numBytes;
+ int rtn = 0;
+
+ if (readFile(fileName, &buf, &numBytes)) {
+ rtn = -1;
+ goto errOut;
+ }
+
+ dataRef = CFDataCreate(NULL, buf, numBytes);
+ certRef = SecCertificateCreateWithData(NULL, dataRef);
+
+ if (*array == NULL) {
+ *array = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ }
+
+ CFArrayAppendValue(*array, certRef);
+
+errOut:
+ /* Cleanup */
+ free(buf);
+ CFRELEASE(dataRef);
+ CFRELEASE(certRef);
+ return rtn;
+}
+
+CFStringRef policyToConstant(const char *policy) {
+ if (policy == NULL) {
+ return NULL;
+ }
+ else if (!strcmp(policy, "basic")) {
+ return kSecPolicyAppleX509Basic;
+ }
+ else if (!strcmp(policy, "ssl")) {
+ return kSecPolicyAppleSSL;
+ }
+ else if (!strcmp(policy, "smime")) {
+ return kSecPolicyAppleSMIME;
+ }
+ else if (!strcmp(policy, "eap")) {
+ return kSecPolicyAppleEAP;
+ }
+ else if (!strcmp(policy, "IPSec")) {
+ return kSecPolicyAppleIPsec;
+ }
+ else if (!strcmp(policy, "appleID")) {
+ return kSecPolicyAppleIDValidation;
+ }
+ else if (!strcmp(policy, "codeSign")) {
+ return kSecPolicyAppleCodeSigning;
+ }
+ else if (!strcmp(policy, "timestamping")) {
+ return kSecPolicyAppleTimeStamping;
+ }
+ else if (!strcmp(policy, "revocation")) {
+ return kSecPolicyAppleRevocation;
+ }
+ else if (!strcmp(policy, "passbook")) {
+ /* Passbook not implemented */
+ return NULL;
+ }
+ else {
+ return NULL;
+ }
+}
+
+int verify_cert(int argc, char * const *argv) {
+ extern char *optarg;
+ extern int optind;
+ int arg;
+
+ CFMutableArrayRef certs = NULL;
+ CFMutableArrayRef roots = NULL;
+
+ CFMutableDictionaryRef dict = NULL;
+ const char *name = NULL;
+ bool client = false;
+
+ OSStatus ortn;
+ int ourRtn = 0;
+ bool quiet = false;
+
+ struct tm time;
+ CFGregorianDate gregorianDate;
+ CFDateRef dateRef = NULL;
+
+ CFStringRef policy = NULL;
+ SecPolicyRef policyRef = NULL;
+ Boolean fetch = true;
+ SecTrustRef trustRef = NULL;
+ SecTrustResultType resultType;
+
+ if (argc < 2) {
+ /* Return 2 triggers usage message. */
+ return 2;
+ }
+
+ optind = 1;
+
+ while ((arg = getopt(argc, argv, "c:r:p:d:n:LqC")) != -1) {
+ switch (arg) {
+ case 'c':
+ /* Can be specified multiple times */
+ if (addCertFile(optarg, &certs)) {
+ fprintf(stderr, "Cert file error\n");
+ ourRtn = 1;
+ goto errOut;
+ }
+ break;
+ case 'r':
+ /* Can be specified multiple times */
+ if (addCertFile(optarg, &roots)) {
+ fprintf(stderr, "Root file error\n");
+ ourRtn = 1;
+ goto errOut;
+ }
+ break;
+ case 'p':
+ policy = policyToConstant(optarg);
+ if (policy == NULL) {
+ fprintf(stderr, "Policy processing error\n");
+ ourRtn = 2;
+ goto errOut;
+ }
+ break;
+ case 'L':
+ /* Force no network fetch of certs */
+ fetch = false;
+ break;
+ case 'n':
+ if (name != NULL) {
+ name = optarg;
+ }
+ break;
+ case 'q':
+ quiet = true;
+ break;
+ case 'C':
+ /* Set to client */
+ client = true;
+ break;
+ case 'd':
+ memset(&time, 0, sizeof(struct tm));
+ if (strptime(optarg, "%Y-%m-%d-%H:%M:%S", &time) == NULL) {
+ if (strptime(optarg, "%Y-%m-%d", &time) == NULL) {
+ fprintf(stderr, "Date processing error\n");
+ ourRtn = 2;
+ goto errOut;
+ }
+ }
+
+ gregorianDate.second = time.tm_sec;
+ gregorianDate.minute = time.tm_min;
+ gregorianDate.hour = time.tm_hour;
+ gregorianDate.day = time.tm_mday;
+ gregorianDate.month = time.tm_mon + 1;
+ gregorianDate.year = time.tm_year + 1900;
+
+ if (dateRef == NULL) {
+ dateRef = CFDateCreate(NULL, CFGregorianDateGetAbsoluteTime(gregorianDate, NULL));
+ }
+ break;
+ default:
+ fprintf(stderr, "Usage error\n");
+ ourRtn = 2;
+ goto errOut;
+ }
+ }
+
+ if (optind != argc) {
+ ourRtn = 2;
+ goto errOut;
+ }
+
+ if (policy == NULL) {
+ policy = kSecPolicyAppleX509Basic;
+ }
+
+ if (certs == NULL) {
+ if (roots == NULL) {
+ fprintf(stderr, "No certs specified.\n");
+ ourRtn = 2;
+ goto errOut;
+ }
+ if (CFArrayGetCount(roots) != 1) {
+ fprintf(stderr, "Multiple roots and no certs not allowed.\n");
+ ourRtn = 2;
+ goto errOut;
+ }
+
+ /* No certs and one root: verify the root */
+ certs = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ CFArrayAppendValue(certs, CFArrayGetValueAtIndex(roots, 0));
+ }
+
+ /* Per-policy options */
+ if (!CFStringCompare(policy, kSecPolicyAppleSSL, 0) || !CFStringCompare(policy, kSecPolicyAppleIPsec, 0)) {
+ dict = CFDictionaryCreateMutable(NULL, 2, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
+
+ if (name == NULL) {
+ ourRtn = 2;
+ goto errOut;
+ }
+ CFDictionaryAddValue(dict, kSecPolicyName, name);
+ CFDictionaryAddValue(dict, kSecPolicyClient, &client);
+ }
+ else if (!CFStringCompare(policy, kSecPolicyAppleEAP, 0)) {
+ dict = CFDictionaryCreateMutable(NULL, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
+
+ CFDictionaryAddValue(dict, kSecPolicyClient, &client);
+ }
+ else if (!CFStringCompare(policy, kSecPolicyAppleSMIME, 0)) {
+ dict = CFDictionaryCreateMutable(NULL, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
+
+ if (name == NULL) {
+ ourRtn = 2;
+ goto errOut;
+ }
+ CFDictionaryAddValue(dict, kSecPolicyName, name);
+ }
+
+ policyRef = SecPolicyCreateWithProperties(policy, dict);
+
+ /* Now create a SecTrustRef and set its options */
+ ortn = SecTrustCreateWithCertificates(certs, policyRef, &trustRef);
+ if (ortn) {
+ fprintf(stderr, "SecTrustCreateWithCertificates\n");
+ ourRtn = 1;
+ goto errOut;
+ }
+
+ /* Roots (anchors) are optional */
+ if (roots != NULL) {
+ ortn = SecTrustSetAnchorCertificates(trustRef, roots);
+ if (ortn) {
+ fprintf(stderr, "SecTrustSetAnchorCertificates\n");
+ ourRtn = 1;
+ goto errOut;
+ }
+ }
+ if (fetch == false) {
+ ortn = SecTrustSetNetworkFetchAllowed(trustRef, fetch);
+ if (ortn) {
+ fprintf(stderr, "SecTrustSetNetworkFetchAllowed\n");
+ ourRtn = 1;
+ goto errOut;
+ }
+ }
+
+ /* Set verification time for trust object */
+ if (dateRef != NULL) {
+ ortn = SecTrustSetVerifyDate(trustRef, dateRef);
+ if (ortn) {
+ fprintf(stderr, "SecTrustSetVerifyDate\n");
+ ourRtn = 1;
+ goto errOut;
+ }
+ }
+
+ /* Evaluate certs */
+ ortn = SecTrustEvaluate(trustRef, &resultType);
+ if (ortn) {
+ /* Should never fail - error doesn't mean the cert verified badly */
+ fprintf(stderr, "SecTrustEvaluate\n");
+ ourRtn = 1;
+ goto errOut;
+ }
+ switch (resultType) {
+ case kSecTrustResultUnspecified:
+ /* Cert chain valid, no special UserTrust assignments */
+ case kSecTrustResultProceed:
+ /* Cert chain valid AND user explicitly trusts this */
+ break;
+ case kSecTrustResultDeny:
+ /* User-configured denial */
+ if (!quiet) {
+ fprintf(stderr, "SecTrustEvaluate result: kSecTrustResultDeny\n");
+ }
+ ourRtn = 1;
+ break;
+ case kSecTrustResultConfirm:
+ /* Cert chain may well have verified OK, but user has flagged
+ one of these certs as untrustable. */
+ if (!quiet) {
+ fprintf(stderr, "SecTrustEvaluate result: kSecTrustResultConfirm\n");
+ }
+ ourRtn = 1;
+ break;
+ case kSecTrustResultInvalid:
+ /* SecTrustEvaluate not called yet */
+ if (!quiet) {
+ fprintf(stderr, "SecTrustEvaluate result: kSecTrustResultInvalid\n");
+ }
+ ourRtn = 1;
+ break;
+ case kSecTrustResultRecoverableTrustFailure:
+ /* Failure, can be user-overridden */
+ if (!quiet) {
+ fprintf(stderr, "SecTrustEvaluate result: kSecTrustResultRecoverableTrustFailure\n");
+ }
+ ourRtn = 1;
+ break;
+ case kSecTrustResultFatalTrustFailure:
+ /* Complete failure */
+ if (!quiet) {
+ fprintf(stderr, "SecTrustEvaluate result: kSecTrustResultFatalTrustFailure\n");
+ }
+ ourRtn = 1;
+ break;
+ case kSecTrustResultOtherError:
+ /* Failure unrelated to trust evaluation */
+ if (!quiet) {
+ fprintf(stderr, "SecTrustEvaluate result: kSecTrustResultOtherError\n");
+ }
+ ourRtn = 1;
+ break;
+ default:
+ /* Error is not a defined SecTrustResultType */
+ if (!quiet) {
+ fprintf(stderr, "Cert Verify Result: %u\n", resultType);
+ }
+ ourRtn = 1;
+ break;
+ }
+
+ if ((ourRtn == 0) && !quiet) {
+ printf("...certificate verification successful.\n");
+ }
+errOut:
+ /* Cleanup */
+ CFRELEASE(certs);
+ CFRELEASE(roots);
+ CFRELEASE(dateRef);
+ CFRELEASE(dict);
+ CFRELEASE(policyRef);
+ CFRELEASE(trustRef);
+ return ourRtn;
+}
Run
.Pa /usr/bin/leaks
on this proccess.
+.It Nm verify-cert
+Verify certificate(s).
.El
.Sh "COMMON COMMAND OPTIONS"
This section describes the
.Op Fl p Ar password
.Op Ar keychain...
.Bl -item -offset -indent
-Create keychains and add them to the search list. if no keychains are specified the user is prompted for one.
+Create keychains and add them to the search list. If no keychains are specified the user is prompted for one.
.It
Options:
.Bl -tag -compact -width -indent-indent
.Op Fl n Ar name
.Op Fl A Ns | Ns Fl T Ar app1:app2:...
.Bl -item -offset -indent
-Create an assymetric keypair.
+Create an asymmetric keypair.
.El
.It
.Nm add-internet-password
will search the default search list.
.It
Options:
-.Bl -tag -compact -width -indent-indent
+.Bl -tag -compact -width -indent
.It Fl a
Find all matching certificates, not just the first one.
.It Fl g Ar dl Ns | Ns Ar cspdl
.Ar symbol Ns .
.El
.El
+.It
+.Nm verify-cert
+.Op Fl c Ar certFile
+.Op Fl r Ar rootCertFile
+.Op Fl p Ar policy
+.Op Fl d Ar date
+.Op Fl n Ar name
+.Op Fl L
+.Op Fl q
+.Op Fl C
+.Bl -item -offset -indent
+Verify one or more certificates.
+.It
+Options:
+.Bl -tag -compact -width -indent-indent
+.It Fl c Ar certFile
+Certificate to verify, in DER or PEM format. Can be specified more than once; leaf certificate has to be specified first.
+.It Fl r Ar rootCertFile
+Root certificate, in DER or PEM format. Can be specified more than once. If not specified, the system anchor certificates are used.
