From 822b670c6f91d089ccb51b77e24b6ac80406b337 Mon Sep 17 00:00:00 2001 From: Apple Date: Fri, 11 Dec 2015 06:01:58 +0000 Subject: [PATCH] Security-57337.20.44.tar.gz --- CircleJoinRequested/CircleJoinRequested.m | 42 +- CircleJoinRequested/entitlements.plist | 4 + .../KNAppDelegate.m | 1 + OSX/OSX.xcodeproj/project.pbxproj | 32 +- .../xcshareddata/xcschemes/World.xcscheme | 10 +- OSX/authd/authdb.c | 21 +- OSX/authd/authorization.plist | 18 +- OSX/lib/security.exp-in | 16 + .../lib/TPCrlInfo.cpp | 117 + OSX/libsecurity_asn1/config/base.xcconfig | 6 + OSX/libsecurity_asn1/lib/SecAsn1Types.h | 5 +- OSX/libsecurity_asn1/lib/X509Templates.c | 3 +- OSX/libsecurity_asn1/lib/nameTemplates.c | 15 +- OSX/libsecurity_asn1/lib/nameTemplates.h | 3 +- OSX/libsecurity_asn1/lib/pkcs12Templates.c | 9 +- OSX/libsecurity_asn1/lib/pkcs7Templates.c | 3 +- OSX/libsecurity_asn1/lib/secasn1.h | 4 +- OSX/libsecurity_asn1/lib/secasn1d.c | 68 +- OSX/libsecurity_asn1/lib/secasn1e.c | 10 +- OSX/libsecurity_asn1/lib/secasn1u.c | 5 +- OSX/libsecurity_cdsa_utils/lib/cuFileIo.c | 2 + .../lib/evaluationmanager.cpp | 10 +- .../lib/evaluationmanager.h | 6 +- .../lib/policyengine.cpp | 3 +- .../lib/KCEventNotifier.cpp | 11 +- OSX/libsecurity_keychain/lib/SecKeychain.cpp | 6 +- OSX/libsecurity_keychain/lib/SecPolicy.cpp | 10 + OSX/libsecurity_keychain/lib/SecPolicyPriv.h | 13 + .../lib/SecTrustSettings.cpp | 48 +- .../lib/SecTrustSettingsCertificates.h | 160 ++ .../lib/security_keychain.exp | 2 + OSX/libsecurity_keychain/libDER/libDER/oids.c | 6 + .../libDER/libDER/oidsPriv.h | 1 + .../project.pbxproj | 6 +- OSX/libsecurity_keychain/xpc-tsa/main-tsa.m | 48 +- OSX/libsecurity_keychain/xpc/main.c | 18 +- .../lib/pkcs12Templates.cpp | 9 +- OSX/libsecurity_pkcs12/lib/pkcs7Templates.cpp | 3 +- OSX/libsecurity_smime/lib/cmsasn1.c | 4 +- OSX/libsecurity_smime/lib/cmsattr.c | 2 +- OSX/libsecurity_smime/lib/cmsdecode.c | 4 +- OSX/libsecurity_smime/lib/cmssigdata.c | 6 + OSX/libsecurity_smime/lib/cmssiginfo.c | 19 +- OSX/libsecurity_ssl/lib/SecureTransport.h | 26 +- OSX/libsecurity_ssl/lib/SecureTransportPriv.h | 19 + OSX/libsecurity_ssl/lib/security_ssl.exp | 2 + OSX/libsecurity_ssl/lib/sslCipherSpecs.c | 204 +- OSX/libsecurity_ssl/lib/sslContext.c | 112 +- OSX/libsecurity_ssl/lib/sslContext.h | 2 - OSX/libsecurity_ssl/lib/sslTransport.c | 8 - .../regressions/ssl-42-ciphers.c | 26 +- .../ssl-46-SSLGetSupportedCiphers.c | 469 ++-- .../lib/EncryptTransform.cpp | 14 +- OSX/libsecurity_utilities/lib/cfutilities.h | 24 +- OSX/libsecurity_utilities/lib/macho++.cpp | 4 + .../project.pbxproj | 2 +- .../SOSCircle/SecureObjectSync/SOSAccount.c | 52 +- .../SOSCircle/SecureObjectSync/SOSAccount.h | 2 +- .../SecureObjectSync/SOSAccountBackup.c | 2 +- .../SecureObjectSync/SOSAccountPeers.c | 10 +- .../SecureObjectSync/SOSAccountPersistence.c | 2 +- .../SecureObjectSync/SOSBackupSliceKeyBag.c | 1 + .../SecureObjectSync/SOSECWrapUnwrap.c | 1 + .../SOSCircle/SecureObjectSync/SOSEngine.c | 2 +- .../SecureObjectSync/SOSFullPeerInfo.c | 78 +- .../SecureObjectSync/SOSFullPeerInfo.h | 2 +- .../SOSCircle/SecureObjectSync/SOSPeerInfo.c | 3 - .../SecureObjectSync/SOSPeerInfoV2.c | 17 +- .../SecureObjectSync/SOSRingBackup.c | 8 - .../SecureObjectSync/SOSTransportMessageIDS.c | 39 +- .../SecureObjectSync/SOSTransportMessageIDS.h | 1 + .../Regressions/Security_regressions.h | 3 +- .../Regressions/secitem/si-20-sectrust-att.c | 550 ----- .../Regressions/secitem/si-20-sectrust.c | 724 +----- .../Regressions/secitem/si-20-sectrust.h | 751 ++++++ .../secitem/si-24-sectrust-shoebox.c | 4 - .../secitem/si-87-sectrust-name-constraints.c | 312 +++ .../secitem/si-87-sectrust-name-constraints.h | 2192 +++++++++++++++++ .../secitem/si-88-sectrust-vpnprofile.c | 105 + .../secitem/si-88-sectrust-vpnprofile.h | 450 ++++ OSX/sec/Security/SecCertificate.c | 10 +- OSX/sec/Security/SecExports.exp-in | 2 + OSX/sec/Security/SecKey.c | 2 +- OSX/sec/Security/SecPolicy.c | 57 + OSX/sec/Security/SecPolicyPriv.h | 10 + OSX/sec/Security/SecSCEP.c | 7 +- OSX/sec/Security/SecTrust.c | 2 +- OSX/sec/Security/SecuritydXPC.c | 9 +- OSX/sec/Security/Tool/SecurityCommands.h | 15 + OSX/sec/Security/Tool/keychain_find.c | 30 +- OSX/sec/Security/Tool/log_control.c | 29 +- OSX/sec/Security/Tool/verify_cert.c | 434 ++++ OSX/sec/SecurityTool/security.1 | 43 +- OSX/sec/ipc/server.c | 257 +- OSX/sec/sec.xcodeproj/project.pbxproj | 32 +- .../Regressions/secd-33-keychain-ctk.c | 1 + .../Regressions/secd-62-account-backup.c | 4 +- .../securityd/Regressions/secd-81-item-acl.c | 1 + .../Regressions/secd-82-persistent-ref.c | 2 +- .../securityd/Regressions/secd_regressions.h | 2 +- OSX/sec/securityd/SOSCloudCircleServer.c | 9 +- OSX/sec/securityd/SecItemServer.c | 17 +- OSX/sec/securityd/nameconstraints.c | 132 +- OSX/utilities/src/SecCFWrappers.c | 41 + OSX/utilities/src/SecCFWrappers.h | 29 +- OSX/utilities/src/SecdUsage.c | 0 .../utilities.xcodeproj/project.pbxproj | 4 + Security.exp-in | 13 + Security.xcodeproj/project.pbxproj | 10 + .../xcshareddata/xcschemes/Debug.xcscheme | 12 +- .../xcshareddata/xcschemes/Release.xcscheme | 8 + SecurityTests/clxutils/certcrl/Makefile | 2 +- .../certcrl/testSubjects/GarthCRL/crl.scr | 1 + .../testSubjects/distPointName/DEADBEF0.der | Bin 0 -> 1305 bytes .../testSubjects/distPointName/DEADBEF4.der | Bin 0 -> 1285 bytes .../testSubjects/distPointName/DEADBEF5.der | Bin 0 -> 1356 bytes .../testSubjects/distPointName/DEADBEF6.der | Bin 0 -> 1323 bytes .../testSubjects/distPointName/DEADBEF7.der | Bin 0 -> 1354 bytes .../testSubjects/distPointName/cacert.der | Bin 0 -> 1476 bytes .../testSubjects/distPointName/crl1.der | Bin 0 -> 868 bytes .../testSubjects/distPointName/crl2.der | Bin 0 -> 899 bytes .../testSubjects/distPointName/crl3.der | Bin 0 -> 899 bytes .../testSubjects/distPointName/crl4.der | Bin 0 -> 853 bytes .../distPointName/distPointName.scr | 178 ++ SecurityTests/clxutils/ocspTool/Makefile | 2 +- SecurityTests/clxutils/ocspdTool/Makefile | 2 +- SecurityTool/security.1 | 3 + SecurityTool/security.c | 3 + SecurityTool/verify_cert.c | 36 +- libsecurity_smime/lib/cmsasn1.c | 4 +- libsecurity_smime/lib/cmsattr.c | 2 +- libsecurity_smime/lib/cmsdecode.c | 4 +- securityd/securityd.xcodeproj/project.pbxproj | 4 + .../project.pbxproj | 12 + .../securityd_service/main.c | 94 +- .../securityd_service/securityd_service.h | 1 + .../securityd_service_client.c | 16 +- .../securityd_service_client.h | 1 + .../securitydservicectrl/main.c | 8 +- .../securitydservicectrl.entitlements | 8 + securityd/src/kcdatabase.cpp | 5 +- securityd/src/notifications.cpp | 7 +- securityd/src/token.cpp | 28 +- 143 files changed, 6454 insertions(+), 2203 deletions(-) delete mode 100644 OSX/sec/Security/Regressions/secitem/si-20-sectrust-att.c create mode 100644 OSX/sec/Security/Regressions/secitem/si-20-sectrust.h create mode 100644 OSX/sec/Security/Regressions/secitem/si-87-sectrust-name-constraints.c create mode 100644 OSX/sec/Security/Regressions/secitem/si-87-sectrust-name-constraints.h create mode 100644 OSX/sec/Security/Regressions/secitem/si-88-sectrust-vpnprofile.c create mode 100644 OSX/sec/Security/Regressions/secitem/si-88-sectrust-vpnprofile.h create mode 100644 OSX/sec/Security/Tool/verify_cert.c create mode 100644 OSX/utilities/src/SecdUsage.c create mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF0.der create mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF4.der create mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF5.der create mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF6.der create mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF7.der create mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/cacert.der create mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl1.der create mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl2.der create mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl3.der create mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl4.der create mode 100644 SecurityTests/clxutils/certcrl/testSubjects/distPointName/distPointName.scr create mode 100644 securityd/securityd_service/securitydservicectrl/securitydservicectrl.entitlements diff --git a/CircleJoinRequested/CircleJoinRequested.m b/CircleJoinRequested/CircleJoinRequested.m index 0da63c65..bdb248f5 100644 --- a/CircleJoinRequested/CircleJoinRequested.m +++ b/CircleJoinRequested/CircleJoinRequested.m @@ -7,34 +7,35 @@ // #import #import +#import #import +#import #import #import -#import +#import +#import #import +#import +#import +#import +#import +#import +#import +#import +#import #include #include "SecureObjectSync/SOSCloudCircle.h" #include "SecureObjectSync/SOSPeerInfo.h" -#import -#import #include #include #import "Applicant.h" #import "NSArray+map.h" -#import -#import -#import #import "PersistentState.h" #include #include #import "NSDate+TimeIntervalDescription.h" -#include #include #include -#import -#import -#import -#import #import #include "utilities/SecCFRelease.h" #include "utilities/debugging.h" @@ -52,6 +53,7 @@ volatile NSString *debugState = @"main?"; dispatch_block_t doOnceInMainBlockChain = NULL; NSString *castleKeychainUrl = @"prefs:root=CASTLE&path=Keychain/ADVANCED"; +NSString *rejoinICDPUrl = @"prefs:root=CASTLE&aaaction=CDP&command=rejoin"; static void doOnceInMain(dispatch_block_t block) { @@ -453,8 +455,22 @@ static void kickOutChoice(CFUserNotificationRef userNotification, CFOptionFlags if (responseFlags == kCFUserNotificationDefaultResponse) { // We need to let things unwind to main for the new state to get saved doOnceInMain(^{ - BOOL ok = [[LSApplicationWorkspace defaultWorkspace] openSensitiveURL:[NSURL URLWithString:castleKeychainUrl] withOptions:nil]; - NSLog(@"ok=%d opening %@", ok, [NSURL URLWithString:castleKeychainUrl]); + ACAccountStore *store = [ACAccountStore new]; + ACAccount *primary = [store aa_primaryAppleAccount]; + NSString *dsid = [primary aa_personID]; + bool localICDP = false; + if (dsid) { + NSDictionary *options = @{ (__bridge id) kPCSSetupDSID : dsid, }; + PCSIdentitySetRef identity = PCSIdentitySetCreate((__bridge CFDictionaryRef) options, NULL, NULL); + + if (identity) { + localICDP = PCSIdentitySetIsICDP(identity, NULL); + CFRelease(identity); + } + } + NSURL *url = [NSURL URLWithString: localICDP ? rejoinICDPUrl : castleKeychainUrl]; + BOOL ok = [[LSApplicationWorkspace defaultWorkspace] openSensitiveURL:url withOptions:nil]; + NSLog(@"ok=%d opening %@", ok, url); }); } cancelCurrentAlert(true); diff --git a/CircleJoinRequested/entitlements.plist b/CircleJoinRequested/entitlements.plist index 489658ce..ad2e091f 100644 --- a/CircleJoinRequested/entitlements.plist +++ b/CircleJoinRequested/entitlements.plist @@ -12,5 +12,9 @@ com.apple.securebackupd.access + keychain-access-groups + + com.apple.ProtectedCloudStorage + diff --git a/OSX/Keychain Circle Notification/KNAppDelegate.m b/OSX/Keychain Circle Notification/KNAppDelegate.m index eec4fc7e..224bc123 100644 --- a/OSX/Keychain Circle Notification/KNAppDelegate.m +++ b/OSX/Keychain Circle Notification/KNAppDelegate.m @@ -523,6 +523,7 @@ bool isAppleInternal(void) } } + // Improve wording of the iCloud keychain drop/reset error messages // Contrary to HI spec (and I think it makes more sense) // 1. otherButton == top : Not Now // 2. actionButton == bottom: Continue diff --git a/OSX/OSX.xcodeproj/project.pbxproj b/OSX/OSX.xcodeproj/project.pbxproj index 993b844e..71ef2e33 100644 --- a/OSX/OSX.xcodeproj/project.pbxproj +++ b/OSX/OSX.xcodeproj/project.pbxproj @@ -49,6 +49,7 @@ buildPhases = ( ); dependencies = ( + D4A2FC7E1BC89D5200BF6E56 /* PBXTargetDependency */, 5EF7C2541B00EEC000E5E99C /* PBXTargetDependency */, 3705CADE1A8971DF00402F75 /* PBXTargetDependency */, 37AB39401A44A95500B56E04 /* PBXTargetDependency */, @@ -573,6 +574,7 @@ CDF91EC91AAE022600E88CF7 /* com.apple.private.alloy.keychainsync.plist in Resources */ = {isa = PBXBuildFile; fileRef = CDF91EC81AAE022600E88CF7 /* com.apple.private.alloy.keychainsync.plist */; }; CDF91EF51AAE028F00E88CF7 /* com.apple.private.alloy.keychainsync.plist in CopyFiles */ = {isa = PBXBuildFile; fileRef = CDF91EC81AAE022600E88CF7 /* com.apple.private.alloy.keychainsync.plist */; }; D41685841B3A288F001FB54E /* oids.h in Headers */ = {isa = PBXBuildFile; fileRef = D41685831B3A288F001FB54E /* oids.h */; settings = {ATTRIBUTES = (Public, ); }; }; + D4DDD3D01BE3EC0300E8AE2D /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = D4DDD3A71BE3EB4200E8AE2D /* libDiagnosticMessagesClient.dylib */; }; E76079D61951FDAF00F69731 /* liblogging.a in Frameworks */ = {isa = PBXBuildFile; fileRef = E76079D51951FDA800F69731 /* liblogging.a */; }; E778BFBC17176DDE00302C14 /* security.exp-in in Sources */ = {isa = PBXBuildFile; fileRef = 182BB562146F4C73000BF1F3 /* security.exp-in */; }; EB22F3F918A26BCA0016A8EC /* SecBreadcrumb.c in Sources */ = {isa = PBXBuildFile; fileRef = EB22F3F718A26BA50016A8EC /* SecBreadcrumb.c */; }; @@ -1655,13 +1657,6 @@ remoteGlobalIDString = 5214700516977CB800DF0DB3; remoteInfo = CloudKeychainProxy; }; - 529FF21F1523BD7F0029D842 /* PBXContainerItemProxy */ = { - isa = PBXContainerItemProxy; - containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; - proxyType = 1; - remoteGlobalIDString = 52200F8714F2B87F00F7F6E7; - remoteInfo = XPCTimeStampingService; - }; 52B5A8F5151928B400664F11 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; @@ -1900,6 +1895,13 @@ remoteGlobalIDString = CD63ACDF1A8061FA001B5671; remoteInfo = IDSKeychainSyncingProxy; }; + D4A2FC7D1BC89D5200BF6E56 /* PBXContainerItemProxy */ = { + isa = PBXContainerItemProxy; + containerPortal = 1879B6A0146DE79F007E536C /* libsecurity_keychain.xcodeproj */; + proxyType = 1; + remoteGlobalIDString = 52200F8714F2B87F00F7F6E7; + remoteInfo = XPCTimeStampingService; + }; E7421C7D1ADC8E0D005FC1C0 /* PBXContainerItemProxy */ = { isa = PBXContainerItemProxy; containerPortal = 0C6D77DE15C8C06500BB4405 /* tlsnke.xcodeproj */; @@ -2634,6 +2636,7 @@ D41685831B3A288F001FB54E /* oids.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = oids.h; path = libsecurity_keychain/libDER/libDER/oids.h; sourceTree = SOURCE_ROOT; }; D46E9CED1B1E5DEF00ED650E /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; D46E9CEE1B1E5DEF00ED650E /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.xib; name = Base; path = Base.lproj/MainMenu.xib; sourceTree = ""; }; + D4DDD3A71BE3EB4200E8AE2D /* libDiagnosticMessagesClient.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libDiagnosticMessagesClient.dylib; path = ../../../../../../usr/lib/libDiagnosticMessagesClient.dylib; sourceTree = ""; }; EB22F3F518A26BA50016A8EC /* bc-10-knife-on-bread.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "bc-10-knife-on-bread.c"; path = "Breadcrumb/bc-10-knife-on-bread.c"; sourceTree = ""; }; EB22F3F618A26BA50016A8EC /* breadcrumb_regressions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = breadcrumb_regressions.h; path = Breadcrumb/breadcrumb_regressions.h; sourceTree = ""; }; EB22F3F718A26BA50016A8EC /* SecBreadcrumb.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = SecBreadcrumb.c; path = Breadcrumb/SecBreadcrumb.c; sourceTree = ""; }; @@ -2911,6 +2914,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + D4DDD3D01BE3EC0300E8AE2D /* libDiagnosticMessagesClient.dylib in Frameworks */, BE48AE051ADF1DF4000836C1 /* libACM.a in Frameworks */, BE48AE061ADF1DF4000836C1 /* libcoreauthd_client.a in Frameworks */, BE48AE071ADF1DF4000836C1 /* libaks.a in Frameworks */, @@ -3104,6 +3108,7 @@ 1807384D146D0D4E00F05C24 /* Frameworks */ = { isa = PBXGroup; children = ( + D4DDD3A71BE3EB4200E8AE2D /* libDiagnosticMessagesClient.dylib */, 4C97761D17BEB23E0002BFE4 /* AOSAccounts.framework */, 4C328D2F1778EC4F0015EED1 /* AOSUI.framework */, 4C5DD46B17A5F67300696A79 /* AppleSystemInfo.framework */, @@ -4390,7 +4395,6 @@ 5208C0FE16A0D3980062DDC5 /* PBXTargetDependency */, E76079FA1951FDF600F69731 /* PBXTargetDependency */, 182BB22C146F07DD000BF1F3 /* PBXTargetDependency */, - 529FF2201523BD7F0029D842 /* PBXTargetDependency */, ); name = Security; productName = Security; @@ -5602,7 +5606,7 @@ ); runOnlyForDeploymentPostprocessing = 0; shellPath = /bin/sh; - shellScript = "DST=${BUILT_PRODUCTS_DIR}/${CONTENTS_FOLDER_PATH}/XPCServices\n\nXPC_SERVICE=XPCKeychainSandboxCheck.xpc\nditto -v ${BUILT_PRODUCTS_DIR}/${XPC_SERVICE} ${DST}/${XPC_SERVICE}\nif [ $0 -ne 0 ]; then\n\texit $0;\nfi\n\nXPC_SERVICE=XPCTimeStampingService.xpc\nif [ $0 -ne 0 ]; then\n\texit $0;\nfi\n\nif [ ! -h ${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}/XPCServices ]; then\n ln -s Versions/Current/XPCServices ${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}/XPCServices\nfi\n\nexit 0"; + shellScript = "DST=${BUILT_PRODUCTS_DIR}/${CONTENTS_FOLDER_PATH}/XPCServices\n\nXPC_SERVICE=XPCKeychainSandboxCheck.xpc\nditto -v ${BUILT_PRODUCTS_DIR}/${XPC_SERVICE} ${DST}/${XPC_SERVICE}\nif [ $0 -ne 0 ]; then\n\texit $0;\nfi\n\nif [ ! -h ${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}/XPCServices ]; then\n ln -s Versions/Current/XPCServices ${BUILT_PRODUCTS_DIR}/${FULL_PRODUCT_NAME}/XPCServices\nfi\n\nexit 0"; showEnvVarsInLog = 0; }; 18500F961470828E006F9AB4 /* Run Script Generate Strings */ = { @@ -6218,11 +6222,6 @@ target = 5214700516977CB800DF0DB3 /* CloudKeychainProxy */; targetProxy = 521470281697842500DF0DB3 /* PBXContainerItemProxy */; }; - 529FF2201523BD7F0029D842 /* PBXTargetDependency */ = { - isa = PBXTargetDependency; - name = XPCTimeStampingService; - targetProxy = 529FF21F1523BD7F0029D842 /* PBXContainerItemProxy */; - }; 5ED88B6E1B0DEF3100F3B047 /* PBXTargetDependency */ = { isa = PBXTargetDependency; name = libDER; @@ -6368,6 +6367,11 @@ target = CD63ACDF1A8061FA001B5671 /* IDSKeychainSyncingProxy */; targetProxy = CDEB2BD11A8151CD00B0E23A /* PBXContainerItemProxy */; }; + D4A2FC7E1BC89D5200BF6E56 /* PBXTargetDependency */ = { + isa = PBXTargetDependency; + name = XPCTimeStampingService; + targetProxy = D4A2FC7D1BC89D5200BF6E56 /* PBXContainerItemProxy */; + }; E76079FA1951FDF600F69731 /* PBXTargetDependency */ = { isa = PBXTargetDependency; name = liblogging; diff --git a/OSX/OSX.xcodeproj/xcshareddata/xcschemes/World.xcscheme b/OSX/OSX.xcodeproj/xcshareddata/xcschemes/World.xcscheme index 0aa8246d..84b9ae52 100644 --- a/OSX/OSX.xcodeproj/xcshareddata/xcschemes/World.xcscheme +++ b/OSX/OSX.xcodeproj/xcshareddata/xcschemes/World.xcscheme @@ -23,10 +23,10 @@ + shouldUseLaunchSchemeArgsEnv = "YES"> @@ -42,11 +42,11 @@ + isEnabled = "YES"> shared - com.apple.iCloud.passwordReset - - class - user - comment - Authenticate as the session owner to reset iCloud password - session-owner - + com.apple.icloud.passwordreset + + class + user + comment + Authenticate as the session owner to reset iCloud password + session-owner + timeout 0 - + com.apple.library-repair class diff --git a/OSX/lib/security.exp-in b/OSX/lib/security.exp-in index 04dfa0fc..e04e8e53 100644 --- a/OSX/lib/security.exp-in +++ b/OSX/lib/security.exp-in @@ -1307,6 +1307,7 @@ _kSecPolicyAppleATVAppSigning _kSecPolicyAppleTestATVAppSigning _kSecPolicyApplePayIssuerEncryption _kSecPolicyAppleOSXProvisioningProfileSigning +_kSecPolicyAppleATVVPNProfileSigning _kSecPolicyOid _kSecPolicyName _kSecPolicyClient @@ -1752,6 +1753,7 @@ _SecPolicyCreateAppleMMCSService _SecPolicyCreateApplePPQService _SecPolicyCreateAppleATVAppSigning _SecPolicyCreateTestAppleATVAppSigning +_SecPolicyCreateAppleATVVPNProfileSigning _SecPolicyCreateApplePayIssuerEncryption _SecPolicyCreateAppleSSLService _SecPolicyCreateBasicX509 @@ -2156,6 +2158,19 @@ _SSLGetMinimumDHGroupSize _SSLSetSessionStrengthPolicy _SSLSetDHEEnabled _SSLGetDHEEnabled +_SSLSetSessionConfig +_SSLGetSessionConfig + +_kSSLSessionConfig_default +_kSSLSessionConfig_ATSv1 +_kSSLSessionConfig_ATSv1_noPFS +_kSSLSessionConfig_legacy +_kSSLSessionConfig_standard +_kSSLSessionConfig_RC4_fallback +_kSSLSessionConfig_TLSv1_fallback +_kSSLSessionConfig_TLSv1_RC4_fallback +_kSSLSessionConfig_legacy_DHE + // // libsecurity_transform // @@ -2310,6 +2325,7 @@ _SecSetLoggingInfoForCircleScope // // utilities // +_SecSecdUsage // SecDH _SecDHComputeKey diff --git a/OSX/libsecurity_apple_x509_tp/lib/TPCrlInfo.cpp b/OSX/libsecurity_apple_x509_tp/lib/TPCrlInfo.cpp index e8ae4a3e..54a5a249 100644 --- a/OSX/libsecurity_apple_x509_tp/lib/TPCrlInfo.cpp +++ b/OSX/libsecurity_apple_x509_tp/lib/TPCrlInfo.cpp @@ -232,6 +232,123 @@ CSSM_RETURN TPCrlInfo::parseExtensions( return CSSMERR_APPLETP_IDP_FAIL; } } + + /* Verify DistributionPointName matches cRLDistributionPoints + * in cert. + */ + if(idp->distPointName) { + CSSM_DATA_PTR certDistPoints; + CSSM_RETURN crtn = forCert->fetchField(&CSSMOID_CrlDistributionPoints, &certDistPoints); + switch(crtn) { + case CSSM_OK: + break; + case CSSMERR_CL_NO_FIELD_VALUES: + return CSSM_OK; + default: + return crtn; + } + if (certDistPoints->Length != sizeof(CSSM_X509_EXTENSION)) { + forCert->freeField(&CSSMOID_CrlDistributionPoints, certDistPoints); + return CSSMERR_TP_UNKNOWN_FORMAT; + } + CSSM_X509_EXTENSION *cssmExt = (CSSM_X509_EXTENSION *)certDistPoints->Data; + if (cssmExt == NULL) { + forCert->freeField(&CSSMOID_CrlDistributionPoints, certDistPoints); + return CSSMERR_TP_UNKNOWN_FORMAT; + } + CE_CRLDistPointsSyntax *dps = (CE_CRLDistPointsSyntax *)cssmExt->value.parsedValue; + if (dps == NULL) { + forCert->freeField(&CSSMOID_CrlDistributionPoints, certDistPoints); + return CSSMERR_TP_UNKNOWN_FORMAT; + } + if (!dps->numDistPoints) { + /* no distribution points in the cert extension */ + forCert->freeField(&CSSMOID_CrlDistributionPoints, certDistPoints); + return CSSM_OK; + } + + /* Loop over the cRLDistributionPoints in the cert. */ + CSSM_BOOL sameType = CSSM_FALSE; + CSSM_BOOL found = CSSM_FALSE; + for (unsigned dex=0; dexnumDistPoints; dex++) { + CE_CRLDistributionPoint *dp = &dps->distPoints[dex]; + if (dp->distPointName == NULL) { + continue; + } + if (idp->distPointName->nameType != dp->distPointName->nameType) { + /* Not the same name type; move on. */ + continue; + } + sameType = CSSM_TRUE; + switch (dp->distPointName->nameType) { + case CE_CDNT_NameRelativeToCrlIssuer: { + if (true) { + /* RDN code below is not tested, so we won't use it. + * Defaulting to prior behavior of accepting without testing. + */ + found = CSSM_TRUE; + tpErrorLog("parseExtensions: " + "CE_CDNT_NameRelativeToCrlIssuer not implemented\n"); + break; + } + /* relativeName is a RDN sequence */ + CSSM_X509_RDN_PTR idpName = idp->distPointName->dpn.rdn; + CSSM_X509_RDN_PTR certName = dp->distPointName->dpn.rdn; + if (idpName == NULL || certName == NULL || idpName->numberOfPairs != certName->numberOfPairs) { + /* They don't have the same number of attribute/value pairs; move on. */ + continue; + } + unsigned nDex; + for (nDex=0; nDexnumberOfPairs; nDex++) { + CSSM_X509_TYPE_VALUE_PAIR_PTR iPair = idpName->AttributeTypeAndValue; + CSSM_X509_TYPE_VALUE_PAIR_PTR cPair = certName->AttributeTypeAndValue; + if (!tpCompareCssmData(&iPair->type, &cPair->type) || + !tpCompareCssmData(&iPair->value, &cPair->value)) { + break; + } + } + if (nDex==idpName->numberOfPairs) { + /* All the pairs matched. */ + found = CSSM_TRUE; + } + } + case CE_CDNT_FullName: { + /* fullName is a GeneralNames sequence */ + CE_GeneralNames *idpNames = idp->distPointName->dpn.fullName; + CE_GeneralNames *certNames = dp->distPointName->dpn.fullName; + if (idpNames == NULL || certNames == NULL || idpNames->numNames != certNames->numNames) { + /* They don't have the same number of names; move on. */ + continue; + } + unsigned nDex; + for (nDex=0; nDexnumNames; nDex++) { + CE_GeneralName *idpName = &idpNames->generalName[nDex]; + CE_GeneralName *certName = &certNames->generalName[nDex]; + if ((idpName->nameType != certName->nameType) || + (!tpCompareCssmData(&idpName->name, &certName->name))) { + break; + } + } + if (nDex==idpNames->numNames) { + /* All the names matched. */ + found = CSSM_TRUE; + } + break; + } + default: { + forCert->freeField(&CSSMOID_CrlDistributionPoints, certDistPoints); + return CSSMERR_TP_UNKNOWN_FORMAT; + } + } + if (found) { + break; /* out of loop over crlDistribtionPoints in cert. */ + } + } + forCert->freeField(&CSSMOID_CrlDistributionPoints, certDistPoints); + if(sameType && !found) { + return CSSMERR_APPLETP_IDP_FAIL; + } + } /* distPointName check */ } /* IDP */ } /* have target cert */ } diff --git a/OSX/libsecurity_asn1/config/base.xcconfig b/OSX/libsecurity_asn1/config/base.xcconfig index e6d6e9bd..ea15367d 100644 --- a/OSX/libsecurity_asn1/config/base.xcconfig +++ b/OSX/libsecurity_asn1/config/base.xcconfig @@ -6,6 +6,12 @@ CURRENT_PROJECT_VERSION = $(RC_ProjectSourceVersion) VERSIONING_SYSTEM = apple-generic; DEAD_CODE_STRIPPING = YES; +// Debug symbols should be on obviously +GCC_GENERATE_DEBUGGING_SYMBOLS = YES +COPY_PHASE_STRIP = NO +STRIP_STYLE = debugging +STRIP_INSTALLED_PRODUCT = NO + ARCHS = $(ARCHS_STANDARD_32_64_BIT) WARNING_CFLAGS = -Wglobal-constructors -Wno-deprecated-declarations $(inherited) diff --git a/OSX/libsecurity_asn1/lib/SecAsn1Types.h b/OSX/libsecurity_asn1/lib/SecAsn1Types.h index df78b872..d24d4821 100644 --- a/OSX/libsecurity_asn1/lib/SecAsn1Types.h +++ b/OSX/libsecurity_asn1/lib/SecAsn1Types.h @@ -223,7 +223,9 @@ typedef struct SecAsn1Template_struct { * * "buf" For decode only; points to the start of the decoded data for * the current template. Callee can use the tag at this location - * to infer the returned template. Not used on encode. + * to infer the returned template. Not used on encode. + * + * "len" For decode only; the length of buf. * * "Dest" points to the template-specific item being decoded to * or encoded from. (This is as opposed to arg, which @@ -235,6 +237,7 @@ typedef const SecAsn1Template * SecAsn1TemplateChooser( void *arg, Boolean enc, const char *buf, + size_t len, void *dest); typedef SecAsn1TemplateChooser * SecAsn1TemplateChooserPtr; diff --git a/OSX/libsecurity_asn1/lib/X509Templates.c b/OSX/libsecurity_asn1/lib/X509Templates.c index 4677b4ee..88d71ea1 100644 --- a/OSX/libsecurity_asn1/lib/X509Templates.c +++ b/OSX/libsecurity_asn1/lib/X509Templates.c @@ -45,9 +45,10 @@ static const SecAsn1Template * NSS_TimeChooser( void *arg, Boolean enc, const char *buf, + size_t len, void *dest) { - return SecAsn1TaggedTemplateChooser(arg, enc, buf, dest, timeChoices); + return SecAsn1TaggedTemplateChooser(arg, enc, buf, len, dest, timeChoices); } static const SecAsn1TemplateChooserPtr NSS_TimeChooserPtr = NSS_TimeChooser; diff --git a/OSX/libsecurity_asn1/lib/nameTemplates.c b/OSX/libsecurity_asn1/lib/nameTemplates.c index 0403ab4e..84ce8b34 100644 --- a/OSX/libsecurity_asn1/lib/nameTemplates.c +++ b/OSX/libsecurity_asn1/lib/nameTemplates.c @@ -41,10 +41,11 @@ typedef struct { * Generalized Template chooser. */ const SecAsn1Template * SecAsn1TaggedTemplateChooser( - /* Four args passed to specific SecAsn1TemplateChooser */ + /* Five args passed to specific SecAsn1TemplateChooser */ void *arg, // currently not used Boolean enc, const char *buf, + size_t len, void *dest, /* array of tag/template pairs */ const NSS_TagChoice *chooser) @@ -60,12 +61,16 @@ const SecAsn1Template * SecAsn1TaggedTemplateChooser( /* encoding: tag from an NSS_TaggedItem at *dest */ tag = item->tag; } - else { + else if (len > 0) { /* decoding: tag from raw bytes being decoded */ tag = buf[0] & SEC_ASN1_TAGNUM_MASK; /* and tell caller what's coming */ item->tag = tag; } + /* + * If buffer length is 0, leave tag = 0. No choice will have this + * the invalid tag. + */ /* infer template from tag */ const NSS_TagChoice *thisChoice; @@ -109,9 +114,10 @@ static const SecAsn1Template * NSS_ATVChooser( void *arg, Boolean enc, const char *buf, + size_t len, void *dest) { - return SecAsn1TaggedTemplateChooser(arg, enc, buf, dest, atvChoices); + return SecAsn1TaggedTemplateChooser(arg, enc, buf, len, dest, atvChoices); } static const SecAsn1TemplateChooserPtr NSS_ATVChooserPtr = NSS_ATVChooser; @@ -246,9 +252,10 @@ static const SecAsn1Template * NSS_genNameChooser( void *arg, Boolean enc, const char *buf, + size_t len, void *dest) { - return SecAsn1TaggedTemplateChooser(arg, enc, buf, dest, genNameChoices); + return SecAsn1TaggedTemplateChooser(arg, enc, buf, len, dest, genNameChoices); } static const SecAsn1TemplateChooserPtr NSS_genNameChooserPtr = diff --git a/OSX/libsecurity_asn1/lib/nameTemplates.h b/OSX/libsecurity_asn1/lib/nameTemplates.h index 638bd09a..bf0f659a 100644 --- a/OSX/libsecurity_asn1/lib/nameTemplates.h +++ b/OSX/libsecurity_asn1/lib/nameTemplates.h @@ -57,10 +57,11 @@ typedef struct { * Generalized Template chooser. */ const SecAsn1Template * SecAsn1TaggedTemplateChooser( - /* Four args passed to specific SecAsn1TemplateChooser */ + /* Five args passed to specific SecAsn1TemplateChooser */ void *arg, // currently not used Boolean enc, const char *buf, + size_t len, void *dest, /* array of tag/template pairs */ const NSS_TagChoice *chooser); diff --git a/OSX/libsecurity_asn1/lib/pkcs12Templates.c b/OSX/libsecurity_asn1/lib/pkcs12Templates.c index c9effec0..53600bc6 100644 --- a/OSX/libsecurity_asn1/lib/pkcs12Templates.c +++ b/OSX/libsecurity_asn1/lib/pkcs12Templates.c @@ -99,7 +99,8 @@ const SecAsn1Template NSS_P12_PtrToShroudedKeyBagTemplate[] = { static const SecAsn1Template * NSS_P12_CertBagChooser( void *arg, // --> NSS_P12_CertBag Boolean enc, - const char *buf, // on decode, tag byte + const char *buf, // on decode, tag byte and length + size_t len, void *dest) // --> NSS_P12_CertBag.bagValue { NSS_P12_CertBag *bag = (NSS_P12_CertBag *)arg; @@ -152,7 +153,8 @@ const SecAsn1Template NSS_P12_PtrToCertBagTemplate[] = { static const SecAsn1Template * NSS_P12_CrlBagChooser( void *arg, // --> NSS_P12_CrlBag Boolean enc, - const char *buf, // on decode, tag byte + const char *buf, // on decode, tag byte and length + size_t len, void *dest) // --> NSS_P12_CertBag.bagValue { NSS_P12_CrlBag *bag = (NSS_P12_CrlBag *)arg; @@ -208,7 +210,8 @@ const SecAsn1Template NSS_P12_PtrToCrlBagTemplate[] = { static const SecAsn1Template * NSS_P12_SafeBagChooser( void *arg, // --> NSS_P12_SafeBag Boolean enc, - const char *buf, // on decode, tag byte + const char *buf, // on decode, tag byte and len + size_t len, void *dest) // --> NSS_P12_SafeBag.bagValue { NSS_P12_SafeBag *bag = (NSS_P12_SafeBag *)arg; diff --git a/OSX/libsecurity_asn1/lib/pkcs7Templates.c b/OSX/libsecurity_asn1/lib/pkcs7Templates.c index 125fd6b3..38e815dc 100644 --- a/OSX/libsecurity_asn1/lib/pkcs7Templates.c +++ b/OSX/libsecurity_asn1/lib/pkcs7Templates.c @@ -97,7 +97,8 @@ const SecAsn1Template NSS_P7_PtrToEncryptedDataTemplate[] = { static