+.It Fl p Ar policy
+Specify verification policy (ssl, smime, codeSign, IPSec, basic, eap, appleID, timestamping, revocation). Default is basic.
+.It Fl d Ar date
+Date to set for verification. Specified in the format of YYYY-MM-DD-hh:mm:ss (time optional). e.g: 2016-04-25-15:59:59 for April 25, 2016 at 3:59:59 pm in GMT
+.It Fl n Ar name
+Specify name for the policy (ssl, IPSec, smime).
+.It Fl L
+Use local certificates only. If an issuing CA certificate is missing, this option will avoid accessing the network to fetch it.
+.It Fl q
+Quiet, no stdout or stderr.
+.It Fl C
+Set to client-side. Otherwise, defaults to server.
.El
+.It
+.Sy Examples
+.Bl -tag -width -indent
+.Dl security> verify-cert -r serverbasic.crt
.El
.Sh ENVIRONMENT \" May not be needed
.Bl -tag -width -indent
#include <utilities/SecIOFormat.h>
#include <utilities/SecXPCError.h>
#include <utilities/debugging.h>
+#include <utilities/SecInternalReleasePriv.h>
#include <AssertMacros.h>
#include <CoreFoundation/CFXPCBridge.h>
return success;
}
+static bool
+EntitlementMissing(enum SecXPCOperation op, SecTaskRef clientTask, CFStringRef entitlement, CFErrorRef *error)
+{
+ SecError(errSecMissingEntitlement, error, CFSTR("%@: %@ lacks entitlement %@"), SOSCCGetOperationDescription(op), clientTask, entitlement);
+ return false;
+}
+
+
static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, xpc_object_t event) {
xpc_type_t type = xpc_get_type(event);
// operations before kSecXPCOpTryUserCredentials don't need this entitlement.
hasEntitlement = (operation < kSecXPCOpTryUserCredentials) ||
- (clientTask && SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementKeychainCloudCircle));
+ (clientTask && SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementKeychainCloudCircle));
// Per <rdar://problem/13315020> Disable the entitlement check for "keychain-cloud-circle"
// we disable entitlement enforcement. However, we still log so we know who needs the entitlement
}
}
} else {
- SecError(errSecMissingEntitlement, &error, CFSTR("%@: %@ lacks entitlement %@"), SOSCCGetOperationDescription((enum SecXPCOperation)operation), clientTask, kSecEntitlementModifyAnchorCertificates);
+ EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementModifyAnchorCertificates, &error);
}
break;
}
}
}
} else {
- SecError(errSecMissingEntitlement, &error, CFSTR("%@: %@ lacks entitlement %@"), SOSCCGetOperationDescription((enum SecXPCOperation)operation), clientTask, kSecEntitlementModifyAnchorCertificates);
+ EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementModifyAnchorCertificates, &error);
}
break;
}
}
CFRelease(replyError);
} else {
- secdebug("ipc", "%@ %@ reponding %@", clientTask, SOSCCGetOperationDescription((enum SecXPCOperation)operation), asyncReply);
+ secdebug("ipc", "%@ %@ responding %@", clientTask, SOSCCGetOperationDescription((enum SecXPCOperation)operation), asyncReply);
}
xpc_connection_send_message(connection, asyncReply);
}
case sec_keychain_backup_id:
{
- CFDataRef keybag = NULL, passcode = NULL;
- if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyKeybag, &keybag, &error)) {
- if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) {
- CFDataRef backup = _SecServerKeychainBackup(keybag, passcode, &error);
- if (backup) {
- SecXPCDictionarySetData(replyMessage, kSecXPCKeyResult, backup, &error);
- CFRelease(backup);
+ if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) {
+ CFDataRef keybag = NULL, passcode = NULL;
+ if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyKeybag, &keybag, &error)) {
+ if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) {
+ CFDataRef backup = _SecServerKeychainBackup(keybag, passcode, &error);
+ if (backup) {
+ SecXPCDictionarySetData(replyMessage, kSecXPCKeyResult, backup, &error);
+ CFRelease(backup);
+ }
+ CFReleaseSafe(passcode);
}
- CFReleaseSafe(passcode);
+ CFReleaseSafe(keybag);
}
- CFReleaseSafe(keybag);
+ } else {
+ EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error);
}
break;
}
case sec_keychain_restore_id:
{
- CFDataRef backup = SecXPCDictionaryCopyData(event, kSecXPCKeyBackup, &error);
- if (backup) {
- CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error);
- if (keybag) {
- CFDataRef passcode = NULL;
- if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) {
- bool result = _SecServerKeychainRestore(backup, keybag, passcode, &error);
- xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result);
- CFReleaseSafe(passcode);
+ if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) {
+ CFDataRef backup = SecXPCDictionaryCopyData(event, kSecXPCKeyBackup, &error);
+ if (backup) {
+ CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error);
+ if (keybag) {
+ CFDataRef passcode = NULL;
+ if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) {
+ bool result = _SecServerKeychainRestore(backup, keybag, passcode, &error);
+ xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result);
+ CFReleaseSafe(passcode);
+ }
+ CFRelease(keybag);
}
- CFRelease(keybag);
+ CFRelease(backup);
}
- CFRelease(backup);
+ } else {
+ EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error);
}
break;
}
}
case sec_keychain_backup_syncable_id:
{
- CFDictionaryRef oldbackup = NULL;
- if (SecXPCDictionaryCopyDictionaryOptional(event, kSecXPCKeyBackup, &oldbackup, &error)) {
- CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error);
- if (keybag) {
- CFDataRef passcode = NULL;
- if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) {
- CFDictionaryRef newbackup = _SecServerBackupSyncable(oldbackup, keybag, passcode, &error);
- if (newbackup) {
- SecXPCDictionarySetPList(replyMessage, kSecXPCKeyResult, newbackup, &error);
- CFRelease(newbackup);
+ if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) {
+
+ CFDictionaryRef oldbackup = NULL;
+ if (SecXPCDictionaryCopyDictionaryOptional(event, kSecXPCKeyBackup, &oldbackup, &error)) {
+ CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error);
+ if (keybag) {
+ CFDataRef passcode = NULL;
+ if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) {
+ CFDictionaryRef newbackup = _SecServerBackupSyncable(oldbackup, keybag, passcode, &error);
+ if (newbackup) {
+ SecXPCDictionarySetPList(replyMessage, kSecXPCKeyResult, newbackup, &error);
+ CFRelease(newbackup);
+ }
+ CFReleaseSafe(passcode);
}
- CFReleaseSafe(passcode);
+ CFRelease(keybag);
}
- CFRelease(keybag);
+ CFReleaseSafe(oldbackup);
}
- CFReleaseSafe(oldbackup);
+ } else {
+ EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error);
}
break;
}
case sec_keychain_restore_syncable_id:
{
- CFDictionaryRef backup = SecXPCDictionaryCopyDictionary(event, kSecXPCKeyBackup, &error);
- if (backup) {
- CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error);
- if (keybag) {
- CFDataRef passcode = NULL;
- if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) {
- bool result = _SecServerRestoreSyncable(backup, keybag, passcode, &error);
- xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result);
- CFReleaseSafe(passcode);
+ if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) {
+
+ CFDictionaryRef backup = SecXPCDictionaryCopyDictionary(event, kSecXPCKeyBackup, &error);
+ if (backup) {
+ CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error);
+ if (keybag) {
+ CFDataRef passcode = NULL;
+ if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) {
+ bool result = _SecServerRestoreSyncable(backup, keybag, passcode, &error);
+ xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result);
+ CFReleaseSafe(passcode);
+ }
+ CFRelease(keybag);
}
- CFRelease(keybag);
+ CFRelease(backup);
}
- CFRelease(backup);
+ } else {
+ EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error);
}
break;
}
case sec_item_backup_copy_names_id:
{
- CFArrayRef names = SecServerItemBackupCopyNames(&error);
- SecXPCDictionarySetPListOptional(replyMessage, kSecXPCKeyResult, names, &error);
- CFReleaseSafe(names);
+ if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) {
+ CFArrayRef names = SecServerItemBackupCopyNames(&error);
+ SecXPCDictionarySetPListOptional(replyMessage, kSecXPCKeyResult, names, &error);
+ CFReleaseSafe(names);
+ } else {
+ EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error);
+ }
break;
}
case sec_item_backup_handoff_fd_id:
{
- CFStringRef backupName = SecXPCDictionaryCopyString(event, kSecXPCKeyBackup, &error);
- int fd = -1;
- if (backupName) {
- fd = SecServerItemBackupHandoffFD(backupName, &error);
- CFRelease(backupName);
+ if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) {
+ CFStringRef backupName = SecXPCDictionaryCopyString(event, kSecXPCKeyBackup, &error);
+ int fd = -1;
+ if (backupName) {
+ fd = SecServerItemBackupHandoffFD(backupName, &error);
+ CFRelease(backupName);
+ }
+ SecXPCDictionarySetFileDescriptor(replyMessage, kSecXPCKeyResult, fd, &error);
+ if (fd != -1)
+ close(fd);
+ } else {
+ EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error);
}
- SecXPCDictionarySetFileDescriptor(replyMessage, kSecXPCKeyResult, fd, &error);
- if (fd != -1)
- close(fd);
break;
}
case sec_item_backup_set_confirmed_manifest_id:
{
- CFDataRef keybagDigest = NULL;
- if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyKeybag, &keybagDigest, &error)) {
- CFDataRef manifest = NULL;
- if (SecXPCDictionaryCopyDataOptional(event, kSecXPCData, &manifest, &error)) {
- CFStringRef backupName = SecXPCDictionaryCopyString(event, kSecXPCKeyBackup, &error);
- if (backupName) {
- bool result = SecServerItemBackupSetConfirmedManifest(backupName, keybagDigest, manifest, &error);
- CFRelease(backupName);
- xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result);
+ if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) {
+ CFDataRef keybagDigest = NULL;
+ if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyKeybag, &keybagDigest, &error)) {
+ CFDataRef manifest = NULL;
+ if (SecXPCDictionaryCopyDataOptional(event, kSecXPCData, &manifest, &error)) {
+ CFStringRef backupName = SecXPCDictionaryCopyString(event, kSecXPCKeyBackup, &error);
+ if (backupName) {
+ bool result = SecServerItemBackupSetConfirmedManifest(backupName, keybagDigest, manifest, &error);
+ CFRelease(backupName);
+ xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result);
+ }
+ CFReleaseSafe(manifest);
}
- CFReleaseSafe(manifest);
+ CFReleaseNull(keybagDigest);
}
- CFRelease(keybagDigest);
+ } else {
+ EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error);
}
break;
}
case sec_item_backup_restore_id:
{
- bool result = false;
- CFStringRef backupName = SecXPCDictionaryCopyString(event, kSecXPCKeyBackup, &error);
- if (backupName) {
- CFStringRef peerID = NULL;
- if (SecXPCDictionaryCopyStringOptional(event, kSecXPCKeyDigest, &peerID, &error)) {
- CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error);
- if (keybag) {
- CFDataRef secret = SecXPCDictionaryCopyData(event, kSecXPCKeyUserPassword, &error);
- if (secret) {
- CFDataRef backup = SecXPCDictionaryCopyData(event, kSecXPCData, &error);
- if (backup) {
- result = SecServerItemBackupRestore(backupName, peerID, keybag, secret, backup, &error);
- CFRelease(backup);
+ if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) {
+ bool result = false;
+ CFStringRef backupName = SecXPCDictionaryCopyString(event, kSecXPCKeyBackup, &error);
+ if (backupName) {
+ CFStringRef peerID = NULL;
+ if (SecXPCDictionaryCopyStringOptional(event, kSecXPCKeyDigest, &peerID, &error)) {
+ CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error);
+ if (keybag) {
+ CFDataRef secret = SecXPCDictionaryCopyData(event, kSecXPCKeyUserPassword, &error);
+ if (secret) {
+ CFDataRef backup = SecXPCDictionaryCopyData(event, kSecXPCData, &error);
+ if (backup) {
+ result = SecServerItemBackupRestore(backupName, peerID, keybag, secret, backup, &error);
+ CFRelease(backup);
+ }
+ CFRelease(secret);
}
- CFRelease(secret);
+ CFRelease(keybag);
}
- CFRelease(keybag);
+ CFReleaseSafe(peerID);
}
- CFReleaseSafe(peerID);
+ CFRelease(backupName);
}
- CFRelease(backupName);
+ xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result);
+ } else {
+ EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error);
}
- xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result);
break;
}
case sec_ota_pki_asset_version_id:
break;
case kSecXPCOpSetNewPublicBackupKey:
{
- CFDataRef publicBackupKey = SecXPCDictionaryCopyData(event, kSecXPCKeyNewPublicBackupKey, &error);
- SOSPeerInfoRef peerInfo = SOSCCSetNewPublicBackupKey_Server(publicBackupKey, &error);
- CFDataRef peerInfoData = peerInfo ? SOSPeerInfoCopyEncodedData(peerInfo, kCFAllocatorDefault, &error) : NULL;
- CFReleaseNull(peerInfo);
- if (peerInfoData) {
- xpc_object_t xpc_object = _CFXPCCreateXPCObjectFromCFObject(peerInfoData);
- xpc_dictionary_set_value(replyMessage, kSecXPCKeyResult, xpc_object);
- xpc_release(xpc_object);
- }
- CFReleaseNull(peerInfoData);
- CFReleaseSafe(publicBackupKey);
+ if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) {
+ CFDataRef publicBackupKey = SecXPCDictionaryCopyData(event, kSecXPCKeyNewPublicBackupKey, &error);
+ SOSPeerInfoRef peerInfo = SOSCCSetNewPublicBackupKey_Server(publicBackupKey, &error);
+ CFDataRef peerInfoData = peerInfo ? SOSPeerInfoCopyEncodedData(peerInfo, kCFAllocatorDefault, &error) : NULL;
+ CFReleaseNull(peerInfo);
+ if (peerInfoData) {
+ xpc_object_t xpc_object = _CFXPCCreateXPCObjectFromCFObject(peerInfoData);
+ xpc_dictionary_set_value(replyMessage, kSecXPCKeyResult, xpc_object);
+ xpc_release(xpc_object);
+ }
+ CFReleaseNull(peerInfoData);
+ CFReleaseSafe(publicBackupKey);
+ } else {
+ EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error);
+ }
}
break;
case kSecXPCOpSetBagForAllSlices:
{
- CFDataRef backupSlice = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error);
- bool includeV0 = xpc_dictionary_get_bool(event, kSecXPCKeyIncludeV0);
- xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, backupSlice && SOSCCRegisterSingleRecoverySecret_Server(backupSlice, includeV0, &error));
- CFReleaseSafe(backupSlice);
+ if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) {
+ CFDataRef backupSlice = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error);
+ bool includeV0 = xpc_dictionary_get_bool(event, kSecXPCKeyIncludeV0);
+ xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, backupSlice && SOSCCRegisterSingleRecoverySecret_Server(backupSlice, includeV0, &error));
+ CFReleaseSafe(backupSlice);
+ } else {
+ EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error);
+ }
}
break;
case kSecXPCOpCopyApplicantPeerInfo:
18D4057014CE53DD00A2BE4E /* SecTrustServer.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD566114CB6F79008233F2 /* SecTrustServer.c */; };
18D4057114CE53DD00A2BE4E /* SecTrustStoreServer.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD566314CB6F79008233F2 /* SecTrustStoreServer.c */; };
18D4057214CE547400A2BE4E /* spi.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD566514CB6F79008233F2 /* spi.c */; };
+ 32FBBBE71B556F8900AEF9ED /* verify_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = 32FBBBE61B556F8900AEF9ED /* verify_cert.c */; };
+ 32FBBBE81B55B30E00AEF9ED /* verify_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = 32FBBBE61B556F8900AEF9ED /* verify_cert.c */; };
3A70988218CDF648009FD2CC /* si_77_SecAccessControl.c in Sources */ = {isa = PBXBuildFile; fileRef = 3A70988118CDF648009FD2CC /* si_77_SecAccessControl.c */; };
43C3B1681AFD588800786702 /* IDS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD6C9BF81A813D52002AB913 /* IDS.framework */; };
43C3B1691AFD58AB00786702 /* IDS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD6C9BF81A813D52002AB913 /* IDS.framework */; };
72B5923B17C6924000AE738B /* iCloudTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = 72B5923A17C6924000AE738B /* iCloudTrace.h */; };
72B5923D17C6939A00AE738B /* iCloudTrace.c in Sources */ = {isa = PBXBuildFile; fileRef = 72B5923C17C6939A00AE738B /* iCloudTrace.c */; };
7DE20930192D29D90066419C /* si-79-smp-cert-policy.c in Sources */ = {isa = PBXBuildFile; fileRef = 7DE2092F192D29D90066419C /* si-79-smp-cert-policy.c */; };
+ 858A54681BC6FE62008A03FA /* si-88-sectrust-vpnprofile.c in Sources */ = {isa = PBXBuildFile; fileRef = 858A54641BC6FD3E008A03FA /* si-88-sectrust-vpnprofile.c */; };
+ 858A54691BC6FE62008A03FA /* si-88-sectrust-vpnprofile.h in Headers */ = {isa = PBXBuildFile; fileRef = 858A54651BC6FD3E008A03FA /* si-88-sectrust-vpnprofile.h */; };
ACFD56BE19007B2D00F5F5D9 /* ios6_1_keychain_2_db.h in Headers */ = {isa = PBXBuildFile; fileRef = ACFD56BD19007B2D00F5F5D9 /* ios6_1_keychain_2_db.h */; };
- BE037D351B7E8DC700D21A94 /* si-20-sectrust-att.c in Sources */ = {isa = PBXBuildFile; fileRef = BE037D331B7E8DC200D21A94 /* si-20-sectrust-att.c */; };
BE061FCF1899E5BD00C739F6 /* si-76-shared-credentials.c in Sources */ = {isa = PBXBuildFile; fileRef = BE061FCE1899E5BD00C739F6 /* si-76-shared-credentials.c */; };
BE0CC6081A96B69000662E69 /* si-83-seccertificate-sighashalg.c in Sources */ = {isa = PBXBuildFile; fileRef = BE0CC6061A96B68400662E69 /* si-83-seccertificate-sighashalg.c */; };
+ BE3171931BB3559600BBB212 /* si-20-sectrust.h in Headers */ = {isa = PBXBuildFile; fileRef = BE3171921BB3559600BBB212 /* si-20-sectrust.h */; settings = {ASSET_TAGS = (); }; };
BE4AC9B518B8022D00B84964 /* swcagent_client.h in Headers */ = {isa = PBXBuildFile; fileRef = BEF9640918B418A400813FA3 /* swcagent_client.h */; };
BE4AC9B618B8038400B84964 /* SecuritydXPC.c in Sources */ = {isa = PBXBuildFile; fileRef = E7B01B8816572579000485F1 /* SecuritydXPC.c */; };
BE53FA301B0AC5C300719A63 /* SecKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD563C14CB6EB9008233F2 /* SecKey.c */; };
D4273AA61B5D54E70007D67B /* nameconstraints.c in Sources */ = {isa = PBXBuildFile; fileRef = D4273AA21B5D54CA0007D67B /* nameconstraints.c */; };
D445CDE11B44D53C005040AC /* si-84-sectrust-atv-appsigning.c in Sources */ = {isa = PBXBuildFile; fileRef = D445CDDF1B44D372005040AC /* si-84-sectrust-atv-appsigning.c */; };
D4B4A9A81B8BB9B70097B393 /* si-85-sectrust-ssl-policy.c in Sources */ = {isa = PBXBuildFile; fileRef = D4B4A9A61B8801960097B393 /* si-85-sectrust-ssl-policy.c */; };
+ D4DFC94A1B9958D00040945C /* si-87-sectrust-name-constraints.c in Sources */ = {isa = PBXBuildFile; fileRef = D4DFC9481B9958D00040945C /* si-87-sectrust-name-constraints.c */; };
+ D4DFC94B1B9958D00040945C /* si-87-sectrust-name-constraints.h in Headers */ = {isa = PBXBuildFile; fileRef = D4DFC9491B9958D00040945C /* si-87-sectrust-name-constraints.h */; };
E703811514E1FEEF007CB458 /* SOSCloudCircle.h in Headers */ = {isa = PBXBuildFile; fileRef = E703811114E1FEE4007CB458 /* SOSCloudCircle.h */; };
E71049F3169E023B00DB0045 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 521C0B9815FA5C4A00604B61 /* Foundation.framework */; };
E7104A01169E036E00DB0045 /* SecurityTool.c in Sources */ = {isa = PBXBuildFile; fileRef = E71049FF169E036E00DB0045 /* SecurityTool.c */; };
18AD568814CB865E008233F2 /* SecItemServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SecItemServer.c; sourceTree = "<group>"; xcLanguageSpecificationIdentifier = xcode.lang.c; };
18D4043514CE0CF300A2BE4E /* libsecurity.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity.a; sourceTree = BUILT_PRODUCTS_DIR; };
18D4056214CE53C200A2BE4E /* libsecurityd.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurityd.a; sourceTree = BUILT_PRODUCTS_DIR; };
+ 32FBBBE11B50365D00AEF9ED /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = System/Library/Frameworks/CoreFoundation.framework; sourceTree = SDKROOT; };
+ 32FBBBE61B556F8900AEF9ED /* verify_cert.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = verify_cert.c; sourceTree = "<group>"; };
3A70988118CDF648009FD2CC /* si_77_SecAccessControl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = si_77_SecAccessControl.c; sourceTree = "<group>"; };
4406660E19069707000DA171 /* si-80-empty-data.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "si-80-empty-data.c"; sourceTree = "<group>"; };
4469FC2A1AA0A69E0021AA26 /* secd-33-keychain-ctk.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "secd-33-keychain-ctk.c"; sourceTree = "<group>"; };
72E2DC0616BC47C800E7B236 /* OTATrustUtilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = OTATrustUtilities.c; sourceTree = "<group>"; };
72E2DC0716BC47C800E7B236 /* OTATrustUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OTATrustUtilities.h; sourceTree = "<group>"; };
7DE2092F192D29D90066419C /* si-79-smp-cert-policy.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-79-smp-cert-policy.c"; sourceTree = "<group>"; };
+ 858A54641BC6FD3E008A03FA /* si-88-sectrust-vpnprofile.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-88-sectrust-vpnprofile.c"; sourceTree = "<group>"; };
+ 858A54651BC6FD3E008A03FA /* si-88-sectrust-vpnprofile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-88-sectrust-vpnprofile.h"; sourceTree = "<group>"; };
ACFD56BD19007B2D00F5F5D9 /* ios6_1_keychain_2_db.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ios6_1_keychain_2_db.h; sourceTree = "<group>"; };
- BE037D331B7E8DC200D21A94 /* si-20-sectrust-att.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-20-sectrust-att.c"; sourceTree = "<group>"; };
BE061FCE1899E5BD00C739F6 /* si-76-shared-credentials.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-76-shared-credentials.c"; sourceTree = "<group>"; };
BE0CC6061A96B68400662E69 /* si-83-seccertificate-sighashalg.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-83-seccertificate-sighashalg.c"; sourceTree = "<group>"; };
+ BE3171921BB3559600BBB212 /* si-20-sectrust.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-20-sectrust.h"; sourceTree = "<group>"; };
BE556A5D19550E1600E6EE8C /* SecPolicyCerts.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecPolicyCerts.h; sourceTree = "<group>"; };
BE62D75F1747FF3E001EAA9D /* si-72-syncableitems.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-72-syncableitems.c"; sourceTree = "<group>"; };