const SecAsn1Template * NSS_P7_ContentInfoChooser( void *arg, // --> NSS_P7_DecodedContentInfo Boolean enc, - const char *buf, // on decode, tag byte + const char *buf, // on decode, tag byte and length + size_t len, void *dest) // --> NSS_P7_DecodedContentInfo.content { NSS_P7_DecodedContentInfo *dci = diff --git a/OSX/libsecurity_asn1/lib/secasn1.h b/OSX/libsecurity_asn1/lib/secasn1.h index 6ff361f2..34834c5d 100644 --- a/OSX/libsecurity_asn1/lib/secasn1.h +++ b/OSX/libsecurity_asn1/lib/secasn1.h @@ -69,7 +69,7 @@ extern SEC_ASN1DecoderContext *SEC_ASN1DecoderStart(PRArenaPool *pool, * Only needed if first element will * be SEC_ASN1_DYNAMIC */ - const char *buf); + const char *buf, size_t len); /* XXX char or unsigned char? */ extern SECStatus SEC_ASN1DecoderUpdate(SEC_ASN1DecoderContext *cx, @@ -190,7 +190,7 @@ SEC_ASN1GetSubtemplate ( const SecAsn1Template *inTemplate, void *thing, PRBool encoding, - const char *buf); /* __APPLE__ addenda: for decode only */ + const char *buf, size_t len); /* __APPLE__ addenda: for decode only */ extern SecAsn1Item *sec_asn1e_allocate_item ( PRArenaPool *poolp, diff --git a/OSX/libsecurity_asn1/lib/secasn1d.c b/OSX/libsecurity_asn1/lib/secasn1d.c index aa4e6c68..d09592be 100644 --- a/OSX/libsecurity_asn1/lib/secasn1d.c +++ b/OSX/libsecurity_asn1/lib/secasn1d.c @@ -520,7 +520,8 @@ sec_asn1d_notify_after (SEC_ASN1DecoderContext *cx, void *dest, int depth) static sec_asn1d_state * sec_asn1d_init_state_based_on_template (sec_asn1d_state *state, #ifdef __APPLE__ - const char *buf /* for SEC_ASN1GetSubtemplate() */ + const char *buf, /* for SEC_ASN1GetSubtemplate() */ + size_t len #endif ) { @@ -579,7 +580,7 @@ sec_asn1d_init_state_based_on_template (sec_asn1d_state *state, state->dest, PR_FALSE); if (state != NULL) state = sec_asn1d_init_state_based_on_template (state, - buf /* __APPLE__ */); + buf /* __APPLE__ */, len /* __APPLE__ */); return state; } } @@ -708,7 +709,7 @@ sec_asn1d_init_state_based_on_template (sec_asn1d_state *state, } #endif /* __APPLE__ */ subt = SEC_ASN1GetSubtemplate (state->theTemplate, subDest, - PR_FALSE, buf /* __APPLE__ */); + PR_FALSE, buf /* __APPLE__ */, len /* __APPLE__ */); state = sec_asn1d_push_state (state->top, subt, dest, PR_FALSE); if (state == NULL) return NULL; @@ -722,7 +723,7 @@ sec_asn1d_init_state_based_on_template (sec_asn1d_state *state, #endif ) { state = sec_asn1d_init_state_based_on_template (state, - buf /* __APPLE__ */); + buf /* __APPLE__ */, len /* __APPLE__ */); if (state != NULL) { /* * If this field is optional, we need to record that on @@ -1083,7 +1084,8 @@ sec_asn1d_check_and_subtract_length (unsigned long *remaining, static void sec_asn1d_prepare_for_contents (sec_asn1d_state *state, #ifdef __APPLE__ - const char *buf /* needed for SEC_ASN1GetSubtemplate */ + const char *buf, /* needed for SEC_ASN1GetSubtemplate */ + size_t len #endif ) { @@ -1206,11 +1208,12 @@ sec_asn1d_prepare_for_contents (sec_asn1d_state *state, SEC_ASN1GetSubtemplate(state->theTemplate, state->dest, PR_FALSE, - buf /* __APPLE__ */), + buf /* __APPLE__ */, + len /* __APPLE__ */), state->dest, PR_TRUE); if (state != NULL) state = sec_asn1d_init_state_based_on_template (state, - buf /* __APPLE__ */); + buf /* __APPLE__ */, len /* __APPLE__ */); (void) state; return; } @@ -1237,7 +1240,7 @@ sec_asn1d_prepare_for_contents (sec_asn1d_state *state, state->place = duringGroup; subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->dest, - PR_FALSE, buf /* __APPLE__ */); + PR_FALSE, buf /* __APPLE__ */, len /* __APPLE__ */); state = sec_asn1d_push_state (state->top, subt, NULL, PR_TRUE); if (state != NULL) { if (!state->top->filter_only) @@ -1247,7 +1250,7 @@ sec_asn1d_prepare_for_contents (sec_asn1d_state *state, */ sec_asn1d_notify_before (state->top, state->dest, state->depth); state = sec_asn1d_init_state_based_on_template (state, - buf /* __APPLE__ */); + buf /* __APPLE__ */, len /* __APPLE__ */); } } else { /* @@ -1274,7 +1277,7 @@ sec_asn1d_prepare_for_contents (sec_asn1d_state *state, */ sec_asn1d_notify_before (state->top, state->dest, state->depth); state = sec_asn1d_init_state_based_on_template (state, - buf /* __APPLE__ */); + buf /* __APPLE__ */, len /* __APPLE__ */); } (void) state; break; @@ -1508,7 +1511,7 @@ regular_string_type: if (state != NULL) { state->substring = PR_TRUE; /* XXX propogate? */ state = sec_asn1d_init_state_based_on_template (state, - buf /* __APPLE__ */); + buf /* __APPLE__ */, len /* __APPLE__ */); } } else if (state->indefinite) { /* @@ -1666,7 +1669,8 @@ sec_asn1d_reuse_encoding (sec_asn1d_state *state) * And initialize it so it is ready to parse. */ (void) sec_asn1d_init_state_based_on_template(child, - (char *) item->Data /* __APPLE__ */); + (char *) item->Data /* __APPLE__ */, + item->Length /* __APPLE__ */); /* * Now parse that out of our data. @@ -1985,7 +1989,8 @@ sec_asn1d_next_substring (sec_asn1d_state *state) */ static void sec_asn1d_next_in_group (sec_asn1d_state *state, - const char *buf /* __APPLE__ */) + const char *buf, /* __APPLE__ */ + size_t len /* __APPLE__ */) { sec_asn1d_state *child; unsigned long child_consumed; @@ -2088,7 +2093,7 @@ sec_asn1d_next_in_group (sec_asn1d_state *state, sec_asn1d_scrub_state (child); /* Initialize child state from the template */ - sec_asn1d_init_state_based_on_template(child, buf /* __APPLE__ */); + sec_asn1d_init_state_based_on_template(child, buf /* __APPLE__ */, len /* __APPLE__ */); state->top->current = child; } @@ -2101,7 +2106,8 @@ sec_asn1d_next_in_group (sec_asn1d_state *state, */ static void sec_asn1d_next_in_sequence (sec_asn1d_state *state, - const char *buf /* __APPLE__ */) + const char *buf /* __APPLE__ */, + size_t len /*__APPLE__*/) { sec_asn1d_state *child; unsigned long child_consumed; @@ -2227,7 +2233,8 @@ sec_asn1d_next_in_sequence (sec_asn1d_state *state, } state->top->current = child; child = sec_asn1d_init_state_based_on_template (child, - buf /* __APPLE__ */); + buf /* __APPLE__ */, + len /* __APPLE__ */); if (child_missing && child) { child->place = afterIdentifier; child->found_tag_modifiers = child_found_tag_modifiers; @@ -2568,7 +2575,9 @@ sec_asn1d_pop_state (sec_asn1d_state *state) } static sec_asn1d_state * -sec_asn1d_before_choice (sec_asn1d_state *state, const char *buf /* __APPLE__ */) +sec_asn1d_before_choice (sec_asn1d_state *state, + const char *buf /* __APPLE__ */, + size_t len /* __APPLE__ */) { sec_asn1d_state *child; @@ -2595,7 +2604,7 @@ sec_asn1d_before_choice (sec_asn1d_state *state, const char *buf /* __APPLE__ */ sec_asn1d_scrub_state(child); child = sec_asn1d_init_state_based_on_template(child, - buf /* __APPLE__ */); + buf /* __APPLE__ */, len /* __APPLE__ */); if( (sec_asn1d_state *)NULL == child ) { return (sec_asn1d_state *)NULL; } @@ -2608,7 +2617,9 @@ sec_asn1d_before_choice (sec_asn1d_state *state, const char *buf /* __APPLE__ */ } static sec_asn1d_state * -sec_asn1d_during_choice (sec_asn1d_state *state, const char *buf /* __APPLE__ */) +sec_asn1d_during_choice (sec_asn1d_state *state, + const char *buf, /* __APPLE__ */ + size_t len /* __APPLE__ */) { sec_asn1d_state *child = state->child; @@ -2682,7 +2693,7 @@ sec_asn1d_during_choice (sec_asn1d_state *state, const char *buf /* __APPLE__ */ child_found_tag_modifiers = child->found_tag_modifiers; child_found_tag_number = child->found_tag_number; - child = sec_asn1d_init_state_based_on_template(child, buf /* __APPLE__*/); + child = sec_asn1d_init_state_based_on_template(child, buf /* __APPLE__*/, len /* __APPLE__ */); if( (sec_asn1d_state *)NULL == child ) { return (sec_asn1d_state *)NULL; } @@ -2860,7 +2871,7 @@ SEC_ASN1DecoderUpdate (SEC_ASN1DecoderContext *cx, what = SEC_ASN1_Length; break; case afterLength: - sec_asn1d_prepare_for_contents (state, buf); + sec_asn1d_prepare_for_contents (state, buf, len); break; case beforeBitString: consumed = sec_asn1d_parse_bit_string (state, buf, len); @@ -2872,7 +2883,7 @@ SEC_ASN1DecoderUpdate (SEC_ASN1DecoderContext *cx, sec_asn1d_next_substring (state); break; case duringGroup: - sec_asn1d_next_in_group (state, buf); + sec_asn1d_next_in_group (state, buf, len); break; case duringLeaf: consumed = sec_asn1d_parse_leaf (state, buf, len); @@ -2892,7 +2903,7 @@ SEC_ASN1DecoderUpdate (SEC_ASN1DecoderContext *cx, } break; case duringSequence: - sec_asn1d_next_in_sequence (state, buf); + sec_asn1d_next_in_sequence (state, buf, len); break; case afterConstructedString: sec_asn1d_concat_substrings (state); @@ -2923,10 +2934,10 @@ SEC_ASN1DecoderUpdate (SEC_ASN1DecoderContext *cx, sec_asn1d_pop_state (state); break; case beforeChoice: - state = sec_asn1d_before_choice(state, buf); + state = sec_asn1d_before_choice(state, buf, len); break; case duringChoice: - state = sec_asn1d_during_choice(state, buf); + state = sec_asn1d_during_choice(state, buf, len); break; case afterChoice: sec_asn1d_after_choice(state); @@ -3124,7 +3135,8 @@ SEC_ASN1DecoderStart (PRArenaPool *their_pool, void *dest, #ifdef __APPLE__ , /* only needed if first element will be SEC_ASN1_DYNAMIC */ - const char *buf + const char *buf, + size_t len /* __APPLE__ */ #endif ) { @@ -3153,7 +3165,7 @@ SEC_ASN1DecoderStart (PRArenaPool *their_pool, void *dest, if (sec_asn1d_push_state(cx, theTemplate, dest, PR_FALSE) == NULL || sec_asn1d_init_state_based_on_template (cx->current, - buf /* __APPLE__ */) == NULL) { + buf /* __APPLE__ */, len /* __APPLE__ */) == NULL) { /* * Trouble initializing (probably due to failed allocations) * requires that we just give up. @@ -3227,7 +3239,7 @@ SEC_ASN1Decode (PRArenaPool *poolp, void *dest, SECStatus urv, frv; dcx = SEC_ASN1DecoderStart (poolp, dest, theTemplate, - buf /* __APPLE__ */); + buf /* __APPLE__ */, len /* __APPLE__ */); if (dcx == NULL) return SECFailure; diff --git a/OSX/libsecurity_asn1/lib/secasn1e.c b/OSX/libsecurity_asn1/lib/secasn1e.c index 0dee92c6..e695972f 100644 --- a/OSX/libsecurity_asn1/lib/secasn1e.c +++ b/OSX/libsecurity_asn1/lib/secasn1e.c @@ -285,7 +285,7 @@ sec_asn1e_init_state_based_on_template (sec_asn1e_state *state) } subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->src, PR_TRUE, - NULL /* __APPLE__ */); + NULL /* __APPLE__ */, 0 /* __APPLE__ */); state = sec_asn1e_push_state (state->top, subt, src, PR_FALSE); if (state == NULL) return NULL; @@ -575,7 +575,7 @@ sec_asn1e_contents_length (const SecAsn1Template *theTemplate, void *src, /* XXX any bits we want to disallow (PORT_Assert against) here? */ theTemplate = SEC_ASN1GetSubtemplate (theTemplate, src, PR_TRUE, - NULL /* __APPLE__ */); + NULL /* __APPLE__ */, 0 /* __APPLE__ */); if (encode_kind & SEC_ASN1_POINTER) { /* @@ -677,7 +677,7 @@ sec_asn1e_contents_length (const SecAsn1Template *theTemplate, void *src, break; tmpt = SEC_ASN1GetSubtemplate (theTemplate, src, PR_TRUE, - NULL /* __APPLE__ */); + NULL /* __APPLE__ */, 0 /* __APPLE__ */); for (; *group != NULL; group++) { sub_src = (char *)(*group) + tmpt->offset; @@ -884,7 +884,7 @@ sec_asn1e_write_header (sec_asn1e_state *state) SEC_ASN1GetSubtemplate(state->theTemplate, state->src, PR_TRUE, - NULL /* __APPLE__ */), + NULL /* __APPLE__ */, 0 /* __APPLE__ */), state->src, PR_TRUE); if (state != NULL) state = sec_asn1e_init_state_based_on_template (state); @@ -914,7 +914,7 @@ sec_asn1e_write_header (sec_asn1e_state *state) } state->place = duringGroup; subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->src, - PR_TRUE, NULL /* __APPLE__ */); + PR_TRUE, NULL /* __APPLE__ */, 0 /* __APPLE__ */); state = sec_asn1e_push_state (state->top, subt, *group, PR_TRUE); if (state != NULL) state = sec_asn1e_init_state_based_on_template (state); diff --git a/OSX/libsecurity_asn1/lib/secasn1u.c b/OSX/libsecurity_asn1/lib/secasn1u.c index 30e630be..a48940e3 100644 --- a/OSX/libsecurity_asn1/lib/secasn1u.c +++ b/OSX/libsecurity_asn1/lib/secasn1u.c @@ -88,7 +88,8 @@ SEC_ASN1GetSubtemplate ( PRBool encoding #ifdef __APPLE__ , - const char *buf // for decode only + const char *buf, // for decode only + size_t len #endif ) { @@ -105,7 +106,7 @@ SEC_ASN1GetSubtemplate ( if (thing != NULL) { thing = (char *)thing - theTemplate->offset; } - subt = (* chooserp)(thing, encoding, buf, dest); + subt = (* chooserp)(thing, encoding, buf, len, dest); } } else { subt = (SecAsn1Template*)theTemplate->sub; diff --git a/OSX/libsecurity_cdsa_utils/lib/cuFileIo.c b/OSX/libsecurity_cdsa_utils/lib/cuFileIo.c index bb1403e0..b6181543 100644 --- a/OSX/libsecurity_cdsa_utils/lib/cuFileIo.c +++ b/OSX/libsecurity_cdsa_utils/lib/cuFileIo.c @@ -93,6 +93,7 @@ int readFile( } rtn = (int)lseek(fd, 0, SEEK_SET); if(rtn < 0) { + free(buf); goto errOut; } rtn = (int)read(fd, buf, (size_t)size); @@ -100,6 +101,7 @@ int readFile( if(rtn >= 0) { printf("readFile: short read\n"); } + free(buf); rtn = EIO; } else { diff --git a/OSX/libsecurity_codesigning/lib/evaluationmanager.cpp b/OSX/libsecurity_codesigning/lib/evaluationmanager.cpp index d64d6e1a..bb513fb3 100644 --- a/OSX/libsecurity_codesigning/lib/evaluationmanager.cpp +++ b/OSX/libsecurity_codesigning/lib/evaluationmanager.cpp @@ -258,8 +258,6 @@ void EvaluationTask::waitForCompletion(SecAssessmentFlags flags, CFMutableDictio CFDictionaryAddValue(result, key, value); }); })); - - if (mExceptionToRethrow) std::rethrow_exception(mExceptionToRethrow); } @@ -341,9 +339,15 @@ EvaluationTask *EvaluationManager::evaluationTask(PolicyEngine *engine, CFURLRef } -void EvaluationManager::waitForCompletion(EvaluationTask *task, SecAssessmentFlags flags, CFMutableDictionaryRef result) +void EvaluationManager::finalizeTask(EvaluationTask *task, SecAssessmentFlags flags, CFMutableDictionaryRef result) { task->waitForCompletion(flags, result); + + std::exception_ptr pendingException = task->mExceptionToRethrow; + + removeTask(task); + + if (pendingException) std::rethrow_exception(pendingException); } diff --git a/OSX/libsecurity_codesigning/lib/evaluationmanager.h b/OSX/libsecurity_codesigning/lib/evaluationmanager.h index bad99dc4..100fa2ea 100644 --- a/OSX/libsecurity_codesigning/lib/evaluationmanager.h +++ b/OSX/libsecurity_codesigning/lib/evaluationmanager.h @@ -43,14 +43,16 @@ public: static EvaluationManager *globalManager(); EvaluationTask *evaluationTask(PolicyEngine *engine, CFURLRef path, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context, CFMutableDictionaryRef result); - void waitForCompletion(EvaluationTask *task, SecAssessmentFlags flags, CFMutableDictionaryRef result); - void removeTask(EvaluationTask *task); + void finalizeTask(EvaluationTask *task, SecAssessmentFlags flags, CFMutableDictionaryRef result); private: CFCopyRef mCurrentEvaluations; + EvaluationManager(); ~EvaluationManager(); + void removeTask(EvaluationTask *task); + dispatch_queue_t mListLockQueue; }; diff --git a/OSX/libsecurity_codesigning/lib/policyengine.cpp b/OSX/libsecurity_codesigning/lib/policyengine.cpp index f5b9cb29..08239439 100644 --- a/OSX/libsecurity_codesigning/lib/policyengine.cpp +++ b/OSX/libsecurity_codesigning/lib/policyengine.cpp @@ -92,8 +92,7 @@ void PolicyEngine::evaluate(CFURLRef path, AuthorityType type, SecAssessmentFlag // perform the evaluation EvaluationTask *evaluationTask = evaluationManager->evaluationTask(this, path, type, flags, context, result); - evaluationManager->waitForCompletion(evaluationTask, flags, result); - evaluationManager->removeTask(evaluationTask); + evaluationManager->finalizeTask(evaluationTask, flags, result); // if rejected, reset the automatic rearm timer if (CFDictionaryGetValue(result, kSecAssessmentAssessmentVerdict) == kCFBooleanFalse) diff --git a/OSX/libsecurity_keychain/lib/KCEventNotifier.cpp b/OSX/libsecurity_keychain/lib/KCEventNotifier.cpp index fd78da60..746bab58 100644 --- a/OSX/libsecurity_keychain/lib/KCEventNotifier.cpp +++ b/OSX/libsecurity_keychain/lib/KCEventNotifier.cpp @@ -69,11 +69,14 @@ void KCEventNotifier::PostKeychainEvent(SecKeychainEvent whichEvent, // flatten the dictionary CssmData data; nvd.Export (data); - - SecurityServer::ClientSession cs (Allocator::standard(), Allocator::standard()); - cs.postNotification (SecurityServer::kNotificationDomainDatabase, whichEvent, data); - secdebug("kcnotify", "KCEventNotifier::PostKeychainEvent posted event %u", (unsigned int) whichEvent); + /* enforce a maximum size of 16k for notifications */ + if (data.length() <= 16384) { + SecurityServer::ClientSession cs (Allocator::standard(), Allocator::standard()); + cs.postNotification (SecurityServer::kNotificationDomainDatabase, whichEvent, data); + + secdebug("kcnotify", "KCEventNotifier::PostKeychainEvent posted event %u", (unsigned int) whichEvent); + } free (data.data ()); } diff --git a/OSX/libsecurity_keychain/lib/SecKeychain.cpp b/OSX/libsecurity_keychain/lib/SecKeychain.cpp index fe9caaef..8a48d3f2 100644 --- a/OSX/libsecurity_keychain/lib/SecKeychain.cpp +++ b/OSX/libsecurity_keychain/lib/SecKeychain.cpp @@ -237,7 +237,9 @@ OSStatus SecKeychainResetLogin(UInt32 passwordLength, const void* password, Bool } if ( userName.length() == 0 ) // did we ultimately get one? MacOSError::throwMe(errAuthorizationInternal); - + + SecurityServer::ClientSession().resetKeyStorePassphrase(password ? CssmData(const_cast(password), passwordLength) : CssmData()); + if (password) { // Clear the plist and move aside (rename) the existing login.keychain @@ -257,8 +259,6 @@ OSStatus SecKeychainResetLogin(UInt32 passwordLength, const void* password, Bool globals().storageManager.makeLoginAuthUI(NULL); } - SecurityServer::ClientSession().resetKeyStorePassphrase(password ? CssmData(const_cast(password), passwordLength) : CssmData()); - // Post a "list changed" event after a reset, so apps can refresh their list. // Make sure we are not holding mLock when we post this event. KCEventNotifier::PostKeychainEvent(kSecKeychainListChangedEvent); diff --git a/OSX/libsecurity_keychain/lib/SecPolicy.cpp b/OSX/libsecurity_keychain/lib/SecPolicy.cpp index 88c4f81c..269db0b1 100644 --- a/OSX/libsecurity_keychain/lib/SecPolicy.cpp +++ b/OSX/libsecurity_keychain/lib/SecPolicy.cpp @@ -910,6 +910,15 @@ SecPolicyRef SecPolicyCreateOSXProvisioningProfileSigning(void) } #endif + +#if !SECTRUST_OSX +/* new in 10.11 */ +SecPolicyRef SecPolicyCreateAppleATVVPNProfileSigning(void) +{ + return _SecPolicyCreateWithOID(kSecPolicyAppleX509Basic); +} +#endif + #if !SECTRUST_OSX SecPolicyRef SecPolicyCreateAppleSSLService(CFStringRef hostname) { @@ -972,6 +981,7 @@ SecPolicyCreateAppleTimeStampingAndRevocationPolicies(CFTypeRef policyOrArray) resultPolicyArray=appleTimeStampingPolicies.yield(); } catch (...) { + syslog(LOG_ERR, "SecPolicyCreateAppleTimeStampingAndRevocationPolicies: unable to create policy array"); CFReleaseNull(resultPolicyArray); }; #else diff --git a/OSX/libsecurity_keychain/lib/SecPolicyPriv.h b/OSX/libsecurity_keychain/lib/SecPolicyPriv.h index 599ca35d..0612aa33 100644 --- a/OSX/libsecurity_keychain/lib/SecPolicyPriv.h +++ b/OSX/libsecurity_keychain/lib/SecPolicyPriv.h @@ -58,6 +58,7 @@ extern "C" { @constant kSecPolicyAppleATVAppSigning @constant kSecPolicyAppleTestATVAppSigning @constant kSecPolicyAppleOSXProvisioningProfileSigning + @constant kSecPolicyAppleATVVPNProfileSigning */ extern const CFStringRef kSecPolicyAppleMobileStore @@ -98,6 +99,8 @@ extern const CFStringRef kSecPolicyAppleTestATVAppSigning __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); extern const CFStringRef kSecPolicyAppleOSXProvisioningProfileSigning __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); +extern const CFStringRef kSecPolicyAppleATVVPNProfileSigning + __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); /*! @function SecPolicyCopy @@ -233,6 +236,16 @@ SecPolicyRef SecPolicyCreateApplePayIssuerEncryption(void) */ SecPolicyRef SecPolicyCreateOSXProvisioningProfileSigning(void) __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); + + +/*! + @function SecPolicyCreateAppleATVVPNProfileSigning + @abstract Check for leaf marker OID 1.2.840.113635.100.6.43, + intermediate marker OID 1.2.840.113635.100.6.2.10, + chains to Apple Root CA, path length 3 + */ +SecPolicyRef SecPolicyCreateAppleATVVPNProfileSigning(void) + __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); #if defined(__cplusplus) } diff --git a/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp b/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp index c200f926..5e292c98 100644 --- a/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp +++ b/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp @@ -462,46 +462,6 @@ static OSStatus _tsEnsuredInitialized(void) } return status; } - -#define APPNAMEWORKAROUND_KEY CFSTR("WorkaroundAppNames") -#define APPNAMEWORKAROUND_DOMAIN CFSTR("com.apple.security") - -static bool tsCheckAppNameWorkaround(const char *name) -{ - bool result = false; - CFIndex idx, count; - CFStringRef str = - CFStringCreateWithCString (NULL, name, kCFStringEncodingUTF8); - CFArrayRef value = (CFArrayRef) - CFPreferencesCopyValue (APPNAMEWORKAROUND_KEY, - APPNAMEWORKAROUND_DOMAIN, - kCFPreferencesCurrentUser, - kCFPreferencesAnyHost); - if (!str || !value || - !(CFArrayGetTypeID() == CFGetTypeID(value))) { - goto cleanup; - } - count = CFArrayGetCount(value); - for (idx = 0; idx < count; idx++) { - CFStringRef appstr = (CFStringRef) CFArrayGetValueAtIndex(value, idx); - if (!(appstr) || !(CFStringGetTypeID() == CFGetTypeID(appstr))) { - continue; - } - if (!CFStringCompare(str, appstr, 0)) { - result = true; - break; - } - } - -cleanup: - if (str) { - CFRelease(str); - } - if (value) { - CFRelease(value); - } - return result; -} #endif static void tsAddConditionalCerts(CFMutableArrayRef certArray) @@ -515,14 +475,8 @@ static void tsAddConditionalCerts(CFMutableArrayRef certArray) if (!certArray) { return; } - pid_t pid = getpid(); - char pathbuf[PROC_PIDPATHINFO_MAXSIZE]; - int ret = proc_name(pid, pathbuf, sizeof(pathbuf)); - if (ret <= 0) { return; } - OSStatus status = _tsEnsuredInitialized(); - if ((status == 0 && sCSCheckFix_f(CFSTR("21946795"))) || - tsCheckAppNameWorkaround(pathbuf)) { + if (status == 0 && sCSCheckFix_f(CFSTR("21946795"))) { // conditionally include these 1024-bit roots const certmap_entry_t certmap[] = { { _EquifaxSecureCA, sizeof(_EquifaxSecureCA) }, diff --git a/OSX/libsecurity_keychain/lib/SecTrustSettingsCertificates.h b/OSX/libsecurity_keychain/lib/SecTrustSettingsCertificates.h index 3ea79fa2..f4814eae 100644 --- a/OSX/libsecurity_keychain/lib/SecTrustSettingsCertificates.h +++ b/OSX/libsecurity_keychain/lib/SecTrustSettingsCertificates.h @@ -35,6 +35,166 @@ #ifndef _SEC_TRUST_SETTINGS_CERTIFICATES_H_ #define _SEC_TRUST_SETTINGS_CERTIFICATES_H_ +#if 0 +/* SHA1 Fingerprint=4D:34:EA:92:76:4B:3A:31:49:11:99:52:F4:19:30:CA:11:34:83:61 */ +/* subject:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */ +/* issuer :/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root */ +/* 2048-bit RSA */ +unsigned char _BaltimoreCyberTrustCSICA[1049]={ +0x30,0x82,0x04,0x15,0x30,0x82,0x03,0x7E,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x07, +0x27,0x8E,0xED,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05, +0x05,0x00,0x30,0x75,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55, +0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0A,0x13,0x0F,0x47,0x54,0x45,0x20, +0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x27,0x30,0x25,0x06, +0x03,0x55,0x04,0x0B,0x13,0x1E,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54, +0x72,0x75,0x73,0x74,0x20,0x53,0x6F,0x6C,0x75,0x74,0x69,0x6F,0x6E,0x73,0x2C,0x20, +0x49,0x6E,0x63,0x2E,0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13,0x1A,0x47, +0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x47,0x6C, +0x6F,0x62,0x61,0x6C,0x20,0x52,0x6F,0x6F,0x74,0x30,0x1E,0x17,0x0D,0x31,0x32,0x30, +0x34,0x31,0x38,0x31,0x36,0x33,0x36,0x31,0x38,0x5A,0x17,0x0D,0x31,0x38,0x30,0x38, +0x31,0x33,0x31,0x36,0x33,0x35,0x31,0x37,0x5A,0x30,0x5A,0x31,0x0B,0x30,0x09,0x06, +0x03,0x55,0x04,0x06,0x13,0x02,0x49,0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04, +0x0A,0x13,0x09,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x31,0x13,0x30,0x11, +0x06,0x03,0x55,0x04,0x0B,0x13,0x0A,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73, +0x74,0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6C,0x74, +0x69,0x6D,0x6F,0x72,0x65,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74, +0x20,0x52,0x6F,0x6F,0x74,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, +0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01, +0x0A,0x02,0x82,0x01,0x01,0x00,0xA3,0x04,0xBB,0x22,0xAB,0x98,0x3D,0x57,0xE8,0x26, +0x72,0x9A,0xB5,0x79,0xD4,0x29,0xE2,0xE1,0xE8,0x95,0x80,0xB1,0xB0,0xE3,0x5B,0x8E, +0x2B,0x29,0x9A,0x64,0xDF,0xA1,0x5D,0xED,0xB0,0x09,0x05,0x6D,0xDB,0x28,0x2E,0xCE, +0x62,0xA2,0x62,0xFE,0xB4,0x88,0xDA,0x12,0xEB,0x38,0xEB,0x21,0x9D,0xC0,0x41,0x2B, +0x01,0x52,0x7B,0x88,0x77,0xD3,0x1C,0x8F,0xC7,0xBA,0xB9,0x88,0xB5,0x6A,0x09,0xE7, +0x73,0xE8,0x11,0x40,0xA7,0xD1,0xCC,0xCA,0x62,0x8D,0x2D,0xE5,0x8F,0x0B,0xA6,0x50, +0xD2,0xA8,0x50,0xC3,0x28,0xEA,0xF5,0xAB,0x25,0x87,0x8A,0x9A,0x96,0x1C,0xA9,0x67, +0xB8,0x3F,0x0C,0xD5,0xF7,0xF9,0x52,0x13,0x2F,0xC2,0x1B,0xD5,0x70,0x70,0xF0,0x8F, +0xC0,0x12,0xCA,0x06,0xCB,0x9A,0xE1,0xD9,0xCA,0x33,0x7A,0x77,0xD6,0xF8,0xEC,0xB9, +0xF1,0x68,0x44,0x42,0x48,0x13,0xD2,0xC0,0xC2,0xA4,0xAE,0x5E,0x60,0xFE,0xB6,0xA6, +0x05,0xFC,0xB4,0xDD,0x07,0x59,0x02,0xD4,0x59,0x18,0x98,0x63,0xF5,0xA5,0x63,0xE0, +0x90,0x0C,0x7D,0x5D,0xB2,0x06,0x7A,0xF3,0x85,0xEA,0xEB,0xD4,0x03,0xAE,0x5E,0x84, +0x3E,0x5F,0xFF,0x15,0xED,0x69,0xBC,0xF9,0x39,0x36,0x72,0x75,0xCF,0x77,0x52,0x4D, +0xF3,0xC9,0x90,0x2C,0xB9,0x3D,0xE5,0xC9,0x23,0x53,0x3F,0x1F,0x24,0x98,0x21,0x5C, +0x07,0x99,0x29,0xBD,0xC6,0x3A,0xEC,0xE7,0x6E,0x86,0x3A,0x6B,0x97,0x74,0x63,0x33, +0xBD,0x68,0x18,0x31,0xF0,0x78,0x8D,0x76,0xBF,0xFC,0x9E,0x8E,0x5D,0x2A,0x86,0xA7, +0x4D,0x90,0xDC,0x27,0x1A,0x39,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x47,0x30, +0x82,0x01,0x43,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30, +0x06,0x01,0x01,0xFF,0x02,0x01,0x03,0x30,0x4A,0x06,0x03,0x55,0x1D,0x20,0x04,0x43, +0x30,0x41,0x30,0x3F,0x06,0x04,0x55,0x1D,0x20,0x00,0x30,0x37,0x30,0x35,0x06,0x08, +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x29,0x68,0x74,0x74,0x70,0x3A,0x2F, +0x2F,0x63,0x79,0x62,0x65,0x72,0x74,0x72,0x75,0x73,0x74,0x2E,0x6F,0x6D,0x6E,0x69, +0x72,0x6F,0x6F,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74, +0x6F,0x72,0x79,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03, +0x02,0x01,0x06,0x30,0x81,0x89,0x06,0x03,0x55,0x1D,0x23,0x04,0x81,0x81,0x30,0x7F, +0xA1,0x79,0xA4,0x77,0x30,0x75,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13, +0x02,0x55,0x53,0x31,0x18,0x30,0x16,0x06,0x03,0x55,0x04,0x0A,0x13,0x0F,0x47,0x54, +0x45,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x27,0x30, +0x25,0x06,0x03,0x55,0x04,0x0B,0x13,0x1E,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65, +0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x53,0x6F,0x6C,0x75,0x74,0x69,0x6F,0x6E,0x73, +0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x23,0x30,0x21,0x06,0x03,0x55,0x04,0x03,0x13, +0x1A,0x47,0x54,0x45,0x20,0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20, +0x47,0x6C,0x6F,0x62,0x61,0x6C,0x20,0x52,0x6F,0x6F,0x74,0x82,0x02,0x01,0xA5,0x30, +0x45,0x06,0x03,0x55,0x1D,0x1F,0x04,0x3E,0x30,0x3C,0x30,0x3A,0xA0,0x38,0xA0,0x36, +0x86,0x34,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x70,0x75,0x62, +0x6C,0x69,0x63,0x2D,0x74,0x72,0x75,0x73,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x67, +0x69,0x2D,0x62,0x69,0x6E,0x2F,0x43,0x52,0x4C,0x2F,0x32,0x30,0x31,0x38,0x2F,0x63, +0x64,0x70,0x2E,0x63,0x72,0x6C,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D, +0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x93,0x1D,0xFE,0x8B,0xAE,0x46,0xEC, +0xCB,0xA9,0x0F,0xAB,0xE5,0xEF,0xCA,0xB2,0x68,0x16,0x68,0xD8,0x8F,0xFA,0x13,0xA9, +0xAF,0xB3,0xCB,0x2D,0xE7,0x4B,0x6E,0x8E,0x69,0x2A,0xC2,0x2B,0x10,0x0A,0x8D,0xF6, +0xAE,0x73,0xB6,0xB9,0xFB,0x14,0xFD,0x5F,0x6D,0xB8,0x50,0xB6,0xC4,0x8A,0xD6,0x40, +0x7E,0xD7,0xC3,0xCB,0x73,0xDC,0xC9,0x5D,0x5B,0xAF,0xB0,0x41,0xB5,0x37,0xEB,0xEA, +0xDC,0x20,0x91,0xC4,0x34,0x6A,0xF4,0xA1,0xF3,0x96,0x9D,0x37,0x86,0x97,0xE1,0x71, +0xA4,0xDD,0x7D,0xFA,0x44,0x84,0x94,0xAE,0xD7,0x09,0x04,0x22,0x76,0x0F,0x64,0x51, +0x35,0xA9,0x24,0x0F,0xF9,0x0B,0xDB,0x32,0xDA,0xC2,0xFE,0xC1,0xB9,0x2A,0x5C,0x7A, +0x27,0x13,0xCA,0xB1,0x48,0x3A,0x71,0xD0,0x43, +}; + +/* SHA1 Fingerprint=32:F3:08:82:62:2B:87:CF:88:56:C6:3D:B8:73:DF:08:53:B4:DD:27 */ +/* subject:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 */ +/* issuer :/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority */ +/* 2048-bit RSA */ +unsigned char _VeriSignG5CSICA[1236]={ +0x30,0x82,0x04,0xD0,0x30,0x82,0x04,0x39,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x25, +0x0C,0xE8,0xE0,0x30,0x61,0x2E,0x9F,0x2B,0x89,0xF7,0x05,0x4D,0x7C,0xF8,0xFD,0x30, +0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x5F, +0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30, +0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E, +0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x37,0x30,0x35,0x06,0x03,0x55,0x04,0x0B,0x13, +0x2E,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,0x50,0x75,0x62,0x6C,0x69,0x63,0x20, +0x50,0x72,0x69,0x6D,0x61,0x72,0x79,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, +0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30, +0x1E,0x17,0x0D,0x30,0x36,0x31,0x31,0x30,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5A, +0x17,0x0D,0x32,0x31,0x31,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30, +0x81,0xCA,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31, +0x17,0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69, +0x67,0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04, +0x0B,0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73, +0x74,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3A,0x30,0x38,0x06,0x03,0x55, +0x04,0x0B,0x13,0x31,0x28,0x63,0x29,0x20,0x32,0x30,0x30,0x36,0x20,0x56,0x65,0x72, +0x69,0x53,0x69,0x67,0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x20,0x2D,0x20,0x46,0x6F, +0x72,0x20,0x61,0x75,0x74,0x68,0x6F,0x72,0x69,0x7A,0x65,0x64,0x20,0x75,0x73,0x65, +0x20,0x6F,0x6E,0x6C,0x79,0x31,0x45,0x30,0x43,0x06,0x03,0x55,0x04,0x03,0x13,0x3C, +0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33, +0x20,0x50,0x75,0x62,0x6C,0x69,0x63,0x20,0x50,0x72,0x69,0x6D,0x61,0x72,0x79,0x20, +0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75, +0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x2D,0x20,0x47,0x35,0x30,0x82,0x01,0x22, +0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03, +0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xAF,0x24,0x08, +0x08,0x29,0x7A,0x35,0x9E,0x60,0x0C,0xAA,0xE7,0x4B,0x3B,0x4E,0xDC,0x7C,0xBC,0x3C, +0x45,0x1C,0xBB,0x2B,0xE0,0xFE,0x29,0x02,0xF9,0x57,0x08,0xA3,0x64,0x85,0x15,0x27, +0xF5,0xF1,0xAD,0xC8,0x31,0x89,0x5D,0x22,0xE8,0x2A,0xAA,0xA6,0x42,0xB3,0x8F,0xF8, +0xB9,0x55,0xB7,0xB1,0xB7,0x4B,0xB3,0xFE,0x8F,0x7E,0x07,0x57,0xEC,0xEF,0x43,0xDB, +0x66,0x62,0x15,0x61,0xCF,0x60,0x0D,0xA4,0xD8,0xDE,0xF8,0xE0,0xC3,0x62,0x08,0x3D, +0x54,0x13,0xEB,0x49,0xCA,0x59,0x54,0x85,0x26,0xE5,0x2B,0x8F,0x1B,0x9F,0xEB,0xF5, +0xA1,0x91,0xC2,0x33,0x49,0xD8,0x43,0x63,0x6A,0x52,0x4B,0xD2,0x8F,0xE8,0x70,0x51, +0x4D,0xD1,0x89,0x69,0x7B,0xC7,0x70,0xF6,0xB3,0xDC,0x12,0x74,0xDB,0x7B,0x5D,0x4B, +0x56,0xD3,0x96,0xBF,0x15,0x77,0xA1,0xB0,0xF4,0xA2,0x25,0xF2,0xAF,0x1C,0x92,0x67, +0x18,0xE5,0xF4,0x06,0x04,0xEF,0x90,0xB9,0xE4,0x00,0xE4,0xDD,0x3A,0xB5,0x19,0xFF, +0x02,0xBA,0xF4,0x3C,0xEE,0xE0,0x8B,0xEB,0x37,0x8B,0xEC,0xF4,0xD7,0xAC,0xF2,0xF6, +0xF0,0x3D,0xAF,0xDD,0x75,0x91,0x33,0x19,0x1D,0x1C,0x40,0xCB,0x74,0x24,0x19,0x21, +0x93,0xD9,0x14,0xFE,0xAC,0x2A,0x52,0xC7,0x8F,0xD5,0x04,0x49,0xE4,0x8D,0x63,0x47, +0x88,0x3C,0x69,0x83,0xCB,0xFE,0x47,0xBD,0x2B,0x7E,0x4F,0xC5,0x95,0xAE,0x0E,0x9D, +0xD4,0xD1,0x43,0xC0,0x67,0x73,0xE3,0x14,0x08,0x7E,0xE5,0x3F,0x9F,0x73,0xB8,0x33, +0x0A,0xCF,0x5D,0x3F,0x34,0x87,0x96,0x8A,0xEE,0x53,0xE8,0x25,0x15,0x02,0x03,0x01, +0x00,0x01,0xA3,0x82,0x01,0x9B,0x30,0x82,0x01,0x97,0x30,0x0F,0x06,0x03,0x55,0x1D, +0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x31,0x06,0x03,0x55, +0x1D,0x1F,0x04,0x2A,0x30,0x28,0x30,0x26,0xA0,0x24,0xA0,0x22,0x86,0x20,0x68,0x74, +0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67, +0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x70,0x63,0x61,0x33,0x2E,0x63,0x72,0x6C,0x30,0x0E, +0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x3D, +0x06,0x03,0x55,0x1D,0x20,0x04,0x36,0x30,0x34,0x30,0x32,0x06,0x04,0x55,0x1D,0x20, +0x00,0x30,0x2A,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16, +0x1C,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,0x65,0x72, +0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,0x30,0x1D,0x06, +0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x7F,0xD3,0x65,0xA7,0xC2,0xDD,0xEC,0xBB, +0xF0,0x30,0x09,0xF3,0x43,0x39,0xFA,0x02,0xAF,0x33,0x31,0x33,0x30,0x6D,0x06,0x08, +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0C,0x04,0x61,0x30,0x5F,0xA1,0x5D,0xA0,0x5B, +0x30,0x59,0x30,0x57,0x30,0x55,0x16,0x09,0x69,0x6D,0x61,0x67,0x65,0x2F,0x67,0x69, +0x66,0x30,0x21,0x30,0x1F,0x30,0x07,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A,0x04,0x14, +0x8F,0xE5,0xD3,0x1A,0x86,0xAC,0x8D,0x8E,0x6B,0xC3,0xCF,0x80,0x6A,0xD4,0x48,0x18, +0x2C,0x7B,0x19,0x2E,0x30,0x25,0x16,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6C, +0x6F,0x67,0x6F,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D, +0x2F,0x76,0x73,0x6C,0x6F,0x67,0x6F,0x2E,0x67,0x69,0x66,0x30,0x34,0x06,0x08,0x2B, +0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x28,0x30,0x26,0x30,0x24,0x06,0x08,0x2B, +0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x18,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F, +0x6F,0x63,0x73,0x70,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F, +0x6D,0x30,0x3E,0x06,0x03,0x55,0x1D,0x25,0x04,0x37,0x30,0x35,0x06,0x08,0x2B,0x06, +0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, +0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,0x06,0x09,0x60,0x86,0x48,0x01, +0x86,0xF8,0x42,0x04,0x01,0x06,0x0A,0x60,0x86,0x48,0x01,0x86,0xF8,0x45,0x01,0x08, +0x01,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00, +0x03,0x81,0x81,0x00,0x13,0x02,0xDD,0xF8,0xE8,0x86,0x00,0xF2,0x5A,0xF8,0xF8,0x20, +0x0C,0x59,0x88,0x62,0x07,0xCE,0xCE,0xF7,0x4E,0xF9,0xBB,0x59,0xA1,0x98,0xE5,0xE1, +0x38,0xDD,0x4E,0xBC,0x66,0x18,0xD3,0xAD,0xEB,0x18,0xF2,0x0D,0xC9,0x6D,0x3E,0x4A, +0x94,0x20,0xC3,0x3C,0xBA,0xBD,0x65,0x54,0xC6,0xAF,0x44,0xB3,0x10,0xAD,0x2C,0x6B, +0x3E,0xAB,0xD7,0x07,0xB6,0xB8,0x81,0x63,0xC5,0xF9,0x5E,0x2E,0xE5,0x2A,0x67,0xCE, +0xCD,0x33,0x0C,0x2A,0xD7,0x89,0x56,0x03,0x23,0x1F,0xB3,0xBE,0xE8,0x3A,0x08,0x59, +0xB4,0xEC,0x45,0x35,0xF7,0x8A,0x5B,0xFF,0x66,0xCF,0x50,0xAF,0xC6,0x6D,0x57,0x8D, +0x19,0x78,0xB7,0xB9,0xA2,0xD1,0x57,0xEA,0x1F,0x9A,0x4B,0xAF,0xBA,0xC9,0x8E,0x12, +0x7E,0xC6,0xBD,0xFF, +}; +#endif + /* SHA1 Fingerprint=D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A */ /* subject:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority */ /* issuer :/C=US/O=Equifax/OU=Equifax Secure Certificate Authority */ diff --git a/OSX/libsecurity_keychain/lib/security_keychain.exp b/OSX/libsecurity_keychain/lib/security_keychain.exp index 9069b7c8..8b6b9269 100644 --- a/OSX/libsecurity_keychain/lib/security_keychain.exp +++ b/OSX/libsecurity_keychain/lib/security_keychain.exp @@ -216,6 +216,7 @@ _kSecPolicyAppleATVAppSigning _kSecPolicyAppleTestATVAppSigning _kSecPolicyApplePayIssuerEncryption _kSecPolicyAppleOSXProvisioningProfileSigning +_kSecPolicyAppleATVVPNProfileSigning _kSecPolicyOid _kSecPolicyName _kSecPolicyClient @@ -635,6 +636,7 @@ _SecPolicyCreateAppleMMCSService _SecPolicyCreateApplePPQService _SecPolicyCreateAppleATVAppSigning _SecPolicyCreateTestAppleATVAppSigning +_SecPolicyCreateAppleATVVPNProfileSigning _SecPolicyCreateApplePayIssuerEncryption _SecPolicyCreateAppleSSLService _SecPolicyCreateBasicX509 diff --git a/OSX/libsecurity_keychain/libDER/libDER/oids.c b/OSX/libsecurity_keychain/libDER/libDER/oids.c index 23c70d05..d6f28263 100644 --- a/OSX/libsecurity_keychain/libDER/libDER/oids.c +++ b/OSX/libsecurity_keychain/libDER/libDER/oids.c @@ -310,6 +310,9 @@ /* (note this OID is unfortunately used as a cert extension even though it's under the EKU arc) */ #define APPLE_CERT_EXT_OSX_PROVISIONING_PROFILE_SIGNING APPLE_EKU_OID, 11 +/* AppleTV VPN Profile Signing 1.2.840.113635.100.6.43 */ +#define APPLE_CERT_EXT_APPLE_ATV_VPN_PROFILE_SIGNING APPLE_CERT_EXT, 43 + /* * Netscape OIDs. */ @@ -534,6 +537,7 @@ __unused static const DERByte _oidGoogleOCSPSignedCertificateTimestamp[] = {GOOGLE_OCSP_SCT_OID}, _oidAppleCertExtATVAppSigningTest[] = {APPLE_ATV_APP_SIGNING_OID_TEST}, _oidAppleCertExtATVAppSigningProd[] = {APPLE_ATV_APP_SIGNING_OID}, + _oidAppleCertExtATVVPNProfileSigning[] = {APPLE_CERT_EXT_APPLE_ATV_VPN_PROFILE_SIGNING}, _oidAppleCertExtCryptoServicesExtEncryption[] = {APPLE_CERT_EXT_CRYPTO_SERVICES_EXT_ENCRYPTION}; __unused const DERItem @@ -718,6 +722,8 @@ __unused const DERItem sizeof(_oidAppleCertExtATVAppSigningProd)}, oidAppleCertExtATVAppSigningTest = { (DERByte *)_oidAppleCertExtATVAppSigningTest, sizeof(_oidAppleCertExtATVAppSigningTest)}, + oidAppleCertExtATVVPNProfileSigning = { (DERByte *) _oidAppleCertExtATVVPNProfileSigning, + sizeof(_oidAppleCertExtATVVPNProfileSigning)}, oidAppleCertExtCryptoServicesExtEncryption = { (DERByte *)_oidAppleCertExtCryptoServicesExtEncryption, sizeof(_oidAppleCertExtCryptoServicesExtEncryption)}; diff --git a/OSX/libsecurity_keychain/libDER/libDER/oidsPriv.h b/OSX/libsecurity_keychain/libDER/libDER/oidsPriv.h index 010b6812..8834d9ca 100644 --- a/OSX/libsecurity_keychain/libDER/libDER/oidsPriv.h +++ b/OSX/libsecurity_keychain/libDER/libDER/oidsPriv.h @@ -76,6 +76,7 @@ extern const DERItem oidAppleCertExtApplePPQSigningTest, oidAppleCertExtATVAppSigningProd, oidAppleCertExtATVAppSigningTest, + oidAppleCertExtATVVPNProfileSigning, oidAppleCertExtCryptoServicesExtEncryption; /* Compare two decoded OIDs. Returns true iff they are equivalent. */ diff --git a/OSX/libsecurity_keychain/libsecurity_keychain.xcodeproj/project.pbxproj b/OSX/libsecurity_keychain/libsecurity_keychain.xcodeproj/project.pbxproj index 7c315971..72226efb 100644 --- a/OSX/libsecurity_keychain/libsecurity_keychain.xcodeproj/project.pbxproj +++ b/OSX/libsecurity_keychain/libsecurity_keychain.xcodeproj/project.pbxproj @@ -111,7 +111,7 @@ BE50AE680F687AB900D28C54 /* TrustAdditions.h in Headers */ = {isa = PBXBuildFile; fileRef = BE50AE660F687AB900D28C54 /* TrustAdditions.h */; }; BEA830070EB17344001CA937 /* SecItemConstants.c in Sources */ = {isa = PBXBuildFile; fileRef = BEE897100A62CDD800BF88A5 /* SecItemConstants.c */; }; BECE5141106B056C0091E644 /* TrustKeychains.h in Headers */ = {isa = PBXBuildFile; fileRef = BECE5140106B056C0091E644 /* TrustKeychains.h */; settings = {ATTRIBUTES = (); }; }; - BED2BCA21B96217B006CF43A /* si-20-sectrust-provisioning.c in Sources */ = {isa = PBXBuildFile; fileRef = BED2BCA11B96217B006CF43A /* si-20-sectrust-provisioning.c */; settings = {ASSET_TAGS = (); }; }; + BED2BCA21B96217B006CF43A /* si-20-sectrust-provisioning.c in Sources */ = {isa = PBXBuildFile; fileRef = BED2BCA11B96217B006CF43A /* si-20-sectrust-provisioning.c */; }; BEE896E20A61F0BB00BF88A5 /* SecItem.h in Headers */ = {isa = PBXBuildFile; fileRef = BEE896E00A61F0BB00BF88A5 /* SecItem.h */; settings = {ATTRIBUTES = (); }; }; BEE896E30A61F0BB00BF88A5 /* SecItemPriv.h in Headers */ = {isa = PBXBuildFile; fileRef = BEE896E10A61F0BB00BF88A5 /* SecItemPriv.h */; settings = {ATTRIBUTES = (); }; }; BEE896E70A61F12300BF88A5 /* SecItem.cpp in Sources */ = {isa = PBXBuildFile; fileRef = BEE896E60A61F12300BF88A5 /* SecItem.cpp */; }; @@ -157,6 +157,7 @@ C2AA2C22052E099D006D0211 /* TrustStore.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2AA2BB2052E099D006D0211 /* TrustStore.cpp */; }; C2FD26380731CEFB0027896A /* defaultcreds.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C2FD26370731CEE60027896A /* defaultcreds.cpp */; }; C429431E053B2F8B00470431 /* KCUtilities.cpp in Sources */ = {isa = PBXBuildFile; fileRef = C429431C053B2F8B00470431 /* KCUtilities.cpp */; }; + D4A2FC821BC8A65B00BF6E56 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = D4A2FC811BC8A65B00BF6E56 /* Security.framework */; }; D6095E960A94F17C0026C68B /* KCEventNotifier.cpp in Sources */ = {isa = PBXBuildFile; fileRef = D6E1457B0A632A5A008AA7E8 /* KCEventNotifier.cpp */; }; F92321381ACF69EE00634C21 /* si-34-one-true-keychain.c in Sources */ = {isa = PBXBuildFile; fileRef = F92321371ACF69EE00634C21 /* si-34-one-true-keychain.c */; }; /* End PBXBuildFile section */ @@ -420,6 +421,7 @@ C429431D053B2F8B00470431 /* KCUtilities.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = KCUtilities.h; sourceTree = ""; }; C4A397A1053B1D50000E1B34 /* SecKeychainPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKeychainPriv.h; sourceTree = ""; }; C4A397FA053B21F9000E1B34 /* SecKeychainItemPriv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecKeychainItemPriv.h; sourceTree = ""; }; + D4A2FC811BC8A65B00BF6E56 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = System/Library/Frameworks/Security.framework; sourceTree = SDKROOT; }; D6E1457B0A632A5A008AA7E8 /* KCEventNotifier.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = KCEventNotifier.cpp; sourceTree = ""; }; D6E1457C0A632A5A008AA7E8 /* KCEventNotifier.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = KCEventNotifier.h; sourceTree = ""; }; F92321371ACF69EE00634C21 /* si-34-one-true-keychain.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "si-34-one-true-keychain.c"; path = "regressions/si-34-one-true-keychain.c"; sourceTree = ""; }; @@ -446,6 +448,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + D4A2FC821BC8A65B00BF6E56 /* Security.framework in Frameworks */, 52200F8B14F2B87F00F7F6E7 /* CoreFoundation.framework in Frameworks */, 52B609D914F55B6800134209 /* Foundation.framework in Frameworks */, ); @@ -738,6 +741,7 @@ 52200F9914F2B93700F7F6E7 /* xpc-tsa */ = { isa = PBXGroup; children = ( + D4A2FC811BC8A65B00BF6E56 /* Security.framework */, 52B609D814F55B6800134209 /* Foundation.framework */, 52200F9B14F2B93700F7F6E7 /* XPCTimeStampingService-Info.plist */, 52B60A0614F5CA9500134209 /* main-tsa.m */, diff --git a/OSX/libsecurity_keychain/xpc-tsa/main-tsa.m b/OSX/libsecurity_keychain/xpc-tsa/main-tsa.m index f1469ffc..f32836de 100644 --- a/OSX/libsecurity_keychain/xpc-tsa/main-tsa.m +++ b/OSX/libsecurity_keychain/xpc-tsa/main-tsa.m @@ -24,6 +24,8 @@ #include #include "timestampclient.h" #include +#include +#include struct connection_info { xpc_connection_t peer; @@ -131,6 +133,37 @@ static void debugShowTSAResponseInfo(NSURLResponse *response, NSData *data, NSEr #endif } +/* + * Check whether the caller can access the network. Currently, this applies + * only to applications running under App Sandbox. + */ +static bool callerHasNetworkEntitlement(audit_token_t auditToken) +{ + bool result = true; /* until proven otherwise */ + SecTaskRef task = SecTaskCreateWithAuditToken(NULL, auditToken); + if(task != NULL) { + CFTypeRef appSandboxValue = SecTaskCopyValueForEntitlement(task, + CFSTR("com.apple.security.app-sandbox"), + NULL); + if(appSandboxValue != NULL) { + if(!CFEqual(kCFBooleanFalse, appSandboxValue)) { + CFTypeRef networkClientValue = SecTaskCopyValueForEntitlement(task, + CFSTR("com.apple.security.network.client"), + NULL); + if(networkClientValue != NULL) { + result = (!CFEqual(kCFBooleanFalse, networkClientValue)); + CFRelease(networkClientValue); + } else { + result = false; + } + } + CFRelease(appSandboxValue); + } + CFRelease(task); + } + return result; +} + static void communicateWithTimeStampingServer(xpc_object_t event, const char *requestData, size_t requestLength, const char *tsaURL) { if ((requestLength==0) || !tsaURL) @@ -244,13 +277,20 @@ void handle_request_event(struct connection_info *info, xpc_object_t event) { size_t length = 0; const char *operation = xpc_dictionary_get_string(event, "operation"); + audit_token_t auditToken = {}; + xpc_connection_get_audit_token(peer, &auditToken); + if (operation && !strcmp(operation, "TimeStampRequest")) { - xpctsaDebug("Handling TimeStampRequest event"); - const void *requestData = xpc_dictionary_get_data(event, "TimeStampRequest", &length); - const char *url = xpc_dictionary_get_string(event, "ServerURL"); + if (callerHasNetworkEntitlement(auditToken)) { + xpctsaDebug("Handling TimeStampRequest event"); + const void *requestData = xpc_dictionary_get_data(event, "TimeStampRequest", &length); + const char *url = xpc_dictionary_get_string(event, "ServerURL"); - communicateWithTimeStampingServer(event, requestData, length, url); + communicateWithTimeStampingServer(event, requestData, length, url); + } + else + xpctsaDebug("No network entitlement for pid %d", xpc_connection_get_pid(peer)); } else xpctsaDebug("Unknown op=%s request from pid %d", operation, xpc_connection_get_pid(peer)); diff --git a/OSX/libsecurity_keychain/xpc/main.c b/OSX/libsecurity_keychain/xpc/main.c index ac8daed4..08feac75 100644 --- a/OSX/libsecurity_keychain/xpc/main.c +++ b/OSX/libsecurity_keychain/xpc/main.c @@ -217,16 +217,16 @@ xpc_object_t create_keychain_and_lock_paths(xpc_connection_t peer, xpc_object_t } static -xpc_object_t create_one_sandbox_extension(xpc_object_t path, uint64_t extension_flags) +xpc_object_t create_one_sandbox_extension(xpc_object_t path, bool read_only) { - char *sandbox_extension = NULL; - int status = sandbox_issue_fs_extension(xpc_string_get_string_ptr(path), extension_flags, &sandbox_extension); - if (0 == status && sandbox_extension) { + const char * extension_class = read_only ? APP_SANDBOX_READ : APP_SANDBOX_READ_WRITE; + char *sandbox_extension = sandbox_extension_issue_file(extension_class, xpc_string_get_string_ptr(path), SANDBOX_EXTENSION_CANONICAL); + if (sandbox_extension) { xpc_object_t sandbox_extension_as_xpc_string = xpc_string_create(sandbox_extension); free(sandbox_extension); return sandbox_extension_as_xpc_string; } else { - syslog(LOG_ERR, "Can't get sandbox fs extension for %s, status=%d errno=%m ext=%s", xpc_string_get_string_ptr(path), status, sandbox_extension); + syslog(LOG_ERR, "Can't get sandbox fs extension for %s", xpc_string_get_string_ptr(path)); } return NULL; } @@ -236,19 +236,19 @@ xpc_object_t create_all_sandbox_extensions(xpc_object_t path_dict) { xpc_object_t extensions = xpc_array_create(NULL, 0); - xpc_object_t sandbox_extension = create_one_sandbox_extension(keychain_prefs_path, FS_EXT_FOR_PATH|FS_EXT_READ); + xpc_object_t sandbox_extension = create_one_sandbox_extension(keychain_prefs_path, true); if (sandbox_extension) { xpc_array_append_value(extensions, sandbox_extension); xpc_release(sandbox_extension); } xpc_dictionary_apply(path_dict, ^(const char *keychain_domain, xpc_object_t path_array) { - uint64_t extension_flags = FS_EXT_FOR_PATH|FS_EXT_READ; + bool read_only = true; if (keychain_domain_needs_writes(keychain_domain)) { - extension_flags = FS_EXT_FOR_PATH|FS_EXT_READ|FS_EXT_WRITE; + read_only = false; } xpc_array_apply(path_array, ^(size_t index, xpc_object_t path) { - xpc_object_t sandbox_extension = create_one_sandbox_extension(path, extension_flags); + xpc_object_t sandbox_extension = create_one_sandbox_extension(path, read_only); if (sandbox_extension) { xpc_array_append_value(extensions, sandbox_extension); xpc_release(sandbox_extension); diff --git a/OSX/libsecurity_pkcs12/lib/pkcs12Templates.cpp b/OSX/libsecurity_pkcs12/lib/pkcs12Templates.cpp index 997dbd68..58e989f3 100644 --- a/OSX/libsecurity_pkcs12/lib/pkcs12Templates.cpp +++ b/OSX/libsecurity_pkcs12/lib/pkcs12Templates.cpp @@ -103,7 +103,8 @@ const SecAsn1Template NSS_P12_PtrToShroudedKeyBagTemplate[] = { static const SecAsn1Template * NSS_P12_CertBagChooser( void *arg, // --> NSS_P12_CertBag Boolean enc, - const char *buf, // on decode, tag byte + const char *buf, + size_t len, void *dest) // --> NSS_P12_CertBag.bagValue { NSS_P12_CertBag *bag = (NSS_P12_CertBag *)arg; @@ -156,7 +157,8 @@ const SecAsn1Template NSS_P12_PtrToCertBagTemplate[] = { static const SecAsn1Template * NSS_P12_CrlBagChooser( void *arg, // --> NSS_P12_CrlBag Boolean enc, - const char *buf, // on decode, tag byte + const char *buf, // on decode, tag byte and length + size_t len, void *dest) // --> NSS_P12_CertBag.bagValue { NSS_P12_CrlBag *bag = (NSS_P12_CrlBag *)arg; @@ -212,7 +214,8 @@ const SecAsn1Template NSS_P12_PtrToCrlBagTemplate[] = { static const SecAsn1Template * NSS_P12_SafeBagChooser( void *arg, // --> NSS_P12_SafeBag Boolean enc, - const char *buf, // on decode, tag byte + const char *buf, // on decode, tag byte and length + size_t len, void *dest) // --> NSS_P12_SafeBag.bagValue { NSS_P12_SafeBag *bag = (NSS_P12_SafeBag *)arg; diff --git a/OSX/libsecurity_pkcs12/lib/pkcs7Templates.cpp b/OSX/libsecurity_pkcs12/lib/pkcs7Templates.cpp index d2ffa5c9..f70a4b52 100644 --- a/OSX/libsecurity_pkcs12/lib/pkcs7Templates.cpp +++ b/OSX/libsecurity_pkcs12/lib/pkcs7Templates.cpp @@ -97,7 +97,8 @@ const SecAsn1Template NSS_P7_PtrToEncryptedDataTemplate[] = { static const SecAsn1Template * NSS_P7_ContentInfoChooser( void *arg, // --> NSS_P7_DecodedContentInfo Boolean enc, - const char *buf, // on decode, tag byte + const char *buf, // on decode, tag byte and length + size_t len, void *dest) // --> NSS_P7_DecodedContentInfo.content { NSS_P7_DecodedContentInfo *dci = diff --git a/OSX/libsecurity_smime/lib/cmsasn1.c b/OSX/libsecurity_smime/lib/cmsasn1.c index 6e8a3eba..b11007c6 100644 --- a/OSX/libsecurity_smime/lib/cmsasn1.c +++ b/OSX/libsecurity_smime/lib/cmsasn1.c @@ -61,7 +61,7 @@ SEC_ASN1_MKSUB(kSecAsn1SetOfAnyTemplate) /* forward declaration */ static const SecAsn1Template * -nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest); +nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest); static const SecAsn1TemplateChooserPtr nss_cms_chooser = nss_cms_choose_content_template; @@ -564,7 +564,7 @@ nss_cms_get_kea_template(SecCmsKEATemplateSelector whichTemplate) * */ static const SecAsn1Template * -nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest) +nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest) { const SecAsn1Template *theTemplate; SecCmsContentInfoRef cinfo; diff --git a/OSX/libsecurity_smime/lib/cmsattr.c b/OSX/libsecurity_smime/lib/cmsattr.c index 49603992..f7c7cc81 100644 --- a/OSX/libsecurity_smime/lib/cmsattr.c +++ b/OSX/libsecurity_smime/lib/cmsattr.c @@ -202,7 +202,7 @@ SecCmsAttributeCompareValue(SecCmsAttribute *attr, CSSM_DATA_PTR av) * helper function for dynamic template determination of the attribute value */ static const SecAsn1Template * -cms_attr_choose_attr_value_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest) +cms_attr_choose_attr_value_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest) { const SecAsn1Template *theTemplate; SecCmsAttribute *attribute; diff --git a/OSX/libsecurity_smime/lib/cmsdecode.c b/OSX/libsecurity_smime/lib/cmsdecode.c index 9975403f..765a1685 100644 --- a/OSX/libsecurity_smime/lib/cmsdecode.c +++ b/OSX/libsecurity_smime/lib/cmsdecode.c @@ -286,7 +286,7 @@ nss_cms_before_data(SecCmsDecoderRef p7dcx) cinfo->content.pointer = childp7dcx->content.pointer; /* start the child decoder */ - childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer, template, NULL); + childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer, template, NULL, 0); if (childp7dcx->dcx == NULL) goto loser; @@ -616,7 +616,7 @@ SecCmsDecoderCreate(SecArenaPoolRef pool, goto loser; } - p7dcx->dcx = SEC_ASN1DecoderStart(cmsg->poolp, cmsg, SecCmsMessageTemplate, NULL); + p7dcx->dcx = SEC_ASN1DecoderStart(cmsg->poolp, cmsg, SecCmsMessageTemplate, NULL, 0); if (p7dcx->dcx == NULL) { PORT_Free (p7dcx); SecCmsMessageDestroy(cmsg); diff --git a/OSX/libsecurity_smime/lib/cmssigdata.c b/OSX/libsecurity_smime/lib/cmssigdata.c index c072d3a9..e5d8b6cf 100644 --- a/OSX/libsecurity_smime/lib/cmssigdata.c +++ b/OSX/libsecurity_smime/lib/cmssigdata.c @@ -756,6 +756,7 @@ SecCmsSignedDataVerifySignerInfo(SecCmsSignedDataRef sigd, int i, /* Find digest and contentType for signerinfo */ algiddata = SecCmsSignerInfoGetDigestAlg(signerinfo); if (algiddata == NULL) { + syslog(LOG_ERR,"SecCmsSignedDataVerifySignerInfo: could not get digest algorithm %d", PORT_GetError()); return errSecInternalError; // shouldn't have happened, this is likely due to corrupted data } @@ -767,6 +768,7 @@ SecCmsSignedDataVerifySignerInfo(SecCmsSignedDataRef sigd, int i, * FIXME: need some error return for this (as well as many * other places in this library). */ + syslog(LOG_ERR,"SecCmsSignedDataVerifySignerInfo: could not get digest using algorithm id"); return errSecDataNotAvailable; } contentType = SecCmsContentInfoGetContentTypeOID(cinfo); @@ -790,6 +792,10 @@ SecCmsSignedDataVerifySignerInfo(SecCmsSignedDataRef sigd, int i, status2 = SecCmsSignerInfoVerifyCertificate(signerinfo, keychainOrArray, policies, trustRef); dprintf("SecCmsSignedDataVerifySignerInfo: status %d status2 %d\n", (int) status, (int)status2); + if(status || status2) { + syslog(LOG_ERR,"SecCmsSignedDataVerifySignerInfo: status %d status2 %d.", (int) status, (int)status2); + syslog(LOG_ERR,"SecCmsSignedDataVerifySignerInfo: verify status %d", signerinfo->verificationStatus); + } /* The error from SecCmsSignerInfoVerify() supercedes error from SecCmsSignerInfoVerifyCertificate(). */ if (status) return status; diff --git a/OSX/libsecurity_smime/lib/cmssiginfo.c b/OSX/libsecurity_smime/lib/cmssiginfo.c index 29c3e1df..d375f82d 100644 --- a/OSX/libsecurity_smime/lib/cmssiginfo.c +++ b/OSX/libsecurity_smime/lib/cmssiginfo.c @@ -60,6 +60,8 @@ #include "tsaSupport.h" #include "tsaSupportPriv.h" +#include + #define HIDIGIT(v) (((v) / 10) + '0') #define LODIGIT(v) (((v) % 10) + '0') @@ -683,13 +685,15 @@ SecCmsSignerInfoVerifyWithPolicy(SecCmsSignerInfoRef signerinfo,CFTypeRef timeSt goto loser; } - vs = (VFY_VerifyData (encoded_attrs.Data, (int)encoded_attrs.Length, + SECStatus err = SECSuccess; + vs = ((err = VFY_VerifyData (encoded_attrs.Data, (int)encoded_attrs.Length, publickey, &(signerinfo->encDigest), digestAlgTag, digestEncAlgTag, - signerinfo->cmsg->pwfn_arg) != SECSuccess) ? SecCmsVSBadSignature : SecCmsVSGoodSignature; + signerinfo->cmsg->pwfn_arg)) != SECSuccess) ? SecCmsVSBadSignature : SecCmsVSGoodSignature; dprintf("VFY_VerifyData (authenticated attributes): %s\n", (vs == SecCmsVSGoodSignature)?"SecCmsVSGoodSignature":"SecCmsVSBadSignature"); + if (vs != SecCmsVSGoodSignature) syslog(LOG_ERR, "VFY_VerifyData (authenticated attributes) failed: %d", err); PORT_FreeArena(poolp, PR_FALSE); /* awkward memory management :-( */ @@ -701,12 +705,14 @@ SecCmsSignerInfoVerifyWithPolicy(SecCmsSignerInfoRef signerinfo,CFTypeRef timeSt if (sig->Length == 0) goto loser; - vs = (VFY_VerifyDigest(digest, publickey, sig, + SECStatus err = SECSuccess; + vs = ((err = VFY_VerifyDigest(digest, publickey, sig, digestAlgTag, digestEncAlgTag, - signerinfo->cmsg->pwfn_arg) != SECSuccess) ? SecCmsVSBadSignature : SecCmsVSGoodSignature; + signerinfo->cmsg->pwfn_arg)) != SECSuccess) ? SecCmsVSBadSignature : SecCmsVSGoodSignature; dprintf("VFY_VerifyData (plain message digest): %s\n", (vs == SecCmsVSGoodSignature)?"SecCmsVSGoodSignature":"SecCmsVSBadSignature"); + if (vs != SecCmsVSGoodSignature) syslog(LOG_ERR, "VFY_VerifyDigest (plain message digest) failed: %d", err); } if (!SecCmsArrayIsEmpty((void **)signerinfo->unAuthAttr)) @@ -714,8 +720,10 @@ SecCmsSignerInfoVerifyWithPolicy(SecCmsSignerInfoRef signerinfo,CFTypeRef timeSt dprintf("found an unAuthAttr\n"); OSStatus rux = SecCmsSignerInfoVerifyUnAuthAttrsWithPolicy(signerinfo,timeStampPolicy); dprintf("SecCmsSignerInfoVerifyUnAuthAttrs Status: %ld\n", (long)rux); - if (rux) + if (rux) { + syslog(LOG_ERR, "SecCmsSignerInfoVerifyUnAuthAttrsWithPolicy failed: %d", (int)rux); goto loser; + } } if (vs == SecCmsVSBadSignature) { @@ -735,6 +743,7 @@ SecCmsSignerInfoVerifyWithPolicy(SecCmsSignerInfoRef signerinfo,CFTypeRef timeSt * certificate signature check that failed during the cert * verification done above. Our error handling is really a mess. */ + syslog(LOG_ERR, "SecCmsSignerInforVerify bad signature PORT_GetError: %d", PORT_GetError()); if (PORT_GetError() == SEC_ERROR_BAD_SIGNATURE) PORT_SetError(SEC_ERROR_PKCS7_BAD_SIGNATURE); } diff --git a/OSX/libsecurity_ssl/lib/SecureTransport.h b/OSX/libsecurity_ssl/lib/SecureTransport.h index f6e5fc6b..061ae594 100644 --- a/OSX/libsecurity_ssl/lib/SecureTransport.h +++ b/OSX/libsecurity_ssl/lib/SecureTransport.h @@ -303,11 +303,6 @@ typedef CF_ENUM(int, SSLConnectionType) kSSLDatagramType }; -typedef CF_ENUM(int, SSLSessionStrengthPolicy) -{ - kSSLSessionStrengthPolicyDefault, - kSSLSessionStrengthPolicyATSv1 -}; /****************** *** Public API *** @@ -724,6 +719,19 @@ SSLGetEnabledCiphers (SSLContextRef context, __OSX_AVAILABLE_STARTING(__MAC_10_2, __IPHONE_5_0); +/* Deprecated, does nothing */ +typedef CF_ENUM(int, SSLSessionStrengthPolicy) +{ + kSSLSessionStrengthPolicyDefault, + kSSLSessionStrengthPolicyATSv1, + kSSLSessionStrengthPolicyATSv1_noPFS, +}; + +OSStatus +SSLSetSessionStrengthPolicy(SSLContextRef context, + SSLSessionStrengthPolicy policyStrength); + + #if (TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_OS_IPHONE)) /* * Enable/disable peer certificate chain validation. Default is enabled. @@ -1342,14 +1350,6 @@ OSStatus SSLClose (SSLContextRef context) __OSX_AVAILABLE_STARTING(__MAC_10_2, __IPHONE_5_0); -/* - * Set the minimum acceptable strength of policy to be negotiated for an - * ATS session - */ -OSStatus -SSLSetSessionStrengthPolicy(SSLContextRef context, - SSLSessionStrengthPolicy policyStrength); - CF_IMPLICIT_BRIDGING_DISABLED CF_ASSUME_NONNULL_END diff --git a/OSX/libsecurity_ssl/lib/SecureTransportPriv.h b/OSX/libsecurity_ssl/lib/SecureTransportPriv.h index 2ff85fb1..703a8e74 100644 --- a/OSX/libsecurity_ssl/lib/SecureTransportPriv.h +++ b/OSX/libsecurity_ssl/lib/SecureTransportPriv.h @@ -440,6 +440,25 @@ OSStatus SSLSetDHEEnabled(SSLContextRef ctx, bool enabled); OSStatus SSLGetDHEEnabled(SSLContextRef ctx, bool *enabled); +extern const CFStringRef kSSLSessionConfig_default; +extern const CFStringRef kSSLSessionConfig_ATSv1; +extern const CFStringRef kSSLSessionConfig_ATSv1_noPFS; +extern const CFStringRef kSSLSessionConfig_legacy; +extern const CFStringRef kSSLSessionConfig_standard; +extern const CFStringRef kSSLSessionConfig_RC4_fallback; +extern const CFStringRef kSSLSessionConfig_TLSv1_fallback; +extern const CFStringRef kSSLSessionConfig_TLSv1_RC4_fallback; +extern const CFStringRef kSSLSessionConfig_legacy_DHE; + +OSStatus +SSLSetSessionConfig(SSLContextRef context, + CFStringRef config); + +OSStatus +SSLGetSessionConfig(SSLContextRef context, + CFStringRef *config); + + #if TARGET_OS_IPHONE /* Following are SPIs on iOS */ diff --git a/OSX/libsecurity_ssl/lib/security_ssl.exp b/OSX/libsecurity_ssl/lib/security_ssl.exp index 145a5182..e49ea120 100644 --- a/OSX/libsecurity_ssl/lib/security_ssl.exp +++ b/OSX/libsecurity_ssl/lib/security_ssl.exp @@ -91,4 +91,6 @@ _SSLGetNegotiatedClientAuthType _SSLSetMinimumDHGroupSize _SSLGetMinimumDHGroupSize _SSLSetSessionStrengthPolicy +_SSLSetSessionConfig +_SSLGetSessionConfig diff --git a/OSX/libsecurity_ssl/lib/sslCipherSpecs.c b/OSX/libsecurity_ssl/lib/sslCipherSpecs.c index 45da9386..d9bf5c4c 100644 --- a/OSX/libsecurity_ssl/lib/sslCipherSpecs.c +++ b/OSX/libsecurity_ssl/lib/sslCipherSpecs.c @@ -160,171 +160,6 @@ static const uint16_t STKnownCipherSuites[] = { static const unsigned STCipherSuiteCount = sizeof(STKnownCipherSuites)/sizeof(STKnownCipherSuites[0]); -/* - * Build ctx->validCipherSpecs as a copy of KnownCipherSpecs, assuming that - * validCipherSpecs is currently not valid (i.e., SSLSetEnabledCiphers() has - * not been called). - */ -OSStatus sslBuildCipherSuiteArray(SSLContext *ctx) -{ - size_t size; - unsigned dex; - - assert(ctx != NULL); - assert(ctx->validCipherSuites == NULL); - - ctx->numValidCipherSuites = STCipherSuiteCount; - size = STCipherSuiteCount * sizeof(uint16_t); - ctx->validCipherSuites = (uint16_t *)sslMalloc(size); - if(ctx->validCipherSuites == NULL) { - ctx->numValidCipherSuites = 0; - return errSecAllocate; - } - - /* - * Trim out inappropriate ciphers: - * -- trim anonymous ciphers if !ctx->anonCipherEnable - * -- trim ECDSA ciphers for server side if appropriate - * -- trim ECDSA ciphers if TLSv1 disable or SSLv2 enabled (since - * we MUST do the Client Hello extensions to make these ciphers - * work reliably) - * -- trim Stream ciphers if DTLSv1 enable - * -- trim CBC ciphers when doing SSLv3 fallback - */ - uint16_t *dst = ctx->validCipherSuites; - const uint16_t *src = STKnownCipherSuites; - - bool trimDHE = !ctx->dheEnabled; - bool trimECDHE = false; - const bool trimECDH = true; - - if(ctx->maxProtocolVersion == SSL_Version_3_0) { - /* We trim ECDSA cipher suites if SSL2 is enabled or - The maximum allowed protocol is SSL3. Note that this - won't trim ECDSA cipherspecs for DTLS which should be - the right thing to do here. */ - trimECDHE = true; - } - - /* trim Stream Ciphers for DTLS */ - bool trimRC4 = ctx->isDTLS; - - /* trim CBC cipher when doing SSLv3 only fallback */ - bool trimCBC = (ctx->protocolSide==kSSLClientSide) - && (ctx->maxProtocolVersion == SSL_Version_3_0) - && ctx->fallbackEnabled; - - for(dex=0; dexnumValidCipherSuites--; - src++; - continue; - } - else { - break; - } - case SSL_ECDH_ECDSA: - case SSL_ECDH_RSA: - case SSL_ECDH_anon: - if(trimECDH) { - /* Skip this one */ - ctx->numValidCipherSuites--; - src++; - continue; - } - else { - break; - } - case SSL_DHE_RSA: - if(trimDHE) { - /* Skip this one */ - ctx->numValidCipherSuites--; - src++; - continue; - } - default: - break; - } - if(!ctx->anonCipherEnable) { - /* trim out the anonymous (and null-auth-cipher) ciphers */ - if(mac == HA_Null) { - /* skip this one */ - ctx->numValidCipherSuites--; - src++; - continue; - } - switch(kem) { - case SSL_DH_anon: - case SSL_DH_anon_EXPORT: - case SSL_ECDH_anon: - /* skip this one */ - ctx->numValidCipherSuites--; - src++; - continue; - default: - break; - } - } - - /* This will skip the simple DES cipher suites, but not the NULL cipher ones */ - if (keySize == 8) - { - /* skip this one */ - ctx->numValidCipherSuites--; - src++; - continue; - } - - /* Trim PSK ciphersuites, they need to be enabled explicitely */ - if (kem==TLS_PSK) { - ctx->numValidCipherSuites--; - src++; - continue; - } - - if (trimRC4 && (cipher==SSL_CipherAlgorithmRC4_128)) { - ctx->numValidCipherSuites--; - src++; - continue; - } - - if(trimCBC) { - switch (cipher) { - case SSL_CipherAlgorithmAES_128_CBC: - case SSL_CipherAlgorithmAES_256_CBC: - case SSL_CipherAlgorithm3DES_CBC: - ctx->numValidCipherSuites--; - src++; - continue; - default: - break; - } - } - - if(cipher==SSL_CipherAlgorithmNull) { - ctx->numValidCipherSuites--; - src++; - continue; - } - - /* This one is good to go */ - *dst++ = *src++; - } - - tls_handshake_set_ciphersuites(ctx->hdsk, ctx->validCipherSuites, ctx->numValidCipherSuites); - - return errSecSuccess; -} - /* * Convert an array of uint16_t @@ -397,10 +232,7 @@ SSLSetEnabledCiphers (SSLContextRef ctx, const SSLCipherSuite *ciphers, size_t numCiphers) { - size_t size; - unsigned foundCiphers=0; - unsigned callerDex; - unsigned tableDex; + uint16_t *cs; if((ctx == NULL) || (ciphers == NULL) || (numCiphers == 0)) { return errSecParam; @@ -409,38 +241,20 @@ SSLSetEnabledCiphers (SSLContextRef ctx, /* can't do this with an active session */ return errSecBadReq; } - size = numCiphers * sizeof(uint16_t); - ctx->validCipherSuites = (uint16_t *)sslMalloc(size); - if(ctx->validCipherSuites == NULL) { - ctx->numValidCipherSuites = 0; + + cs = (uint16_t *)sslMalloc(numCiphers * sizeof(uint16_t)); + if(cs == NULL) { return errSecAllocate; } - /* - * Run thru caller's specs, keep only the supported ones. - */ - for(callerDex=0; callerDexvalidCipherSuites[foundCiphers] = STKnownCipherSuites[tableDex]; - foundCiphers++; - break; - } - } + for(int i=0; ivalidCipherSuites); - ctx->validCipherSuites = NULL; - return errSSLBadCipherSuite; - } - - /* success */ - ctx->numValidCipherSuites = foundCiphers; + tls_handshake_set_ciphersuites(ctx->hdsk, cs, (unsigned) numCiphers); - tls_handshake_set_ciphersuites(ctx->hdsk, ctx->validCipherSuites, ctx->numValidCipherSuites); + sslFree(cs); return errSecSuccess; } diff --git a/OSX/libsecurity_ssl/lib/sslContext.c b/OSX/libsecurity_ssl/lib/sslContext.c index eb3d0ae3..653cbe32 100644 --- a/OSX/libsecurity_ssl/lib/sslContext.c +++ b/OSX/libsecurity_ssl/lib/sslContext.c @@ -315,9 +315,9 @@ SSLContextRef SSLCreateContextWithRecordFuncs(CFAllocatorRef alloc, SSLProtocolS /* Default for server is DHE enabled, default for client is disabled */ if(ctx->protocolSide == kSSLServerSide) { - ctx->dheEnabled = true; + SSLSetDHEEnabled(ctx, true); } else { - ctx->dheEnabled = false; + SSLSetDHEEnabled(ctx, false); } if(kMinDhGroupSizeDefaultValue) { @@ -405,10 +405,6 @@ void SSLContextDestroy(CFTypeRef arg) SSLFreeBuffer(&ctx->resumableSession); SSLFreeBuffer(&ctx->receivedDataBuffer); - sslFree(ctx->validCipherSuites); - ctx->validCipherSuites = NULL; - ctx->numValidCipherSuites = 0; - CFReleaseSafe(ctx->acceptableCAs); CFReleaseSafe(ctx->trustedLeafCerts); CFReleaseSafe(ctx->localCertArray); @@ -2046,6 +2042,17 @@ OSStatus SSLGetDiffieHellmanParams( OSStatus SSLSetDHEEnabled(SSLContextRef ctx, bool enabled) { ctx->dheEnabled = enabled; + /* Hack a little so that only the ciphersuites change */ + tls_protocol_version min, max; + unsigned nbits; + tls_handshake_get_min_protocol_version(ctx->hdsk, &min); + tls_handshake_get_max_protocol_version(ctx->hdsk, &max); + tls_handshake_get_min_dh_group_size(ctx->hdsk, &nbits); + tls_handshake_set_config(ctx->hdsk, enabled?tls_handshake_config_legacy_DHE:tls_handshake_config_legacy); + tls_handshake_set_min_protocol_version(ctx->hdsk, min); + tls_handshake_set_max_protocol_version(ctx->hdsk, max); + tls_handshake_set_min_dh_group_size(ctx->hdsk, nbits); + return noErr; } @@ -2642,3 +2649,96 @@ SSLSetSessionStrengthPolicy(SSLContextRef context, { return errSecSuccess; } + +const CFStringRef kSSLSessionConfig_default = CFSTR("default"); +const CFStringRef kSSLSessionConfig_ATSv1 = CFSTR("ATSv1"); +const CFStringRef kSSLSessionConfig_ATSv1_noPFS = CFSTR("ATSv1_noPFS"); +const CFStringRef kSSLSessionConfig_legacy = CFSTR("legacy"); +const CFStringRef kSSLSessionConfig_standard = CFSTR("standard"); +const CFStringRef kSSLSessionConfig_RC4_fallback = CFSTR("RC4_fallback"); +const CFStringRef kSSLSessionConfig_TLSv1_fallback = CFSTR("TLSv1_fallback"); +const CFStringRef kSSLSessionConfig_TLSv1_RC4_fallback = CFSTR("TLSv1_RC4_fallback"); +const CFStringRef kSSLSessionConfig_legacy_DHE = CFSTR("legacy_DHE"); + +static +tls_handshake_config_t SSLSessionConfig_to_tls_handshake_config(CFStringRef config) +{ + if(CFEqual(config, kSSLSessionConfig_ATSv1)){ + return tls_handshake_config_ATSv1; + } else if(CFEqual(config, kSSLSessionConfig_ATSv1_noPFS)){ + return tls_handshake_config_ATSv1_noPFS; + } else if(CFEqual(config, kSSLSessionConfig_standard)){ + return tls_handshake_config_standard; + } else if(CFEqual(config, kSSLSessionConfig_TLSv1_fallback)){ + return tls_handshake_config_TLSv1_fallback; + } else if(CFEqual(config, kSSLSessionConfig_TLSv1_RC4_fallback)){ + return tls_handshake_config_TLSv1_RC4_fallback; + } else if(CFEqual(config, kSSLSessionConfig_RC4_fallback)){ + return tls_handshake_config_RC4_fallback; + } else if(CFEqual(config, kSSLSessionConfig_legacy)){ + return tls_handshake_config_legacy; + } else if(CFEqual(config, kSSLSessionConfig_legacy_DHE)){ + return tls_handshake_config_legacy_DHE; + } else if(CFEqual(config, kSSLSessionConfig_default)){ + return tls_handshake_config_default; + } else { + return tls_handshake_config_none; + } +} + +static +const CFStringRef tls_handshake_config_to_SSLSessionConfig(tls_handshake_config_t config) +{ + switch(config) { + case tls_handshake_config_ATSv1: + return kSSLSessionConfig_ATSv1; + case tls_handshake_config_ATSv1_noPFS: + return kSSLSessionConfig_ATSv1_noPFS; + case tls_handshake_config_standard: + return kSSLSessionConfig_standard; + case tls_handshake_config_RC4_fallback: + return kSSLSessionConfig_RC4_fallback; + case tls_handshake_config_TLSv1_fallback: + return kSSLSessionConfig_TLSv1_fallback; + case tls_handshake_config_TLSv1_RC4_fallback: + return kSSLSessionConfig_TLSv1_RC4_fallback; + case tls_handshake_config_legacy: + return kSSLSessionConfig_legacy; + case tls_handshake_config_legacy_DHE: + return kSSLSessionConfig_legacy_DHE; + case tls_handshake_config_default: + return kSSLSessionConfig_default; + case tls_handshake_config_none: + return NULL; + } +} + + +/* Set Predefined TLS Configuration */ +OSStatus +SSLSetSessionConfig(SSLContextRef context, + CFStringRef config) +{ + tls_handshake_config_t cfg = SSLSessionConfig_to_tls_handshake_config(config); + if(cfg>=0) { + return tls_handshake_set_config(context->hdsk, cfg); + } else { + return errSecParam; + } +} + +OSStatus +SSLGetSessionConfig(SSLContextRef context, + CFStringRef *config) +{ + tls_handshake_config_t cfg; + OSStatus err = tls_handshake_get_config(context->hdsk, &cfg); + if(err) { + return err; + } + + *config = tls_handshake_config_to_SSLSessionConfig(cfg); + + return noErr; +} + diff --git a/OSX/libsecurity_ssl/lib/sslContext.h b/OSX/libsecurity_ssl/lib/sslContext.h index 20cda93c..10579dc6 100644 --- a/OSX/libsecurity_ssl/lib/sslContext.h +++ b/OSX/libsecurity_ssl/lib/sslContext.h @@ -163,8 +163,6 @@ struct SSLContext SSLBuffer peerID; SSLBuffer resumableSession; /* We keep a copy for now - but eventually this should go away if we get refcounted SSLBuffers */ - uint16_t *validCipherSuites; /* context's valid suites */ - unsigned numValidCipherSuites; /* size of validCipherSuites */ uint16_t *ecdhCurves; diff --git a/OSX/libsecurity_ssl/lib/sslTransport.c b/OSX/libsecurity_ssl/lib/sslTransport.c index 212e8745..8bd50bca 100644 --- a/OSX/libsecurity_ssl/lib/sslTransport.c +++ b/OSX/libsecurity_ssl/lib/sslTransport.c @@ -319,14 +319,6 @@ SSLHandshake(SSLContext *ctx) if (ctx->state == SSL_HdskStateErrorClose) return errSSLClosedAbort; - if(ctx->validCipherSuites == NULL) { - /* build list of legal cipherSpecs */ - err = sslBuildCipherSuiteArray(ctx); - if(err) { - return err; - } - } - err = errSecSuccess; if(ctx->isDTLS && ctx->timeout_deadline) { diff --git a/OSX/libsecurity_ssl/regressions/ssl-42-ciphers.c b/OSX/libsecurity_ssl/regressions/ssl-42-ciphers.c index f2c013d3..c07b4126 100644 --- a/OSX/libsecurity_ssl/regressions/ssl-42-ciphers.c +++ b/OSX/libsecurity_ssl/regressions/ssl-42-ciphers.c @@ -590,6 +590,8 @@ tests(void) uint16_t cs = (uint16_t)(SupportedCipherSuites[i]); KeyExchangeMethod kem = sslCipherSuiteGetKeyExchangeMethod(cs); SSL_CipherAlgorithm cipher = sslCipherSuiteGetSymmetricCipherAlgorithm(cs); + tls_protocol_version min_version = sslCipherSuiteGetMinSupportedTLSVersion(cs); + CFArrayRef server_certs; if(kem == SSL_ECDHE_ECDSA) { @@ -601,13 +603,31 @@ tests(void) SKIP:{ bool dtls = (protos[p] == kDTLSProtocol1); - bool dtls_ok = (cipher != SSL_CipherAlgorithmRC4_128); bool server_ok = ((kem != SSL_ECDH_ECDSA) && (kem != SSL_ECDH_RSA) && (kem != SSL_ECDH_anon)); bool dh_anonymous = ((kem == SSL_DH_anon) || (kem == TLS_PSK)); - + bool version_ok; + + switch(protos[p]) { + case kDTLSProtocol1: + version_ok = cipher != SSL_CipherAlgorithmRC4_128 && (min_version != tls_protocol_version_TLS_1_2); + break; + case kSSLProtocol3: + version_ok = (min_version == tls_protocol_version_SSL_3); + break; + case kTLSProtocol1: + case kTLSProtocol11: + version_ok = (min_version != tls_protocol_version_TLS_1_2); + break; + case kTLSProtocol12: + version_ok = true; + break; + default: + version_ok = false; + + } skip("This ciphersuite is not supported by Server", 1, server_ok); - skip("This ciphersuite is not supported for DTLS", 1, (dtls_ok || !dtls)); + skip("This ciphersuite is not supported for this protocol version", 1, version_ok); int sp[2]; if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp)) exit(errno); diff --git a/OSX/libsecurity_ssl/regressions/ssl-46-SSLGetSupportedCiphers.c b/OSX/libsecurity_ssl/regressions/ssl-46-SSLGetSupportedCiphers.c index 6ba45aad..cf3b3b3f 100644 --- a/OSX/libsecurity_ssl/regressions/ssl-46-SSLGetSupportedCiphers.c +++ b/OSX/libsecurity_ssl/regressions/ssl-46-SSLGetSupportedCiphers.c @@ -62,165 +62,6 @@ out: return fail; } -static -int allowed_default_ciphers(SSLCipherSuite cs, bool server, bool dhe_enabled) -{ - switch (cs) { - - /* BAD to enable by default */ - - - /* - * Tags for SSL 2 cipher kinds which are not specified - * for SSL 3. - */ - case SSL_RSA_WITH_RC2_CBC_MD5: - case SSL_RSA_WITH_IDEA_CBC_MD5: - case SSL_RSA_WITH_DES_CBC_MD5: - case SSL_RSA_WITH_3DES_EDE_CBC_MD5: - - /* Export and Simple DES ciphers */ - case SSL_RSA_EXPORT_WITH_RC4_40_MD5: - case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5: - case SSL_RSA_WITH_IDEA_CBC_SHA: - case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA: - case SSL_RSA_WITH_DES_CBC_SHA: - case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: - case SSL_DH_DSS_WITH_DES_CBC_SHA: - case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA: - case SSL_DH_RSA_WITH_DES_CBC_SHA: - case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: - case SSL_DHE_DSS_WITH_DES_CBC_SHA: - case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: - case SSL_DHE_RSA_WITH_DES_CBC_SHA: - case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5: - case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA: - case SSL_DH_anon_WITH_DES_CBC_SHA: - case SSL_FORTEZZA_DMS_WITH_NULL_SHA: - case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: - - case SSL_NO_SUCH_CIPHERSUITE: - - /* Null ciphers. */ - case TLS_NULL_WITH_NULL_NULL: - case TLS_RSA_WITH_NULL_MD5: - case TLS_RSA_WITH_NULL_SHA: - case TLS_RSA_WITH_NULL_SHA256: - case TLS_ECDH_ECDSA_WITH_NULL_SHA: - case TLS_ECDHE_ECDSA_WITH_NULL_SHA: - case TLS_ECDHE_RSA_WITH_NULL_SHA: - case TLS_ECDH_RSA_WITH_NULL_SHA: - case TLS_ECDH_anon_WITH_NULL_SHA: - - /* Completely anonymous Diffie-Hellman */ - case TLS_DH_anon_WITH_RC4_128_MD5: - case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: - case TLS_DH_anon_WITH_AES_128_CBC_SHA: - case TLS_DH_anon_WITH_AES_256_CBC_SHA: - case TLS_DH_anon_WITH_AES_128_CBC_SHA256: - case TLS_DH_anon_WITH_AES_256_CBC_SHA256: - case TLS_DH_anon_WITH_AES_128_GCM_SHA256: - case TLS_DH_anon_WITH_AES_256_GCM_SHA384: - case TLS_ECDH_anon_WITH_RC4_128_SHA: - case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA: - case TLS_ECDH_anon_WITH_AES_128_CBC_SHA: - case TLS_ECDH_anon_WITH_AES_256_CBC_SHA: - - - /* Sstatic Diffie-Hellman and DSS */ - case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: - case TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: - case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: - case TLS_DH_DSS_WITH_AES_128_CBC_SHA: - case TLS_DH_RSA_WITH_AES_128_CBC_SHA: - case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: - case TLS_DH_DSS_WITH_AES_256_CBC_SHA: - case TLS_DH_RSA_WITH_AES_256_CBC_SHA: - case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: - case TLS_DH_DSS_WITH_AES_128_CBC_SHA256: - case TLS_DH_RSA_WITH_AES_128_CBC_SHA256: - case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: - case TLS_DH_DSS_WITH_AES_256_CBC_SHA256: - case TLS_DH_RSA_WITH_AES_256_CBC_SHA256: - case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: - case TLS_DH_RSA_WITH_AES_128_GCM_SHA256: - case TLS_DH_RSA_WITH_AES_256_GCM_SHA384: - case TLS_DHE_DSS_WITH_AES_128_GCM_SHA256: - case TLS_DHE_DSS_WITH_AES_256_GCM_SHA384: - case TLS_DH_DSS_WITH_AES_128_GCM_SHA256: - case TLS_DH_DSS_WITH_AES_256_GCM_SHA384: - - return 0; - - - /* OK to enable by default on the client only (not supported on server) */ - case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: - case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: - case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256: - case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384: - case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256: - case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384: - case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256: - case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384: - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256: - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384: - case TLS_ECDH_RSA_WITH_RC4_128_SHA: - case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: - case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: - case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: - return !server; - - /* OK to enable by default for both client and server */ - - case TLS_RSA_WITH_RC4_128_MD5: - case TLS_RSA_WITH_RC4_128_SHA: - case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - case TLS_RSA_WITH_AES_128_CBC_SHA: - case TLS_RSA_WITH_AES_256_CBC_SHA: - case TLS_RSA_WITH_AES_128_CBC_SHA256: - case TLS_RSA_WITH_AES_256_CBC_SHA256: - case TLS_RSA_WITH_AES_128_GCM_SHA256: - case TLS_RSA_WITH_AES_256_GCM_SHA384: - - - case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: - case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: - case TLS_ECDHE_RSA_WITH_RC4_128_SHA: - case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: - case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: - case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: - case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: - case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: - case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: - case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: - case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: - case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: - return 1; - - case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: - case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: - case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: - case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: - case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: - return dhe_enabled; - - /* RFC 5746 - Secure Renegotiation - not specified by the user or returned by APIs*/ - case TLS_EMPTY_RENEGOTIATION_INFO_SCSV: - return 0; - - /* unknown cipher ? */ - default: - return 0; - } -} static OSStatus SocketWrite(SSLConnectionRef conn, const void *data, size_t *length) { @@ -233,80 +74,223 @@ static OSStatus SocketRead(SSLConnectionRef conn, void *data, size_t *length) } -static int test_GetEnabledCiphers(SSLContextRef ssl, bool server, bool dhe_enabled) + +static const SSLCipherSuite legacy_ciphersuites[] = { + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + SSL_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_RSA_WITH_RC4_128_SHA, + SSL_RSA_WITH_RC4_128_MD5, +}; + +const SSLCipherSuite legacy_DHE_ciphersuites[] = { + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + SSL_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_RSA_WITH_RC4_128_SHA, + SSL_RSA_WITH_RC4_128_MD5, +}; + + + +const SSLCipherSuite standard_ciphersuites[] = { + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + SSL_RSA_WITH_3DES_EDE_CBC_SHA, +}; + +const SSLCipherSuite ATSv1_ciphersuites[] = { + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, +}; + +const SSLCipherSuite ATSv1_noPFS_ciphersuites[] = { + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, +}; + +const SSLCipherSuite TLSv1_RC4_fallback_ciphersuites[] = { + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + SSL_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, + SSL_RSA_WITH_RC4_128_SHA, + SSL_RSA_WITH_RC4_128_MD5, +}; + +const SSLCipherSuite TLSv1_fallback_ciphersuites[] = { + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_AES_128_CBC_SHA256, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_CBC_SHA, + SSL_RSA_WITH_3DES_EDE_CBC_SHA, +}; + + + +static int test_GetEnabledCiphers(SSLContextRef ssl, unsigned expected_num_ciphers, const SSLCipherSuite *expected_ciphers) { - size_t max_ciphers = 0; size_t num_ciphers; - size_t num_ciphers_2; size_t size; int fail=1; SSLCipherSuite *ciphers = NULL; - SSLCipherSuite *ciphers_2 = NULL; OSStatus err; err=SSLSetIOFuncs(ssl, &SocketRead, &SocketWrite); err=SSLSetConnection(ssl, NULL); - require_noerr(SSLGetNumberEnabledCiphers(ssl, &max_ciphers), out); + require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_ciphers), out); + require_string(num_ciphers==expected_num_ciphers, out, "wrong ciphersuites number"); - err=SSLHandshake(ssl); - - require_noerr(SSLGetNumberEnabledCiphers(ssl, &max_ciphers), out); - - require(max_ciphers == (dhe_enabled?32:25), out); - - size = max_ciphers * sizeof (SSLCipherSuite); + size = num_ciphers * sizeof (SSLCipherSuite); ciphers = (SSLCipherSuite *) malloc(size); require_string(ciphers, out, "out of memory"); memset(ciphers, 0xff, size); - num_ciphers = max_ciphers; require_noerr(SSLGetEnabledCiphers(ssl, ciphers, &num_ciphers), out); + require_string(memcmp(ciphers, expected_ciphers, size)==0, out, "wrong ciphersuites"); - //printf("Ciphers Enabled before first handshake: %zd\n", num_ciphers); - - for (size_t i = 0; i < num_ciphers; i++) { - char csname[256]; - snprintf(csname, 256, "(%04x) %s", ciphers[i], ciphersuite_name(ciphers[i])); - /* Uncomment the next line if you want to list the default enabled ciphers */ - //printf("%s\n", csname); - require_string(allowed_default_ciphers(ciphers[i], server, dhe_enabled), out, csname); - } + free(ciphers); + ciphers = NULL; err=SSLHandshake(ssl); - require_noerr(SSLGetNumberEnabledCiphers(ssl, &max_ciphers), out); - - size = max_ciphers * sizeof (SSLCipherSuite); - ciphers_2 = (SSLCipherSuite *) malloc(size); - require_string(ciphers_2, out, "out of memory"); - memset(ciphers_2, 0xff, size); - - num_ciphers_2 = max_ciphers; - require_noerr(SSLGetEnabledCiphers(ssl, ciphers_2, &num_ciphers_2), out); - //printf("Ciphers Enabled after first handshake: %zd\n", num_ciphers_2); + require_noerr(SSLGetNumberEnabledCiphers(ssl, &num_ciphers), out); + require_string(num_ciphers==expected_num_ciphers, out, "wrong ciphersuites number"); - for (size_t i = 0; i < num_ciphers_2; i++) { - char csname[256]; - snprintf(csname, 256, "(%04x) %s", ciphers_2[i], ciphersuite_name(ciphers_2[i])); - /* Uncomment the next line if you want to list the default enabled ciphers */ - //printf("%s\n", csname); - } + size = num_ciphers * sizeof (SSLCipherSuite); + ciphers = (SSLCipherSuite *) malloc(size); + require_string(ciphers, out, "out of memory"); + memset(ciphers, 0xff, size); - require(num_ciphers_2 == num_ciphers, out); - require((memcmp(ciphers, ciphers_2, num_ciphers*sizeof(uint16_t)) == 0), out); + require_noerr(SSLGetEnabledCiphers(ssl, ciphers, &num_ciphers), out); + require_string(memcmp(ciphers, expected_ciphers, size)==0, out, "wrong ciphersuites"); /* Success! */ fail=0; out: - if(ciphers) free(ciphers); - if(ciphers_2) free(ciphers_2); + free(ciphers); return fail; } -static int test_SetEnabledCiphers(SSLContextRef ssl, bool server) +static int test_SetEnabledCiphers(SSLContextRef ssl) { int fail=1; size_t num_enabled; @@ -332,41 +316,88 @@ out: static void -test(SSLProtocolSide side, bool dhe_enabled) +test_dhe(SSLProtocolSide side, bool dhe_enabled) { SSLContextRef ssl = NULL; bool server = (side == kSSLServerSide); - require(ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType), out); - ok(ssl, "SSLCreateContext failed"); + ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType); + ok(ssl, "test_dhe: SSLCreateContext(1) failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled"); + require(ssl, out); - ok_status(SSLSetDHEEnabled(ssl, dhe_enabled)); + ok_status(SSLSetDHEEnabled(ssl, dhe_enabled),"test_dhe: SSLSetDHEEnabled failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled"); + unsigned num = (dhe_enabled?sizeof(legacy_DHE_ciphersuites):sizeof(legacy_ciphersuites))/sizeof(SSLCipherSuite); + const SSLCipherSuite *ciphers = dhe_enabled?legacy_DHE_ciphersuites:legacy_ciphersuites; /* The order of this tests does matter, be careful when adding tests */ - ok(!test_GetSupportedCiphers(ssl, server), "GetSupportedCiphers test failed"); - ok(!test_GetEnabledCiphers(ssl, server, dhe_enabled), "GetEnabledCiphers test failed"); + ok(!test_GetSupportedCiphers(ssl, server), "test_dhe: GetSupportedCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled"); + ok(!test_GetEnabledCiphers(ssl, num, ciphers), "test_dhe: GetEnabledCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled"); CFRelease(ssl); ssl=NULL; - require(ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType), out); - ok(ssl, "SSLCreateContext failed"); - - ok(!test_SetEnabledCiphers(ssl, server), "SetEnabledCiphers test failed"); + ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType); + ok(ssl, "test_dhe: SSLCreateContext(2) failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled"); + require(ssl, out); + + ok(!test_SetEnabledCiphers(ssl), "test_dhe: SetEnabledCiphers test failed (%s, %s)", server?"server":"client", dhe_enabled?"enabled":"disabled"); out: if(ssl) CFRelease(ssl); } - -int ssl_46_SSLGetSupportedCiphers(int argc, char *const *argv) +static void +test_config(SSLProtocolSide side, CFStringRef config, unsigned num, const SSLCipherSuite *ciphers) { - plan_tests(24); + SSLContextRef ssl = NULL; + bool server = (side == kSSLServerSide); - test(kSSLClientSide, true); - test(kSSLServerSide, true); - test(kSSLClientSide, false); - test(kSSLServerSide, false); + ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType); + ok(ssl, "test_config: SSLCreateContext(1) failed (%s,%@)", server?"server":"client", config); + require(ssl, out); + + ok_status(SSLSetSessionConfig(ssl, config), "test_config: SSLSetSessionConfig failed (%s,%@)", server?"server":"client", config); + + /* The order of this tests does matter, be careful when adding tests */ + ok(!test_GetSupportedCiphers(ssl, server), "test_config: GetSupportedCiphers test failed (%s,%@)", server?"server":"client", config); + ok(!test_GetEnabledCiphers(ssl, num, ciphers), "test_config: GetEnabledCiphers test failed (%s,%@)", server?"server":"client", config); + + CFRelease(ssl); ssl=NULL; + ssl=SSLCreateContext(kCFAllocatorDefault, side, kSSLStreamType); + ok(ssl, "test_config: SSLCreateContext(2) failed (%s,%@)", server?"server":"client", config); + require(ssl, out); + + ok(!test_SetEnabledCiphers(ssl), "test_config: SetEnabledCiphers test failed (%s,%@)", server?"server":"client", config); + +out: + if(ssl) CFRelease(ssl); +} + + + +int ssl_46_SSLGetSupportedCiphers(int argc, char *const *argv) +{ + plan_tests(132); + + test_dhe(kSSLClientSide, true); + test_dhe(kSSLServerSide, true); + test_dhe(kSSLClientSide, false); + test_dhe(kSSLServerSide, false); + +#define TEST_CONFIG(x, y) do { \ + test_config(kSSLClientSide, x, sizeof(y)/sizeof(SSLCipherSuite), y); \ + test_config(kSSLServerSide, x, sizeof(y)/sizeof(SSLCipherSuite), y); \ +} while(0) + + TEST_CONFIG(kSSLSessionConfig_ATSv1, ATSv1_ciphersuites); + TEST_CONFIG(kSSLSessionConfig_ATSv1_noPFS, ATSv1_noPFS_ciphersuites); + TEST_CONFIG(kSSLSessionConfig_legacy, legacy_ciphersuites); + TEST_CONFIG(kSSLSessionConfig_legacy_DHE, legacy_DHE_ciphersuites); + TEST_CONFIG(kSSLSessionConfig_standard, standard_ciphersuites); + TEST_CONFIG(kSSLSessionConfig_RC4_fallback, legacy_ciphersuites); + TEST_CONFIG(kSSLSessionConfig_TLSv1_fallback, standard_ciphersuites); + TEST_CONFIG(kSSLSessionConfig_TLSv1_RC4_fallback, legacy_ciphersuites); + TEST_CONFIG(kSSLSessionConfig_default, legacy_ciphersuites); return 0; } diff --git a/OSX/libsecurity_transform/lib/EncryptTransform.cpp b/OSX/libsecurity_transform/lib/EncryptTransform.cpp index 8c732c0c..9b8d7d89 100644 --- a/OSX/libsecurity_transform/lib/EncryptTransform.cpp +++ b/OSX/libsecurity_transform/lib/EncryptTransform.cpp @@ -28,7 +28,7 @@ #include "Utilities.h" #include "SecDigestTransform.h" #include "Digest.h" -#include +#include #include #include "SecMaskGenerationFunctionTransform.h" @@ -627,22 +627,16 @@ CFDataRef EncryptDecryptBase::apply_oaep_padding(CFDataRef dataValue) seed = (CFDataRef)this->GetAttribute(CFSTR("FixedSeedForOAEPTesting")); raw_seed = NULL; if (seed) { - raw_seed = (UInt8*)CFDataGetBytePtr(seed); (void)transforms_assume(hLen == CFDataGetLength(seed)); CFRetain(seed); } else { - raw_seed = (UInt8*)malloc(hLen); - if (!raw_seed) { - error = GetNoMemoryErrorAndRetain(); - goto out; - } - SecRandomCopyBytes(kSecRandomDefault, hLen, raw_seed); - seed = CFDataCreateWithBytesNoCopy(NULL, raw_seed, hLen, kCFAllocatorMalloc); + seed = SecRandomCopyData(kSecRandomDefault, hLen); if (!seed) { - free(raw_seed); error = GetNoMemoryErrorAndRetain(); + goto out; } } + raw_seed = (UInt8*)CFDataGetBytePtr(seed); // (7) Let dbMask = MGF (seed, emLen − hLen). mgf_dbMask = transforms_assume(SecCreateMaskGenerationFunctionTransform(hashAlgo, desired_message_length - hLen, &error)); diff --git a/OSX/libsecurity_utilities/lib/cfutilities.h b/OSX/libsecurity_utilities/lib/cfutilities.h index 4e7670eb..ad4fc80d 100644 --- a/OSX/libsecurity_utilities/lib/cfutilities.h +++ b/OSX/libsecurity_utilities/lib/cfutilities.h @@ -305,16 +305,34 @@ inline uint32_t cfNumber(CFNumberRef number) { return cfNumber(number) // // Translate strings into CFStrings // -inline CFStringRef makeCFString(const char *s, CFStringEncoding encoding = kCFStringEncodingUTF8) +inline CFStringRef makeCFString(const char *s, CFStringEncoding encoding) { return s ? CFStringCreateWithCString(NULL, s, encoding) : NULL; } + +inline CFStringRef makeCFString(const char *s) +{ + if (s == NULL) + return NULL; + CFStringRef result = CFStringCreateWithCString(NULL, s, kCFStringEncodingUTF8); + if (result == NULL) { + result = CFStringCreateWithCString(NULL, s, kCFStringEncodingASCII); + if (result == NULL) + CFError::throwMe(); + } + return result; +} -inline CFStringRef makeCFString(const string &s, CFStringEncoding encoding = kCFStringEncodingUTF8) +inline CFStringRef makeCFString(const string &s, CFStringEncoding encoding) { - return CFStringCreateWithCString(NULL, s.c_str(), encoding); + return makeCFString(s.c_str(), encoding); } +inline CFStringRef makeCFString(const string &s) +{ + return makeCFString(s.c_str()); +} + inline CFStringRef makeCFString(CFDataRef data, CFStringEncoding encoding = kCFStringEncodingUTF8) { return CFStringCreateFromExternalRepresentation(NULL, data, encoding); diff --git a/OSX/libsecurity_utilities/lib/macho++.cpp b/OSX/libsecurity_utilities/lib/macho++.cpp index ef81ebce..97b2ea6c 100644 --- a/OSX/libsecurity_utilities/lib/macho++.cpp +++ b/OSX/libsecurity_utilities/lib/macho++.cpp @@ -531,6 +531,10 @@ Universal::Universal(FileDesc fd, size_t offset /* = 0 */, size_t length /* = 0 while (off < gapSize) { size_t want = min(gapSize - off, (size_t)PAGE_SIZE); size_t got = fd.read(gapBytes, want, prevHeaderEnd + off); + if (got == 0) { + mSuspicious = true; + break; + } off += got; for (size_t x = 0; x < got; x++) { if (gapBytes[x] != 0) { diff --git a/OSX/libsecurity_utilities/libsecurity_utilities.xcodeproj/project.pbxproj b/OSX/libsecurity_utilities/libsecurity_utilities.xcodeproj/project.pbxproj index d1fb4110..0fb83593 100644 --- a/OSX/libsecurity_utilities/libsecurity_utilities.xcodeproj/project.pbxproj +++ b/OSX/libsecurity_utilities/libsecurity_utilities.xcodeproj/project.pbxproj @@ -274,7 +274,7 @@ C2B1EE2906D5929700F68F34 /* muscle++.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = "muscle++.h"; sourceTree = ""; }; C2B9F35F0D5A288900CAB713 /* cfmunge.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = cfmunge.cpp; sourceTree = ""; }; C2B9F3600D5A288900CAB713 /* cfmunge.