BE62D7611747FF51001EAA9D /* si-70-sectrust-unified.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-70-sectrust-unified.c"; sourceTree = "<group>"; };
D4273AA31B5D54CA0007D67B /* nameconstraints.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nameconstraints.h; sourceTree = "<group>"; };
D445CDDF1B44D372005040AC /* si-84-sectrust-atv-appsigning.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-84-sectrust-atv-appsigning.c"; sourceTree = "<group>"; };
D4B4A9A61B8801960097B393 /* si-85-sectrust-ssl-policy.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-85-sectrust-ssl-policy.c"; sourceTree = "<group>"; };
+ D4DFC9481B9958D00040945C /* si-87-sectrust-name-constraints.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-87-sectrust-name-constraints.c"; sourceTree = "<group>"; };
+ D4DFC9491B9958D00040945C /* si-87-sectrust-name-constraints.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-87-sectrust-name-constraints.h"; sourceTree = "<group>"; };
E702E75614E1F3EA00CDE635 /* libSecureObjectSync.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSecureObjectSync.a; sourceTree = BUILT_PRODUCTS_DIR; };
E702E77814E1F48800CDE635 /* libSOSRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSOSRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; };
E703811114E1FEE4007CB458 /* SOSCloudCircle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCloudCircle.h; sourceTree = "<group>"; };
4CC92A1C15A3ABD400C6D578 /* si-15-certificate.c */,
4CC92A1D15A3ABD400C6D578 /* si-16-ec-certificate.c */,
4CC92A1E15A3ABD400C6D578 /* si-20-sectrust-activation.c */,
- BE037D331B7E8DC200D21A94 /* si-20-sectrust-att.c */,
4CC92A1F15A3ABD400C6D578 /* si-20-sectrust.c */,
+ BE3171921BB3559600BBB212 /* si-20-sectrust.h */,
4CC92A2015A3ABD400C6D578 /* si-21-sectrust-asr.c */,
4CC92A2115A3ABD400C6D578 /* si-22-sectrust-iap.c */,
4CC92A2215A3ABD400C6D578 /* si-23-sectrust-ocsp.c */,
D4B4A9A61B8801960097B393 /* si-85-sectrust-ssl-policy.c */,
BECC54E31B98FF0000FB91DC /* si-86-sectrust-eap-tls.c */,
BECC54E41B98FF0000FB91DC /* si-86-sectrust-eap-tls.h */,
+ D4DFC9481B9958D00040945C /* si-87-sectrust-name-constraints.c */,
+ D4DFC9491B9958D00040945C /* si-87-sectrust-name-constraints.h */,
+ 858A54641BC6FD3E008A03FA /* si-88-sectrust-vpnprofile.c */,
+ 858A54651BC6FD3E008A03FA /* si-88-sectrust-vpnprofile.h */,
);
name = secitem;
path = Regressions/secitem;
521C0B9715FA5C4900604B61 /* Frameworks */ = {
isa = PBXGroup;
children = (
+ 32FBBBE11B50365D00AEF9ED /* CoreFoundation.framework */,
CD6C9BF81A813D52002AB913 /* IDS.framework */,
CD558FA8193544F800CFB3B1 /* IDSFoundation.framework */,
EB97322D189C56DB0063DFED /* CoreFoundation.framework */,
E7104A0F169E1F0800DB0045 /* Tool */ = {
isa = PBXGroup;
children = (
+ 32FBBBE61B556F8900AEF9ED /* verify_cert.c */,
F697632118F6CC3F0090438B /* keychain_util.c */,
F697632218F6CC3F0090438B /* keychain_util.h */,
E790C136169E5C6200E0C0C9 /* add_internet_password.c */,
4CC92AC015A3BC4300C6D578 /* Security_regressions.h in Headers */,
4CC92A8C15A3ABD400C6D578 /* getcacert-mdes.h in Headers */,
4CC92A8D15A3ABD400C6D578 /* getcacert-mdesqa.h in Headers */,
+ BE3171931BB3559600BBB212 /* si-20-sectrust.h in Headers */,
4CC92A8F15A3ABD400C6D578 /* si-63-scep.h in Headers */,
+ D4DFC94B1B9958D00040945C /* si-87-sectrust-name-constraints.h in Headers */,
4CC92A9015A3ABD400C6D578 /* attached_no_data_signed_data.h in Headers */,
4CC92A9115A3ABD400C6D578 /* attached_signed_data.h in Headers */,
BECC54E61B98FF0000FB91DC /* si-86-sectrust-eap-tls.h in Headers */,
4CC92AA015A3ABD400C6D578 /* login.yahoo.com.2.cer.h in Headers */,
4CC92AA115A3ABD400C6D578 /* login.yahoo.com.cer.h in Headers */,
4CC92AA215A3ABD400C6D578 /* mail.google.com.cer.h in Headers */,
+ 858A54691BC6FE62008A03FA /* si-88-sectrust-vpnprofile.h in Headers */,
4CC92AA315A3ABD400C6D578 /* www.google.com.cer.h in Headers */,
);
runOnlyForDeploymentPostprocessing = 0;
18D4044E14CE1FE400A2BE4E /* SecTrustSettings.c in Sources */,
BE642BB2188F32C200C899A2 /* SecSharedCredential.c in Sources */,
52FD829A1AEA9CEF00634FD3 /* SecItemBackup.c in Sources */,
+ 32FBBBE71B556F8900AEF9ED /* verify_cert.c in Sources */,
CDC765C21729A72800721712 /* SecPasswordGenerate.c in Sources */,
18D4044F14CE1FE400A2BE4E /* SecTrustStore.c in Sources */,
18D4045014CE1FE400A2BE4E /* vmdh.c in Sources */,
BE061FCF1899E5BD00C739F6 /* si-76-shared-credentials.c in Sources */,
4CC92A6B15A3ABD400C6D578 /* si-16-ec-certificate.c in Sources */,
4CC92A6C15A3ABD400C6D578 /* si-20-sectrust-activation.c in Sources */,
- BE037D351B7E8DC700D21A94 /* si-20-sectrust-att.c in Sources */,
4CC92A6D15A3ABD400C6D578 /* si-20-sectrust.c in Sources */,
BE62D7601747FF3E001EAA9D /* si-72-syncableitems.c in Sources */,
+ 858A54681BC6FE62008A03FA /* si-88-sectrust-vpnprofile.c in Sources */,
4CC92A6E15A3ABD400C6D578 /* si-21-sectrust-asr.c in Sources */,
4CC92A6F15A3ABD400C6D578 /* si-22-sectrust-iap.c in Sources */,
4CC92A7015A3ABD400C6D578 /* si-23-sectrust-ocsp.c in Sources */,
4CC92A7115A3ABD400C6D578 /* si-24-sectrust-appleid.c in Sources */,
4CC92A7215A3ABD400C6D578 /* si-24-sectrust-digicert-malaysia.c in Sources */,
4CC92A7315A3ABD400C6D578 /* si-24-sectrust-diginotar.c in Sources */,
+ D4DFC94A1B9958D00040945C /* si-87-sectrust-name-constraints.c in Sources */,
CDB6A8B81A409BC600646CD6 /* otr-60-slowroll.c in Sources */,
4CC92A7415A3ABD400C6D578 /* si-24-sectrust-itms.c in Sources */,
4CC92A7515A3ABD400C6D578 /* si-24-sectrust-mobileasset.c in Sources */,
isa = PBXSourcesBuildPhase;
buildActionMask = 2147483647;
files = (
+ 32FBBBE81B55B30E00AEF9ED /* verify_cert.c in Sources */,
F697632318F6CFD60090438B /* keychain_util.c in Sources */,
E790C141169E5C6200E0C0C9 /* add_internet_password.c in Sources */,
E790C142169E5C6200E0C0C9 /* codesign.c in Sources */,
SecKeyRef publicKey = NULL, privateKey = NULL;
phase = 0;
+ diag("This will produce an internal assert - on purpose");
is_status(SecKeyGeneratePair(params, &publicKey, &privateKey), errSecUserCanceled);
is(phase, 2);
return result;
}
-static int kTestTestCount = 114;
+static int kTestTestCount = 112;
#else
static int kTestTestCount = 1;
#endif
CFReleaseNull(error);
//Alice should kick Bob out of the backup!
- is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 3, "updates");
+ is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 2, "updates");
ok(SOSAccountIsMyPeerInBackupAndCurrentInView(alice_account, kTestView1), "Bob left the circle, Alice is not in the backup");
__security_simulatecrash_enable(false);
LASetErrorCodeBlock(okBlock);
+ diag("this will cause an internal assert - on purpose");
is_status(SecItemAdd(item, NULL), errSecAuthFailed, "max auth attempts failed");
is(__security_simulatecrash_enable(true), 1, "Expecting simcrash max auth threshold passed");
int secd_82_persistent_ref(int argc, char *const *argv)
{
- plan_tests(5);
+ plan_tests(4);
/* custom keychain dir */
secd_test_setup_temp_keychain("secd_82_persistent_ref", NULL);
ONE_TEST(secd_63_account_resurrection)
ONE_TEST(secd_64_circlereset)
ONE_TEST(secd_65_account_retirement_reset)
-ONE_TEST(secd_70_engine)
+DISABLED_ONE_TEST(secd_70_engine)
ONE_TEST(secd_70_engine_corrupt)
ONE_TEST(secd_70_engine_smash)
DISABLED_ONE_TEST(secd_70_otr_remote)
if (CFSetContainsValue(peer_additions, me)) {
// TODO: Potentially remove from here and move this to the engine
- // TODO: We also need to do this when our views change.
+ // TODO: We also need to do this when our views change.
SOSCCSyncWithAllPeers();
}
}
result = SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(account, &blockError);
return result;
});
- if(blockError != NULL && error != NULL)
+ if(blockError && error != NULL)
*error = blockError;
-
return didSendTestMessages;
}
}
static CFArrayRef SOSAccountCopyYetToSyncViews(SOSAccountRef account, CFErrorRef *error) {
- CFArrayRef result = NULL;
+ __block CFArrayRef result = NULL;
CFTypeRef valueFetched = SOSAccountGetValue(account, kSOSUnsyncedViewsKey, error);
if (valueFetched == kCFBooleanTrue) {
SOSPeerInfoRef myPI = SOSAccountGetMyPeerInfo(account);
if (myPI) {
SOSPeerInfoWithEnabledViewSet(myPI, ^(CFSetRef enabled) {
- CFSetCopyValues(enabled);
+ result = CFSetCopyValues(enabled);
});
}
} else if (isSet(valueFetched)) {
CFTypeRef *result,
CFErrorRef *error) {
- CFStringRef fqdn = CFDictionaryGetValue(attributes, kSecAttrServer);
- CFStringRef account = CFDictionaryGetValue(attributes, kSecAttrAccount);
+ CFStringRef fqdn = CFRetainSafe(CFDictionaryGetValue(attributes, kSecAttrServer));
+ CFStringRef account = CFRetainSafe(CFDictionaryGetValue(attributes, kSecAttrAccount));
#if TARGET_OS_IPHONE && !TARGET_OS_WATCH
- CFStringRef password = CFDictionaryGetValue(attributes, kSecSharedPassword);
+ CFStringRef password = CFRetainSafe(CFDictionaryGetValue(attributes, kSecSharedPassword));
#else
- CFStringRef password = CFDictionaryGetValue(attributes, CFSTR("spwd"));
+ CFStringRef password = CFRetainSafe(CFDictionaryGetValue(attributes, CFSTR("spwd")));
#endif
CFStringRef accessGroup = CFSTR("*");
CFArrayRef accessGroups = NULL;
// parse fqdn with CFURL here, since it could be specified as domain:port
if (fqdn) {
- CFRetainSafe(fqdn);
CFStringRef urlStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%@%@"), kSecSharedCredentialUrlScheme, fqdn);
if (urlStr) {
CFURLRef url = CFURLCreateWithString(kCFAllocatorDefault, urlStr, nil);
// check for presence of Safari's negative entry ('passwords not saved')
CFDictionarySetValue(query, kSecAttrAccount, kSecSafariPasswordsNotSaved);
ok = _SecItemCopyMatching(query, accessGroups, result, error);
- CFReleaseNull(*result);
+ if(result) CFReleaseNull(*result);
CFReleaseNull(*error);
if (ok) {
SecError(errSecDuplicateItem, error, CFSTR("Item already exists for this server"));
// look up existing password
if (_SecItemCopyMatching(query, accessGroups, result, error)) {
// found it, so this becomes either an "update password" or "delete password" operation
- CFReleaseNull(*result);
+ if(result) CFReleaseNull(*result);
CFReleaseNull(*error);
update = (password != NULL);
if (update) {
}
goto cleanup;
}
- CFReleaseNull(*result);
+ if(result) CFReleaseNull(*result);
CFReleaseNull(*error);
// password does not exist, so prepare to add it
CFReleaseSafe(query);
CFReleaseSafe(accessGroups);
CFReleaseSafe(fqdn);
+ CFReleaseSafe(account);
+ CFReleaseSafe(password);
return ok;
}
/* Ensure that character to the left of the constraint in the DNSName is a '.'
so that badexample.com does not match example.com, but good.example.com does.
*/
- if ((dlength != clength) &&
+ if ((dlength != clength) && ('.' != CFStringGetCharacterAtIndex(constraint, 0)) &&
('.' != CFStringGetCharacterAtIndex(DNSName, dlength - clength -1))) {
return false;
}
/* If we are excluding based on the subtrees, lack of names of the
same type is not a match. But if we are permitting, it is.
- This logic is unfortunately complicated and could be cleaned up with
- two separate functions for excluded and permitted subtrees.
*/
if (subject_match.present) {
if (san_match.present &&
((subject_match.isMatch && !san_match.isMatch) ||
(!subject_match.isMatch && san_match.isMatch))) {
+ /* If both san and subject types are present, but don't agree on match
+ * we should exclude on the basis of the match and not permit on the
+ * basis of the failed match. */
*matched = permit ? false : true;
}
else {
+ /* If san type wasn't present or both had the same result, use the
+ * result from matching against the subject. */
*matched = subject_match.isMatch;
}
}
*matched = san_match.isMatch;
}
else {
+ /* Neither subject nor san had same type as subtrees, permit and don't
+ * exclude the cert. */
*matched = permit ? true : false;
}
return status;
}
+typedef struct {
+ CFMutableArrayRef existing_trees;
+ CFMutableArrayRef trees_to_add;
+} nc_intersect_context_t;
+
+static SecCEGeneralNameType nc_gn_type_convert (DERTag tag) {
+ switch (tag) {
+ case ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0:
+ return GNT_OtherName;
+ case ASN1_CONTEXT_SPECIFIC | 1:
+ return GNT_RFC822Name;
+ case ASN1_CONTEXT_SPECIFIC | 2:
+ return GNT_DNSName;
+ case ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3:
+ return GNT_X400Address;
+ case ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 4:
+ return GNT_DirectoryName;
+ case ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 5:
+ return GNT_EdiPartyName;
+ case ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 6:
+ case ASN1_CONTEXT_SPECIFIC | 6:
+ return GNT_URI;
+ case ASN1_CONTEXT_SPECIFIC | 7:
+ return GNT_IPAddress;
+ case ASN1_CONTEXT_SPECIFIC | 8:
+ return GNT_RegisteredID;
+ default:
+ return GNT_OtherName;
+ }
+}
+
/* The recommended processing algorithm states:
* If permittedSubtrees is present in the certificate, set the permitted_subtrees state variable to the intersection
* of its previous value and the value indicated in the extension field.
- * However, in practice, certs are issued with permittedSubtrees whose intersection would be the empty set. Wherever
- * a new permittedSubtree is a subset of an existing subtree, we'll replace the existing subtree; otherwise, we just
- * append the new subtree.
+ * However, in practice, certs are issued with permittedSubtrees whose intersection would be the empty set. For now,
+ * wherever a new permittedSubtree is a subset of an existing subtree, we'll replace the existing subtree; otherwise,
+ * we just append the new subtree.
*/
static void nc_intersect_tree_with_subtrees (const void *value, void *context) {
CFDataRef new_subtree = value;
- CFMutableArrayRef *existing_subtrees = context;
-
- if (!new_subtree || !*existing_subtrees) return;
-
+ nc_intersect_context_t *intersect_context = context;
+ CFMutableArrayRef existing_subtrees = intersect_context->existing_trees;
+ CFMutableArrayRef trees_to_append = intersect_context->trees_to_add;
+
+ if (!new_subtree || !existing_subtrees) return;
+
/* convert new subtree to DERItem */
const DERItem general_name = { (unsigned char *)CFDataGetBytePtr(new_subtree), CFDataGetLength(new_subtree) };
DERDecodedInfo general_name_content;
if(DR_Success != DERDecodeItem(&general_name, &general_name_content)) return;
-
+
SecCEGeneralNameType gnType;
DERItem *new_subtree_item = &general_name_content.content;
-
+
/* Attempt to intersect if one of the supported types: DirectoryName and DNSName.
- * Otherwise, just append the new tree.
- */
- switch (general_name_content.tag) {
- case ASN1_CONTEXT_SPECIFIC | 2: {
- gnType = GNT_DNSName;
- break;
- }
- case ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 4: {
- gnType = GNT_DirectoryName;
- break;
- }
- default: {
- CFArrayAppendValue(*existing_subtrees, new_subtree);
- return;
- }
+ * Otherwise, just append the new tree. */
+ gnType = nc_gn_type_convert(general_name_content.tag);
+ if (!(gnType == GNT_DirectoryName || gnType == GNT_DNSName)) {
+ CFArrayAppendValue(trees_to_append, new_subtree);
}
-
+
CFIndex subtreeIX;
- CFIndex num_existing_subtrees = CFArrayGetCount(*existing_subtrees);
+ CFIndex num_existing_subtrees = CFArrayGetCount(existing_subtrees);
match_t match = { false, false };
nc_match_context_t match_context = { gnType, new_subtree_item, &match};
for (subtreeIX = 0; subtreeIX < num_existing_subtrees; subtreeIX++) {
- CFDataRef candidate_subtree = CFArrayGetValueAtIndex(*existing_subtrees, subtreeIX);
+ CFDataRef candidate_subtree = CFArrayGetValueAtIndex(existing_subtrees, subtreeIX);
/* Convert candidate subtree to DERItem */
const DERItem candidate = { (unsigned char *)CFDataGetBytePtr(candidate_subtree), CFDataGetLength(candidate_subtree) };
DERDecodedInfo candidate_content;
/* We could probably just delete any subtrees in the array that don't decode */
if(DR_Success != DERDecodeItem(&candidate, &candidate_content)) continue;
-
+
+ /* first test whether new tree matches the existing tree */
OSStatus status = SecCertificateParseGeneralNameContentProperty(candidate_content.tag,
&candidate_content.content,
&match_context,
if((status == errSecSuccess) && match.present && match.isMatch) {
break;
}
+
+ /* then test whether existing tree matches the new tree*/
+ match_t local_match = { false , false };
+ nc_match_context_t local_match_context = { nc_gn_type_convert(candidate_content.tag),
+ &candidate_content.content,
+ &local_match };
+ status = SecCertificateParseGeneralNameContentProperty(general_name_content.tag,
+ &general_name_content.content,
+ &local_match_context,
+ nc_compare_subtree);
+ if((status == errSecSuccess) && local_match.present && local_match.isMatch) {
+ break;
+ }
}
if (subtreeIX == num_existing_subtrees) {
/* No matches found. Append new subtree */
- CFArrayAppendValue(*existing_subtrees, new_subtree);
+ CFArrayAppendValue(trees_to_append, new_subtree);
}
- else {
- CFArraySetValueAtIndex(*existing_subtrees, subtreeIX, new_subtree);
+ else if (match.present && match.isMatch) {
+ /* new subtree \subseteq existing subtree, replace existing tree */
+ CFArraySetValueAtIndex(existing_subtrees, subtreeIX, new_subtree);
}
+ /* existing subtree \subset new subtree, drop the new tree so as not to broaden constraints*/
return;
}
CFIndex num_new_trees = CFArrayGetCount(subtrees_new);
CFRange range = { 0, num_new_trees };
- CFArrayApplyFunction(subtrees_new, range, nc_intersect_tree_with_subtrees, &subtrees_state);
+
+ /* if existing subtrees state contains no subtrees, append new subtrees whole */
+ if (!CFArrayGetCount(subtrees_state)) {
+ CFArrayAppendArray(subtrees_state, subtrees_new, range);
+ return;
+ }
+
+ CFMutableArrayRef trees_to_append = NULL;
+ trees_to_append = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+ nc_intersect_context_t context = { subtrees_state , trees_to_append };
+ CFArrayApplyFunction(subtrees_new, range, nc_intersect_tree_with_subtrees, &context);
+
+ /* don't append to the state until we've processed all the new trees */
+ num_new_trees = CFArrayGetCount(trees_to_append);
+ if (trees_to_append && num_new_trees) {
+ range.length = num_new_trees;
+ CFArrayAppendArray(subtrees_state, trees_to_append, range);
+ }
+
+ CFReleaseNull(trees_to_append);
}
CFReleaseNull(formattedString);
}
+
+
+//
+// MARK: Custom Sensitive Data Allocator
+//
+#include <malloc/malloc.h>
+static CFStringRef SecCFAllocatorCopyDescription(const void *info) {
+ return CFSTR("Custom CFAllocator for sensitive data");
+}
+
+// primary goal of this allocator is to clear memory when it is deallocated
+static void SecCFAllocatorDeallocate(void *ptr, void *info) {
+ if (!ptr) return;
+ size_t sz = malloc_size(ptr);
+ if(sz) cc_clear(sz, ptr);
+
+ CFAllocatorDeallocate(NULL, ptr);
+}
+
+CFAllocatorRef CFAllocatorSensitive(void) {
+ static dispatch_once_t sOnce = 0;
+ static CFAllocatorRef sAllocator = NULL;
+ dispatch_once(&sOnce, ^{
+ CFAllocatorContext defaultCtx;
+ CFAllocatorGetContext(NULL, &defaultCtx);
+
+ CFAllocatorContext ctx = {0,
+ defaultCtx.info,
+ defaultCtx.retain,
+ defaultCtx.release,
+ SecCFAllocatorCopyDescription,
+ defaultCtx.allocate,
+ defaultCtx.reallocate,
+ SecCFAllocatorDeallocate,
+ defaultCtx.preferredSize};
+
+ sAllocator = CFAllocatorCreate(NULL, &ctx);
+ });
+
+ return sAllocator;
+}
\ No newline at end of file
//
-// Call block function
+// MARK: Call block function
//
}
//
-// CFEqual Helpers
+// MARK CFEqual Helpers
//
static inline bool CFEqualSafe(CFTypeRef left, CFTypeRef right)
//
-// Printing
+// MARK: Printing
//
static void fprint_string(FILE *file, CFStringRef string) {
}
//
-// CFError Helpers
+// MARK: CFError Helpers
//
/* Return false if possibleError is set. Propagates possibleError into *error
}
//
-// CFNumber Helpers
+// MARK: CFNumber Helpers
//
static inline CFNumberRef CFNumberCreateWithCFIndex(CFAllocatorRef allocator, CFIndex value)
}
//
-// CFData Helpers
+// MARK: CFData Helpers
//
static inline CFMutableDataRef CFDataCreateMutableWithScratch(CFAllocatorRef allocator, CFIndex size) {
//
-// CFString Helpers
+// MARK: CFString Helpers
//
//
});
}
+static inline bool CFSetIsSubset(CFSetRef smaller, CFSetRef bigger) {
+ __block bool isSubset = true;
+ CFSetForEach(smaller, ^(const void *value) {
+ if (!CFSetContainsValue(bigger, value)) {
+ isSubset = false;
+ }
+ });
+
+ return isSubset;
+}
+
static inline void CFSetSetValues(CFMutableSetRef set, CFArrayRef valuesToSet) {
CFArrayForEach(valuesToSet, ^(const void *value) {
CFSetSetValue(set, value);
return result;
}
+//
+// MARK: Custom Allocator for Sensitive Data
+//
+CFAllocatorRef CFAllocatorSensitive(void);
__END_DECLS
72B918A2179723C100940533 /* iCloudKeychainTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = 72B918A0179723AE00940533 /* iCloudKeychainTrace.h */; };
BEA22A361811E4C800BE7682 /* SecCertificateTrace.c in Sources */ = {isa = PBXBuildFile; fileRef = BEA22A341811E4A600BE7682 /* SecCertificateTrace.c */; };
BEA22A371811E4CF00BE7682 /* SecCertificateTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = BEA22A351811E4A600BE7682 /* SecCertificateTrace.h */; };
+ D4DFE88E1BE5678B00E8A196 /* SecdUsage.c in Sources */ = {isa = PBXBuildFile; fileRef = D4DFE88D1BE5678B00E8A196 /* SecdUsage.c */; };
E706B78A18FC822B00797907 /* simulate_crash.c in Sources */ = {isa = PBXBuildFile; fileRef = E706B78918FC822B00797907 /* simulate_crash.c */; };
E7188DF81AAA819400B46156 /* SecBuffer.c in Sources */ = {isa = PBXBuildFile; fileRef = E7188DF61AAA819400B46156 /* SecBuffer.c */; };
E7188DF91AAA819400B46156 /* SecBuffer.h in Headers */ = {isa = PBXBuildFile; fileRef = E7188DF71AAA819400B46156 /* SecBuffer.h */; };
72B918A0179723AE00940533 /* iCloudKeychainTrace.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = iCloudKeychainTrace.h; sourceTree = "<group>"; };