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cfmunge.h; sourceTree = ""; }; - C2B9F3610D5A288900CAB713 /* macho++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "macho++.cpp"; sourceTree = ""; }; + C2B9F3610D5A288900CAB713 /* macho++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "macho++.cpp"; sourceTree = ""; usesTabs = 1; }; C2B9F3620D5A288900CAB713 /* macho++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "macho++.h"; sourceTree = ""; }; C2C164890F66F2CA00FD6D34 /* kq++.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "kq++.h"; sourceTree = ""; }; C2C1648D0F66F2D300FD6D34 /* kq++.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = "kq++.cpp"; sourceTree = ""; }; diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.c index f65550ec..b04bb7ac 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.c @@ -158,9 +158,9 @@ bool SOSAccountUpdateDSID(SOSAccountRef account, CFStringRef dsid){ return true; } -bool SOSAccountUpdateFullPeerInfo(SOSAccountRef account, CFSetRef minimumViews) { +bool SOSAccountUpdateFullPeerInfo(SOSAccountRef account, CFSetRef minimumViews, CFSetRef excludedViews) { if (account->trusted_circle && account->my_identity) { - if(SOSFullPeerInfoUpdateToCurrent(account->my_identity, minimumViews)) { + if(SOSFullPeerInfoUpdateToCurrent(account->my_identity, minimumViews, excludedViews)) { SOSAccountModifyCircle(account, NULL, ^(SOSCircleRef circle_to_change) { secnotice("circleChange", "Calling SOSCircleUpdatePeerInfo for gestalt change"); return SOSCircleUpdatePeerInfo(circle_to_change, SOSFullPeerInfoGetPeerInfo(account->my_identity)); @@ -559,29 +559,7 @@ static bool SOSAccountThisDeviceCanSyncWithCircle(SOSAccountRef account) { require_action_quiet(account->my_identity, xit, SOSCreateError(kSOSErrorBadFormat, CFSTR("Account identity not set"), NULL, &error)); - CFStringRef deviceID = SOSPeerInfoCopyDeviceID(SOSFullPeerInfoGetPeerInfo(account->my_identity)); - if(deviceID == NULL || CFStringGetLength(deviceID) == 0){ - hasID = false; - secerror("Cannot sync with all peers at this time, securityd needs the IDS device ID first."); - - __block bool success = true; - - SOSCloudKeychainGetIDSDeviceID(^(CFDictionaryRef returnedValues, CFErrorRef sync_error){ - success = (sync_error == NULL); - if (!success) { - CFRetainAssign(error, sync_error); - } - }); - - if(!success){ - secerror("Could not ask IDSKeychainSyncingProxy for Device ID: %@", error); - } - else{ - secdebug("IDS Transport", "Attempting to retrieve the IDS Device ID"); - } - } - CFReleaseNull(deviceID); - + SOSTransportMessageIDSGetIDSDeviceID(account); require_action_quiet(account->trusted_circle, xit, SOSCreateError(kSOSErrorBadFormat, CFSTR("Account trusted circle not set"), NULL, &error)); @@ -1729,29 +1707,7 @@ bool SOSAccountEnsurePeerRegistration(SOSAccountRef account, CFErrorRef *error) //Initialize our device ID if(whichTransportType == kSOSTransportIDS || whichTransportType == kSOSTransportFuture || whichTransportType == kSOSTransportPresent){ - CFStringRef deviceID = SOSPeerInfoCopyDeviceID(SOSFullPeerInfoGetPeerInfo(account->my_identity)); - if( deviceID == NULL || CFStringGetLength(deviceID) == 0){ - - __block bool success = true; - __block CFErrorRef localError = NULL; - - SOSCloudKeychainGetIDSDeviceID(^(CFDictionaryRef returnedValues, CFErrorRef sync_error){ - success = (sync_error == NULL); - if (!success) { - CFRetainAssign(localError, sync_error); - } - }); - - if(!success && localError != NULL && error != NULL){ - secerror("Could not ask IDSKeychainSyncingProxy for Device ID: %@", localError); - *error = localError; - } - else{ - secdebug("IDS Transport", "Attempting to retrieve the IDS Device ID"); - } - CFReleaseNull(localError); - } - CFReleaseNull(deviceID); + SOSTransportMessageIDSGetIDSDeviceID(account); } done: diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.h index 01399a82..97698c4c 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccount.h @@ -179,7 +179,7 @@ void SOSAccountAddSyncablePeerBlock(SOSAccountRef a, // bool SOSAccountUpdateGestalt(SOSAccountRef account, CFDictionaryRef new_gestalt); -bool SOSAccountUpdateFullPeerInfo(SOSAccountRef account, CFSetRef minimumViews); +bool SOSAccountUpdateFullPeerInfo(SOSAccountRef account, CFSetRef minimumViews, CFSetRef excludedViews); SOSViewResultCode SOSAccountUpdateView(SOSAccountRef account, CFStringRef viewname, SOSViewActionCode actionCode, CFErrorRef *error); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountBackup.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountBackup.c index edd1fede..3cfabdc6 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountBackup.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountBackup.c @@ -82,7 +82,7 @@ static CFSetRef SOSAccountCopyBackupPeersForView(SOSAccountRef account, CFString require_quiet(circle, exit); - SOSCircleForEachActiveValidPeer(circle, account->user_public, ^(SOSPeerInfoRef peer) { + SOSCircleForEachValidPeer(circle, account->user_public, ^(SOSPeerInfoRef peer) { if (SOSPeerInfoIsViewBackupEnabled(peer, viewName)) CFSetAddValue(backupPeers, peer); }); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPeers.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPeers.c index 825a9a3a..3b232f3d 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPeers.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPeers.c @@ -125,8 +125,16 @@ CFArrayRef SOSAccountCopyRetired(SOSAccountRef account, CFErrorRef *error) { CFArrayRef SOSAccountCopyViewUnaware(SOSAccountRef account, CFErrorRef *error) { return SOSAccountCopySortedPeerArray(account, error, ^(SOSCircleRef circle, CFMutableArrayRef appendPeersTo) { SOSCircleForEachPeer(circle, ^(SOSPeerInfoRef peer) { - if (!SOSPeerInfoVersionHasV2Data(peer)) { + if (!SOSPeerInfoVersionHasV2Data(peer) ) { sosArrayAppendPeerCopy(appendPeersTo, peer); + } else { + CFSetRef peerEnabledViews = SOSPeerInfoCopyEnabledViews(peer); + CFSetRef enabledV0Views = CFSetCreateIntersection(kCFAllocatorDefault, peerEnabledViews, SOSViewsGetV0ViewSet()); + if(CFSetGetCount(enabledV0Views) != 0) { + sosArrayAppendPeerCopy(appendPeersTo, peer); + } + CFReleaseNull(peerEnabledViews); + CFReleaseNull(enabledV0Views); } }); }); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPersistence.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPersistence.c index c06091b3..b76a40aa 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPersistence.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSAccountPersistence.c @@ -320,7 +320,7 @@ SOSAccountRef SOSAccountCreateFromDER(CFAllocatorRef allocator, // if we were syncing legacy keychain, ensure we include those legacy views. bool wasSyncingLegacy = !SOSPeerInfoVersionIsCurrent(myPI) && SOSAccountIsInCircle(account, NULL); CFSetRef viewsToEnsure = SOSViewsCreateDefault(wasSyncingLegacy, NULL); - SOSAccountUpdateFullPeerInfo(account, viewsToEnsure); + SOSAccountUpdateFullPeerInfo(account, viewsToEnsure, SOSViewsGetV0ViewSet()); // We don't permit V0 view proper, only sub-views CFReleaseNull(viewsToEnsure); } diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.c index e536d140..a6a006c9 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSBackupSliceKeyBag.c @@ -142,6 +142,7 @@ uint8_t* der_encode_BackupSliceKeyBag(SOSBackupSliceKeyBagRef set, CFErrorRef *e if (der_end == NULL) return der_end; require_quiet(SecRequirementError(set != NULL, error, CFSTR("Null set passed to encode")), fail); + require_quiet(set, fail); // This should be removed when SecRequirementError can squelch analyzer warnings der_end = ccder_encode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, der_end, der, der_encode_data(set->aks_bag, error, der, diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSECWrapUnwrap.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSECWrapUnwrap.c index 94c3f888..f232bb6f 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSECWrapUnwrap.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSECWrapUnwrap.c @@ -36,6 +36,7 @@ SOSCopyECWrappedData(ccec_pub_ctx *ec_ctx, CFDataRef data, CFErrorRef *error) require_quiet(SecRequirementError(data != NULL, error, CFSTR("data required for wrapping")), exit); require_quiet(SecRequirementError(ec_ctx != NULL, error, CFSTR("ec pub key required for wrapping")), exit); + require_quiet(ec_ctx, exit); // This should be removed when SecRequirementError can squelch analyzer warnings outputLength = ccec_rfc6637_wrap_key_size(ec_ctx, CCEC_RFC6637_COMPACT_KEYS | DEBUGKEYS, CFDataGetLength(data)); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSEngine.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSEngine.c index 15318f85..6ebdc0b0 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSEngine.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSEngine.c @@ -1397,7 +1397,7 @@ bool SOSEngineHandleMessage_locked(SOSEngineRef engine, CFStringRef peerID, SOSM // reflect that we actually have these objects if we didn't already. // Ensure any objects that we received and have locally already are actually in our local manifest - SOSEngineUpdateChanges_locked(engine, NULL, kSOSDataSourceTransactionDidCommit, kSOSDataSourceSOSTransaction, changes, error); + SOSEngineUpdateChanges_locked(engine, txn, kSOSDataSourceTransactionDidCommit, kSOSDataSourceSOSTransaction, changes, error); } CFReleaseSafe(changes); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.c index 219c2708..40a1b7db 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.c @@ -306,81 +306,77 @@ SOSViewResultCode SOSFullPeerInfoUpdateViews(SOSFullPeerInfoRef peer, SOSViewAct }) ? retval : kSOSCCGeneralViewError; } +static CFMutableSetRef SOSFullPeerInfoCopyViewUpdate(SOSFullPeerInfoRef peer, CFSetRef minimumViews, CFSetRef excludedViews) { + CFSetRef enabledViews = SOSPeerInfoCopyEnabledViews(peer->peer_info); + CFMutableSetRef newViews = SOSPeerInfoCopyEnabledViews(peer->peer_info); -static bool CFSetIsSubset(CFSetRef smaller, CFSetRef bigger) { - __block bool isSubset = true; - CFSetForEach(smaller, ^(const void *value) { - if (!CFSetContainsValue(bigger, value)) { - isSubset = false; - } - }); + if (isSet(minimumViews)) { + CFSetUnion(newViews, minimumViews); + } + if (isSet(excludedViews)) { + CFSetSubtract(newViews, excludedViews); + } - return isSubset; -} + if (CFEqualSafe(newViews, enabledViews)) { + CFReleaseNull(newViews); + } -static void CFSetUnionSet(CFMutableSetRef target, CFSetRef source) { - CFSetForEach(source, ^(const void *value) { - CFSetAddValue(target, value); - }); + CFReleaseNull(enabledViews); + return newViews; } -static bool sosFullPeerInfoNeedsViewUpdate(SOSFullPeerInfoRef peer, CFSetRef minimumViews) { - CFSetRef currentViews = SOSPeerInfoCopyEnabledViews(peer->peer_info); - bool success = isSet(minimumViews) && (!isSet(currentViews) || !CFSetIsSubset(minimumViews, currentViews)); - CFReleaseNull(currentViews); - return success; +static bool SOSFullPeerInfoNeedsViewUpdate(SOSFullPeerInfoRef peer, CFSetRef minimumViews, CFSetRef excludedViews) { + CFSetRef updatedViews = SOSFullPeerInfoCopyViewUpdate(peer, minimumViews, excludedViews); + bool needsUpdate = (updatedViews != NULL); + CFReleaseNull(updatedViews); + return needsUpdate; } -static bool sosFullPeerInfoRequiresUpdate(SOSFullPeerInfoRef peer, CFSetRef minimumViews) { +static bool sosFullPeerInfoRequiresUpdate(SOSFullPeerInfoRef peer, CFSetRef minimumViews, CFSetRef excludedViews) { if(!SOSPeerInfoVersionIsCurrent(peer->peer_info)) return true; if(!SOSPeerInfoSerialNumberIsSet(peer->peer_info)) return true; if(!(SOSPeerInfoV2DictionaryHasString(peer->peer_info, sDeviceID)))return true; if(!(SOSPeerInfoV2DictionaryHasString(peer->peer_info, sTransportType))) return true; if(!(SOSPeerInfoV2DictionaryHasBoolean(peer->peer_info, sPreferIDS))) return true; - if(sosFullPeerInfoNeedsViewUpdate(peer, minimumViews)) return true; + if(SOSFullPeerInfoNeedsViewUpdate(peer, minimumViews, excludedViews)) return true; return false; } // Returning false indicates we don't need to upgrade. -bool SOSFullPeerInfoUpdateToCurrent(SOSFullPeerInfoRef peer, CFSetRef minimumViews) { - CFMutableSetRef newViews = NULL; - - if(!sosFullPeerInfoRequiresUpdate(peer, minimumViews)) return false; +bool SOSFullPeerInfoUpdateToCurrent(SOSFullPeerInfoRef peer, CFSetRef minimumViews, CFSetRef excludedViews) { + bool success = false; - CFSetRef currentViews = SOSPeerInfoCopyEnabledViews(peer->peer_info); - if (sosFullPeerInfoNeedsViewUpdate(peer, minimumViews)) { - newViews = isSet(currentViews) ? CFSetCreateMutableCopy(kCFAllocatorDefault, 0, currentViews) : CFSetCreateMutableForCFTypes(kCFAllocatorDefault); - CFSetUnionSet(newViews, minimumViews); - } - + CFMutableSetRef newViews = NULL; CFErrorRef copyError = NULL; CFErrorRef createError = NULL; - SecKeyRef device_key = SOSFullPeerInfoCopyDeviceKey(peer, ©Error); + SecKeyRef device_key = NULL; + + require_quiet(sosFullPeerInfoRequiresUpdate(peer, minimumViews, excludedViews), errOut); + + newViews = SOSFullPeerInfoCopyViewUpdate(peer, minimumViews, excludedViews); + + device_key = SOSFullPeerInfoCopyDeviceKey(peer, ©Error); require_action_quiet(device_key, errOut, secnotice("upgrade", "SOSFullPeerInfoCopyDeviceKey failed: %@", copyError)); SOSPeerInfoRef newPeer = SOSPeerInfoCreateCurrentCopy(kCFAllocatorDefault, peer->peer_info, - NULL, NULL, NULL, newViews ? newViews : minimumViews, + NULL, NULL, NULL, newViews, device_key, &createError); require_action_quiet(newPeer, errOut, secnotice("upgrade", "Peer info v2 create copy failed: %@", createError)); CFTransferRetained(peer->peer_info, newPeer); - - CFReleaseNull(currentViews); - CFReleaseSafe(newViews); - CFReleaseNull(device_key); - return true; - + + success = true; + errOut: - CFReleaseNull(currentViews); - CFReleaseSafe(newViews); + CFReleaseNull(newViews); CFReleaseNull(copyError); CFReleaseNull(createError); CFReleaseNull(device_key); - return false; + return success; } SOSViewResultCode SOSFullPeerInfoViewStatus(SOSFullPeerInfoRef peer, CFStringRef viewname, CFErrorRef *error) diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.h index edb1c3d6..d647fb99 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSFullPeerInfo.h @@ -70,7 +70,7 @@ bool SOSFullPeerInfoAddEscrowRecord(SOSFullPeerInfoRef peer, CFStringRef dsid, C bool SOSFullPeerInfoReplaceEscrowRecords(SOSFullPeerInfoRef peer, CFDictionaryRef escrowRecords, CFErrorRef* error); -bool SOSFullPeerInfoUpdateToCurrent(SOSFullPeerInfoRef peer, CFSetRef minimumViews); +bool SOSFullPeerInfoUpdateToCurrent(SOSFullPeerInfoRef peer, CFSetRef minimumViews, CFSetRef excludedViews); SOSViewResultCode SOSFullPeerInfoUpdateViews(SOSFullPeerInfoRef peer, SOSViewActionCode action, CFStringRef viewname, CFErrorRef* error); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfo.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfo.c index 8eec9436..181e3273 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfo.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfo.c @@ -238,9 +238,6 @@ static SOSPeerInfoRef SOSPeerInfoCreate_Internal(CFAllocatorRef allocator, sGestaltKey, pi->gestalt, NULL); - if (backup_key != NULL) - SOSPeerInfoV2DictionarySetValue(pi, sBackupKeyKey, backup_key); - description_modifier(pi->description); diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.c index b17d478d..127298f5 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSPeerInfoV2.c @@ -170,7 +170,7 @@ bool SOSPeerInfoUpdateToV2(SOSPeerInfoRef pi, CFErrorRef *error) { } require_action_quiet((v2data = SOSCreateDERFromDictionary(v2Dictionary, error)), out, SOSCreateError(kSOSErrorAllocationFailure, CFSTR("No Memory"), NULL, error)); CFDictionaryAddValue(pi->description, sV2DictionaryKey, v2data); - SOSPeerInfoExpandV2Data(pi, error); + //SOSPeerInfoExpandV2Data(pi, error); retval = true; out: CFReleaseNull(views); @@ -193,18 +193,15 @@ errOut: bool SOSPeerInfoExpandV2Data(SOSPeerInfoRef pi, CFErrorRef *error) { CFDataRef v2data = NULL; - CFMutableDictionaryRef v2Dictionary = NULL; + bool retval = false; - require_action_quiet((v2data = SOSPeerInfoGetV2Data(pi)), out, SOSCreateError(kSOSErrorDecodeFailure, CFSTR("No V2 Data in description"), NULL, error)); - require_action_quiet((v2Dictionary = SOSCreateDictionaryFromDER(v2data, error)), out, SOSCreateError(kSOSErrorDecodeFailure, CFSTR("Can't expand V2 Dictionary"), NULL, error)); + require_quiet(pi, out); CFReleaseNull(pi->v2Dictionary); - pi->v2Dictionary = v2Dictionary; - return true; - + require_action_quiet((v2data = SOSPeerInfoGetV2Data(pi)), out, SOSCreateError(kSOSErrorDecodeFailure, CFSTR("No V2 Data in description"), NULL, error)); + require_action_quiet((pi->v2Dictionary = SOSCreateDictionaryFromDER(v2data, error)), out, SOSCreateError(kSOSErrorDecodeFailure, CFSTR("Can't expand V2 Dictionary"), NULL, error)); + retval = true; out: - CFReleaseNull(v2Dictionary); - return false; - + return retval; } void SOSPeerInfoV2DictionarySetValue(SOSPeerInfoRef pi, const void *key, const void *value) { diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBackup.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBackup.c index 8c9270c3..dc86979b 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBackup.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSRingBackup.c @@ -128,14 +128,6 @@ static bool SOSBackupRingPeersInViews(CFSetRef peers, SOSRingRef ring) { return retval; } -static bool CFSetIsSubset(CFSetRef little, CFSetRef big) { - __block bool retval = true; - CFSetForEach(little, ^(const void *value) { - if(!CFSetContainsValue(big, value)) retval = false; - }); - return retval; -} - // Make sure that the ring includes me if I'm enabled for its view. static SOSConcordanceStatus SOSBackupRingEvaluateMyInclusion(SOSRingRef ring, SOSFullPeerInfoRef me) { bool shouldBeInRing = false; diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.c b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.c index d249a92d..651f1412 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.c +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.c @@ -62,27 +62,7 @@ SOSTransportMessageIDSRef SOSTransportMessageIDSCreate(SOSAccountRef account, CF // Initialize ourselves - CFStringRef deviceID = SOSPeerInfoCopyDeviceID(SOSFullPeerInfoGetPeerInfo(account->my_identity)); - if(deviceID == NULL || CFStringGetLength(deviceID) == 0){ - - __block bool success = true; - __block CFErrorRef localError = NULL; - SOSCloudKeychainGetIDSDeviceID(^(CFDictionaryRef returnedValues, CFErrorRef sync_error){ - success = (sync_error == NULL); - if (!success) { - CFRetainAssign(localError, sync_error); - } - }); - - if(!success && localError != NULL && error != NULL){ - secerror("Could not ask IDSKeychainSyncingProxy for Device ID: %@", localError); - *error = localError; - } - else{ - secdebug("IDS Transport", "Attempting to retrieve the IDS Device ID"); - } - } - CFReleaseNull(deviceID); + SOSTransportMessageIDSGetIDSDeviceID(account); SOSRegisterTransportMessage((SOSTransportMessageRef)ids); } @@ -282,3 +262,20 @@ static bool cleanupAfterPeer(SOSTransportMessageRef transport, CFDictionaryRef c { return true; } + +void SOSTransportMessageIDSGetIDSDeviceID(SOSAccountRef account){ + + CFStringRef deviceID = SOSPeerInfoCopyDeviceID(SOSFullPeerInfoGetPeerInfo(account->my_identity)); + if( deviceID == NULL || CFStringGetLength(deviceID) == 0){ + SOSCloudKeychainGetIDSDeviceID(^(CFDictionaryRef returnedValues, CFErrorRef sync_error){ + bool success = (sync_error == NULL); + if (!success) { + secerror("Could not ask IDSKeychainSyncingProxy for Device ID: %@", sync_error); + } + else{ + secdebug("IDS Transport", "Successfully attempting to retrieve the IDS Device ID"); + } + }); + } + CFReleaseNull(deviceID); +} diff --git a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.h b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.h index 67ef61da..90a03643 100644 --- a/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.h +++ b/OSX/sec/SOSCircle/SecureObjectSync/SOSTransportMessageIDS.h @@ -36,3 +36,4 @@ SOSTransportMessageIDSRef SOSTransportMessageIDSCreate(SOSAccountRef account, CF HandleIDSMessageReason SOSTransportMessageIDSHandleMessage(SOSAccountRef account, CFDictionaryRef message, CFErrorRef *error); +void SOSTransportMessageIDSGetIDSDeviceID(SOSAccountRef account); diff --git a/OSX/sec/Security/Regressions/Security_regressions.h b/OSX/sec/Security/Regressions/Security_regressions.h index 21de90df..5b09c07c 100644 --- a/OSX/sec/Security/Regressions/Security_regressions.h +++ b/OSX/sec/Security/Regressions/Security_regressions.h @@ -17,7 +17,6 @@ ONE_TEST(si_15_certificate) ONE_TEST(si_16_ec_certificate) ONE_TEST(si_20_sectrust_activation) ONE_TEST(si_20_sectrust) -ONE_TEST(si_20_sectrust_att) ONE_TEST(si_21_sectrust_asr) ONE_TEST(si_22_sectrust_iap) ONE_TEST(si_23_sectrust_ocsp) @@ -84,6 +83,8 @@ ONE_TEST(si_83_seccertificate_sighashalg) ONE_TEST(si_84_atv_appsigning) ONE_TEST(si_85_sectrust_ssl_policy) ONE_TEST(si_86_sectrust_eap_tls) +ONE_TEST(si_87_sectrust_name_constraints) +ONE_TEST(si_88_sectrust_vpnprofile) ONE_TEST(vmdh_40) ONE_TEST(vmdh_41_example) diff --git a/OSX/sec/Security/Regressions/secitem/si-20-sectrust-att.c b/OSX/sec/Security/Regressions/secitem/si-20-sectrust-att.c deleted file mode 100644 index 04be9eb5..00000000 --- a/OSX/sec/Security/Regressions/secitem/si-20-sectrust-att.c +++ /dev/null @@ -1,550 +0,0 @@ -/* - * Copyright (c) 2006-2010,2012-2015 Apple Inc. All Rights Reserved. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "Security_regressions.h" - -/* subject:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=nmd.mcd06643.sjc.wayport.net */ -/* issuer :/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=AWS Managed Device CA G2 */ - -static unsigned char c0[1582]={ - 0x30,0x82,0x06,0x2A,0x30,0x82,0x05,0x12,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x0B, - 0x3B,0x5F,0x62,0x39,0x50,0xB5,0x6E,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, - 0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x78,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04, - 0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05, - 0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10, - 0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63, - 0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x13,0x12,0x41,0x54,0x54,0x20,0x57, - 0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x21,0x30, - 0x1F,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x41,0x57,0x53,0x20,0x4D,0x61,0x6E,0x61, - 0x67,0x65,0x64,0x20,0x44,0x65,0x76,0x69,0x63,0x65,0x20,0x43,0x41,0x20,0x47,0x32, - 0x30,0x1E,0x17,0x0D,0x31,0x35,0x30,0x38,0x31,0x32,0x30,0x32,0x30,0x35,0x31,0x31, - 0x5A,0x17,0x0D,0x31,0x35,0x30,0x38,0x32,0x32,0x30,0x32,0x30,0x35,0x31,0x31,0x5A, - 0x30,0x7C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31, - 0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,0x54,0x65,0x78,0x61,0x73,0x31, - 0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x41,0x54,0x54,0x20,0x53,0x65, - 0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0x31,0x1B,0x30,0x19,0x06,0x03, - 0x55,0x04,0x0B,0x13,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53, - 0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x03, - 0x13,0x1C,0x6E,0x6D,0x64,0x2E,0x6D,0x63,0x64,0x30,0x36,0x36,0x34,0x33,0x2E,0x73, - 0x6A,0x63,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x82, - 0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05, - 0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xD0, - 0x65,0xD5,0x7A,0x99,0xB8,0x19,0x83,0x22,0x9F,0xE0,0x0E,0xDA,0x16,0x37,0x74,0x2A, - 0xDD,0xDA,0xD3,0x5A,0xBE,0xBC,0xDC,0xF7,0x3F,0xBC,0x16,0x24,0x94,0x3A,0xDA,0x51, - 0xD6,0xB4,0xA6,0x0E,0x2F,0xC6,0x87,0x74,0x50,0x0F,0x60,0xDD,0x6C,0xD5,0xD6,0x5B, - 0x0C,0x69,0x54,0x06,0x51,0x70,0xB7,0xA3,0x4D,0x2A,0x81,0x07,0xC8,0xE6,0xFB,0x08, - 0x0D,0x4B,0xA3,0xBE,0xC8,0x1D,0x83,0xBB,0x8D,0xD4,0xB6,0x67,0x5A,0x41,0x03,0xF4, - 0x14,0x31,0x23,0x14,0x25,0xF9,0x59,0xAA,0x0D,0x32,0xAF,0xA7,0x4E,0x65,0xDE,0x24, - 0x76,0x06,0x50,0x6D,0xF0,0x0A,0x2A,0x7F,0x88,0xA9,0x6A,0x52,0x1C,0xB0,0xFE,0xF3, - 0xD3,0xE2,0x33,0xBD,0x4E,0xBC,0xB8,0xFB,0x27,0xD0,0x24,0x1F,0x17,0xAF,0xA9,0xDE, - 0x5D,0x40,0xAD,0x20,0xBB,0xF8,0x88,0x90,0x4E,0x34,0x9F,0xEF,0x21,0x70,0xBB,0xB2, - 0x15,0x1C,0xB7,0x86,0x37,0x34,0x31,0x8F,0x73,0xBE,0x97,0xDF,0x25,0xE5,0x8F,0x2F, - 0x0D,0xB8,0xAA,0x24,0x8B,0x73,0x3D,0x73,0xD2,0xFB,0x50,0x0D,0x02,0x31,0x32,0xFC, - 0x8E,0x8E,0x45,0xC7,0x97,0x61,0x68,0xB0,0xFC,0xF3,0xD1,0x49,0xCE,0x66,0x83,0x6A, - 0x15,0x30,0xAF,0x3F,0x8D,0x8F,0xFC,0x0E,0x2D,0xA4,0x05,0x9E,0xAC,0xDF,0xFD,0xB9, - 0xF3,0x83,0x69,0x4A,0xEB,0xA9,0x0E,0x3F,0x32,0xA8,0x25,0x95,0xB5,0x10,0xFF,0xF9, - 0x29,0x1B,0x15,0xA7,0x23,0x35,0x65,0xA5,0x74,0xB3,0x1D,0x0D,0x18,0xE2,0x02,0x5C, - 0xEA,0xD7,0xB6,0x50,0x61,0x0C,0x2B,0x90,0x01,0xED,0x69,0xFA,0xEE,0xE8,0xD1,0x02, - 0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0xB2,0x30,0x82,0x02,0xAE,0x30,0x73,0x06,0x08, - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x67,0x30,0x65,0x30,0x33,0x06,0x08, - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x27,0x68,0x74,0x74,0x70,0x3A,0x2F, - 0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F, - 0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x6D,0x64,0x63,0x61,0x67,0x32,0x2E,0x63,0x72, - 0x74,0x30,0x2E,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x22,0x68, - 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2D,0x62,0x2E,0x70,0x6B,0x69, - 0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x3A,0x32,0x35,0x36, - 0x30,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x94,0x0A,0xF3,0x3D, - 0x5A,0x66,0xC1,0x2C,0x8B,0x68,0xD9,0x26,0xBB,0xD9,0x09,0x22,0x7F,0x34,0x85,0x96, - 0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,0x1F, - 0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x83,0x85,0x8B,0x92,0x05, - 0x1B,0x41,0x9E,0x45,0xAB,0xAB,0xB2,0xE3,0xFD,0xD5,0x44,0xCA,0x41,0xBD,0xE7,0x30, - 0x81,0xD4,0x06,0x03,0x55,0x1D,0x20,0x04,0x81,0xCC,0x30,0x81,0xC9,0x30,0x81,0xC6, - 0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,0x48,0x83,0x7D,0x01,0x01,0x30,0x81,0xB6, - 0x30,0x81,0x80,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x74,0x1E, - 0x72,0x00,0x43,0x00,0x6F,0x00,0x70,0x00,0x79,0x00,0x72,0x00,0x69,0x00,0x67,0x00, - 0x68,0x00,0x74,0x00,0x20,0x00,0x28,0x00,0x63,0x00,0x29,0x00,0x20,0x00,0x32,0x00, - 0x30,0x00,0x31,0x00,0x33,0x00,0x20,0x00,0x41,0x00,0x54,0x00,0x54,0x00,0x20,0x00, - 0x57,0x00,0x69,0x00,0x2D,0x00,0x46,0x00,0x69,0x00,0x20,0x00,0x53,0x00,0x65,0x00, - 0x72,0x00,0x76,0x00,0x69,0x00,0x63,0x00,0x65,0x00,0x73,0x00,0x20,0x00,0x41,0x00, - 0x6C,0x00,0x6C,0x00,0x20,0x00,0x52,0x00,0x69,0x00,0x67,0x00,0x68,0x00,0x74,0x00, - 0x73,0x00,0x20,0x00,0x52,0x00,0x65,0x00,0x73,0x00,0x65,0x00,0x72,0x00,0x76,0x00, - 0x65,0x00,0x64,0x30,0x31,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16, - 0x25,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B, - 0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70, - 0x73,0x2E,0x68,0x74,0x6D,0x6C,0x30,0x81,0xB9,0x06,0x03,0x55,0x1D,0x1F,0x04,0x81, - 0xB1,0x30,0x81,0xAE,0x30,0x81,0xAB,0xA0,0x2B,0xA0,0x29,0x86,0x27,0x68,0x74,0x74, - 0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61, - 0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x6D,0x64,0x63,0x61,0x67,0x32, - 0x2E,0x63,0x72,0x6C,0xA2,0x7C,0xA4,0x7A,0x30,0x78,0x31,0x21,0x30,0x1F,0x06,0x03, - 0x55,0x04,0x03,0x0C,0x18,0x41,0x57,0x53,0x20,0x4D,0x61,0x6E,0x61,0x67,0x65,0x64, - 0x20,0x44,0x65,0x76,0x69,0x63,0x65,0x20,0x43,0x41,0x20,0x47,0x32,0x31,0x1B,0x30, - 0x19,0x06,0x03,0x55,0x04,0x0B,0x0C,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46, - 0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x19,0x30,0x17,0x06,0x03, - 0x55,0x04,0x0A,0x0C,0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65, - 0x73,0x20,0x49,0x6E,0x63,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x0C,0x05, - 0x54,0x65,0x78,0x61,0x73,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02, - 0x55,0x53,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02, - 0x03,0xA8,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B, - 0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03, - 0x02,0x30,0x27,0x06,0x03,0x55,0x1D,0x11,0x04,0x20,0x30,0x1E,0x82,0x1C,0x6E,0x6D, - 0x64,0x2E,0x6D,0x63,0x64,0x30,0x36,0x36,0x34,0x33,0x2E,0x73,0x6A,0x63,0x2E,0x77, - 0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86, - 0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x19,0x90, - 0xD6,0x10,0xBA,0x3E,0x55,0x07,0x1B,0x4E,0x71,0x94,0x9F,0xCE,0x80,0xD7,0x1F,0x90, - 0x2A,0x23,0x79,0x45,0xFB,0x61,0x47,0x19,0xBD,0x32,0x58,0xB2,0x58,0xC5,0x37,0xE9, - 0x01,0x63,0x61,0x6B,0x1E,0x17,0x54,0xC5,0xE9,0x5F,0x2A,0x9F,0xF3,0x01,0x0A,0x4C, - 0x61,0x7C,0x18,0x9A,0x3E,0x91,0x7F,0x14,0x8E,0xDF,0xB2,0x2C,0xB8,0xEC,0x3B,0x7C, - 0xC7,0xE5,0x62,0xC4,0x72,0x22,0x42,0xBB,0x61,0x9C,0xB0,0x5D,0x49,0x44,0x47,0x90, - 0x8E,0xBF,0x85,0x88,0xFF,0x36,0x7A,0x4C,0xCE,0x35,0x1B,0x88,0x93,0xE4,0x0A,0xB4, - 0xD1,0x24,0x44,0x43,0x8E,0xC0,0xFC,0x7F,0xE8,0x03,0xCD,0x91,0xF5,0x21,0x6F,0x4B, - 0xB7,0x9C,0x06,0xDC,0xE0,0xE4,0x5A,0xFD,0x3C,0x33,0xC4,0xE1,0xFB,0xB7,0xC4,0xF5, - 0xD4,0xC4,0xFD,0x63,0x43,0xD8,0x9B,0x2C,0x6C,0x5D,0x45,0xBE,0xD2,0x25,0x80,0xF7, - 0x5D,0x4A,0x73,0xB5,0xB4,0xF0,0xEF,0xDD,0x91,0x11,0xEF,0xAB,0x85,0xD6,0xDF,0x92, - 0xC0,0xA6,0x3E,0xBE,0x7A,0x2B,0xC5,0xD0,0x6C,0x48,0x6C,0x2A,0x9E,0x7D,0x7B,0xFC, - 0x93,0x9D,0x80,0xD1,0xCB,0x2F,0x2C,0x3E,0x94,0x46,0x5B,0xF3,0x8A,0xE8,0xE9,0xC7, - 0x1A,0x49,0x67,0x2B,0xE7,0xDD,0x73,0x05,0x1C,0x83,0x08,0xC5,0xBB,0xBC,0x47,0x5D, - 0x90,0x38,0x08,0xAC,0x49,0x82,0xE7,0xA9,0x28,0xA2,0x42,0x3E,0xFD,0x15,0x5C,0xF9, - 0x63,0x50,0x18,0xCA,0x76,0x1B,0x9C,0x88,0xF7,0x4D,0x7C,0xF4,0x5B,0x0E,0x93,0x53, - 0xBC,0xFD,0x25,0x90,0x88,0x06,0xB7,0xDE,0x33,0x33,0x5D,0xD6,0x9C,0x03, -}; - - -/* subject:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=AWS Managed Device CA G2 */ -/* issuer :/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Root Certificate Authority G2 */ - -static unsigned char c1[1578]={ - 0x30,0x82,0x06,0x26,0x30,0x82,0x05,0x0E,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x19, - 0x54,0xAA,0x5A,0x22,0x2C,0x5B,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, - 0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0x90,0x31,0x0B,0x30,0x09,0x06,0x03,0x55, - 0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13, - 0x05,0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13, - 0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E, - 0x63,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x13,0x12,0x41,0x54,0x54,0x20, - 0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x39, - 