BEA22A341811E4A600BE7682 /* SecCertificateTrace.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCertificateTrace.c; sourceTree = "<group>"; };
BEA22A351811E4A600BE7682 /* SecCertificateTrace.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCertificateTrace.h; sourceTree = "<group>"; };
+ D4DFE88D1BE5678B00E8A196 /* SecdUsage.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecdUsage.c; sourceTree = "<group>"; };
E706B78918FC822B00797907 /* simulate_crash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = simulate_crash.c; sourceTree = "<group>"; };
E7188DF61AAA819400B46156 /* SecBuffer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecBuffer.c; sourceTree = "<group>"; };
E7188DF71AAA819400B46156 /* SecBuffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecBuffer.h; sourceTree = "<group>"; };
4C3600441680DEB90049891B /* iOSforOSX-SecRandom.c */,
4C143CF7165172AD003035A3 /* SecDb.c */,
4C143CF9165172C0003035A3 /* SecDb.h */,
+ D4DFE88D1BE5678B00E8A196 /* SecdUsage.c */,
52743BD516BB278C001A299D /* SecFileLocations.c */,
52743BD716BB27A1001A299D /* SecFileLocations.h */,
52E2E4941738371400E78313 /* SecXPCError.h */,
E777C72315B74038004044A8 /* SecCFError.c in Sources */,
489E6E501A71B07600D7EB8C /* der_set.c in Sources */,
4C143CF8165172AD003035A3 /* SecDb.c in Sources */,
+ D4DFE88E1BE5678B00E8A196 /* SecdUsage.c in Sources */,
4CF1FAC21654EAD100261CF4 /* SecCFWrappers.c in Sources */,
521C60C61A9D31580034F742 /* SecCFCCWrappers.c in Sources */,
52E2E4971738394C00E78313 /* SecXPCError.c in Sources */,
_SSLSetSessionStrengthPolicy
_SSLSetDHEEnabled
_SSLGetDHEEnabled
+_SSLSetSessionConfig
+_SSLGetSessionConfig
+
+_kSSLSessionConfig_default
+_kSSLSessionConfig_ATSv1
+_kSSLSessionConfig_ATSv1_noPFS
+_kSSLSessionConfig_legacy
+_kSSLSessionConfig_standard
+_kSSLSessionConfig_RC4_fallback
+_kSSLSessionConfig_TLSv1_fallback
+_kSSLSessionConfig_TLSv1_RC4_fallback
+_kSSLSessionConfig_legacy_DHE
+
/* Those are deprecated */
__SSLCopyPeerCertificates
438169E31B4EDEE200C54D58 /* SOSCCAuthPlugin.m in Sources */ = {isa = PBXBuildFile; fileRef = 438169E21B4EDEE200C54D58 /* SOSCCAuthPlugin.m */; };
438169E41B4EE13B00C54D58 /* Accounts.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF4C19C171E0EA600877419 /* Accounts.framework */; };
438169E51B4EE14D00C54D58 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; };
+ 43DB54551BB1F8920083C3F1 /* ProtectedCloudStorage.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 43DB542E1BB1F85B0083C3F1 /* ProtectedCloudStorage.framework */; };
4432AF8B1A014664000958DC /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */; };
4432AF8D1A01472C000958DC /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; };
4432B0B71A014987000958DC /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; };
EB5D73101B0CB09E009CAA47 /* SOSTypes.h in Old SOS header location */ = {isa = PBXBuildFile; fileRef = 52F8DE4D1AF2EB8F00A2C271 /* SOSTypes.h */; };
EB5D73111B0CB0BE009CAA47 /* SOSPeerInfo.h in Old SOS header location */ = {isa = PBXBuildFile; fileRef = E7450BAD16D42B17009C07B8 /* SOSPeerInfo.h */; };
EBD8495B1B24BEA000C5FD1E /* print_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = EBD8495A1B24BEA000C5FD1E /* print_cert.c */; };
+ EBE54D761BE32F6F000C4856 /* AggregateDictionary.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72B368BD179891FC004C37CE /* AggregateDictionary.framework */; };
F93C493B1AB8FF530047E01A /* ckcdiagnose.sh in CopyFiles */ = {isa = PBXBuildFile; fileRef = F93C493A1AB8FF530047E01A /* ckcdiagnose.sh */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; };
/* End PBXBuildFile section */
4381690F1B4EDCBD00C54D58 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
438169E11B4EDEE200C54D58 /* SOSCCAuthPlugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCCAuthPlugin.h; sourceTree = "<group>"; };
438169E21B4EDEE200C54D58 /* SOSCCAuthPlugin.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SOSCCAuthPlugin.m; sourceTree = "<group>"; };
+ 43DB542E1BB1F85B0083C3F1 /* ProtectedCloudStorage.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ProtectedCloudStorage.framework; path = System/Library/PrivateFrameworks/ProtectedCloudStorage.framework; sourceTree = SDKROOT; };
4432AF6A1A01458F000958DC /* libcoreauthd_client.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; name = libcoreauthd_client.a; path = usr/local/lib/libcoreauthd_client.a; sourceTree = SDKROOT; };
4432AF8C1A01472C000958DC /* libaks_acl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; name = libaks_acl.a; path = usr/local/lib/libaks_acl.a; sourceTree = SDKROOT; };
443381D918A3D81400215606 /* SecAccessControl.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecAccessControl.h; sourceTree = "<group>"; };
E7FCBE451314471B000DE34E /* CoreGraphics.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreGraphics.framework; path = System/Library/Frameworks/CoreGraphics.framework; sourceTree = SDKROOT; };
E7FEFB80169E26E200E18152 /* sub_commands.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = sub_commands.h; sourceTree = "<group>"; };
EBD8495A1B24BEA000C5FD1E /* print_cert.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = print_cert.c; path = OSX/sec/SecurityTool/print_cert.c; sourceTree = SOURCE_ROOT; };
+ EBE54D771BE33227000C4856 /* libmis.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libmis.dylib; path = usr/lib/libmis.dylib; sourceTree = SDKROOT; };
F93C493A1AB8FF530047E01A /* ckcdiagnose.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = ckcdiagnose.sh; sourceTree = "<group>"; };
/* End PBXFileReference section */
4C8A38C917B93DF10001B4C0 /* CloudServices.framework in Frameworks */,
4C7913251799A5CC00A9633E /* MobileCoreServices.framework in Frameworks */,
4381603B1B4DCEFF00C54D58 /* AggregateDictionary.framework in Frameworks */,
+ 43DB54551BB1F8920083C3F1 /* ProtectedCloudStorage.framework in Frameworks */,
4C3DD6BD179760280093F9D8 /* libMobileGestalt.dylib in Frameworks */,
533B5D4F177CD63100995334 /* SpringBoardServices.framework in Frameworks */,
7200D76F177B9999009BB396 /* ManagedConfiguration.framework in Frameworks */,
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
+ EBE54D761BE32F6F000C4856 /* AggregateDictionary.framework in Frameworks */,
438168941B4ED42300C54D58 /* CoreFoundation.framework in Frameworks */,
E7D690A21652E0870079537A /* libMobileGestalt.dylib in Frameworks */,
18F7F67214D77ED000F88A12 /* libsecurityd.a in Frameworks */,
E7FCBE401314471B000DE34E /* Frameworks */ = {
isa = PBXGroup;
children = (
+ EBE54D771BE33227000C4856 /* libmis.dylib */,
4CF4C19C171E0EA600877419 /* Accounts.framework */,
72B368BD179891FC004C37CE /* AggregateDictionary.framework */,
4C84DA541720698900AEE225 /* AppleAccount.framework */,
4C7913241799A5CB00A9633E /* MobileCoreServices.framework */,
E7FC30AB1332DE9000802946 /* MobileKeyBag.framework */,
5E1D7E0319A5EBB700D322DA /* Preferences.framework */,
+ 43DB542E1BB1F85B0083C3F1 /* ProtectedCloudStorage.framework */,
52D82BD316A5EADA0078DFE5 /* Security.framework */,
4C079EBC1794A96200D73970 /* ServiceManagement.framework */,
52222CC0167BDAE100EDD09C /* SpringBoardServices.framework */,
MobileKeyBag,
"-laks",
"-lACM",
+ "-lmis",
);
"OTHER_LDFLAGS[sdk=iphonesimulator*]" = "$(OTHER_LDFLAGS)";
PRODUCT_NAME = securityd;
MobileKeyBag,
"-laks",
"-lACM",
+ "-lmis",
);
"OTHER_LDFLAGS[sdk=iphonesimulator*]" = "$(OTHER_LDFLAGS)";
PRODUCT_NAME = securityd;
argument = "si_20_sectrust"
isEnabled = "NO">
</CommandLineArgument>
- <CommandLineArgument
- argument = "si_20_sectrust_att"
- isEnabled = "NO">
- </CommandLineArgument>
<CommandLineArgument
argument = "si_21_sectrust_asr"
isEnabled = "NO">
argument = "si_86_sectrust_eap_tls"
isEnabled = "NO">
</CommandLineArgument>
+ <CommandLineArgument
+ argument = "si_87_sectrust_name_constraints"
+ isEnabled = "NO">
+ </CommandLineArgument>
+ <CommandLineArgument
+ argument = "si_88_sectrust_vpnprofile"
+ isEnabled = "NO">
+ </CommandLineArgument>
<CommandLineArgument
argument = "sc_30_peerinfo"
isEnabled = "NO">
argument = "si_86_sectrust_eap_tls"
isEnabled = "NO">
</CommandLineArgument>
+ <CommandLineArgument
+ argument = "si_87_sectrust_name_constraints"
+ isEnabled = "NO">
+ </CommandLineArgument>
+ <CommandLineArgument
+ argument = "si_88_sectrust_vpnprofile"
+ isEnabled = "NO">
+ </CommandLineArgument>
<CommandLineArgument
argument = "sd_10_policytree"
isEnabled = "NO">
#
# non-standard frameworks (e.g., -framework foo)
#
-PROJ_FRAMEWORKS=
+PROJ_FRAMEWORKS=-framework IOKit
#
# project-specific includes, with leading -I
crl = fetched.crl
root = InfoCamereRoot.cer
root = InfoCamereFirmaQualificata.cer
+verifyTime = 20060101125959
end
--- /dev/null
+# crl1.der
+# Last Update: Oct 16 00:16:34 2015 GMT
+# Next Update: Oct 26 00:16:34 2015 GMT
+# CRL extensions:
+# X509v3 Issuing Distrubution Point: critical
+# Full Name:
+# URI:http://host.example/crl1.der
+# crl2.der
+# Last Update: Oct 16 18:28:58 2015 GMT
+# Next Update: Oct 26 18:28:58 2015 GMT
+# CRL extensions:
+# X509v3 Issuing Distrubution Point: critical
+# Full Name:
+# URI:http://host.example/crl1.der
+# URI:http://host2.example/crl1.der
+#
+# crl3.der
+# Last Update: Oct 16 18:44:28 2015 GMT
+# Next Update: Oct 26 18:44:28 2015 GMT
+# CRL extensions:
+# X509v3 Issuing Distrubution Point: critical
+# Full Name:
+# URI:http://host.example/crl1.der
+# URI:http://host2.example/crl2.crl
+#
+# crl4.der
+# Last Update: Oct 16 18:56:17 2015 GMT
+# Next Update: Oct 26 18:56:17 2015 GMT
+# CRL extensions:
+# X509v3 Issuing Distrubution Point: critical
+# Relative Name:
+# CN = testCA
+#
+# DEADBEF0.der
+# Not Before: Jul 30 21:40:16 2015 GMT
+# Not After : Jul 29 21:40:16 2016 GMT
+# {no crlDistributionPoint extension}
+#
+# DEADBEF4.der
+# Not Before: Oct 16 00:33:43 2015 GMT
+# Not After : Oct 15 00:33:43 2016 GMT
+# X509v3 CRL Distribution Points:
+# {corrupt}
+#
+# DEADBEF5.der
+# Not Before: Oct 16 18:27:29 2015 GMT
+# Not After : Oct 15 18:27:29 2016 GMT
+# X509v3 CRL Distribution Points:
+# Full Name:
+# URI:http://host.example/crl1.der
+# Full Name:
+# URI:http://host2.example/crl1.der
+#
+# DEADBEF6.der
+# Not Before: Oct 16 18:33:51 2015 GMT
+# Not After : Oct 15 18:33:51 2016 GMT
+# X509v3 CRL Distribution Points:
+# Full Name:
+# URI:http://host.example/crl1.der
+#
+# DEADBEF7.der
+# Not Before: Oct 16 18:41:57 2015 GMT
+# Not After : Oct 15 18:41:57 2016 GMT
+# X509v3 CRL Distribution Points:
+# Full Name:
+# URI:http://host.example/crl1.der
+# URI:http://host2.example/crl1.der
+
+globals
+certNetFetchEnable = false
+crlNetFetchEnable = false
+useSystemAnchors = false
+allowUnverified = true
+end
+
+test = "basic, no CRL"
+requireCrlForAll = false
+cert = DEADBEF4.der
+root = cacert.der
+verifyTime = 20151020125959Z
+end
+
+#
+# Begin CRL testing.
+#
+test = "Cert: 1 cRLDistributionPoint, CRL: 1 issuingDistributionPoint, matched"
+requireCrlForAll = true
+revokePolicy = crl
+cert = DEADBEF6.der
+root = cacert.der
+crl = crl1.der
+verifyTime = 20151020125959Z
+end
+
+test = "Cert: no cRLDistributionPoint, CRL: 1 issuingDistributionPoint"
+requireCrlForAll = true
+revokePolicy = crl
+cert = DEADBEF0.der
+root = cacert.der
+crl = crl1.der
+verifyTime = 20151020125959Z
+end
+
+test = "Cert: 2 crlDistributionPoints, CRL: 1 issuingDistributionPoint, match"
+requireCrlForAll = true
+revokePolicy = crl
+cert = DEADBEF5.der
+root = cacert.der
+crl = crl1.der
+verifyTime = 20151020125959Z
+end
+
+test = "Cert: 2 crlDistributionPoints, CRL: 2 issuingDistributionPoint names, no match"
+requireCrlForAll = true
+revokePolicy = crl
+cert = DEADBEF5.der
+root = cacert.der
+crl = crl2.der
+verifyTime = 20151020125959Z
+error = CSSMERR_APPLETP_CRL_NOT_FOUND
+end
+
+test = "Cert: corrupt cRLDistributionPoint, CRL: 1 issuingDistributionPoint"
+requireCrlForAll = true
+revokePolicy = crl
+cert = DEADBEF4.der
+root = cacert.der
+crl = crl1.der
+verifyTime = 20151020125959Z
+end
+
+test = "Cert: 1 cRLDistributionPoint, CRL: 1 issuingDistributionPoint, mismatch type"
+requireCrlForAll = true
+revokePolicy = crl
+cert = DEADBEF6.der
+root = cacert.der
+crl = crl4.der
+verifyTime = 20151020125959Z
+end
+
+test = "Cert: 1 cRLDistributionPoint, CRL: 2 issuingDistributionPoint names, no match"
+requireCrlForAll = true
+revokePolicy = crl
+cert = DEADBEF6.der
+root = cacert.der
+crl = crl2.der
+verifyTime = 20151020125959Z
+error = CSSMERR_APPLETP_CRL_NOT_FOUND
+end
+
+test = "Cert: 2 cRLDistributionPoint names, CRL: 1 issuingDistributionPoint, no match"
+requireCrlForAll = true
+revokePolicy = crl
+cert = DEADBEF7.der
+root = cacert.der
+crl = crl1.der
+verifyTime = 20151020125959Z
+error = CSSMERR_APPLETP_CRL_NOT_FOUND
+end
+
+test = "Cert: 2 cRLDistributionPoint names, CRL: 2 issuingDistributionPoint names, match"
+requireCrlForAll = true
+revokePolicy = crl
+cert = DEADBEF7.der
+root = cacert.der
+crl = crl2.der
+verifyTime = 20151020125959Z
+end
+
+test = "Cert: 2 cRLDistributionPoint names, CRL: 2 issuingDistributionPoint names, no match"
+requireCrlForAll = true
+revokePolicy = crl
+cert = DEADBEF7.der
+root = cacert.der
+crl = crl3.der
+verifyTime = 20151020125959Z
+error = CSSMERR_APPLETP_CRL_NOT_FOUND
+end
#
# non-standard frameworks (e.g., -framework foo)
#
-PROJ_FRAMEWORKS= -framework CoreFoundation -framework CoreServices
+PROJ_FRAMEWORKS= -framework CoreFoundation -framework CoreServices -framework IOKit
#
# project-specific includes, with leading -I
#
#
# non-standard frameworks (e.g., -framework foo)
#
-PROJ_FRAMEWORKS= -framework CoreFoundation
+PROJ_FRAMEWORKS= -framework CoreFoundation -framework IOKit
#
# project-specific includes, with leading -I
#
.Op Fl r Ar rootCertFile
.Op Fl p Ar policy
.Op Fl k Ar keychain
+.Op Fl d Ar date
.Op Fl n
.Op Fl L
.Op Fl l
Specify verification policy (ssl, smime, codeSign, IPSec, iChat, basic, swUpdate, pkgSign, pkinitClient, pkinitServer, eap, appleID, macappstore, timestamping). Default is basic.
.It Fl k Ar keychain
Keychain to search for intermediate certs. Can be specified multiple times. Default is the current user's keychain search list.
+.It Fl d Ar date
+Date to set for verification. Specified in the format of YYYY-MM-DD-hh:mm:ss (time optional). e.g: 2016-04-25-15:59:59 for April 25, 2016 at 3:59:59 pm in GMT
.It Fl n
Avoid searching any keychains.
.It Fl L
" -p policy Verify Policy (basic, ssl, smime, codeSign, IPSec, iChat, swUpdate,\n"
" pkgSign, pkinitClient, pkinitServer, eap, appleID,\n"
" macappstore, timestamping); default is basic.\n"
+ " -d date Set date and time to use when verifying certificate,\n"
+ " provided in the form of YYYY-MM-DD-hh:mm:ss (time optional) in GMT.\n"
+ " e.g: 2016-04-25-15:59:59 for April 25, 2016 at 3:59:59 pm in GMT\n"
" -k keychain Keychain. Can be called multiple times. Default is default search list.\n"
" -n No keychain search list.\n"
" -L Local certificates only (do not try to fetch missing CA certs from net).\n"
#include <Security/oidsalg.h>
#include <stdlib.h>
#include <unistd.h>
+#include <sys/stat.h>
+#include <time.h>
#include "trusted_cert_utils.h"
/*
CFDataRef cfActionData = NULL;
SecTrustResultType resultType;
OSStatus ocrtn;
+ struct tm time;
+ CFGregorianDate gregorianDate;
+ CFDateRef dateRef = NULL;
if(argc < 2) {
return 2; /* @@@ Return 2 triggers usage message. */
/* permit network cert fetch unless explicitly turned off with '-L' */
actionFlags |= CSSM_TP_ACTION_FETCH_CERT_FROM_NET;
optind = 1;
- while ((arg = getopt(argc, argv, "c:r:p:k:e:s:Llnq")) != -1) {
+ while ((arg = getopt(argc, argv, "c:r:p:k:e:s:d:Llnq")) != -1) {
switch (arg) {
case 'c':
/* this can be specified multiple times */
case 'q':
quiet = true;
break;
+ case 'd':
+ memset(&time, 0, sizeof(struct tm));
+ if (strptime(optarg, "%Y-%m-%d-%H:%M:%S", &time) == NULL) {
+ if (strptime(optarg, "%Y-%m-%d", &time) == NULL) {
+ fprintf(stderr, "Date processing error\n");
+ ourRtn = 2;
+ goto errOut;
+ }
+ }
+
+ gregorianDate.second = time.tm_sec;
+ gregorianDate.minute = time.tm_min;
+ gregorianDate.hour = time.tm_hour;
+ gregorianDate.day = time.tm_mday;
+ gregorianDate.month = time.tm_mon + 1;
+ gregorianDate.year = time.tm_year + 1900;
+
+ if (dateRef == NULL) {
+ dateRef = CFDateCreate(NULL, CFGregorianDateGetAbsoluteTime(gregorianDate, NULL));
+ }
+ break;
default:
ourRtn = 2;
goto errOut;
goto errOut;
}
}
+ if(dateRef != NULL) {
+ ortn = SecTrustSetVerifyDate(trustRef, dateRef);
+ if(ortn) {
+ cssmPerror("SecTrustSetVerifyDate", ortn);
+ ourRtn = 1;
+ goto errOut;
+ }
+ }
/* GO */
ortn = SecTrustEvaluate(trustRef, &resultType);
/* forward declaration */
static const SecAsn1Template *
-nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest);
+nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest);
static const SecAsn1TemplateChooserPtr nss_cms_chooser
= nss_cms_choose_content_template;
*
*/
static const SecAsn1Template *
-nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest)
+nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest)
{
const SecAsn1Template *theTemplate;
SecCmsContentInfoRef cinfo;
* helper function for dynamic template determination of the attribute value
*/
static const SecAsn1Template *
-cms_attr_choose_attr_value_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest)
+cms_attr_choose_attr_value_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest)
{
const SecAsn1Template *theTemplate;
SecCmsAttribute *attribute;
goto loser;
/* start the child decoder */
- childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer, template, NULL);
+ childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer, template, NULL, 0);
if (childp7dcx->dcx == NULL)
goto loser;
goto loser;
}
- p7dcx->dcx = SEC_ASN1DecoderStart(cmsg->poolp, cmsg, SecCmsMessageTemplate, NULL);
+ p7dcx->dcx = SEC_ASN1DecoderStart(cmsg->poolp, cmsg, SecCmsMessageTemplate, NULL, 0);
if (p7dcx->dcx == NULL) {
PORT_Free (p7dcx);
SecCmsMessageDestroy(cmsg);
18B965DC147319E5005A4D2E /* libsecurityd_server.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B965DB147319E5005A4D2E /* libsecurityd_server.a */; };
18B965DD147319F6005A4D2E /* PCSC.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C276AAD60663E7A400B57276 /* PCSC.framework */; };
18CE013F17147A46008C042F /* libsecuritydservice_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18CE013E17147A46008C042F /* libsecuritydservice_client.a */; };
+ 44AF7EE01BB445BA005E9265 /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 44AF7EDF1BB445BA005E9265 /* libDiagnosticMessagesClient.dylib */; settings = {ASSET_TAGS = (); }; };
4E0BB2B40F79590300BBFEFA /* ccaudit_extensions.h in Headers */ = {isa = PBXBuildFile; fileRef = 4E0BB2B20F79590300BBFEFA /* ccaudit_extensions.h */; };
4E0BB2B50F79590300BBFEFA /* ccaudit_extensions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4E0BB2B30F79590300BBFEFA /* ccaudit_extensions.cpp */; };
53002F001818A7C300900564 /* libsecurity_codesigning.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1865FFD0147516CF00FD79DF /* libsecurity_codesigning.a */; };
407ACD060AE5B57700A9DA90 /* credential.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = credential.h; sourceTree = "<group>"; };
407ACD070AE5B57700A9DA90 /* credential.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = credential.cpp; sourceTree = "<group>"; };
43D720FA1A23F1490091236D /* agentclient.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = agentclient.h; sourceTree = "<group>"; };
+ 44AF7EDF1BB445BA005E9265 /* libDiagnosticMessagesClient.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libDiagnosticMessagesClient.dylib; path = /usr/lib/libDiagnosticMessagesClient.dylib; sourceTree = "<absolute>"; };
4C9264980534866F004B0E72 /* acl_keychain.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_keychain.cpp; sourceTree = "<group>"; };
4C9264990534866F004B0E72 /* acl_keychain.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_keychain.h; sourceTree = "<group>"; };
4C92649A0534866F004B0E72 /* acls.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acls.cpp; sourceTree = "<group>"; };
isa = PBXFrameworksBuildPhase;
buildActionMask = 2147483647;
files = (
+ 44AF7EE01BB445BA005E9265 /* libDiagnosticMessagesClient.dylib in Frameworks */,
53002F001818A7C300900564 /* libsecurity_codesigning.a in Frameworks */,
18CE013F17147A46008C042F /* libsecuritydservice_client.a in Frameworks */,
1865FFEB1475208B00FD79DF /* libsqlite3.dylib in Frameworks */,
18B967B514731B78005A4D2E /* libobjc.dylib */,
18B967B314731B69005A4D2E /* libauto.dylib */,
18B967B114731B55005A4D2E /* libsqlite3.dylib */,
+ 44AF7EDF1BB445BA005E9265 /* libDiagnosticMessagesClient.dylib */,
18B965DB147319E5005A4D2E /* libsecurityd_server.a */,
18B965D9147319C8005A4D2E /* libsecurity_cdsa_client.a */,
18B965D41473197B005A4D2E /* libsecurity_cdsa_utilities.a */,
18F4809D174976DA009724DB /* KeyStoreEvents.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F4809C174976D2009724DB /* KeyStoreEvents.c */; };
18F4809E1749774F009724DB /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 189D4648166C11A6001D8533 /* IOKit.framework */; };
18F480A217498ADD009724DB /* AppleKeyStoreEvents.h in Headers */ = {isa = PBXBuildFile; fileRef = 18F4809F17498963009724DB /* AppleKeyStoreEvents.h */; settings = {ATTRIBUTES = (Public, ); }; };
+ 220C5DBA1BD189EC000946A0 /* libsecuritydservice_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1843240E1714797D00196B52 /* libsecuritydservice_client.a */; };
+ 220C5DC91BD19874000946A0 /* securityd_service_client.h in Headers */ = {isa = PBXBuildFile; fileRef = 18CD2B731714D4B300633846 /* securityd_service_client.h */; settings = {ATTRIBUTES = (Public, ); }; };
80C312B6169BA50700DA5DC6 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 189D4643166BFDCE001D8533 /* Security.framework */; };
/* End PBXBuildFile section */
18F4809217497521009724DB /* KeyStore-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "KeyStore-Info.plist"; sourceTree = "<group>"; };
18F4809C174976D2009724DB /* KeyStoreEvents.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = KeyStoreEvents.c; sourceTree = "<group>"; };
18F4809F17498963009724DB /* AppleKeyStoreEvents.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AppleKeyStoreEvents.h; sourceTree = "<group>"; };
+ 220C5DCA1BD1A1B8000946A0 /* securitydservicectrl.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.xml; path = securitydservicectrl.entitlements; sourceTree = "<group>"; };
/* End PBXFileReference section */
/* Begin PBXFrameworksBuildPhase section */
files = (
80C312B6169BA50700DA5DC6 /* Security.framework in Frameworks */,
189D4668166C19CF001D8533 /* CoreFoundation.framework in Frameworks */,
+ 220C5DBA1BD189EC000946A0 /* libsecuritydservice_client.a in Frameworks */,
);
runOnlyForDeploymentPostprocessing = 0;
};
isa = PBXGroup;
children = (
189D465D166C15C1001D8533 /* main.c */,
+ 220C5DCA1BD1A1B8000946A0 /* securitydservicectrl.entitlements */,
);
path = securitydservicectrl;
sourceTree = "<group>";
isa = PBXHeadersBuildPhase;
buildActionMask = 2147483647;
files = (
+ 220C5DC91BD19874000946A0 /* securityd_service_client.h in Headers */,
);
runOnlyForDeploymentPostprocessing = 0;
};
"$(inherited)",
);
GCC_WARN_UNDECLARED_SELECTOR = YES;
+ INSTALL_PATH = /usr/local/lib;
PRODUCT_NAME = "$(TARGET_NAME)";
};
name = Debug;
EXECUTABLE_PREFIX = lib;
GCC_C_LANGUAGE_STANDARD = gnu99;
GCC_WARN_UNDECLARED_SELECTOR = YES;
+ INSTALL_PATH = /usr/local/lib;
PRODUCT_NAME = "$(TARGET_NAME)";
};
name = Release;
GCC_WARN_UNINITIALIZED_AUTOS = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
ONLY_ACTIVE_ARCH = YES;
+ SDKROOT = macosx.internal;
};
name = Debug;
};
GCC_WARN_ABOUT_RETURN_TYPE = YES;
GCC_WARN_UNINITIALIZED_AUTOS = YES;
GCC_WARN_UNUSED_VARIABLE = YES;
+ SDKROOT = macosx.internal;
};
name = Release;
};
189D4662166C15C1001D8533 /* Debug */ = {
isa = XCBuildConfiguration;
buildSettings = {
+ CODE_SIGN_ENTITLEMENTS = securitydservicectrl/securitydservicectrl.entitlements;
PRODUCT_NAME = "$(TARGET_NAME)";
};
name = Debug;
189D4663166C15C1001D8533 /* Release */ = {
isa = XCBuildConfiguration;
buildSettings = {
+ CODE_SIGN_ENTITLEMENTS = securitydservicectrl/securitydservicectrl.entitlements;
PRODUCT_NAME = "$(TARGET_NAME)";
};
name = Release;
#define LOG(...)