0x30,0x37,0x06,0x03,0x55,0x04,0x03,0x13,0x30,0x41,0x54,0x54,0x20,0x57,0x69,0x2D, - 0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x52,0x6F,0x6F,0x74, - 0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74, - 0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x47,0x32,0x30,0x1E,0x17,0x0D,0x31,0x33,0x30, - 0x36,0x30,0x35,0x31,0x38,0x33,0x30,0x31,0x35,0x5A,0x17,0x0D,0x31,0x38,0x30,0x35, - 0x33,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x30,0x78,0x31,0x0B,0x30,0x09,0x06, - 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04, - 0x08,0x13,0x05,0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04, - 0x0A,0x13,0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20, - 0x49,0x6E,0x63,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x13,0x12,0x41,0x54, - 0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73, - 0x31,0x21,0x30,0x1F,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x41,0x57,0x53,0x20,0x4D, - 0x61,0x6E,0x61,0x67,0x65,0x64,0x20,0x44,0x65,0x76,0x69,0x63,0x65,0x20,0x43,0x41, - 0x20,0x47,0x32,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, - 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02, - 0x82,0x01,0x01,0x00,0x8C,0xE4,0xEB,0x2B,0x6D,0x51,0x1E,0xFE,0xBE,0xB9,0x1D,0x72, - 0x6D,0xD9,0x0C,0xBB,0x30,0x58,0x28,0xA2,0xA2,0x03,0x5B,0x99,0xCF,0x12,0x8B,0xF5, - 0xAD,0x91,0x66,0x30,0xEC,0x33,0xDE,0x2D,0xF2,0x8C,0x27,0xD9,0x46,0xCC,0xC5,0x32, - 0x46,0x31,0xC5,0xCA,0x13,0x9A,0xE2,0xD2,0x5E,0x8F,0xCD,0x3C,0x77,0x91,0x71,0x88, - 0xD9,0xD9,0xA1,0x31,0x8F,0xDA,0x32,0x5E,0x61,0x19,0x65,0x80,0xE6,0x3B,0x0C,0xD8, - 0x85,0xBC,0x26,0x4F,0x89,0x6D,0x4F,0xFF,0x3D,0x02,0x8D,0xA7,0x81,0x26,0xF9,0xD5, - 0x2F,0xFD,0x1B,0x30,0xF4,0x7B,0x67,0x51,0x37,0xE3,0x45,0x88,0x2B,0xCF,0x49,0x4E, - 0xDD,0x22,0xFC,0x93,0xA7,0x25,0x4E,0xDE,0x1D,0x61,0x0D,0x8D,0xF4,0xF0,0xD4,0x65, - 0x89,0xAD,0xC0,0xBA,0x7E,0xB4,0x8F,0x05,0x02,0xA9,0xDA,0x48,0x1B,0xE0,0x9E,0x06, - 0x7C,0xC0,0x9C,0x50,0xFB,0x59,0x16,0x09,0xB2,0x91,0xAF,0xC6,0xAD,0x7D,0x18,0x41, - 0x0E,0x41,0xAC,0xBC,0x22,0xFD,0x78,0xF6,0xF7,0xA3,0x02,0x34,0x77,0x5D,0x11,0x47, - 0xC2,0x3B,0xAA,0x60,0x38,0x06,0xCA,0xAF,0x18,0xD5,0xC0,0x1E,0x97,0x4F,0x96,0xD4, - 0x65,0x37,0x23,0xD7,0xAA,0xF1,0xCB,0x27,0xB0,0x53,0xFF,0x74,0x76,0x66,0xEE,0x25, - 0x1A,0xE0,0x18,0x6C,0xFD,0x29,0x15,0xAE,0x89,0x86,0x6D,0xA1,0x56,0x41,0x5D,0x81, - 0x68,0x5A,0xC4,0x4A,0x43,0x30,0x38,0xDB,0x61,0x9B,0xDC,0x9A,0x83,0x26,0xF5,0xCE, - 0x64,0x48,0x1C,0x1A,0x9B,0xE3,0xCB,0xB1,0x8C,0x1C,0x51,0x6C,0x94,0x7C,0x88,0x73, - 0xDB,0x71,0xED,0x57,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0x99,0x30,0x82,0x02, - 0x95,0x30,0x70,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x64,0x30, - 0x62,0x30,0x35,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x29,0x68, - 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E, - 0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x72,0x6F,0x6F,0x74, - 0x63,0x61,0x67,0x32,0x2E,0x63,0x72,0x74,0x30,0x29,0x06,0x08,0x2B,0x06,0x01,0x05, - 0x05,0x07,0x30,0x01,0x86,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73, - 0x70,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E, - 0x6E,0x65,0x74,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x83,0x85, - 0x8B,0x92,0x05,0x1B,0x41,0x9E,0x45,0xAB,0xAB,0xB2,0xE3,0xFD,0xD5,0x44,0xCA,0x41, - 0xBD,0xE7,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06, - 0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30, - 0x16,0x80,0x14,0xF3,0xD3,0xC7,0x5E,0x2C,0x45,0x26,0x7E,0xFD,0xE6,0xE4,0xB4,0x94, - 0xB8,0x04,0x0F,0x39,0x3B,0x10,0xDE,0x30,0x81,0xE3,0x06,0x03,0x55,0x1D,0x20,0x04, - 0x81,0xDB,0x30,0x81,0xD8,0x30,0x81,0xC6,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3, - 0x48,0x83,0x7D,0x01,0x01,0x30,0x81,0xB6,0x30,0x81,0x80,0x06,0x08,0x2B,0x06,0x01, - 0x05,0x05,0x07,0x02,0x02,0x30,0x74,0x1E,0x72,0x00,0x43,0x00,0x6F,0x00,0x70,0x00, - 0x79,0x00,0x72,0x00,0x69,0x00,0x67,0x00,0x68,0x00,0x74,0x00,0x20,0x00,0x28,0x00, - 0x63,0x00,0x29,0x00,0x20,0x00,0x32,0x00,0x30,0x00,0x31,0x00,0x33,0x00,0x20,0x00, - 0x41,0x00,0x54,0x00,0x54,0x00,0x20,0x00,0x57,0x00,0x69,0x00,0x2D,0x00,0x46,0x00, - 0x69,0x00,0x20,0x00,0x53,0x00,0x65,0x00,0x72,0x00,0x76,0x00,0x69,0x00,0x63,0x00, - 0x65,0x00,0x73,0x00,0x20,0x00,0x41,0x00,0x6C,0x00,0x6C,0x00,0x20,0x00,0x52,0x00, - 0x69,0x00,0x67,0x00,0x68,0x00,0x74,0x00,0x73,0x00,0x20,0x00,0x52,0x00,0x65,0x00, - 0x73,0x00,0x65,0x00,0x72,0x00,0x76,0x00,0x65,0x00,0x64,0x30,0x31,0x06,0x08,0x2B, - 0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x25,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F, - 0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72, - 0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,0x73,0x2E,0x68,0x74,0x6D,0x6C,0x30,0x0D, - 0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,0x48,0x83,0x7D,0x01,0x02,0x30,0x81,0xD6, - 0x06,0x03,0x55,0x1D,0x1F,0x04,0x81,0xCE,0x30,0x81,0xCB,0x30,0x81,0xC8,0xA0,0x2D, - 0xA0,0x2B,0x86,0x29,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62, - 0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74, - 0x2F,0x72,0x6F,0x6F,0x74,0x63,0x61,0x67,0x32,0x2E,0x63,0x72,0x6C,0xA2,0x81,0x96, - 0xA4,0x81,0x93,0x30,0x81,0x90,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13, - 0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x0C,0x05,0x54,0x65, - 0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x0C,0x10,0x41,0x54, - 0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0x31,0x1B, - 0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x0C,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D, - 0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x39,0x30,0x37,0x06, - 0x03,0x55,0x04,0x03,0x0C,0x30,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20, - 0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x65, - 0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6F,0x72, - 0x69,0x74,0x79,0x20,0x47,0x32,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF, - 0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D, - 0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x79,0xE7,0x9C,0xD0,0x93,0x93, - 0xB8,0xD6,0xC5,0x58,0x85,0xD4,0xDA,0xC1,0x22,0x73,0x87,0x2F,0x97,0x9C,0x79,0x9B, - 0x61,0xC1,0x87,0xBB,0xA8,0xFD,0x9F,0x07,0x0C,0x3D,0xA1,0xD3,0xFC,0x17,0x46,0x04, - 0x1E,0xBE,0xEF,0x8B,0x9A,0xB1,0x17,0x82,0x75,0x25,0x41,0x68,0xD6,0x46,0x13,0x7A, - 0x9E,0xFB,0x13,0xCE,0x01,0xCA,0x1F,0xD2,0x3F,0x7F,0xF1,0xF3,0xCB,0xC5,0xF7,0x8A, - 0xAA,0x0F,0x63,0x8E,0xC9,0x68,0x31,0xDB,0x3D,0x69,0x4C,0x55,0xC6,0x34,0x24,0x52, - 0x76,0xC0,0x51,0xF9,0x29,0x2B,0xB2,0x3C,0x3C,0x95,0x11,0x20,0x92,0x1A,0x25,0xB8, - 0x10,0x3E,0x45,0xA3,0x4F,0x27,0x51,0xA3,0x8A,0x1D,0xEC,0x00,0x40,0x35,0x3F,0xAC, - 0x2D,0x49,0xD0,0x20,0x85,0x01,0xAE,0xF7,0x7D,0xFC,0x62,0x4E,0x49,0x9C,0xAA,0x99, - 0x27,0x6A,0x14,0xE3,0x51,0x9D,0x1B,0x1F,0xA9,0x32,0x33,0x4E,0xA9,0xA2,0x55,0x21, - 0xDB,0xFF,0x57,0x5A,0x3D,0xC7,0x80,0x6F,0xF1,0x75,0x3F,0x38,0x09,0x52,0x80,0xD5, - 0x5D,0xFE,0x6D,0x84,0x3A,0x9B,0xA7,0x53,0x62,0x48,0x96,0xA9,0x75,0xB0,0xEA,0x6A, - 0x78,0xB4,0x92,0x1F,0xC4,0xD2,0x46,0x59,0xEA,0xE0,0x14,0x01,0x38,0xD7,0x6B,0x5D, - 0x7F,0xB3,0x30,0x15,0x34,0x11,0x52,0xD1,0xF9,0xFB,0xFF,0x21,0xDB,0x06,0xD4,0x3D, - 0xB8,0x69,0xA0,0x95,0x34,0x20,0x1E,0xA1,0x31,0xF5,0xBD,0x18,0x1E,0x08,0xD8,0x55, - 0x06,0xB3,0x28,0x3B,0xF8,0x58,0x94,0x0C,0xBB,0x23,0xCB,0x9E,0x10,0x28,0x64,0x2D, - 0xB9,0x19,0x86,0xB6,0x29,0x2C,0xF2,0xA5,0x36,0x6B, -}; - - -/* subject:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Root Certificate Authority G2 */ -/* issuer :/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA G2 */ - -static unsigned char c2[1833]={ - 0x30,0x82,0x07,0x25,0x30,0x82,0x06,0x0D,0xA0,0x03,0x02,0x01,0x02,0x02,0x11,0x5C, - 0xD7,0xD8,0x96,0xBA,0xD5,0xC9,0x77,0x11,0xBC,0x14,0xCF,0x0E,0xD3,0x5F,0x20,0x62, - 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30, - 0x5C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x42,0x45,0x31,0x15, - 0x30,0x13,0x06,0x03,0x55,0x04,0x0B,0x13,0x0C,0x54,0x72,0x75,0x73,0x74,0x65,0x64, - 0x20,0x52,0x6F,0x6F,0x74,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10, - 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,0x2D,0x73,0x61, - 0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,0x54,0x72,0x75,0x73,0x74, - 0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x20,0x47,0x32,0x30,0x1E,0x17, - 0x0D,0x31,0x33,0x30,0x35,0x33,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D, - 0x31,0x38,0x30,0x35,0x33,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x30,0x81,0x90, - 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30, - 0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30, - 0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76, - 0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04, - 0x0B,0x13,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72, - 0x76,0x69,0x63,0x65,0x73,0x31,0x39,0x30,0x37,0x06,0x03,0x55,0x04,0x03,0x13,0x30, - 0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63, - 0x65,0x73,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, - 0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x47,0x32, - 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, - 0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01, - 0x00,0x83,0x87,0xD2,0xCE,0xE7,0xA6,0x57,0x09,0xA0,0x0A,0x5D,0xD3,0xBF,0x66,0x2B, - 0x82,0x7E,0xB2,0x8B,0xC2,0x32,0x68,0x61,0x36,0x7D,0xC4,0x96,0xCF,0x2A,0x64,0x7E, - 0xA7,0x9C,0x3F,0x67,0x3C,0x3E,0x50,0x6F,0x33,0x75,0x16,0x8E,0x81,0x70,0x67,0x5C, - 0x37,0x07,0xBD,0xD4,0xD4,0x70,0xD7,0x26,0x3B,0x38,0x25,0x3E,0xB4,0xB6,0x5E,0xCF, - 0x9A,0x89,0x45,0xA0,0x35,0xDE,0x15,0x83,0x36,0x9F,0x22,0x87,0xEA,0xFE,0xC8,0x4F, - 0xE8,0x6C,0x67,0xAA,0xEC,0xBC,0xA9,0xDA,0xA7,0xA4,0x3A,0xEB,0xB9,0xD5,0x31,0x4F, - 0x08,0x15,0x8A,0xCB,0x92,0x1B,0xFC,0xA2,0x5E,0xC6,0x6F,0x6B,0xA3,0x8E,0x9A,0x4C, - 0xAB,0x47,0xA3,0x75,0x06,0xED,0xB9,0xFA,0xD6,0xF4,0xA1,0x29,0xEA,0x3D,0xE1,0x8C, - 0xE5,0x85,0xCF,0x8E,0x35,0x81,0x20,0x9B,0x68,0x46,0x55,0x0F,0xA0,0x38,0x07,0xAF, - 0x6F,0x4F,0xAE,0xFD,0x7F,0x98,0xB6,0x6E,0x06,0xA8,0x14,0xCC,0x5B,0x8D,0xDD,0x4C, - 0xA7,0xC7,0x5A,0x4D,0xFA,0x17,0xFD,0xEC,0x77,0xD4,0x0D,0xA1,0xE8,0xFF,0x33,0x01, - 0x14,0x10,0xBC,0x82,0x38,0xEF,0xEF,0xBC,0xCE,0x8C,0x11,0x0A,0xFC,0xFE,0x55,0xA5, - 0x5B,0xA7,0x37,0xD6,0xBB,0xB2,0x5F,0x85,0x06,0xF6,0x96,0xFB,0x24,0x32,0xF4,0x51, - 0xB9,0x4D,0x1D,0x27,0x6A,0xB5,0xD2,0xC0,0x12,0x4B,0x8A,0x33,0xE0,0xC5,0x45,0x3D, - 0xD9,0x38,0xD6,0xE3,0xEF,0x28,0x32,0x77,0xD5,0x72,0xEE,0x99,0x06,0x6A,0xB0,0x05, - 0x43,0x4D,0xA2,0xB1,0x5F,0x22,0x92,0xD3,0x26,0xAC,0x0F,0x5C,0x91,0x6F,0x17,0x85, - 0x17,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,0xAB,0x30,0x82,0x03,0xA7,0x30,0x0E, - 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x82, - 0x01,0x0B,0x06,0x03,0x55,0x1D,0x20,0x04,0x82,0x01,0x02,0x30,0x81,0xFF,0x30,0x71, - 0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0xA0,0x32,0x01,0x3C,0x01,0x30,0x63,0x30,0x32, - 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x26,0x68,0x74,0x74,0x70, - 0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69, - 0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72, - 0x79,0x2F,0x30,0x2D,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x21, - 0x0C,0x1F,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75, - 0x73,0x74,0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x20,0x50,0x72,0x6F,0x67,0x72,0x61, - 0x6D,0x30,0x81,0x89,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,0x48,0x83,0x7D,0x01, - 0x01,0x30,0x7A,0x30,0x2F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16, - 0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70,0x6B,0x69,0x2E, - 0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,0x73,0x2E, - 0x68,0x74,0x6D,0x6C,0x30,0x47,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, - 0x30,0x3B,0x0C,0x39,0x43,0x6F,0x70,0x79,0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63, - 0x29,0x20,0x32,0x30,0x31,0x33,0x20,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69, - 0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x41,0x6C,0x6C,0x20,0x52,0x69, - 0x67,0x68,0x74,0x73,0x20,0x52,0x65,0x73,0x65,0x72,0x76,0x65,0x64,0x30,0x12,0x06, - 0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01, - 0x01,0x30,0x82,0x01,0x4B,0x06,0x03,0x55,0x1D,0x1E,0x04,0x82,0x01,0x42,0x30,0x82, - 0x01,0x3E,0xA0,0x82,0x01,0x08,0x30,0x0D,0x82,0x0B,0x77,0x61,0x79,0x70,0x6F,0x72, - 0x74,0x2E,0x6E,0x65,0x74,0x30,0x0D,0x82,0x0B,0x61,0x74,0x74,0x77,0x69,0x66,0x69, - 0x2E,0x63,0x6F,0x6D,0x30,0x10,0x82,0x0E,0x73,0x75,0x70,0x65,0x72,0x63,0x6C,0x69, - 0x63,0x6B,0x2E,0x6E,0x65,0x74,0x30,0x10,0x82,0x0E,0x73,0x75,0x70,0x65,0x72,0x63, - 0x6C,0x69,0x63,0x6B,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x81,0x0B,0x77,0x61,0x79,0x70, - 0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x0E,0x81,0x0C,0x2E,0x77,0x61,0x79,0x70, - 0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x0D,0x81,0x0B,0x61,0x74,0x74,0x77,0x69, - 0x66,0x69,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x81,0x0C,0x2E,0x61,0x74,0x74,0x77,0x69, - 0x66,0x69,0x2E,0x63,0x6F,0x6D,0x30,0x10,0x81,0x0E,0x73,0x75,0x70,0x65,0x72,0x63, - 0x6C,0x69,0x63,0x6B,0x2E,0x6E,0x65,0x74,0x30,0x11,0x81,0x0F,0x2E,0x73,0x75,0x70, - 0x65,0x72,0x63,0x6C,0x69,0x63,0x6B,0x2E,0x6E,0x65,0x74,0x30,0x10,0x81,0x0E,0x73, - 0x75,0x70,0x65,0x72,0x63,0x6C,0x69,0x63,0x6B,0x2E,0x63,0x6F,0x6D,0x30,0x11,0x81, - 0x0F,0x2E,0x73,0x75,0x70,0x65,0x72,0x63,0x6C,0x69,0x63,0x6B,0x2E,0x63,0x6F,0x6D, - 0x30,0x3C,0xA4,0x3A,0x30,0x38,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13, - 0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,0x54,0x65, - 0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x41,0x54, - 0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0xA1,0x30, - 0x30,0x0A,0x87,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x22,0x87,0x20, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01, - 0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30, - 0x3D,0x06,0x03,0x55,0x1D,0x1F,0x04,0x36,0x30,0x34,0x30,0x32,0xA0,0x30,0xA0,0x2E, - 0x86,0x2C,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x67,0x6C,0x6F, - 0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x67,0x73,0x2F,0x74, - 0x72,0x75,0x73,0x74,0x72,0x6F,0x6F,0x74,0x67,0x32,0x2E,0x63,0x72,0x6C,0x30,0x81, - 0x84,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x78,0x30,0x76,0x30, - 0x33,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x27,0x68,0x74,0x74, - 0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x32,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C, - 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x74,0x72,0x75,0x73,0x74,0x72,0x6F, - 0x6F,0x74,0x67,0x32,0x30,0x3F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, - 0x86,0x33,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x65,0x63,0x75,0x72,0x65,0x2E, - 0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x63, - 0x61,0x63,0x65,0x72,0x74,0x2F,0x74,0x72,0x75,0x73,0x74,0x72,0x6F,0x6F,0x74,0x67, - 0x32,0x2E,0x63,0x72,0x74,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14, - 0xF3,0xD3,0xC7,0x5E,0x2C,0x45,0x26,0x7E,0xFD,0xE6,0xE4,0xB4,0x94,0xB8,0x04,0x0F, - 0x39,0x3B,0x10,0xDE,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80, - 0x14,0x14,0xF6,0xE5,0x8B,0x31,0xB6,0x45,0x80,0x4A,0x4C,0x6D,0xFC,0xC2,0x87,0x89, - 0xCA,0x36,0xC3,0x90,0x62,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, - 0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x85,0xDE,0x66,0x4A,0x3A,0x3B,0xAD, - 0x8A,0xC7,0x32,0xFF,0x2D,0xD3,0x81,0x69,0x1D,0x1C,0xDE,0xE5,0x1E,0x87,0xE6,0x33, - 0xFE,0x34,0x80,0x1E,0xCF,0xC8,0xF8,0x93,0x38,0x12,0x9B,0x42,0xC4,0x9A,0x49,0x8B, - 0x98,0xAF,0x52,0xEC,0xD7,0x10,0xC4,0x44,0xEA,0x57,0xE6,0xA5,0xA5,0xC4,0x53,0x15, - 0xEB,0xEA,0x3D,0x8A,0xB2,0x9F,0xF2,0x90,0x1A,0x03,0xBA,0xB7,0xC8,0x89,0xCD,0x88, - 0x26,0xF6,0xA3,0xFD,0x41,0x3C,0x70,0x01,0xE1,0x03,0x99,0x33,0xFA,0xF6,0xB1,0x92, - 0xED,0x3C,0xF9,0x03,0xC5,0x28,0xBB,0x18,0xD8,0x25,0x8F,0x6C,0x13,0x12,0x70,0xFA, - 0x38,0x1E,0xB2,0xC8,0xC9,0x60,0x51,0x3A,0x43,0x86,0x4F,0x27,0xEF,0xAD,0x03,0x58, - 0x52,0xCC,0xAF,0x6F,0x03,0xDB,0x7B,0x3B,0xDA,0xF2,0xBC,0xE7,0x40,0x0D,0xE6,0xD9, - 0x8C,0x36,0x2E,0xEA,0x01,0xA9,0x66,0xCA,0x26,0x41,0x71,0x57,0x84,0xE0,0x38,0xA4, - 0x13,0xDE,0x05,0xC4,0xC4,0x0A,0x79,0xCF,0x5F,0xE3,0x8E,0xDE,0xCC,0xD8,0x8E,0x6E, - 0xBC,0x4F,0x50,0x2C,0xD4,0x68,0xDF,0xB6,0xA8,0x61,0x80,0x0B,0x03,0x74,0xF3,0xFF, - 0x09,0x4A,0x13,0xA0,0x57,0x96,0x0B,0xCB,0x62,0x09,0xB4,0x18,0xFB,0x07,0xD2,0x93, - 0x17,0x50,0xCF,0xFE,0x5B,0x50,0x03,0xCE,0x9F,0x19,0x65,0x1E,0x9D,0xAD,0xA1,0x49, - 0x0C,0xC0,0x3D,0xFC,0x1F,0xE9,0xA4,0xEF,0x2D,0x6C,0xFA,0x0C,0xF5,0x0D,0xBB,0x2D, - 0xCA,0x36,0x22,0x5B,0xCE,0xEB,0xC4,0x4F,0xF7,0x78,0xCD,0x3F,0xCC,0xCE,0xA8,0xCF, - 0x4F,0x0B,0x14,0x49,0x6E,0xA0,0xE7,0xF1,0x60, -}; - - -/* subject:/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA G2 */ -/* issuer :/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA */ - -static unsigned char c3[1121]={ - 0x30,0x82,0x04,0x5D,0x30,0x82,0x03,0x45,0xA0,0x03,0x02,0x01,0x02,0x02,0x0B,0x04, - 0x00,0x00,0x00,0x00,0x01,0x36,0xE9,0x3A,0x3A,0xB3,0x30,0x0D,0x06,0x09,0x2A,0x86, - 0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x57,0x31,0x0B,0x30,0x09,0x06, - 0x03,0x55,0x04,0x06,0x13,0x02,0x42,0x45,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04, - 0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76, - 0x2D,0x73,0x61,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x0B,0x13,0x07,0x52,0x6F, - 0x6F,0x74,0x20,0x43,0x41,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12, - 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x52,0x6F,0x6F,0x74,0x20, - 0x43,0x41,0x30,0x1E,0x17,0x0D,0x31,0x32,0x30,0x34,0x32,0x35,0x31,0x31,0x30,0x30, - 0x30,0x30,0x5A,0x17,0x0D,0x32,0x37,0x30,0x34,0x32,0x35,0x31,0x31,0x30,0x30,0x30, - 0x30,0x5A,0x30,0x5C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x42, - 0x45,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0B,0x13,0x0C,0x54,0x72,0x75,0x73, - 0x74,0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04, - 0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76, - 0x2D,0x73,0x61,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,0x54,0x72, - 0x75,0x73,0x74,0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x20,0x47,0x32, - 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, - 0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01, - 0x00,0xAC,0xAE,0xBE,0xAA,0xED,0x70,0xCA,0xFB,0x83,0xB1,0x2E,0x35,0xBB,0xB8,0xB0, - 0xAC,0x31,0x33,0x5D,0xBB,0x52,0xC0,0xA6,0xC7,0x54,0x71,0x6F,0x1C,0x60,0x70,0x0A, - 0xC6,0x4B,0xBA,0xE3,0x89,0xE7,0xE9,0x04,0x7F,0xF0,0xE0,0xB6,0x2B,0xCA,0x68,0xDF, - 0xBD,0xCC,0x35,0xB9,0xEC,0x8C,0x36,0x8A,0x8B,0xA3,0xD9,0xC9,0x33,0x3F,0xCE,0x45, - 0x7B,0xA9,0x6F,0x7E,0x4D,0x35,0xF1,0x3A,0xEB,0xBA,0x6B,0x41,0x81,0xDA,0xFA,0xD4, - 0xE3,0x97,0x52,0x22,0x2A,0x90,0x7B,0x41,0x4C,0x2D,0xDF,0x05,0xCF,0xB9,0x33,0x05, - 0x25,0xAD,0x6D,0x5E,0xD8,0xCA,0xCE,0x4A,0x89,0xCA,0xE2,0x65,0x36,0xE3,0xCA,0x4F, - 0xBE,0x87,0x72,0x38,0x0D,0xAA,0x05,0x75,0xB3,0xDA,0x86,0xE3,0x83,0x03,0xE4,0x8D, - 0x89,0xBC,0x8D,0x76,0x76,0xEF,0x33,0x23,0x56,0xE0,0x75,0x0F,0xA5,0xFC,0xAB,0x17, - 0x91,0x37,0xDB,0x1A,0x35,0x2F,0x84,0xE2,0xCE,0x95,0x53,0x56,0x55,0x00,0xE9,0x2F, - 0xE6,0x0C,0x22,0xB1,0xAA,0x80,0x16,0x31,0xCB,0x94,0xD4,0x36,0x0A,0xC0,0x71,0x1B, - 0x70,0xA4,0xD7,0x52,0xD8,0xA9,0x05,0xE6,0x8B,0x52,0x98,0xCC,0x1E,0x55,0xBE,0x64, - 0x86,0x85,0x15,0xBF,0x7B,0xBC,0x53,0x14,0x07,0xFD,0x65,0x9B,0x36,0x11,0xEA,0xD5, - 0x1A,0xC8,0x96,0x0F,0xF4,0xAC,0x15,0x1F,0x8B,0xFC,0xE2,0x4A,0x16,0x05,0x48,0x1E, - 0xD4,0xF9,0xA2,0xF1,0xE4,0x3C,0x4F,0xA6,0x14,0xC5,0x06,0x20,0xEA,0xB9,0x01,0xA9, - 0xB4,0x1F,0x85,0x0B,0x82,0x6F,0x9E,0xE9,0x03,0x4A,0xD1,0x62,0x85,0x90,0x99,0xD5, - 0x1F,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x23,0x30,0x82,0x01,0x1F,0x30,0x0E, - 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0F, - 0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30, - 0x47,0x06,0x03,0x55,0x1D,0x20,0x04,0x40,0x30,0x3E,0x30,0x3C,0x06,0x04,0x55,0x1D, - 0x20,0x00,0x30,0x34,0x30,0x32,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, - 0x16,0x26,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x67,0x6C, - 0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70, - 0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04, - 0x16,0x04,0x14,0x14,0xF6,0xE5,0x8B,0x31,0xB6,0x45,0x80,0x4A,0x4C,0x6D,0xFC,0xC2, - 0x87,0x89,0xCA,0x36,0xC3,0x90,0x62,0x30,0x33,0x06,0x03,0x55,0x1D,0x1F,0x04,0x2C, - 0x30,0x2A,0x30,0x28,0xA0,0x26,0xA0,0x24,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F, - 0x2F,0x63,0x72,0x6C,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E, - 0x6E,0x65,0x74,0x2F,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x72,0x6C,0x30,0x3E,0x06,0x08, - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x32,0x30,0x30,0x30,0x2E,0x06,0x08, - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F, - 0x2F,0x6F,0x63,0x73,0x70,0x32,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,0x67, - 0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x6F,0x6F,0x74,0x72,0x31,0x30,0x1F,0x06,0x03, - 0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x60,0x7B,0x66,0x1A,0x45,0x0D,0x97, - 0xCA,0x89,0x50,0x2F,0x7D,0x04,0xCD,0x34,0xA8,0xFF,0xFC,0xFD,0x4B,0x30,0x0D,0x06, - 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01, - 0x00,0xBE,0xC8,0x1B,0x49,0x7E,0x93,0x82,0xE4,0x72,0x92,0x3E,0x6B,0xF9,0x2F,0x66, - 0xC4,0x91,0xC1,0x23,0x38,0xB8,0x0E,0xB3,0x19,0x7D,0xF8,0x7B,0xBF,0x00,0xDA,0x8C, - 0xAD,0xAF,0xC4,0x46,0xF1,0xB2,0x70,0x55,0xBF,0x3E,0x00,0x73,0x14,0x0F,0xE5,0xDE, - 0xDA,0x46,0x1D,0x87,0xF5,0x23,0xFF,0x06,0x90,0x5D,0xFA,0x91,0xD0,0xE8,0x31,0x41, - 0x72,0xFD,0x0A,0xDE,0x19,0x33,0xE2,0x65,0x47,0x56,0xAF,0xB0,0xD2,0x97,0x58,0xBE, - 0x40,0xC1,0x85,0xC0,0x5C,0x23,0x81,0xDC,0x9E,0x4F,0x5B,0x65,0xCE,0x72,0x4E,0xC7, - 0x67,0x0D,0x2F,0x45,0xB1,0x90,0x86,0x35,0xA3,0x43,0x1F,0x81,0xE0,0xA3,0x94,0x16, - 0x0D,0x5B,0xDE,0x8B,0xFF,0xCF,0xA5,0xE4,0xAF,0x7C,0x9A,0x09,0xF4,0x50,0x85,0x78, - 0x7B,0x28,0x2D,0x01,0x73,0x44,0x57,0x3C,0xF1,0xB9,0x36,0xFE,0x65,0x09,0x6F,0xB3, - 0xB5,0xB6,0xE0,0xD3,0x33,0x26,0xDE,0x4C,0x9F,0x40,0x84,0xD1,0xBA,0xC3,0x12,0x83, - 0xA2,0x01,0xB0,0x32,0x6A,0x3A,0x78,0xDA,0x89,0xA2,0x90,0x45,0xC5,0xE2,0x0F,0x44, - 0xA4,0xE3,0x76,0x57,0x6F,0x66,0xD4,0x28,0xCC,0x42,0xEF,0xE4,0xDD,0xDD,0x02,0xF8, - 0x47,0x21,0xDC,0x58,0x96,0xD0,0xED,0x8C,0xA5,0x2D,0x34,0xBF,0xC7,0xE8,0xF1,0x58, - 0x87,0x0E,0x43,0x4A,0x0E,0xE7,0xFE,0x78,0xB7,0x93,0xD3,0x43,0x5E,0x27,0x79,0x88, - 0x4E,0xCF,0xDC,0x78,0x81,0x49,0x36,0x01,0x80,0x16,0xE9,0xDD,0x6F,0x78,0xFC,0x1B, - 0x85,0xC0,0xBC,0xAE,0x84,0x30,0x90,0x74,0xFB,0x1E,0xF7,0xD8,0x06,0x87,0x3B,0xE0, - 0x53, -}; - - -/* subject:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA */ -/* issuer :/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA */ - -static unsigned char c4[889]={ - 0x30,0x82,0x03,0x75,0x30,0x82,0x02,0x5D,0xA0,0x03,0x02,0x01,0x02,0x02,0x0B,0x04, - 0x00,0x00,0x00,0x00,0x01,0x15,0x4B,0x5A,0xC3,0x94,0x30,0x0D,0x06,0x09,0x2A,0x86, - 0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x57,0x31,0x0B,0x30,0x09,0x06, - 0x03,0x55,0x04,0x06,0x13,0x02,0x42,0x45,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04, - 0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76, - 0x2D,0x73,0x61,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x0B,0x13,0x07,0x52,0x6F, - 0x6F,0x74,0x20,0x43,0x41,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12, - 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x52,0x6F,0x6F,0x74,0x20, - 0x43,0x41,0x30,0x1E,0x17,0x0D,0x39,0x38,0x30,0x39,0x30,0x31,0x31,0x32,0x30,0x30, - 0x30,0x30,0x5A,0x17,0x0D,0x32,0x38,0x30,0x31,0x32,0x38,0x31,0x32,0x30,0x30,0x30, - 0x30,0x5A,0x30,0x57,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x42, - 0x45,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62, - 0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,0x2D,0x73,0x61,0x31,0x10,0x30,0x0E, - 0x06,0x03,0x55,0x04,0x0B,0x13,0x07,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x31,0x1B, - 0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53, - 0x69,0x67,0x6E,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30, - 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82, - 0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xDA,0x0E,0xE6,0x99, - 0x8D,0xCE,0xA3,0xE3,0x4F,0x8A,0x7E,0xFB,0xF1,0x8B,0x83,0x25,0x6B,0xEA,0x48,0x1F, - 0xF1,0x2A,0xB0,0xB9,0x95,0x11,0x04,0xBD,0xF0,0x63,0xD1,0xE2,0x67,0x66,0xCF,0x1C, - 0xDD,0xCF,0x1B,0x48,0x2B,0xEE,0x8D,0x89,0x8E,0x9A,0xAF,0x29,0x80,0x65,0xAB,0xE9, - 0xC7,0x2D,0x12,0xCB,0xAB,0x1C,0x4C,0x70,0x07,0xA1,0x3D,0x0A,0x30,0xCD,0x15,0x8D, - 0x4F,0xF8,0xDD,0xD4,0x8C,0x50,0x15,0x1C,0xEF,0x50,0xEE,0xC4,0x2E,0xF7,0xFC,0xE9, - 0x52,0xF2,0x91,0x7D,0xE0,0x6D,0xD5,0x35,0x30,0x8E,0x5E,0x43,0x73,0xF2,0x41,0xE9, - 0xD5,0x6A,0xE3,0xB2,0x89,0x3A,0x56,0x39,0x38,0x6F,0x06,0x3C,0x88,0x69,0x5B,0x2A, - 0x4D,0xC5,0xA7,0x54,0xB8,0x6C,0x89,0xCC,0x9B,0xF9,0x3C,0xCA,0xE5,0xFD,0x89,0xF5, - 0x12,0x3C,0x92,0x78,0x96,0xD6,0xDC,0x74,0x6E,0x93,0x44,0x61,0xD1,0x8D,0xC7,0x46, - 0xB2,0x75,0x0E,0x86,0xE8,0x19,0x8A,0xD5,0x6D,0x6C,0xD5,0x78,0x16,0x95,0xA2,0xE9, - 0xC8,0x0A,0x38,0xEB,0xF2,0x24,0x13,0x4F,0x73,0x54,0x93,0x13,0x85,0x3A,0x1B,0xBC, - 0x1E,0x34,0xB5,0x8B,0x05,0x8C,0xB9,0x77,0x8B,0xB1,0xDB,0x1F,0x20,0x91,0xAB,0x09, - 0x53,0x6E,0x90,0xCE,0x7B,0x37,0x74,0xB9,0x70,0x47,0x91,0x22,0x51,0x63,0x16,0x79, - 0xAE,0xB1,0xAE,0x41,0x26,0x08,0xC8,0x19,0x2B,0xD1,0x46,0xAA,0x48,0xD6,0x64,0x2A, - 0xD7,0x83,0x34,0xFF,0x2C,0x2A,0xC1,0x6C,0x19,0x43,0x4A,0x07,0x85,0xE7,0xD3,0x7C, - 0xF6,0x21,0x68,0xEF,0xEA,0xF2,0x52,0x9F,0x7F,0x93,0x90,0xCF,0x02,0x03,0x01,0x00, - 0x01,0xA3,0x42,0x30,0x40,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04, - 0x04,0x03,0x02,0x01,0x06,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04, - 0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04, - 0x14,0x60,0x7B,0x66,0x1A,0x45,0x0D,0x97,0xCA,0x89,0x50,0x2F,0x7D,0x04,0xCD,0x34, - 0xA8,0xFF,0xFC,0xFD,0x4B,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, - 0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0xD6,0x73,0xE7,0x7C,0x4F,0x76,0xD0, - 0x8D,0xBF,0xEC,0xBA,0xA2,0xBE,0x34,0xC5,0x28,0x32,0xB5,0x7C,0xFC,0x6C,0x9C,0x2C, - 0x2B,0xBD,0x09,0x9E,0x53,0xBF,0x6B,0x5E,0xAA,0x11,0x48,0xB6,0xE5,0x08,0xA3,0xB3, - 0xCA,0x3D,0x61,0x4D,0xD3,0x46,0x09,0xB3,0x3E,0xC3,0xA0,0xE3,0x63,0x55,0x1B,0xF2, - 0xBA,0xEF,0xAD,0x39,0xE1,0x43,0xB9,0x38,0xA3,0xE6,0x2F,0x8A,0x26,0x3B,0xEF,0xA0, - 0x50,0x56,0xF9,0xC6,0x0A,0xFD,0x38,0xCD,0xC4,0x0B,0x70,0x51,0x94,0x97,0x98,0x04, - 0xDF,0xC3,0x5F,0x94,0xD5,0x15,0xC9,0x14,0x41,0x9C,0xC4,0x5D,0x75,0x64,0x15,0x0D, - 0xFF,0x55,0x30,0xEC,0x86,0x8F,0xFF,0x0D,0xEF,0x2C,0xB9,0x63,0x46,0xF6,0xAA,0xFC, - 0xDF,0xBC,0x69,0xFD,0x2E,0x12,0x48,0x64,0x9A,0xE0,0x95,0xF0,0xA6,0xEF,0x29,0x8F, - 0x01,0xB1,0x15,0xB5,0x0C,0x1D,0xA5,0xFE,0x69,0x2C,0x69,0x24,0x78,0x1E,0xB3,0xA7, - 0x1C,0x71,0x62,0xEE,0xCA,0xC8,0x97,0xAC,0x17,0x5D,0x8A,0xC2,0xF8,0x47,0x86,0x6E, - 0x2A,0xC4,0x56,0x31,0x95,0xD0,0x67,0x89,0x85,0x2B,0xF9,0x6C,0xA6,0x5D,0x46,0x9D, - 0x0C,0xAA,0x82,0xE4,0x99,0x51,0xDD,0x70,0xB7,0xDB,0x56,0x3D,0x61,0xE4,0x6A,0xE1, - 0x5C,0xD6,0xF6,0xFE,0x3D,0xDE,0x41,0xCC,0x07,0xAE,0x63,0x52,0xBF,0x53,0x53,0xF4, - 0x2B,0xE9,0xC7,0xFD,0xB6,0xF7,0x82,0x5F,0x85,0xD2,0x41,0x18,0xDB,0x81,0xB3,0x04, - 0x1C,0xC5,0x1F,0xA4,0x80,0x6F,0x15,0x20,0xC9,0xDE,0x0C,0x88,0x0A,0x1D,0xD6,0x66, - 0x55,0xE2,0xFC,0x48,0xC9,0x29,0x26,0x69,0xE0, -}; - - -static void tests(void) -{ - SecTrustRef trust = NULL; - SecPolicyRef policy = NULL; - SecCertificateRef cert0, cert1, cert2, cert3, cert4; - SecTrustResultType trustResult; - - isnt(cert0 = SecCertificateCreateWithBytes(NULL, c0, sizeof(c0)), NULL, "create cert0"); - isnt(cert1 = SecCertificateCreateWithBytes(NULL, c1, sizeof(c1)), NULL, "create cert1"); - isnt(cert2 = SecCertificateCreateWithBytes(NULL, c2, sizeof(c2)), NULL, "create cert2"); - isnt(cert3 = SecCertificateCreateWithBytes(NULL, c3, sizeof(c3)), NULL, "create cert3"); - isnt(cert4 = SecCertificateCreateWithBytes(NULL, c4, sizeof(c4)), NULL, "create cert4"); - - const void *v_certs[] = { cert0, cert1, cert2, cert3 }; - const void *v_roots[] = { cert4 }; - CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks); - CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks); - - /* Create SSL policy with specific hostname. */ - isnt(policy = SecPolicyCreateSSL(true, CFSTR("nmd.mcd06643.sjc.wayport.net")), NULL, "create policy"); - - /* Create trust reference. */ - ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust"); - - /* Set explicit verify date: Aug 14 2015. */ - CFDateRef date = NULL; - isnt(date = CFDateCreateForGregorianZuluMoment(NULL, 2015, 8, 14, 12, 0, 0), NULL, "create verify date"); - ok_status(SecTrustSetVerifyDate(trust, date), "set date"); - - /* Provide root certificate. */ - ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors"); - - ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust"); - is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified"); - is(SecTrustGetCertificateCount(trust), 5, "cert count is 5"); - - CFReleaseSafe(date); - CFReleaseSafe(trust); - CFReleaseSafe(policy); - CFReleaseSafe(certs); - CFReleaseSafe(roots); - CFReleaseSafe(cert4); - CFReleaseSafe(cert3); - CFReleaseSafe(cert2); - CFReleaseSafe(cert1); - CFReleaseSafe(cert0); -} - -int si_20_sectrust_att(int argc, char *const *argv) -{ - plan_tests(13); - - tests(); - - return 0; -} diff --git a/OSX/sec/Security/Regressions/secitem/si-20-sectrust.c b/OSX/sec/Security/Regressions/secitem/si-20-sectrust.c index 3917df7f..584030c7 100644 --- a/OSX/sec/Security/Regressions/secitem/si-20-sectrust.c +++ b/OSX/sec/Security/Regressions/secitem/si-20-sectrust.