#endif
+static bool check_signature(xpc_connection_t connection);
+
static pid_t get_caller_pid(audit_token_t * token)
{
pid_t pid = 0;
return rc;
}
+static int
+service_kb_unload(service_context_t *context)
+{
+ __block int rc = KB_GeneralError;
+
+ dispatch_sync(_kb_service_get_dispatch_queue(), ^{
+ keybag_handle_t session_handle = bad_keybag_handle;
+
+ rc = aks_get_system(context->s_uid, &session_handle);
+ if (rc == kIOReturnNotFound) {
+ // No session bag, nothing to do
+ rc = KB_Success;
+ return;
+ } else if (rc != kIOReturnSuccess) {
+ syslog(LOG_ERR, "error locating session keybag for uid (%i) in session (%i)", context->s_uid, context->s_id);
+ rc = KB_BagError;
+ return;
+ }
+
+ rc = aks_unload_bag(session_handle);
+ if (rc != kAKSReturnSuccess) {
+ syslog(LOG_ERR, "error unloading keybag for uid (%i) in session (%i)", context->s_uid, context->s_id);
+ rc = KB_BagError;
+ } else {
+ syslog(LOG_ERR, "successfully unloaded keybag (%ld) for uid (%i) in session (%i)", (long)session_handle, context->s_uid, context->s_id);
+ }
+ });
+
+ return rc;
+}
+
static int
service_kb_save(service_context_t * context)
{
return "kb_is_locked";
case SERVICE_KB_RESET:
return "kb_reset";
+ case SERVICE_KB_UNLOAD:
+ return "kb_unload";
default:
return "unknown";
}
const uint8_t * secret = NULL, * new_secret = NULL;
size_t secret_len = 0, new_secret_len = 0, data_len = 0;
service_context_t * context = NULL;
+ bool free_context = false;
const void * data;
xpc_object_t reply = xpc_dictionary_create_reply(event);
-
- data = xpc_dictionary_get_data(event, SERVICE_XPC_CONTEXT, &data_len);
- require(data, done);
- require(data_len == sizeof(service_context_t), done);
- context = (service_context_t*)data;
request = xpc_dictionary_get_uint64(event, SERVICE_XPC_REQUEST);
+ // For SERVICE_KB_UNLOAD only, allow non-securityd, non-root but
+ // entitled callers.
+ if (request == SERVICE_KB_UNLOAD) {
+ if (!peer_has_entitlement(connection, "com.apple.private.securityd.keybag-unload")) {
+ xpc_connection_cancel(connection);
+ return;
+ }
+ } else {
+ if (xpc_connection_get_euid(connection) != 0) {
+ xpc_connection_cancel(connection);
+ return;
+ }
+
+ if (!check_signature(connection)) {
+ xpc_connection_cancel(connection);
+ return;
+ }
+ }
+
+ data = xpc_dictionary_get_data(event, SERVICE_XPC_CONTEXT, &data_len);
+ require_action(data || request == SERVICE_KB_UNLOAD, done, rc = KB_GeneralError);
+ if (data) {
+ require(data_len == sizeof(service_context_t), done);
+ context = (service_context_t*)data;
+ } else {
+ audit_token_t audit_token = { 0 };
+ xpc_connection_get_audit_token(connection, &audit_token);
+ context = calloc(1, sizeof(service_context_t));
+ context->s_id = xpc_connection_get_asid(connection);
+ context->s_uid = xpc_connection_get_euid(connection);
+ context->procToken = audit_token;
+ free_context = true;
+ }
+
require_action(context->s_id != AU_DEFAUDITSID, done, rc = KB_InvalidSession);
require_action(context->s_uid != AU_DEFAUDITID, done, rc = KB_InvalidSession); // we only want to work in actual user sessions.
-
+
switch (request) {
case SERVICE_KB_CREATE:
// if (kb_service_has_entitlement(peer, "com.apple.keystore.device")) {
case SERVICE_KB_LOAD:
rc = service_kb_load(context);
break;
+ case SERVICE_KB_UNLOAD:
+ rc = service_kb_unload(context);
+ break;
case SERVICE_KB_SAVE:
rc = service_kb_save(context);
break;
xpc_dictionary_set_int64(reply, SERVICE_XPC_RC, rc);
xpc_connection_send_message(connection, reply);
xpc_release(reply);
+ if (free_context) {
+ free(context);
+ }
}
}
xpc_connection_set_event_handler(listener, ^(xpc_object_t peer) {
// It is safe to cast 'peer' to xpc_connection_t assuming
// we have a correct configuration in our launchd.plist.
-
- if (xpc_connection_get_euid(peer) != 0) {
- xpc_connection_cancel(peer);
- return;
- }
-
- if (!check_signature(peer)) {
- xpc_connection_cancel(peer);
- return;
- }
-
xpc_connection_set_event_handler(peer, ^(xpc_object_t event) {
vproc_transaction_t transaction = vproc_transaction_begin(NULL);
service_peer_event_handler(peer, event);
SERVICE_KB_IS_LOCKED,
SERVICE_KB_RESET,
SERVICE_STASH_LOAD_KEY,
+ SERVICE_KB_UNLOAD,
};
#endif
int rc = KB_GeneralError;
xpc_object_t reply = NULL;
xpc_connection_t conn = NULL;
-
- require(context, done);
+
require(message, done);
conn = _service_get_connection();
require(conn, done);
-
- xpc_dictionary_set_data(message, SERVICE_XPC_CONTEXT, context, sizeof(service_context_t));
-
+
+ if (context) {
+ xpc_dictionary_set_data(message, SERVICE_XPC_CONTEXT, context, sizeof(service_context_t));
+ }
reply = xpc_connection_send_message_with_reply_sync(conn, message);
require(reply, done);
require(xpc_get_type(reply) != XPC_TYPE_ERROR, done);
return _service_client_send_secret(context, SERVICE_KB_LOAD, NULL, 0, NULL, 0);
}
+int
+service_client_kb_unload(service_context_t *context)
+{
+ return _service_client_send_secret(context, SERVICE_KB_UNLOAD, NULL, 0, NULL, 0);
+}
+
int
service_client_kb_save(service_context_t *context)
{
int service_client_kb_create(service_context_t *context, const void * secret, int secret_len);
int service_client_kb_load(service_context_t *context);
+int service_client_kb_unload(service_context_t *context);
int service_client_kb_save(service_context_t *context);
int service_client_kb_unlock(service_context_t *context, const void * secret, int secret_len);
int service_client_kb_lock(service_context_t *context);
//
#include "securityd_service.h"
+#include "securityd_service_client.h"
#include <stdio.h>
#include <xpc/xpc.h>
xpc_connection_resume(connection);
if (argc != 2) {
- printf("Usage: securityservicectrl < get | set | stash | login | loginstash >\n");
+ printf("Usage: securityservicectrl < get | set | stash | login | loginstash | unload >\n");
return 1;
}
status = SecKeychainStash();
printf("Returned: %i\n", status);
return status ? 1 : 0;
-
+
+ } else if (strcmp(argv[1], "unload") == 0) {
+ return service_client_kb_unload(NULL);
+
} else {
printf("%s not known\n", argv[1]);
return 1;
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>com.apple.security.keybag-unload</key>
+ <true/>
+</dict>
+</plist>
void KeychainDbCommon::sleepProcessing()
{
secdebug("KCdb", "common %s(%p) sleep-lock processing", dbName(), this);
- StLock<Mutex> _(*this);
- if (mParams.lockOnSleep)
+ if (mParams.lockOnSleep) {
+ StLock<Mutex> _(*this);
lockDb();
+ }
}
void KeychainDbCommon::lockProcessing()
{
const void* data = notification->data.data();
UInt32 length = notification->data.length();
- WriteMessage (notification->domain, notification->event, data, length);
-
+ /* enforce a maximum size of 16k for notifications */
+ if (length > 16384) return;
+
+ WriteMessage (notification->domain, notification->event, data, length);
+
if (!mActive)
{
Server::active().setTimer (this, Time::Interval(kServerWait));
#include <sys/wait.h>
#include <grp.h>
#include <pwd.h>
+#include <msgtracer_client.h>
using namespace MDSClient;
free (data.data());
}
+static void mt_log_ctk_tokend(const char *signature, const char *signature2)
+{
+ msgtracer_log_with_keys("com.apple.ctk.tokend", ASL_LEVEL_NOTICE,
+ "com.apple.message.signature", signature,
+ "com.apple.message.signature2", signature2,
+ "com.apple.message.summarize", "YES",
+ NULL);
+}
//
// Choose a token daemon for our card.
candidates.update();
//@@@ we could sort by reverse "maxScore" and avoid launching those who won't cut it anyway...
+ string chosenIdentifier;
+ set<string> candidateIdentifiers;
RefPointer<TokenDaemon> leader;
for (CodeRepository<Bundle>::const_iterator it = candidates.begin();
it != candidates.end(); it++) {
RefPointer<TokenDaemon> tokend = new TokenDaemon(candidate,
reader().name(), reader().pcscState(), reader().cache);
+ // add identifier to candidate names set
+ candidateIdentifiers.insert(tokend->bundleIdentifier());
+
if (tokend->state() == ServerChild::dead) // ah well, this one's no good
continue;
continue;
// we got a contender!
- if (!leader || tokend->score() > leader->score())
+ if (!leader || tokend->score() > leader->score()) {
leader = tokend; // a new front runner, he is...
+ chosenIdentifier = leader->bundleIdentifier();
+ }
} catch (...) {
secdebug("token", "exception setting up %s (moving on)", candidate->canonicalPath().c_str());
}
}
+
+ // concatenate all candidate identifiers (sorted internally inside std::set)
+ string identifiers;
+ for (set<string>::const_iterator i = candidateIdentifiers.begin(), e = candidateIdentifiers.end(); i != e; ++i) {
+ if (i != candidateIdentifiers.begin())
+ identifiers.append(";");
+ identifiers.append(*i);
+ }
+ mt_log_ctk_tokend(identifiers.c_str(), chosenIdentifier.c_str());
+
return leader;
}
projects / apple / security.git / commitdiff