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006-2010,2012-2014 Apple Inc. All Rights Reserved. + * Copyright (c) 2006-2010,2012-2015 Apple Inc. All Rights Reserved. */ #include @@ -16,615 +16,10 @@ #include #include "Security_regressions.h" - -/* - Serial Number: - 45:a8:3a:4a:79:4d:0c:2d:71:20:12:5a:7c:82:c0:af - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA - Validity - Not Before: May 5 00:00:00 2014 GMT - Not After : May 4 23:59:59 2016 GMT - Subject: 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/businessCategory=Private Organization/serialNumber=C0806592, C=US/postalCode=95014, ST=California, L=Cupertino/street=1 Infinite Loop, O=Apple Inc., OU=GNCS Traffic Management, CN=secure1.store.apple.com - */ -static const uint8_t _c0[] = { - 0x30,0x82,0x05,0xFF,0x30,0x82,0x04,0xE7,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x45, - 0xA8,0x3A,0x4A,0x79,0x4D,0x0C,0x2D,0x71,0x20,0x12,0x5A,0x7C,0x82,0xC0,0xAF,0x30, - 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81, - 0xBE,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17, - 0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67, - 0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B, - 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74, - 0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04, - 0x0B,0x13,0x32,0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20, - 0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76, - 0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20, - 0x28,0x63,0x29,0x30,0x36,0x31,0x38,0x30,0x36,0x06,0x03,0x55,0x04,0x03,0x13,0x2F, - 0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33, - 0x20,0x45,0x78,0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56,0x61,0x6C,0x69,0x64,0x61, - 0x74,0x69,0x6F,0x6E,0x20,0x53,0x53,0x4C,0x20,0x53,0x47,0x43,0x20,0x43,0x41,0x30, - 0x1E,0x17,0x0D,0x31,0x34,0x30,0x35,0x30,0x35,0x30,0x30,0x30,0x30,0x30,0x30,0x5A, - 0x17,0x0D,0x31,0x36,0x30,0x35,0x30,0x34,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30, - 0x82,0x01,0x1D,0x31,0x13,0x30,0x11,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37, - 0x3C,0x02,0x01,0x03,0x13,0x02,0x55,0x53,0x31,0x1B,0x30,0x19,0x06,0x0B,0x2B,0x06, - 0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,0x13,0x0A,0x43,0x61,0x6C,0x69,0x66, - 0x6F,0x72,0x6E,0x69,0x61,0x31,0x1D,0x30,0x1B,0x06,0x03,0x55,0x04,0x0F,0x13,0x14, - 0x50,0x72,0x69,0x76,0x61,0x74,0x65,0x20,0x4F,0x72,0x67,0x61,0x6E,0x69,0x7A,0x61, - 0x74,0x69,0x6F,0x6E,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,0x04,0x05,0x13,0x08,0x43, - 0x30,0x38,0x30,0x36,0x35,0x39,0x32,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06, - 0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x11,0x14,0x05,0x39, - 0x35,0x30,0x31,0x34,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x13,0x0A,0x43, - 0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x12,0x30,0x10,0x06,0x03,0x55, - 0x04,0x07,0x14,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,0x31,0x18,0x30, - 0x16,0x06,0x03,0x55,0x04,0x09,0x14,0x0F,0x31,0x20,0x49,0x6E,0x66,0x69,0x6E,0x69, - 0x74,0x65,0x20,0x4C,0x6F,0x6F,0x70,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A, - 0x14,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x20,0x30,0x1E, - 0x06,0x03,0x55,0x04,0x0B,0x14,0x17,0x47,0x4E,0x43,0x53,0x20,0x54,0x72,0x61,0x66, - 0x66,0x69,0x63,0x20,0x4D,0x61,0x6E,0x61,0x67,0x65,0x6D,0x65,0x6E,0x74,0x31,0x20, - 0x30,0x1E,0x06,0x03,0x55,0x04,0x03,0x14,0x17,0x73,0x65,0x63,0x75,0x72,0x65,0x31, - 0x2E,0x73,0x74,0x6F,0x72,0x65,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D, - 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, - 0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01, - 0x00,0x97,0x1D,0x2E,0x6C,0x69,0x78,0x01,0x17,0xB2,0x6D,0x17,0x50,0x26,0xAE,0x25, - 0xAA,0x30,0x81,0xB8,0xD6,0xDC,0x46,0x67,0x90,0x24,0xC2,0x23,0x50,0x33,0x74,0x5A, - 0x71,0x7F,0x6D,0xC0,0xEE,0x15,0x58,0x64,0x57,0xEF,0xE9,0x02,0xAB,0xB6,0x93,0xA3, - 0x6B,0xFE,0xA9,0xD6,0x53,0x07,0x19,0x08,0xC5,0xC5,0x9D,0x8E,0x4D,0xE8,0x00,0xE8, - 0x49,0x2B,0x70,0x17,0x46,0xE8,0xAF,0xA1,0x2E,0x85,0x5F,0xA7,0x06,0x58,0xBF,0x64, - 0x0B,0xF5,0xD3,0xD4,0xF8,0x6B,0xAA,0x6C,0x8E,0x5F,0xE7,0x12,0x86,0x58,0x9A,0xFC, - 0xDB,0x44,0x9E,0x39,0xA9,0x78,0xE9,0x2D,0x5C,0xE2,0x8A,0x87,0x19,0xB6,0xB3,0xD5, - 0xB6,0x19,0xD0,0x97,0x1B,0xA3,0xE2,0xF6,0x04,0xCE,0xC6,0xEB,0xC3,0xC9,0x50,0x55, - 0x57,0xE5,0xE1,0x0B,0xCB,0x31,0x2A,0x4A,0x3E,0xC9,0xFC,0x87,0xC4,0x44,0x7D,0x5A, - 0x74,0x4D,0x51,0xAD,0xCA,0xD6,0x04,0x2C,0x3B,0x4B,0xE1,0x0F,0x31,0x71,0x00,0xEF, - 0x18,0x66,0x87,0x7E,0xAD,0x0A,0x68,0x23,0x81,0x8F,0x72,0xED,0x8E,0x5A,0xD1,0xD7, - 0x4E,0xBB,0x5E,0x38,0x20,0x48,0x77,0x69,0x19,0x55,0x33,0xC9,0x77,0x2A,0x8B,0xBF, - 0xEB,0xB7,0xF4,0xEB,0x2E,0x00,0x58,0x3C,0x86,0xDB,0x4D,0x95,0xB9,0x93,0x9C,0x78, - 0x39,0xDA,0x4C,0xAA,0xA3,0xB5,0xA6,0xA0,0xBA,0xBC,0x28,0xDB,0xE7,0x9F,0x2A,0x36, - 0x40,0x68,0xBC,0x22,0x3D,0xA9,0x4C,0xFC,0x62,0xCA,0x2C,0x61,0xE0,0x30,0xA4,0xAC, - 0x82,0x63,0xE2,0xE5,0xF0,0xEA,0x32,0x96,0x7B,0xB9,0xDC,0x3A,0x2D,0x1A,0x99,0x28, - 0x47,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x95,0x30,0x82,0x01,0x91,0x30,0x3B, - 0x06,0x03,0x55,0x1D,0x11,0x04,0x34,0x30,0x32,0x82,0x17,0x73,0x65,0x63,0x75,0x72, - 0x65,0x32,0x2E,0x73,0x74,0x6F,0x72,0x65,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63, - 0x6F,0x6D,0x82,0x17,0x73,0x65,0x63,0x75,0x72,0x65,0x31,0x2E,0x73,0x74,0x6F,0x72, - 0x65,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x09,0x06,0x03,0x55, - 0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF, - 0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x28,0x06,0x03,0x55,0x1D,0x25,0x04,0x21,0x30, - 0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01, - 0x05,0x05,0x07,0x03,0x02,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01, - 0x30,0x66,0x06,0x03,0x55,0x1D,0x20,0x04,0x5F,0x30,0x5D,0x30,0x5B,0x06,0x0B,0x60, - 0x86,0x48,0x01,0x86,0xF8,0x45,0x01,0x07,0x17,0x06,0x30,0x4C,0x30,0x23,0x06,0x08, - 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x17,0x68,0x74,0x74,0x70,0x73,0x3A, - 0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70, - 0x73,0x30,0x25,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x19,0x1A, - 0x17,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62, - 0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04, - 0x18,0x30,0x16,0x80,0x14,0x4E,0x43,0xC8,0x1D,0x76,0xEF,0x37,0x53,0x7A,0x4F,0xF2, - 0x58,0x6F,0x94,0xF3,0x38,0xE2,0xD5,0xBD,0xDF,0x30,0x2B,0x06,0x03,0x55,0x1D,0x1F, - 0x04,0x24,0x30,0x22,0x30,0x20,0xA0,0x1E,0xA0,0x1C,0x86,0x1A,0x68,0x74,0x74,0x70, - 0x3A,0x2F,0x2F,0x73,0x62,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F, - 0x73,0x62,0x2E,0x63,0x72,0x6C,0x30,0x57,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, - 0x01,0x01,0x04,0x4B,0x30,0x49,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, - 0x30,0x01,0x86,0x13,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x62,0x2E,0x73,0x79, - 0x6D,0x63,0x64,0x2E,0x63,0x6F,0x6D,0x30,0x26,0x06,0x08,0x2B,0x06,0x01,0x05,0x05, - 0x07,0x30,0x02,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x62,0x2E,0x73, - 0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x62,0x2E,0x63,0x72,0x74,0x30, - 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82, - 0x01,0x01,0x00,0xA4,0x6A,0x52,0x42,0x67,0x97,0x00,0x8D,0xBF,0xB1,0x3D,0x4C,0x80, - 0xFD,0x92,0xAB,0x34,0x95,0x89,0x3D,0x2D,0xEF,0x18,0xB9,0x1A,0x5F,0x86,0x52,0x59, - 0x09,0xCF,0x22,0xBF,0x4A,0xC1,0x27,0xEF,0x4C,0xB5,0xF2,0xD8,0xAD,0xB6,0xAA,0x97, - 0x0D,0xF1,0x43,0xED,0x15,0x08,0x68,0xBD,0x55,0xE3,0x71,0xA6,0x92,0x10,0x5F,0x20, - 0xC9,0x15,0xD1,0x0C,0xE4,0x24,0xE6,0x1C,0xC2,0xCF,0x19,0x5C,0x0B,0xDE,0x6B,0x34, - 0xA1,0xF1,0x18,0x0C,0x27,0x74,0xEA,0x2C,0xEA,0xB0,0x04,0x1C,0x20,0x87,0xD1,0x7A, - 0x8B,0x82,0xB7,0x31,0xD9,0x33,0xDE,0x7C,0x96,0xD1,0x6F,0x40,0x9F,0xDC,0x7C,0x9D, - 0x3D,0x09,0xCB,0x93,0xCC,0x6D,0xBE,0xE1,0x1C,0xD8,0x7D,0x66,0x70,0xAF,0x86,0x93, - 0x86,0xCA,0x77,0x83,0xB6,0xCA,0x86,0xDB,0x83,0xFC,0x6A,0x5C,0xCF,0x93,0x0C,0x1D, - 0x55,0x1C,0xD9,0xBB,0xFD,0x8E,0xE6,0x2E,0xC8,0x13,0x1C,0x27,0x3F,0x73,0x4F,0x19, - 0x49,0x40,0xB6,0x75,0x71,0x5B,0x02,0xCA,0x16,0x62,0x56,0x6A,0x6A,0xA8,0x37,0x97, - 0x67,0x9D,0xD5,0x24,0x34,0x77,0x46,0x3F,0xCA,0xBD,0x02,0x5C,0xDA,0xD8,0x0A,0x29, - 0x72,0xB1,0xBA,0x38,0x04,0xC3,0xA5,0xEF,0xAF,0x30,0x80,0x03,0x66,0xF9,0x96,0x44, - 0x3D,0x1C,0x8C,0x87,0x64,0x37,0xF3,0xAF,0x62,0xAD,0xF8,0xE5,0x53,0x9F,0x7A,0x70, - 0xDA,0x8C,0x00,0x9C,0x13,0xDF,0x7F,0xC4,0x0C,0xE9,0x72,0xA3,0x72,0x39,0x97,0xF5, - 0xE1,0x38,0x12,0xF3,0xAB,0x9D,0xC2,0xAB,0xE3,0xED,0xD8,0x43,0x9A,0xAC,0x1E,0x7A, - 0xB7,0x0A,0x3F, -}; - -static const uint8_t _c0_serial[] = { - 0x45, 0xA8, 0x3A, 0x4A, 0x79, 0x4D, 0x0C, 0x2d, - 0x71, 0x20, 0x12, 0x5A, 0x7C, 0x82, 0xC0, 0xAF -}; - -/* - Serial Number: - 2c:48:dd:93:0d:f5:59:8e:f9:3c:99:54:7a:60:ed:43 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 - Validity - Not Before: Nov 8 00:00:00 2006 GMT - Not After : Nov 7 23:59:59 2016 GMT - Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA - */ -static const uint8_t _c1[] = { - 0x30,0x82,0x06,0x1E,0x30,0x82,0x05,0x06,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x2C, - 0x48,0xDD,0x93,0x0D,0xF5,0x59,0x8E,0xF9,0x3C,0x99,0x54,0x7A,0x60,0xED,0x43,0x30, - 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81, - 0xCA,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17, - 0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67, - 0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B, - 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74, - 0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04, - 0x0B,0x13,0x31,0x28,0x63,0x29,0x20,0x32,0x30,0x30,0x36,0x20,0x56,0x65,0x72,0x69, - 0x53,0x69,0x67,0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x20,0x2D,0x20,0x46,0x6F,0x72, - 0x20,0x61,0x75,0x74,0x68,0x6F,0x72,0x69,0x7A,0x65,0x64,0x20,0x75,0x73,0x65,0x20, - 0x6F,0x6E,0x6C,0x79,0x31,0x45,0x30,0x43,0x06,0x03,0x55,0x04,0x03,0x13,0x3C,0x56, - 0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20, - 0x50,0x75,0x62,0x6C,0x69,0x63,0x20,0x50,0x72,0x69,0x6D,0x61,0x72,0x79,0x20,0x43, - 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74, - 0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x2D,0x20,0x47,0x35,0x30,0x1E,0x17,0x0D,0x30, - 0x36,0x31,0x31,0x30,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x31,0x36, - 0x31,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x81,0xBE,0x31,0x0B, - 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06, - 0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x2C,0x20, - 0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,0x13,0x16,0x56, - 0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4E,0x65, - 0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,0x0B,0x13,0x32, - 0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20,0x61,0x74,0x20, - 0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,0x65,0x72,0x69, - 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20,0x28,0x63,0x29, - 0x30,0x36,0x31,0x38,0x30,0x36,0x06,0x03,0x55,0x04,0x03,0x13,0x2F,0x56,0x65,0x72, - 0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,0x45,0x78, - 0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56,0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F, - 0x6E,0x20,0x53,0x53,0x4C,0x20,0x53,0x47,0x43,0x20,0x43,0x41,0x30,0x82,0x01,0x22, - 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03, - 0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xBD,0x56,0x88, - 0xBA,0x88,0x34,0x64,0x64,0xCF,0xCD,0xCA,0xB0,0xEE,0xE7,0x19,0x73,0xC5,0x72,0xD9, - 0xBB,0x45,0xBC,0xB5,0xA8,0xFF,0x83,0xBE,0x1C,0x03,0xDB,0xED,0x89,0xB7,0x2E,0x10, - 0x1A,0x25,0xBC,0x55,0xCA,0x41,0xA1,0x9F,0x0B,0xCF,0x19,0x5E,0x70,0xB9,0x5E,0x39, - 0x4B,0x9E,0x31,0x1C,0x5F,0x87,0xAE,0x2A,0xAA,0xA8,0x2B,0xA2,0x1B,0x3B,0x10,0x23, - 0x5F,0x13,0xB1,0xDD,0x08,0x8C,0x4E,0x14,0xDA,0x83,0x81,0xE3,0xB5,0x8C,0xE3,0x68, - 0xED,0x24,0x67,0xCE,0x56,0xB6,0xAC,0x9B,0x73,0x96,0x44,0xDB,0x8A,0x8C,0xB3,0xD6, - 0xF0,0x71,0x93,0x8E,0xDB,0x71,0x54,0x4A,0xEB,0x73,0x59,0x6A,0x8F,0x70,0x51,0x2C, - 0x03,0x9F,0x97,0xD1,0xCC,0x11,0x7A,0xBC,0x62,0x0D,0x95,0x2A,0xC9,0x1C,0x75,0x57, - 0xE9,0xF5,0xC7,0xEA,0xBA,0x84,0x35,0xCB,0xC7,0x85,0x5A,0x7E,0xE4,0x4D,0xE1,0x11, - 0x97,0x7D,0x0E,0x20,0x34,0x45,0xDB,0xF1,0xA2,0x09,0xEB,0xEB,0x3D,0x9E,0xB8,0x96, - 0x43,0x5E,0x34,0x4B,0x08,0x25,0x1E,0x43,0x1A,0xA2,0xD9,0xB7,0x8A,0x01,0x34,0x3D, - 0xC3,0xF8,0xE5,0xAF,0x4F,0x8C,0xFF,0xCD,0x65,0xF0,0x23,0x4E,0xC5,0x97,0xB3,0x5C, - 0xDA,0x90,0x1C,0x82,0x85,0x0D,0x06,0x0D,0xC1,0x22,0xB6,0x7B,0x28,0xA4,0x03,0xC3, - 0x4C,0x53,0xD1,0x58,0xBC,0x72,0xBC,0x08,0x39,0xFC,0xA0,0x76,0xA8,0xA8,0xE9,0x4B, - 0x6E,0x88,0x3D,0xE3,0xB3,0x31,0x25,0x8C,0x73,0x29,0x48,0x0E,0x32,0x79,0x06,0xED, - 0x3D,0x43,0xF4,0xF6,0xE4,0xE9,0xFC,0x7D,0xBE,0x8E,0x08,0xD5,0x1F,0x02,0x03,0x01, - 0x00,0x01,0xA3,0x82,0x02,0x08,0x30,0x82,0x02,0x04,0x30,0x1D,0x06,0x03,0x55,0x1D, - 0x0E,0x04,0x16,0x04,0x14,0x4E,0x43,0xC8,0x1D,0x76,0xEF,0x37,0x53,0x7A,0x4F,0xF2, - 0x58,0x6F,0x94,0xF3,0x38,0xE2,0xD5,0xBD,0xDF,0x30,0x12,0x06,0x03,0x55,0x1D,0x13, - 0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x3D,0x06, - 0x03,0x55,0x1D,0x20,0x04,0x36,0x30,0x34,0x30,0x32,0x06,0x04,0x55,0x1D,0x20,0x00, - 0x30,0x2A,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C, - 0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,0x65,0x72,0x69, - 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,0x30,0x3D,0x06,0x03, - 0x55,0x1D,0x1F,0x04,0x36,0x30,0x34,0x30,0x32,0xA0,0x30,0xA0,0x2E,0x86,0x2C,0x68, - 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x45,0x56,0x53,0x65,0x63,0x75,0x72,0x65,0x2D,0x63, - 0x72,0x6C,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F, - 0x70,0x63,0x61,0x33,0x2D,0x67,0x35,0x2E,0x63,0x72,0x6C,0x30,0x0E,0x06,0x03,0x55, - 0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x11,0x06,0x09,0x60, - 0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x6D, - 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0C,0x04,0x61,0x30,0x5F,0xA1,0x5D, - 0xA0,0x5B,0x30,0x59,0x30,0x57,0x30,0x55,0x16,0x09,0x69,0x6D,0x61,0x67,0x65,0x2F, - 0x67,0x69,0x66,0x30,0x21,0x30,0x1F,0x30,0x07,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A, - 0x04,0x14,0x8F,0xE5,0xD3,0x1A,0x86,0xAC,0x8D,0x8E,0x6B,0xC3,0xCF,0x80,0x6A,0xD4, - 0x48,0x18,0x2C,0x7B,0x19,0x2E,0x30,0x25,0x16,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F, - 0x2F,0x6C,0x6F,0x67,0x6F,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63, - 0x6F,0x6D,0x2F,0x76,0x73,0x6C,0x6F,0x67,0x6F,0x2E,0x67,0x69,0x66,0x30,0x29,0x06, - 0x03,0x55,0x1D,0x11,0x04,0x22,0x30,0x20,0xA4,0x1E,0x30,0x1C,0x31,0x1A,0x30,0x18, - 0x06,0x03,0x55,0x04,0x03,0x13,0x11,0x43,0x6C,0x61,0x73,0x73,0x33,0x43,0x41,0x32, - 0x30,0x34,0x38,0x2D,0x31,0x2D,0x34,0x38,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04, - 0x18,0x30,0x16,0x80,0x14,0x7F,0xD3,0x65,0xA7,0xC2,0xDD,0xEC,0xBB,0xF0,0x30,0x09, - 0xF3,0x43,0x39,0xFA,0x02,0xAF,0x33,0x31,0x33,0x30,0x3D,0x06,0x08,0x2B,0x06,0x01, - 0x05,0x05,0x07,0x01,0x01,0x04,0x31,0x30,0x2F,0x30,0x2D,0x06,0x08,0x2B,0x06,0x01, - 0x05,0x05,0x07,0x30,0x01,0x86,0x21,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x45,0x56, - 0x53,0x65,0x63,0x75,0x72,0x65,0x2D,0x6F,0x63,0x73,0x70,0x2E,0x76,0x65,0x72,0x69, - 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x34,0x06,0x03,0x55,0x1D,0x25,0x04, - 0x2D,0x30,0x2B,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,0x06,0x0A, - 0x60,0x86,0x48,0x01,0x86,0xF8,0x45,0x01,0x08,0x01,0x06,0x08,0x2B,0x06,0x01,0x05, - 0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x0D, - 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01, - 0x01,0x00,0x27,0x74,0xA6,0x34,0xEA,0x1D,0x9D,0xE1,0x53,0xD6,0x1C,0x9D,0x0C,0xA7, - 0x5B,0x4C,0xA9,0x67,0xF2,0xF0,0x32,0xB7,0x01,0x0F,0xFB,0x42,0x18,0x38,0xDE,0xE4, - 0xEE,0x49,0xC8,0x13,0xC9,0x0B,0xEC,0x04,0xC3,0x40,0x71,0x18,0x72,0x76,0x43,0x02, - 0x23,0x5D,0xAB,0x7B,0xC8,0x48,0x14,0x1A,0xC8,0x7B,0x1D,0xFC,0xF6,0x0A,0x9F,0x36, - 0xA1,0xD2,0x09,0x73,0x71,0x66,0x96,0x75,0x51,0x34,0xBF,0x99,0x30,0x51,0x67,0x9D, - 0x54,0xB7,0x26,0x45,0xAC,0x73,0x08,0x23,0x86,0x26,0x99,0x71,0xF4,0x8E,0xD7,0xEA, - 0x39,0x9B,0x06,0x09,0x23,0xBF,0x62,0xDD,0xA8,0xC4,0xB6,0x7D,0xA4,0x89,0x07,0x3E, - 0xF3,0x6D,0xAE,0x40,0x59,0x50,0x79,0x97,0x37,0x3D,0x32,0x78,0x7D,0xB2,0x63,0x4B, - 0xF9,0xEA,0x08,0x69,0x0E,0x13,0xED,0xE8,0xCF,0xBB,0xAC,0x05,0x86,0xCA,0x22,0xCF, - 0x88,0x62,0x5D,0x3C,0x22,0x49,0xD8,0x63,0xD5,0x24,0xA6,0xBD,0xEF,0x5C,0xE3,0xCC, - 0x20,0x3B,0x22,0xEA,0xFC,0x44,0xC6,0xA8,0xE5,0x1F,0xE1,0x86,0xCD,0x0C,0x4D,0x8F, - 0x93,0x53,0xD9,0x7F,0xEE,0xA1,0x08,0xA7,0xB3,0x30,0x96,0x49,0x70,0x6E,0xA3,0x6C, - 0x3D,0xD0,0x63,0xEF,0x25,0x66,0x63,0xCC,0xAA,0xB7,0x18,0x17,0x4E,0xEA,0x70,0x76, - 0xF6,0xBA,0x42,0xA6,0x80,0x37,0x09,0x4E,0x9F,0x66,0x88,0x2E,0x6B,0x33,0x66,0xC8, - 0xC0,0x71,0xA4,0x41,0xEB,0x5A,0xE3,0xFC,0x14,0x2E,0x4B,0x88,0xFD,0xAE,0x6E,0x5B, - 0x65,0xE9,0x27,0xE4,0xBF,0xE4,0xB0,0x23,0xC1,0xB2,0x7D,0x5B,0x62,0x25,0xD7,0x3E, - 0x10,0xD4, -}; - - -/* subject:/C=US/ST=California/L=Cupertino/O=Apple Inc/OU=Internet Operations/CN=xedge2.apple.com - issuer :/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority */ -const uint8_t xedge2_certificate[1385]={ -0x30,0x82,0x05,0x65,0x30,0x82,0x04,0xCE,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x46, -0x9C,0xDF,0x96,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05, -0x05,0x00,0x30,0x81,0xC3,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02, -0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x45,0x6E,0x74, -0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04, -0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E, -0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,0x6F,0x72,0x70,0x2E,0x20,0x62, -0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,0x6D,0x69,0x74,0x73,0x20,0x6C, -0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,0x13,0x1C, -0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,0x6E,0x74,0x72,0x75,0x73,0x74, -0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,0x31,0x3A,0x30,0x38, -0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E, -0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72, -0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41, -0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x1E,0x17,0x0D,0x30,0x38,0x30,0x31, -0x32,0x39,0x31,0x38,0x33,0x33,0x31,0x33,0x5A,0x17,0x0D,0x31,0x30,0x30,0x31,0x32, -0x38,0x31,0x39,0x30,0x33,0x31,0x32,0x5A,0x30,0x81,0x83,0x31,0x0B,0x30,0x09,0x06, -0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04, -0x08,0x13,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x12,0x30, -0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E, -0x6F,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x41,0x70,0x70,0x6C, -0x65,0x20,0x49,0x6E,0x63,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0B,0x13,0x13, -0x49,0x6E,0x74,0x65,0x72,0x6E,0x65,0x74,0x20,0x4F,0x70,0x65,0x72,0x61,0x74,0x69, -0x6F,0x6E,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13,0x10,0x78,0x65, -0x64,0x67,0x65,0x32,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x81, -0x9F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00, -0x03,0x81,0x8D,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xC7,0xF3,0xA1,0x0E,0x0E, -0xA4,0xDF,0xC5,0x3F,0x24,0x87,0xC3,0x6E,0xE7,0xD0,0x7C,0x2B,0x5A,0x1C,0xF3,0x67, -0x6C,0x6B,0x56,0x0A,0x95,0xC9,0xE5,0x13,0x28,0x6E,0x16,0x9D,0x4F,0xB1,0x76,0xFB, -0x7D,0x42,0x5B,0x2A,0x7C,0xCC,0x97,0x75,0xAA,0xA6,0xA9,0xDE,0xB2,0xEC,0xEF,0xE2, -0xAB,0x40,0xAE,0x9A,0x23,0xF0,0x6A,0x10,0xB3,0x75,0x27,0xF0,0xF4,0x7D,0x08,0x67, -0x8F,0xCE,0x41,0x24,0x74,0xAA,0x37,0xB6,0xC1,0x32,0x61,0xCF,0x7D,0x1C,0x21,0xCD, -0xCF,0x7C,0x9E,0xE2,0x48,0x03,0x7E,0x78,0xB3,0x86,0x3D,0x06,0x6B,0x39,0xEC,0xC8, -0x73,0x68,0xDB,0xE7,0x5B,0x97,0xF4,0xF9,0xA3,0xE7,0xFB,0x81,0x2E,0x4D,0x0B,0x3F, -0xA9,0xCA,0xDE,0x32,0x26,0xF3,0xF0,0x97,0x72,0x65,0xAB,0x02,0x03,0x01,0x00,0x01, -0xA3,0x82,0x02,0xA2,0x30,0x82,0x02,0x9E,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04, -0x04,0x03,0x02,0x05,0xA0,0x30,0x2B,0x06,0x03,0x55,0x1D,0x10,0x04,0x24,0x30,0x22, -0x80,0x0F,0x32,0x30,0x30,0x38,0x30,0x31,0x32,0x39,0x31,0x38,0x33,0x33,0x31,0x33, -0x5A,0x81,0x0F,0x32,0x30,0x31,0x30,0x30,0x31,0x32,0x38,0x31,0x39,0x30,0x33,0x31, -0x32,0x5A,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,0x04, -0x04,0x03,0x02,0x06,0x40,0x30,0x13,0x06,0x03,0x55,0x1D,0x25,0x04,0x0C,0x30,0x0A, -0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x82,0x01,0x68,0x06,0x03, -0x55,0x1D,0x20,0x04,0x82,0x01,0x5F,0x30,0x82,0x01,0x5B,0x30,0x82,0x01,0x57,0x06, -0x09,0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x4B,0x02,0x30,0x82,0x01,0x48,0x30,0x26, -0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1A,0x68,0x74,0x74,0x70, -0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E, -0x65,0x74,0x2F,0x63,0x70,0x73,0x30,0x82,0x01,0x1C,0x06,0x08,0x2B,0x06,0x01,0x05, -0x05,0x07,0x02,0x02,0x30,0x82,0x01,0x0E,0x1A,0x82,0x01,0x0A,0x54,0x68,0x65,0x20, -0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x20,0x53,0x53,0x4C,0x20,0x57,0x65,0x62,0x20, -0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61, -0x74,0x69,0x6F,0x6E,0x20,0x50,0x72,0x61,0x63,0x74,0x69,0x63,0x65,0x20,0x53,0x74, -0x61,0x74,0x65,0x6D,0x65,0x6E,0x74,0x20,0x28,0x43,0x50,0x53,0x29,0x20,0x61,0x76, -0x61,0x69,0x6C,0x61,0x62,0x6C,0x65,0x20,0x61,0x74,0x20,0x77,0x77,0x77,0x2E,0x65, -0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,0x73,0x20,0x20, -0x69,0x73,0x20,0x68,0x65,0x72,0x65,0x62,0x79,0x20,0x69,0x6E,0x63,0x6F,0x72,0x70, -0x6F,0x72,0x61,0x74,0x65,0x64,0x20,0x69,0x6E,0x74,0x6F,0x20,0x79,0x6F,0x75,0x72, -0x20,0x75,0x73,0x65,0x20,0x6F,0x72,0x20,0x72,0x65,0x6C,0x69,0x61,0x6E,0x63,0x65, -0x20,0x6F,0x6E,0x20,0x74,0x68,0x69,0x73,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69, -0x63,0x61,0x74,0x65,0x2E,0x20,0x20,0x54,0x68,0x69,0x73,0x20,0x43,0x50,0x53,0x20, -0x63,0x6F,0x6E,0x74,0x61,0x69,0x6E,0x73,0x20,0x6C,0x69,0x6D,0x69,0x74,0x61,0x74, -0x69,0x6F,0x6E,0x73,0x20,0x6F,0x6E,0x20,0x77,0x61,0x72,0x72,0x61,0x6E,0x74,0x69, -0x65,0x73,0x20,0x61,0x6E,0x64,0x20,0x6C,0x69,0x61,0x62,0x69,0x6C,0x69,0x74,0x69, -0x65,0x73,0x2E,0x20,0x43,0x6F,0x70,0x79,0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63, -0x29,0x20,0x32,0x30,0x30,0x32,0x20,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x20,0x4C, -0x69,0x6D,0x69,0x74,0x65,0x64,0x30,0x33,0x06,0x03,0x55,0x1D,0x1F,0x04,0x2C,0x30, -0x2A,0x30,0x28,0xA0,0x26,0xA0,0x24,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F, -0x63,0x72,0x6C,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F, -0x73,0x65,0x72,0x76,0x65,0x72,0x31,0x2E,0x63,0x72,0x6C,0x30,0x33,0x06,0x08,0x2B, -0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x27,0x30,0x25,0x30,0x23,0x06,0x08,0x2B, -0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x17,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F, -0x6F,0x63,0x73,0x70,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74, -0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xF0,0x17,0x62, -0x13,0x55,0x3D,0xB3,0xFF,0x0A,0x00,0x6B,0xFB,0x50,0x84,0x97,0xF3,0xED,0x62,0xD0, -0x1A,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x2D,0xEF,0xD9,0xAF, -0x1A,0x89,0x40,0x53,0x75,0x48,0x26,0x59,0x2F,0xEC,0x11,0x18,0xC0,0xD1,0x7A,0x34, -0x30,0x09,0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x19,0x06,0x09,0x2A, -0x86,0x48,0x86,0xF6,0x7D,0x07,0x41,0x00,0x04,0x0C,0x30,0x0A,0x1B,0x04,0x56,0x37, -0x2E,0x31,0x03,0x02,0x03,0x28,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D, -0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x77,0x33,0x2A,0x69,0x45,0x5A,0xB2, -0xF5,0x74,0xF7,0xDF,0xC7,0x08,0x85,0x86,0x88,0x98,0x41,0x7F,0x57,0x49,0x01,0xBA, -0x13,0x21,0x40,0xD0,0x0A,0x5C,0xA7,0x37,0xDF,0xB3,0x7E,0xF8,0xED,0x04,0x63,0xC3, -0xE8,0x0F,0xA0,0xE5,0xC4,0x4F,0x3A,0x90,0xE4,0x87,0x5F,0xEC,0xDB,0x65,0x8B,0x6E, -0x88,0x6E,0x6E,0xE4,0xBC,0x6A,0x7E,0x37,0x47,0x04,0xFF,0x09,0xC6,0x70,0xE1,0x65, -0x8F,0xE3,0xE9,0x60,0xEB,0xE8,0x8E,0x29,0xAE,0xF9,0x81,0xCA,0x9A,0x97,0x3C,0x6F, -0x7C,0xFA,0xA8,0x49,0xB4,0x33,0x76,0x9C,0x65,0x92,0x12,0xF6,0x7F,0x6A,0x62,0x84, -0x29,0x5F,0x14,0x26,0x6E,0x07,0x6F,0x5C,0xB5,0x7C,0x21,0x64,0x7C,0xD9,0x93,0xF4, -0x9C,0xC8,0xE7,0xEC,0xC6,0xAC,0x13,0xC4,0xF0 -}; - -const uint8_t entrust1024RootCA[1244]={ - 0x30,0x82,0x04,0xD8,0x30,0x82,0x04,0x41,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x37, - 0x4A,0xD2,0x43,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05, - 0x05,0x00,0x30,0x81,0xC3,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02, - 0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x45,0x6E,0x74, - 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04, - 0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E, - 0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,0x6F,0x72,0x70,0x2E,0x20,0x62, - 0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,0x6D,0x69,0x74,0x73,0x20,0x6C, - 0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,0x13,0x1C, - 0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,0x6E,0x74,0x72,0x75,0x73,0x74, - 0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,0x31,0x3A,0x30,0x38, - 0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E, - 0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72, - 0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41, - 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x1E,0x17,0x0D,0x39,0x39,0x30,0x35, - 0x32,0x35,0x31,0x36,0x30,0x39,0x34,0x30,0x5A,0x17,0x0D,0x31,0x39,0x30,0x35,0x32, - 0x35,0x31,0x36,0x33,0x39,0x34,0x30,0x5A,0x30,0x81,0xC3,0x31,0x0B,0x30,0x09,0x06, - 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04, - 0x0A,0x13,0x0B,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B, - 0x30,0x39,0x06,0x03,0x55,0x04,0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74, - 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63, - 0x6F,0x72,0x70,0x2E,0x20,0x62,0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69, - 0x6D,0x69,0x74,0x73,0x20,0x6C,0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06, - 0x03,0x55,0x04,0x0B,0x13,0x1C,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45, - 0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74, - 0x65,0x64,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74, - 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20, - 0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61, - 0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x81, - 0x9D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00, - 0x03,0x81,0x8B,0x00,0x30,0x81,0x87,0x02,0x81,0x81,0x00,0xCD,0x28,0x83,0x34,0x54, - 0x1B,0x89,0xF3,0x0F,0xAF,0x37,0x91,0x31,0xFF,0xAF,0x31,0x60,0xC9,0xA8,0xE8,0xB2, - 0x10,0x68,0xED,0x9F,0xE7,0x93,0x36,0xF1,0x0A,0x64,0xBB,0x47,0xF5,0x04,0x17,0x3F, - 0x23,0x47,0x4D,0xC5,0x27,0x19,0x81,0x26,0x0C,0x54,0x72,0x0D,0x88,0x2D,0xD9,0x1F, - 0x9A,0x12,0x9F,0xBC,0xB3,0x71,0xD3,0x80,0x19,0x3F,0x47,0x66,0x7B,0x8C,0x35,0x28, - 0xD2,0xB9,0x0A,0xDF,0x24,0xDA,0x9C,0xD6,0x50,0x79,0x81,0x7A,0x5A,0xD3,0x37,0xF7, - 0xC2,0x4A,0xD8,0x29,0x92,0x26,0x64,0xD1,0xE4,0x98,0x6C,0x3A,0x00,0x8A,0xF5,0x34, - 0x9B,0x65,0xF8,0xED,0xE3,0x10,0xFF,0xFD,0xB8,0x49,0x58,0xDC,0xA0,0xDE,0x82,0x39, - 0x6B,0x81,0xB1,0x16,0x19,0x61,0xB9,0x54,0xB6,0xE6,0x43,0x02,0x01,0x03,0xA3,0x82, - 0x01,0xD7,0x30,0x82,0x01,0xD3,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8, - 0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x82,0x01,0x19,0x06,0x03,0x55, - 0x1D,0x1F,0x04,0x82,0x01,0x10,0x30,0x82,0x01,0x0C,0x30,0x81,0xDE,0xA0,0x81,0xDB, - 0xA0,0x81,0xD8,0xA4,0x81,0xD5,0x30,0x81,0xD2,0x31,0x0B,0x30,0x09,0x06,0x03,0x55, - 0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13, - 0x0B,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,0x30,0x39, - 0x06,0x03,0x55,0x04,0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75, - 0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,0x6F,0x72, - 0x70,0x2E,0x20,0x62,0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,0x6D,0x69, - 0x74,0x73,0x20,0x6C,0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,0x03,0x55, - 0x04,0x0B,0x13,0x1C,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,0x6E,0x74, - 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64, - 0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,0x72,0x75, - 0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65, - 0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, - 0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x0D,0x30,0x0B, - 0x06,0x03,0x55,0x04,0x03,0x13,0x04,0x43,0x52,0x4C,0x31,0x30,0x29,0xA0,0x27,0xA0, - 0x25,0x86,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x65,0x6E, - 0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x43,0x52,0x4C,0x2F,0x6E,0x65, - 0x74,0x31,0x2E,0x63,0x72,0x6C,0x30,0x2B,0x06,0x03,0x55,0x1D,0x10,0x04,0x24,0x30, - 0x22,0x80,0x0F,0x31,0x39,0x39,0x39,0x30,0x35,0x32,0x35,0x31,0x36,0x30,0x39,0x34, - 0x30,0x5A,0x81,0x0F,0x32,0x30,0x31,0x39,0x30,0x35,0x32,0x35,0x31,0x36,0x30,0x39, - 0x34,0x30,0x5A,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x01,0x06, - 0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xF0,0x17,0x62, - 0x13,0x55,0x3D,0xB3,0xFF,0x0A,0x00,0x6B,0xFB,0x50,0x84,0x97,0xF3,0xED,0x62,0xD0, - 0x1A,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xF0,0x17,0x62,0x13, - 0x55,0x3D,0xB3,0xFF,0x0A,0x00,0x6B,0xFB,0x50,0x84,0x97,0xF3,0xED,0x62,0xD0,0x1A, - 0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x19, - 0x06,0x09,0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x41,0x00,0x04,0x0C,0x30,0x0A,0x1B, - 0x04,0x56,0x34,0x2E,0x30,0x03,0x02,0x04,0x90,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, - 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x90,0xDC,0x30,0x02, - 0xFA,0x64,0x74,0xC2,0xA7,0x0A,0xA5,0x7C,0x21,0x8D,0x34,0x17,0xA8,0xFB,0x47,0x0E, - 0xFF,0x25,0x7C,0x8D,0x13,0x0A,0xFB,0xE4,0x98,0xB5,0xEF,0x8C,0xF8,0xC5,0x10,0x0D, - 0xF7,0x92,0xBE,0xF1,0xC3,0xD5,0xD5,0x95,0x6A,0x04,0xBB,0x2C,0xCE,0x26,0x36,0x65, - 0xC8,0x31,0xC6,0xE7,0xEE,0x3F,0xE3,0x57,0x75,0x84,0x7A,0x11,0xEF,0x46,0x4F,0x18, - 0xF4,0xD3,0x98,0xBB,0xA8,0x87,0x32,0xBA,0x72,0xF6,0x3C,0xE2,0x3D,0x9F,0xD7,0x1D, - 0xD9,0xC3,0x60,0x43,0x8C,0x58,0x0E,0x22,0x96,0x2F,0x62,0xA3,0x2C,0x1F,0xBA,0xAD, - 0x05,0xEF,0xAB,0x32,0x78,0x87,0xA0,0x54,0x73,0x19,0xB5,0x5C,0x05,0xF9,0x52,0x3E, - 0x6D,0x2D,0x45,0x0B,0xF7,0x0A,0x93,0xEA,0xED,0x06,0xF9,0xB2, -}; - - -/* subject:/CN=garthc2.apple.com/O=Apple Inc./OU=DTS/ST=California/C=US/L=Cupertino/emailAddress=gcummings@apple.com - issuer :/CN=garthc2.apple.com/O=Apple Inc./OU=DTS/ST=California/C=US/L=Cupertino/emailAddress=gcummings@apple.com */ -const uint8_t garthc2_certificate[730]={ -0x30,0x82,0x02,0xD6,0x30,0x82,0x02,0x3F,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, -0x30,0x0B,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x30,0x81,0x99, -0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x67,0x61,0x72,0x74,0x68, -0x63,0x32,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x13,0x30,0x11, -0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63, -0x2E,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x0B,0x0C,0x03,0x44,0x54,0x53,0x31, -0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F, -0x72,0x6E,0x69,0x61,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55, -0x53,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65, -0x72,0x74,0x69,0x6E,0x6F,0x31,0x22,0x30,0x20,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, -0x0D,0x01,0x09,0x01,0x16,0x13,0x67,0x63,0x75,0x6D,0x6D,0x69,0x6E,0x67,0x73,0x40, -0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,0x0D,0x30,0x39,0x30, -0x37,0x31,0x36,0x32,0x32,0x34,0x39,0x31,0x30,0x5A,0x17,0x0D,0x31,0x30,0x30,0x37, -0x31,0x36,0x32,0x32,0x34,0x39,0x31,0x30,0x5A,0x30,0x81,0x99,0x31,0x1A,0x30,0x18, -0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x67,0x61,0x72,0x74,0x68,0x63,0x32,0x2E,0x61, -0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04, -0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0C,0x30, -0x0A,0x06,0x03,0x55,0x04,0x0B,0x0C,0x03,0x44,0x54,0x53,0x31,0x13,0x30,0x11,0x06, -0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61, -0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x12,0x30, -0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E, -0x6F,0x31,0x22,0x30,0x20,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01, -0x16,0x13,0x67,0x63,0x75,0x6D,0x6D,0x69,0x6E,0x67,0x73,0x40,0x61,0x70,0x70,0x6C, -0x65,0x2E,0x63,0x6F,0x6D,0x30,0x81,0x9F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86, -0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8D,0x00,0x30,0x81,0x89,0x02,0x81, -0x81,0x00,0xCF,0x30,0xD9,0x9D,0x9C,0xD5,0x6F,0xCB,0xB1,0xD1,0xC2,0x73,0xE2,0xB4, -0x06,0xC3,0x16,0x6D,0x0E,0x68,0x40,0x5E,0x92,0xFC,0xD9,0x14,0xD2,0x5E,0x21,0x50, -0x66,0x41,0x96,0x3A,0x76,0x26,0xF6,0x6C,0x3C,0xA2,0xD4,0x84,0x91,0x09,0x2E,0x23, -0x2D,0x07,0x38,0x48,0x58,0x31,0xE5,0x00,0x08,0xB1,0x6C,0x5D,0x39,0x50,0x30,0xF7, -0x68,0x12,0x99,0xB5,0x4C,0x86,0x1E,0xA5,0xF4,0x0C,0xCB,0xCB,0x25,0xB0,0x7C,0x6A, -0xFE,0x28,0xD4,0x34,0xA5,0xD2,0x94,0x5E,0xBE,0x5F,0xC1,0x61,0xAE,0xB5,0xD2,0xD2, -0x18,0x34,0x07,0x02,0xA8,0x56,0xAC,0x55,0x4D,0x87,0x56,0x8A,0xBA,0x1B,0x17,0x26, -0x11,0x9B,0xF8,0x88,0xD1,0x4F,0x94,0x03,0x01,0xCC,0x01,0xE7,0x0B,0x9B,0x14,0x43, -0x25,0xFB,0x02,0x03,0x01,0x00,0x01,0xA3,0x2E,0x30,0x2C,0x30,0x0B,0x06,0x03,0x55, -0x1D,0x0F,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04, -0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B, -0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, -0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9D,0x8A,0x8A,0x9F,0xA5,0x36, -0xA2,0xE6,0x1D,0xA9,0xF1,0x10,0xDF,0xC8,0xFC,0x1A,0x2B,0xA0,0x01,0x07,0x58,0xA4, -0xD0,0x41,0xE1,0x32,0xD8,0xA9,0x84,0x9E,0xF3,0xE2,0xDE,0x48,0xD3,0x03,0xD7,0xC9, -0x40,0x58,0x5A,0x91,0x85,0x70,0xF6,0xC7,0x34,0x90,0x3C,0x1B,0x06,0x8F,0x0C,0xEE, -0xDD,0x79,0x14,0x42,0x72,0x4F,0x41,0xF9,0xB0,0xEC,0x04,0x9F,0xD6,0x75,0x68,0x06, -0xA0,0xEA,0x11,0x0C,0xE9,0x16,0x2F,0x9E,0x23,0xFA,0x5D,0xC2,0x02,0x92,0x2A,0xDD, -0xE8,0xBD,0xA1,0x8F,0x33,0x96,0x84,0xFA,0xFD,0x3C,0x70,0xD4,0x9D,0x43,0xA4,0xA0, -0xE9,0xF4,0x49,0xB2,0xF4,0xCB,0x9F,0x43,0x87,0x04,0x8D,0xD0,0xEA,0xAC,0x21,0x24, -0x2C,0x4C,0x36,0x5C,0x34,0x8C,0x61,0xA4,0xF4,0xB8, -}; - -const uint8_t prt_forest_fi_certificate[1797] = { - 0x30, 0x82, 0x07, 0x01, 0x30, 0x82, 0x05, 0xe9, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x11, 0x00, 0xfa, 0x69, 0x1a, 0xa7, 0xbf, 0x1b, 0x93, 0xbe, - 0x97, 0x11, 0xb0, 0xfe, 0xfc, 0xa8, 0x8d, 0x8c, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, - 0x39, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x46, 0x49, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, - 0x06, 0x53, 0x6f, 0x6e, 0x65, 0x72, 0x61, 0x31, 0x19, 0x30, 0x17, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x53, 0x6f, 0x6e, 0x65, 0x72, 0x61, - 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x32, 0x20, 0x43, 0x41, 0x30, 0x1e, - 0x17, 0x0d, 0x31, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x39, 0x33, 0x39, - 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x31, 0x33, 0x30, 0x30, - 0x39, 0x33, 0x39, 0x33, 0x33, 0x5a, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x46, 0x49, 0x31, 0x16, 0x30, - 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x50, 0x52, 0x54, 0x2d, - 0x46, 0x6f, 0x72, 0x65, 0x73, 0x74, 0x20, 0x4f, 0x79, 0x31, 0x16, 0x30, - 0x14, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0d, 0x54, 0x69, 0x65, 0x74, - 0x6f, 0x68, 0x61, 0x6c, 0x6c, 0x69, 0x6e, 0x74, 0x6f, 0x31, 0x18, 0x30, - 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x2a, 0x2e, 0x70, 0x72, - 0x74, 0x2d, 0x66, 0x6f, 0x72, 0x65, 0x73, 0x74, 0x2e, 0x66, 0x69, 0x30, - 0x82, 0x04, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x04, 0x0f, 0x00, 0x30, - 0x82, 0x04, 0x0a, 0x02, 0x82, 0x04, 0x01, 0x00, 0xbc, 0x62, 0x25, 0x57, - 0xbc, 0x71, 0xb8, 0xa9, 0x5b, 0x0e, 0x04, 0xbc, 0xc4, 0x0e, 0xf1, 0x0e, - 0x1f, 0x20, 0xd2, 0xf4, 0x4f, 0x23, 0xfe, 0x14, 0x54, 0x34, 0x81, 0xd3, - 0x5b, 0xdd, 0x74, 0xed, 0xa1, 0xbe, 0x91, 0x99, 0x9d, 0x02, 0xb9, 0x36, - 0x70, 0x43, 0x5d, 0x73, 0xa6, 0xe5, 0x70, 0x7b, 0x0e, 0x0c, 0x3f, 0x33, - 0xbb, 0x71, 0xd6, 0xd4, 0x22, 0xb0, 0xeb, 0xf5, 0x6e, 0x07, 0x7c, 0xe7, - 0xc7, 0xd1, 0x20, 0x64, 0x72, 0x4e, 0xae, 0x5e, 0xae, 0xaf, 0x08, 0xfb, - 0x7d, 0x6d, 0xdb, 0x69, 0x5a, 0x31, 0x73, 0x7d, 0xbd, 0x53, 0xcb, 0x04, - 0x69, 0x6d, 0x74, 0x56, 0x6c, 0xbc, 0x84, 0xa6, 0x01, 0x39, 0x37, 0x0c, - 0xb9, 0x5c, 0x2e, 0x78, 0x50, 0x3a, 0x8d, 0x1f, 0xa2, 0x33, 0xf1, 0xd2, - 0xc2, 0x87, 0x51, 0xf4, 0x92, 0xc3, 0xa7, 0xaa, 0xc8, 0x36, 0x51, 0x1c, - 0xfb, 0x77, 0xbf, 0xcf, 0x24, 0x11, 0xfe, 0xf4, 0x11, 0x2f, 0x5c, 0xdf, - 0x26, 0xf6, 0xb9, 0x15, 0xc1, 0x46, 0x75, 0x83, 0x40, 0x77, 0xa4, 0x83, - 0x74, 0xce, 0xc0, 0x29, 0x31, 0xd3, 0xd8, 0x68, 0xfa, 0x2e, 0xcc, 0x15, - 0x2c, 0x59, 0x5c, 0xa7, 0x96, 0x65, 0x8f, 0x34, 0x87, 0x29, 0x22, 0x1d, - 0xde, 0x65, 0xc7, 0x1c, 0x5c, 0xd8, 0x33, 0x22, 0xf7, 0x93, 0xd9, 0xcd, - 0x96, 0x76, 0x22, 0xab, 0x75, 0x18, 0x04, 0xe7, 0x65, 0x2a, 0xeb, 0x42, - 0x75, 0x17, 0x13, 0x12, 0x00, 0xe3, 0xf4, 0xd9, 0xde, 0xd1, 0x9f, 0x1c, - 0x61, 0xee, 0xf6, 0xb9, 0xf9, 0x50, 0xb3, 0x1b, 0x79, 0x77, 0x38, 0x3c, - 0x6a, 0xcc, 0xa0, 0x1d, 0xe4, 0xd7, 0x43, 0xca, 0x8b, 0x22, 0xbf, 0x77, - 0x33, 0xea, 0xaa, 0x01, 0xcf, 0x1e, 0xd0, 0x0d, 0x04, 0x2b, 0xec, 0x42, - 0x7b, 0xec, 0x53, 0xed, 0xc7, 0x4f, 0x0c, 0xac, 0x29, 0xb7, 0x8b, 0x92, - 0x14, 0x3f, 0x9b, 0xc6, 0xd8, 0xa1, 0x30, 0x4d, 0x5a, 0x07, 0x0e, 0x1e, - 0x80, 0x5f, 0x38, 0x66, 0x4d, 0xc1, 0xad, 0x2f, 0xee, 0xae, 0x94, 0x50, - 0x8e, 0x38, 0x2a, 0x00, 0x80, 0xe2, 0xc4, 0x43, 0x2e, 0xd5, 0xcd, 0xca, - 0x3f, 0x3d, 0xcb, 0x35, 0x13, 0x96, 0xd2, 0xdc, 0x0e, 0xe7, 0x45, 0x57, - 0x4b, 0x8f, 0xee, 0xa1, 0xce, 0xe6, 0x57, 0x52, 0xcd, 0xd0, 0x82, 0xca, - 0x3b, 0x87, 0xf4, 0x22, 0xff, 0x81, 0x4b, 0xf5, 0xa3, 0xda, 0xc5, 0xb6, - 0x67, 0xb8, 0xf4, 0xaf, 0xff, 0x8d, 0x4e, 0x80, 0xb5, 0x22, 0x80, 0x3c, - 0x70, 0xe4, 0xa0, 0xae, 0xdc, 0xcf, 0x44, 0xff, 0x00, 0x98, 0x3f, 0x19, - 0x7b, 0x4c, 0x3d, 0xd8, 0xa5, 0xd8, 0xe0, 0x05, 0x73, 0x54, 0x06, 0x0c, - 0x4d, 0x50, 0xf8, 0xd8, 0x85, 0x0b, 0xa8, 0x49, 0xaa, 0x97, 0x87, 0x3b, - 0x32, 0xe8, 0x58, 0x22, 0xee, 0x34, 0x1c, 0x9f, 0xe3, 0x18, 0xba, 0x93, - 0x43, 0xea, 0xb7, 0x78, 0x35, 0xa2, 0xb5, 0x1e, 0x19, 0x16, 0x3b, 0xb3, - 0xf5, 0x12, 0xe8, 0x26, 0x62, 0x2d, 0xd7, 0x45, 0xc3, 0xa4, 0x4b, 0xda, - 0x38, 0x48, 0x00, 0x3f, 0x68, 0x62, 0xa2, 0x83, 0x9d, 0x32, 0x76, 0x27, - 0x40, 0x5d, 0x0e, 0x75, 0xb1, 0x08, 0xdb, 0x58, 0xfa, 0x20, 0x62, 0xf1, - 0x3f, 0xbd, 0x86, 0x2f, 0x7c, 0x07, 0x01, 0x14, 0x1d, 0x19, 0x61, 0xee, - 0x0a, 0x85, 0xbf, 0xc7, 0x4f, 0x4a, 0x06, 0xc0, 0xaf, 0x44, 0x5d, 0x6f, - 0xc3, 0x53, 0x23, 0xcb, 0xdf, 0x40, 0x7a, 0x18, 0xa1, 0x34, 0x80, 0x18, - 0x86, 0xfe, 0xe3, 0x87, 0xce, 0x30, 0x53, 0x33, 0x1c, 0x45, 0x4a, 0xb4, - 0xe1, 0x8c, 0x9b, 0x4b, 0xf5, 0x2c, 0x7c, 0x13, 0x56, 0x37, 0x8a, 0x94, - 0x24, 0xdb, 0x3a, 0x4b, 0x80, 0xb1, 0x26, 0x57, 0x5a, 0x75, 0x1c, 0x44, - 0xc5, 0xf7, 0x67, 0xb4, 0x61, 0x87, 0xe8, 0x2e, 0xd9, 0xe1, 0xb9, 0x45, - 0xcc, 0xdc, 0xdf, 0x3b, 0x8c, 0xce, 0xd0, 0x46, 0x6b, 0x87, 0xb5, 0xa9, - 0xfe, 0x35, 0x87, 0xe0, 0xca, 0xc6, 0x7d, 0xc8, 0x86, 0xc2, 0xfe, 0x89, - 0xec, 0xa9, 0x86, 0x33, 0x81, 0xdc, 0x41, 0xb3, 0xe7, 0xc4, 0x82, 0x3a, - 0x81, 0x05, 0xbd, 0x8b, 0x92, 0xb2, 0x6a, 0x2c, 0x3c, 0xca, 0xd0, 0x22, - 0xff, 0xc8, 0x8f, 0xf0, 0x5f, 0x0e, 0xfb, 0x0b, 0x36, 0x64, 0x6a, 0x12, - 0x77, 0x2d, 0x8a, 0x38, 0xde, 0x7d, 0xed, 0xc9, 0xa7, 0xc1, 0x85, 0x41, - 0xa2, 0x7b, 0xa5, 0xdc, 0x30, 0x96, 0xda, 0xf8, 0xb3, 0xc8, 0x21, 0x56, - 0x3c, 0xdb, 0xe4, 0x8c, 0xb0, 0xfb, 0xec, 0x0e, 0x58, 0x49, 0x3c, 0x75, - 0x3c, 0xc2, 0x41, 0xbd, 0xc0, 0x81, 0x37, 0xc7, 0x69, 0x5a, 0x41, 0x86, - 0x18, 0xe9, 0x41, 0x7f, 0xba, 0xff, 0xc3, 0x52, 0x56, 0xf9, 0x7c, 0x60, - 0x14, 0xf9, 0x66, 0x4c, 0x60, 0xb6, 0x3e, 0x23, 0xcd, 0xd1, 0x2d, 0x4f, - 0x43, 0x97, 0xea, 0xa3, 0x37, 0xa4, 0x2a, 0xa7, 0x81, 0x49, 0x90, 0xe3, - 0xb6, 0x12, 0x1b, 0xac, 0x78, 0x57, 0x20, 0x51, 0xb4, 0x16, 0x5e, 0x58, - 0x61, 0x0f, 0x1e, 0x35, 0xbc, 0x3f, 0x44, 0xc2, 0x85, 0xa5, 0x61, 0x8a, - 0x0a, 0x7c, 0x2e, 0xb0, 0x11, 0x12, 0xc6, 0xc0, 0xc8, 0xcb, 0xd8, 0x13, - 0xc3, 0x58, 0xf1, 0xcd, 0x06, 0x5f, 0x90, 0xa5, 0xd7, 0x74, 0xbc, 0x1a, - 0x9c, 0xdc, 0xab, 0xde, 0xea, 0x36, 0x67, 0x41, 0x4f, 0x62, 0x86, 0xc6, - 0xfe, 0x63, 0x14, 0x83, 0x11, 0xab, 0xfb, 0x61, 0x38, 0x11, 0xce, 0x01, - 0xe8, 0xee, 0x3a, 0x21, 0xbc, 0xaa, 0x4b, 0xb0, 0x8f, 0x2f, 0xcf, 0x58, - 0xe6, 0x55, 0x61, 0x38, 0xa7, 0xc3, 0xaa, 0x3b, 0xb0, 0x8c, 0xf4, 0x82, - 0xa0, 0x96, 0xc4, 0x13, 0x4a, 0xc0, 0xc8, 0x93, 0xb7, 0x3d, 0x28, 0x05, - 0xb9, 0xc8, 0x4c, 0xe8, 0x57, 0xda, 0x56, 0x8b, 0xda, 0x27, 0xab, 0xbf, - 0x7e, 0x66, 0x43, 0xdc, 0x57, 0x09, 0xdc, 0x88, 0x8e, 0xfb, 0xa7, 0x63, - 0x41, 0xfb, 0xf1, 0x67, 0xb5, 0xe1, 0x84, 0x5d, 0x1d, 0xe3, 0xb4, 0xc6, - 0x40, 0x97, 0xf8, 0x4d, 0xfc, 0x00, 0xcd, 0x56, 0xc2, 0xab, 0xff, 0x49, - 0x93, 0xff, 0x46, 0x56, 0x9b, 0xee, 0x6d, 0xa0, 0x5d, 0xf4, 0x78, 0x36, - 0x0e, 0xf6, 0xc9, 0x9c, 0x79, 0x89, 0xf9, 0x9c, 0xa7, 0x3e, 0xa0, 0x8d, - 0x62, 0x7c, 0xdc, 0x83, 0x0a, 0xfc, 0x46, 0x96, 0x31, 0xd3, 0x56, 0xc6, - 0xea, 0x7f, 0x1d, 0xaa, 0x49, 0xd1, 0x8b, 0x54, 0xa2, 0x6e, 0x59, 0x8c, - 0x2a, 0xec, 0x3a, 0xd7, 0xda, 0xd2, 0xc1, 0xfc, 0x1d, 0x78, 0x55, 0xce, - 0xd8, 0x0c, 0x1d, 0x7e, 0x99, 0xf8, 0x5e, 0x3c, 0x2d, 0xec, 0x63, 0xe2, - 0xda, 0xa1, 0x68, 0x6f, 0x28, 0x2e, 0xb4, 0xef, 0x07, 0xc4, 0xa8, 0x65, - 0xc7, 0xfd, 0x6b, 0x0f, 0x83, 0x23, 0xf8, 0xc2, 0xc9, 0x55, 0xfa, 0xa4, - 0xa8, 0x6a, 0xab, 0x12, 0xf4, 0x89, 0x42, 0x26, 0x72, 0xd1, 0x82, 0x2f, - 0x62, 0x14, 0xb6, 0x04, 0x23, 0x20, 0xb6, 0xd4, 0xef, 0x59, 0x8a, 0x40, - 0x43, 0xd7, 0x72, 0xe0, 0x5b, 0x0c, 0xb0, 0x73, 0x6f, 0x6a, 0x87, 0xc1, - 0x82, 0x50, 0x20, 0xdb, 0xaa, 0xf8, 0x8d, 0x70, 0xb6, 0x39, 0x46, 0xe0, - 0x68, 0xc4, 0xab, 0xea, 0xd1, 0x31, 0xad, 0xf7, 0x05, 0xfb, 0x3a, 0x3c, - 0x2e, 0x66, 0x4f, 0xc6, 0x0d, 0xf9, 0xb8, 0x29, 0xec, 0xdc, 0xfc, 0x81, - 0x56, 0x2b, 0xb0, 0xad, 0xd2, 0x12, 0x8f, 0x69, 0x70, 0x18, 0x27, 0x16, - 0xf9, 0xf0, 0x40, 0x93, 0xef, 0x6b, 0x95, 0x96, 0xcd, 0x5f, 0xe9, 0x5a, - 0x7b, 0xad, 0x7f, 0x98, 0xa7, 0x6a, 0xe5, 0x17, 0xeb, 0xc3, 0xdd, 0xc9, - 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xe5, 0x30, 0x81, 0xe2, 0x30, - 0x13, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x0c, 0x30, 0x0a, 0x80, 0x08, - 0x4a, 0xa0, 0xaa, 0x58, 0x84, 0xd3, 0x5e, 0x3c, 0x30, 0x19, 0x06, 0x03, - 0x55, 0x1d, 0x20, 0x04, 0x12, 0x30, 0x10, 0x30, 0x0e, 0x06, 0x0c, 0x2b, - 0x06, 0x01, 0x04, 0x01, 0x82, 0x0f, 0x02, 0x03, 0x01, 0x01, 0x02, 0x30, - 0x72, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x6b, 0x30, 0x69, 0x30, 0x67, - 0xa0, 0x65, 0xa0, 0x63, 0x86, 0x61, 0x6c, 0x64, 0x61, 0x70, 0x3a, 0x2f, - 0x2f, 0x31, 0x39, 0x34, 0x2e, 0x32, 0x35, 0x32, 0x2e, 0x31, 0x32, 0x34, - 0x2e, 0x32, 0x34, 0x31, 0x3a, 0x33, 0x38, 0x39, 0x2f, 0x63, 0x6e, 0x3d, - 0x53, 0x6f, 0x6e, 0x65, 0x72, 0x61, 0x25, 0x32, 0x30, 0x43, 0x6c, 0x61, - 0x73, 0x73, 0x32, 0x25, 0x32, 0x30, 0x43, 0x41, 0x2c, 0x6f, 0x3d, 0x53, - 0x6f, 0x6e, 0x65, 0x72, 0x61, 0x2c, 0x63, 0x3d, 0x46, 0x49, 0x3f, 0x63, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x72, 0x65, - 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x6c, 0x69, 0x73, 0x74, - 0x3b, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x30, 0x1d, 0x06, 0x03, 0x55, - 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, - 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, - 0x03, 0x02, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, - 0x14, 0x85, 0xc2, 0x31, 0x35, 0x4f, 0x93, 0x92, 0x9d, 0x8a, 0xbc, 0x32, - 0x7d, 0x1b, 0xf0, 0xaa, 0x96, 0xb1, 0x03, 0x86, 0x71, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x00, 0x9e, 0x75, 0x2b, 0x95, 0x6a, 0x96, - 0x12, 0x24, 0xd5, 0x04, 0x6c, 0x34, 0x0a, 0x58, 0x5a, 0x7d, 0x59, 0xb9, - 0x03, 0x23, 0x13, 0xc3, 0xf5, 0x24, 0x57, 0x33, 0x8d, 0xca, 0x5f, 0xd8, - 0x26, 0xff, 0x64, 0x46, 0x13, 0x40, 0xe5, 0x04, 0xb2, 0xba, 0x92, 0xa5, - 0xa6, 0xa3, 0xd9, 0x2b, 0xff, 0x05, 0xef, 0xce, 0x3c, 0x28, 0xe8, 0x1b, - 0xa3, 0x10, 0x8a, 0xdd, 0x3d, 0x3a, 0x0a, 0xe1, 0x07, 0x3c, 0xb4, 0xf6, - 0xbb, 0xeb, 0xb5, 0xf2, 0x05, 0xe8, 0xd7, 0x16, 0x3e, 0xe5, 0x15, 0x49, - 0xdf, 0x8d, 0x34, 0xb8, 0x1b, 0xd4, 0xf2, 0x65, 0xa0, 0x70, 0x80, 0xd0, - 0xbf, 0xa5, 0x74, 0x5d, 0xfb, 0xd4, 0x52, 0x3b, 0x54, 0xca, 0x32, 0xba, - 0xf7, 0xe3, 0x90, 0xa5, 0xa8, 0xad, 0xd0, 0xe5, 0x5d, 0x18, 0x18, 0x87, - 0x60, 0xb0, 0xf3, 0xf9, 0x62, 0x20, 0x77, 0xaa, 0x0f, 0xdd, 0x16, 0x4c, - 0x01, 0x3a, 0xb1, 0x1f, 0x85, 0x7e, 0x01, 0x04, 0x5f, 0xf1, 0x37, 0x36, - 0xe3, 0x3a, 0xc1, 0xa3, 0x7c, 0x33, 0xca, 0xce, 0x0b, 0xb9, 0x34, 0xe2, - 0xe1, 0xe6, 0xed, 0x24, 0xc1, 0xc3, 0xc7, 0x74, 0x8f, 0x22, 0x2c, 0x6e, - 0xcb, 0x5c, 0x7a, 0x61, 0x99, 0xde, 0xea, 0x13, 0xe1, 0xa8, 0xa1, 0x94, - 0xd0, 0x85, 0x65, 0x65, 0xed, 0x97, 0x14, 0x6e, 0x97, 0xc9, 0xcf, 0x34, - 0x7c, 0xf2, 0x68, 0xeb, 0xc2, 0x7d, 0x03, 0x53, 0xf5, 0xdb, 0xa1, 0x11, - 0x8d, 0xda, 0xcc, 0x26, 0x13, 0xaa, 0x43, 0x76, 0x04, 0x9b, 0x85, 0x89, - 0xc3, 0x29, 0xd8, 0xb5, 0x54, 0x81, 0x09, 0xf5, 0x18, 0x52, 0xa5, 0x38, - 0x4a, 0x00, 0xc6, 0x1d, 0x4d, 0x5a, 0x15, 0xa0, 0xfd, 0xf7, 0x58, 0x27, - 0xcd, 0x6b, 0x56, 0x6b, 0xee, 0x7d, 0x73, 0xd3, 0xfd, 0x6c, 0xb6, 0xb1, - 0x3b, 0xbd, 0xbf, 0x5b, 0x4a, 0x6c, 0xd3, 0x1c, 0x47 -}; +#include "si-20-sectrust.h" /* Test basic add delete update copy matching stuff. */ -static void tests(void) +static void basic_tests(void) { SecTrustRef trust; SecCertificateRef cert0, cert1; @@ -865,38 +260,101 @@ SKIP: { CFReleaseSafe(cert1); CFReleaseSafe(date); - /* Test prt_forest_fi that have a 8k RSA key */ - const void *prt_forest_fi; - isnt(prt_forest_fi = SecCertificateCreateWithBytes(NULL, prt_forest_fi_certificate, - sizeof(prt_forest_fi_certificate)), NULL, "create prt_forest_fi"); - isnt(certs = CFArrayCreate(NULL, &prt_forest_fi, 1, NULL), NULL, "failed to create cert array"); - policy = SecPolicyCreateSSL(false, CFSTR("owa.prt-forest.fi")); - ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), - "create trust for ip client owa.prt-forest.fi"); - date = CFDateCreate(NULL, 391578321.0); - ok_status(SecTrustSetVerifyDate(trust, date), - "set owa.prt-forest.fi trust date to May 2013"); - - SecKeyRef pubkey = SecTrustCopyPublicKey(trust); - isnt(pubkey, NULL, "pubkey returned"); - - CFReleaseSafe(certs); - CFReleaseNull(prt_forest_fi); - CFReleaseNull(policy); - CFReleaseNull(trust); - CFReleaseNull(pubkey); - CFReleaseNull(date); - CFReleaseSafe(_root); CFReleaseSafe(_anchors); } -int si_20_sectrust(int argc, char *const *argv) +static void rsa8k_tests(void) { - plan_tests(77); + /* Test prt_forest_fi that have a 8k RSA key */ + const void *prt_forest_fi; + isnt(prt_forest_fi = SecCertificateCreateWithBytes(NULL, prt_forest_fi_certificate, + sizeof(prt_forest_fi_certificate)), NULL, "create prt_forest_fi"); + CFArrayRef certs = NULL; + isnt(certs = CFArrayCreate(NULL, &prt_forest_fi, 1, NULL), NULL, "failed to create cert array"); + SecPolicyRef policy = NULL; + isnt(policy = SecPolicyCreateSSL(false, CFSTR("owa.prt-forest.fi")), NULL, "failed to create policy"); + SecTrustRef trust = NULL; + ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), + "create trust for ip client owa.prt-forest.fi"); + CFDateRef date = CFDateCreate(NULL, 391578321.0); + ok_status(SecTrustSetVerifyDate(trust, date), + "set owa.prt-forest.fi trust date to May 2013"); + + SecKeyRef pubkey = SecTrustCopyPublicKey(trust); + isnt(pubkey, NULL, "pubkey returned"); + + CFReleaseSafe(certs); + CFReleaseNull(prt_forest_fi); + CFReleaseNull(policy); + CFReleaseNull(trust); + CFReleaseNull(pubkey); + CFReleaseNull(date); +} + +static void date_tests(void) +{ + /* Test long-lived cert chain that expires in 9999 */ + CFDateRef date = NULL; + const void *leaf, *root; + isnt(leaf = SecCertificateCreateWithBytes(NULL, longleaf, sizeof(longleaf)), NULL, "create leaf"); + isnt(root = SecCertificateCreateWithBytes(NULL, longroot, sizeof(longroot)), NULL, "create root"); + + CFArrayRef certs = NULL; + isnt(certs = CFArrayCreate(NULL, &leaf, 1, NULL), NULL, "failed to create cert array"); + CFArrayRef anchors = NULL; + isnt(anchors = CFArrayCreate(NULL, &root, 1, NULL), NULL, "failed to create anchors array"); + + SecPolicyRef policy = NULL; + isnt(policy = SecPolicyCreateBasicX509(), NULL, "failed to create policy"); + SecTrustRef trust = NULL; + SecTrustResultType trustResult; + ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust"); + ok_status(SecTrustSetAnchorCertificates(trust, anchors), "set anchors"); + + /* September 4, 2013 (prior to "notBefore" date of 2 April 2014, should fail) */ + isnt(date = CFDateCreate(NULL, 400000000), NULL, "failed to create date"); + ok_status(SecTrustSetVerifyDate(trust, date), "set trust date to 23 Sep 2013"); + ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust on 23 Sep 2013"); + is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "expected kSecTrustResultRecoverableTrustFailure"); + CFReleaseNull(date); + + /* January 17, 2016 (recent date within validity period, should succeed) */ + isnt(date = CFDateCreate(NULL, 474747474), NULL, "failed to create date"); + ok_status(SecTrustSetVerifyDate(trust, date), "set trust date to 17 Jan 2016"); + ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust on 17 Jan 2016"); + is_status(trustResult, kSecTrustResultUnspecified, "expected kSecTrustResultUnspecified"); + CFReleaseNull(date); + + /* December 20, 9999 (far-future date within validity period, should succeed) */ + isnt(date = CFDateCreate(NULL, 252423000000), NULL, "failed to create date"); + ok_status(SecTrustSetVerifyDate(trust, date), "set trust date to 20 Dec 9999"); + ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust on 20 Dec 9999"); + is_status(trustResult, kSecTrustResultUnspecified, "expected kSecTrustResultUnspecified"); + CFReleaseNull(date); + + /* January 12, 10000 (after the "notAfter" date of 31 Dec 9999, should fail) */ + isnt(date = CFDateCreate(NULL, 252425000000), NULL, "failed to create date"); + ok_status(SecTrustSetVerifyDate(trust, date), "set trust date to 12 Jan 10000"); + ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust on 12 Jan 10000"); + is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "expected kSecTrustResultRecoverableTrustFailure"); + CFReleaseNull(date); + CFReleaseSafe(trust); + CFReleaseSafe(policy); + CFReleaseSafe(anchors); + CFReleaseSafe(certs); + CFReleaseNull(root); + CFReleaseNull(leaf); +} + +int si_20_sectrust(int argc, char *const *argv) +{ + plan_tests(101); - tests(); + basic_tests(); + rsa8k_tests(); + date_tests(); return 0; } diff --git a/OSX/sec/Security/Regressions/secitem/si-20-sectrust.h b/OSX/sec/Security/Regressions/secitem/si-20-sectrust.h new file mode 100644 index 00000000..4b82fcae --- /dev/null +++ b/OSX/sec/Security/Regressions/secitem/si-20-sectrust.h @@ -0,0 +1,751 @@ +/* + * Copyright (c) 2006-2010,2012-2015 Apple Inc. All Rights Reserved. + */ + +/* + Serial Number: + 45:a8:3a:4a:79:4d:0c:2d:71:20:12:5a:7c:82:c0:af + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA + Validity + Not Before: May 5 00:00:00 2014 GMT + Not After : May 4 23:59:59 2016 GMT + Subject: 1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=California/businessCategory=Private Organization/serialNumber=C0806592, C=US/postalCode=95014, ST=California, L=Cupertino/street=1 Infinite Loop, O=Apple Inc., OU=GNCS Traffic Management, CN=secure1.store.apple.com + */ +static const uint8_t _c0[] = { + 0x30,0x82,0x05,0xFF,0x30,0x82,0x04,0xE7,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x45, + 0xA8,0x3A,0x4A,0x79,0x4D,0x0C,0x2D,0x71,0x20,0x12,0x5A,0x7C,0x82,0xC0,0xAF,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81, + 0xBE,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17, + 0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67, + 0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B, + 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74, + 0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04, + 0x0B,0x13,0x32,0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20, + 0x61,0x74,0x20,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76, + 0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20, + 0x28,0x63,0x29,0x30,0x36,0x31,0x38,0x30,0x36,0x06,0x03,0x55,0x04,0x03,0x13,0x2F, + 0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33, + 0x20,0x45,0x78,0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56,0x61,0x6C,0x69,0x64,0x61, + 0x74,0x69,0x6F,0x6E,0x20,0x53,0x53,0x4C,0x20,0x53,0x47,0x43,0x20,0x43,0x41,0x30, + 0x1E,0x17,0x0D,0x31,0x34,0x30,0x35,0x30,0x35,0x30,0x30,0x30,0x30,0x30,0x30,0x5A, + 0x17,0x0D,0x31,0x36,0x30,0x35,0x30,0x34,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30, + 0x82,0x01,0x1D,0x31,0x13,0x30,0x11,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0x82,0x37, + 0x3C,0x02,0x01,0x03,0x13,0x02,0x55,0x53,0x31,0x1B,0x30,0x19,0x06,0x0B,0x2B,0x06, + 0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,0x13,0x0A,0x43,0x61,0x6C,0x69,0x66, + 0x6F,0x72,0x6E,0x69,0x61,0x31,0x1D,0x30,0x1B,0x06,0x03,0x55,0x04,0x0F,0x13,0x14, + 0x50,0x72,0x69,0x76,0x61,0x74,0x65,0x20,0x4F,0x72,0x67,0x61,0x6E,0x69,0x7A,0x61, + 0x74,0x69,0x6F,0x6E,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,0x04,0x05,0x13,0x08,0x43, + 0x30,0x38,0x30,0x36,0x35,0x39,0x32,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06, + 0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x11,0x14,0x05,0x39, + 0x35,0x30,0x31,0x34,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x13,0x0A,0x43, + 0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x12,0x30,0x10,0x06,0x03,0x55, + 0x04,0x07,0x14,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E,0x6F,0x31,0x18,0x30, + 0x16,0x06,0x03,0x55,0x04,0x09,0x14,0x0F,0x31,0x20,0x49,0x6E,0x66,0x69,0x6E,0x69, + 0x74,0x65,0x20,0x4C,0x6F,0x6F,0x70,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A, + 0x14,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x20,0x30,0x1E, + 0x06,0x03,0x55,0x04,0x0B,0x14,0x17,0x47,0x4E,0x43,0x53,0x20,0x54,0x72,0x61,0x66, + 0x66,0x69,0x63,0x20,0x4D,0x61,0x6E,0x61,0x67,0x65,0x6D,0x65,0x6E,0x74,0x31,0x20, + 0x30,0x1E,0x06,0x03,0x55,0x04,0x03,0x14,0x17,0x73,0x65,0x63,0x75,0x72,0x65,0x31, + 0x2E,0x73,0x74,0x6F,0x72,0x65,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D, + 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, + 0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01, + 0x00,0x97,0x1D,0x2E,0x6C,0x69,0x78,0x01,0x17,0xB2,0x6D,0x17,0x50,0x26,0xAE,0x25, + 0xAA,0x30,0x81,0xB8,0xD6,0xDC,0x46,0x67,0x90,0x24,0xC2,0x23,0x50,0x33,0x74,0x5A, + 0x71,0x7F,0x6D,0xC0,0xEE,0x15,0x58,0x64,0x57,0xEF,0xE9,0x02,0xAB,0xB6,0x93,0xA3, + 0x6B,0xFE,0xA9,0xD6,0x53,0x07,0x19,0x08,0xC5,0xC5,0x9D,0x8E,0x4D,0xE8,0x00,0xE8, + 0x49,0x2B,0x70,0x17,0x46,0xE8,0xAF,0xA1,0x2E,0x85,0x5F,0xA7,0x06,0x58,0xBF,0x64, + 0x0B,0xF5,0xD3,0xD4,0xF8,0x6B,0xAA,0x6C,0x8E,0x5F,0xE7,0x12,0x86,0x58,0x9A,0xFC, + 0xDB,0x44,0x9E,0x39,0xA9,0x78,0xE9,0x2D,0x5C,0xE2,0x8A,0x87,0x19,0xB6,0xB3,0xD5, + 0xB6,0x19,0xD0,0x97,0x1B,0xA3,0xE2,0xF6,0x04,0xCE,0xC6,0xEB,0xC3,0xC9,0x50,0x55, + 0x57,0xE5,0xE1,0x0B,0xCB,0x31,0x2A,0x4A,0x3E,0xC9,0xFC,0x87,0xC4,0x44,0x7D,0x5A, + 0x74,0x4D,0x51,0xAD,0xCA,0xD6,0x04,0x2C,0x3B,0x4B,0xE1,0x0F,0x31,0x71,0x00,0xEF, + 0x18,0x66,0x87,0x7E,0xAD,0x0A,0x68,0x23,0x81,0x8F,0x72,0xED,0x8E,0x5A,0xD1,0xD7, + 0x4E,0xBB,0x5E,0x38,0x20,0x48,0x77,0x69,0x19,0x55,0x33,0xC9,0x77,0x2A,0x8B,0xBF, + 0xEB,0xB7,0xF4,0xEB,0x2E,0x00,0x58,0x3C,0x86,0xDB,0x4D,0x95,0xB9,0x93,0x9C,0x78, + 0x39,0xDA,0x4C,0xAA,0xA3,0xB5,0xA6,0xA0,0xBA,0xBC,0x28,0xDB,0xE7,0x9F,0x2A,0x36, + 0x40,0x68,0xBC,0x22,0x3D,0xA9,0x4C,0xFC,0x62,0xCA,0x2C,0x61,0xE0,0x30,0xA4,0xAC, + 0x82,0x63,0xE2,0xE5,0xF0,0xEA,0x32,0x96,0x7B,0xB9,0xDC,0x3A,0x2D,0x1A,0x99,0x28, + 0x47,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x95,0x30,0x82,0x01,0x91,0x30,0x3B, + 0x06,0x03,0x55,0x1D,0x11,0x04,0x34,0x30,0x32,0x82,0x17,0x73,0x65,0x63,0x75,0x72, + 0x65,0x32,0x2E,0x73,0x74,0x6F,0x72,0x65,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63, + 0x6F,0x6D,0x82,0x17,0x73,0x65,0x63,0x75,0x72,0x65,0x31,0x2E,0x73,0x74,0x6F,0x72, + 0x65,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x09,0x06,0x03,0x55, + 0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF, + 0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x28,0x06,0x03,0x55,0x1D,0x25,0x04,0x21,0x30, + 0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01, + 0x05,0x05,0x07,0x03,0x02,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01, + 0x30,0x66,0x06,0x03,0x55,0x1D,0x20,0x04,0x5F,0x30,0x5D,0x30,0x5B,0x06,0x0B,0x60, + 0x86,0x48,0x01,0x86,0xF8,0x45,0x01,0x07,0x17,0x06,0x30,0x4C,0x30,0x23,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x17,0x68,0x74,0x74,0x70,0x73,0x3A, + 0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70, + 0x73,0x30,0x25,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x19,0x1A, + 0x17,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x64,0x2E,0x73,0x79,0x6D,0x63,0x62, + 0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04, + 0x18,0x30,0x16,0x80,0x14,0x4E,0x43,0xC8,0x1D,0x76,0xEF,0x37,0x53,0x7A,0x4F,0xF2, + 0x58,0x6F,0x94,0xF3,0x38,0xE2,0xD5,0xBD,0xDF,0x30,0x2B,0x06,0x03,0x55,0x1D,0x1F, + 0x04,0x24,0x30,0x22,0x30,0x20,0xA0,0x1E,0xA0,0x1C,0x86,0x1A,0x68,0x74,0x74,0x70, + 0x3A,0x2F,0x2F,0x73,0x62,0x2E,0x73,0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F, + 0x73,0x62,0x2E,0x63,0x72,0x6C,0x30,0x57,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x01,0x01,0x04,0x4B,0x30,0x49,0x30,0x1F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x30,0x01,0x86,0x13,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x62,0x2E,0x73,0x79, + 0x6D,0x63,0x64,0x2E,0x63,0x6F,0x6D,0x30,0x26,0x06,0x08,0x2B,0x06,0x01,0x05,0x05, + 0x07,0x30,0x02,0x86,0x1A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x62,0x2E,0x73, + 0x79,0x6D,0x63,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x73,0x62,0x2E,0x63,0x72,0x74,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82, + 0x01,0x01,0x00,0xA4,0x6A,0x52,0x42,0x67,0x97,0x00,0x8D,0xBF,0xB1,0x3D,0x4C,0x80, + 0xFD,0x92,0xAB,0x34,0x95,0x89,0x3D,0x2D,0xEF,0x18,0xB9,0x1A,0x5F,0x86,0x52,0x59, + 0x09,0xCF,0x22,0xBF,0x4A,0xC1,0x27,0xEF,0x4C,0xB5,0xF2,0xD8,0xAD,0xB6,0xAA,0x97, + 0x0D,0xF1,0x43,0xED,0x15,0x08,0x68,0xBD,0x55,0xE3,0x71,0xA6,0x92,0x10,0x5F,0x20, + 0xC9,0x15,0xD1,0x0C,0xE4,0x24,0xE6,0x1C,0xC2,0xCF,0x19,0x5C,0x0B,0xDE,0x6B,0x34, + 0xA1,0xF1,0x18,0x0C,0x27,0x74,0xEA,0x2C,0xEA,0xB0,0x04,0x1C,0x20,0x87,0xD1,0x7A, + 0x8B,0x82,0xB7,0x31,0xD9,0x33,0xDE,0x7C,0x96,0xD1,0x6F,0x40,0x9F,0xDC,0x7C,0x9D, + 0x3D,0x09,0xCB,0x93,0xCC,0x6D,0xBE,0xE1,0x1C,0xD8,0x7D,0x66,0x70,0xAF,0x86,0x93, + 0x86,0xCA,0x77,0x83,0xB6,0xCA,0x86,0xDB,0x83,0xFC,0x6A,0x5C,0xCF,0x93,0x0C,0x1D, + 0x55,0x1C,0xD9,0xBB,0xFD,0x8E,0xE6,0x2E,0xC8,0x13,0x1C,0x27,0x3F,0x73,0x4F,0x19, + 0x49,0x40,0xB6,0x75,0x71,0x5B,0x02,0xCA,0x16,0x62,0x56,0x6A,0x6A,0xA8,0x37,0x97, + 0x67,0x9D,0xD5,0x24,0x34,0x77,0x46,0x3F,0xCA,0xBD,0x02,0x5C,0xDA,0xD8,0x0A,0x29, + 0x72,0xB1,0xBA,0x38,0x04,0xC3,0xA5,0xEF,0xAF,0x30,0x80,0x03,0x66,0xF9,0x96,0x44, + 0x3D,0x1C,0x8C,0x87,0x64,0x37,0xF3,0xAF,0x62,0xAD,0xF8,0xE5,0x53,0x9F,0x7A,0x70, + 0xDA,0x8C,0x00,0x9C,0x13,0xDF,0x7F,0xC4,0x0C,0xE9,0x72,0xA3,0x72,0x39,0x97,0xF5, + 0xE1,0x38,0x12,0xF3,0xAB,0x9D,0xC2,0xAB,0xE3,0xED,0xD8,0x43,0x9A,0xAC,0x1E,0x7A, + 0xB7,0x0A,0x3F, +}; + +static const uint8_t _c0_serial[] = { + 0x45, 0xA8, 0x3A, 0x4A, 0x79, 0x4D, 0x0C, 0x2d, + 0x71, 0x20, 0x12, 0x5A, 0x7C, 0x82, 0xC0, 0xAF +}; + +/* + Serial Number: + 2c:48:dd:93:0d:f5:59:8e:f9:3c:99:54:7a:60:ed:43 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 + Validity + Not Before: Nov 8 00:00:00 2006 GMT + Not After : Nov 7 23:59:59 2016 GMT + Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)06, CN=VeriSign Class 3 Extended Validation SSL SGC CA + */ +static const uint8_t _c1[] = { + 0x30,0x82,0x06,0x1E,0x30,0x82,0x05,0x06,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x2C, + 0x48,0xDD,0x93,0x0D,0xF5,0x59,0x8E,0xF9,0x3C,0x99,0x54,0x7A,0x60,0xED,0x43,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81, + 0xCA,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17, + 0x30,0x15,0x06,0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67, + 0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B, + 0x13,0x16,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74, + 0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04, + 0x0B,0x13,0x31,0x28,0x63,0x29,0x20,0x32,0x30,0x30,0x36,0x20,0x56,0x65,0x72,0x69, + 0x53,0x69,0x67,0x6E,0x2C,0x20,0x49,0x6E,0x63,0x2E,0x20,0x2D,0x20,0x46,0x6F,0x72, + 0x20,0x61,0x75,0x74,0x68,0x6F,0x72,0x69,0x7A,0x65,0x64,0x20,0x75,0x73,0x65,0x20, + 0x6F,0x6E,0x6C,0x79,0x31,0x45,0x30,0x43,0x06,0x03,0x55,0x04,0x03,0x13,0x3C,0x56, + 0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20, + 0x50,0x75,0x62,0x6C,0x69,0x63,0x20,0x50,0x72,0x69,0x6D,0x61,0x72,0x79,0x20,0x43, + 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74, + 0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x2D,0x20,0x47,0x35,0x30,0x1E,0x17,0x0D,0x30, + 0x36,0x31,0x31,0x30,0x38,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D,0x31,0x36, + 0x31,0x31,0x30,0x37,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x81,0xBE,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x17,0x30,0x15,0x06, + 0x03,0x55,0x04,0x0A,0x13,0x0E,0x56,0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x2C,0x20, + 0x49,0x6E,0x63,0x2E,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x0B,0x13,0x16,0x56, + 0x65,0x72,0x69,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75,0x73,0x74,0x20,0x4E,0x65, + 0x74,0x77,0x6F,0x72,0x6B,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04,0x0B,0x13,0x32, + 0x54,0x65,0x72,0x6D,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x20,0x61,0x74,0x20, + 0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,0x65,0x72,0x69, + 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x70,0x61,0x20,0x28,0x63,0x29, + 0x30,0x36,0x31,0x38,0x30,0x36,0x06,0x03,0x55,0x04,0x03,0x13,0x2F,0x56,0x65,0x72, + 0x69,0x53,0x69,0x67,0x6E,0x20,0x43,0x6C,0x61,0x73,0x73,0x20,0x33,0x20,0x45,0x78, + 0x74,0x65,0x6E,0x64,0x65,0x64,0x20,0x56,0x61,0x6C,0x69,0x64,0x61,0x74,0x69,0x6F, + 0x6E,0x20,0x53,0x53,0x4C,0x20,0x53,0x47,0x43,0x20,0x43,0x41,0x30,0x82,0x01,0x22, + 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03, + 0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xBD,0x56,0x88, + 0xBA,0x88,0x34,0x64,0x64,0xCF,0xCD,0xCA,0xB0,0xEE,0xE7,0x19,0x73,0xC5,0x72,0xD9, + 0xBB,0x45,0xBC,0xB5,0xA8,0xFF,0x83,0xBE,0x1C,0x03,0xDB,0xED,0x89,0xB7,0x2E,0x10, + 0x1A,0x25,0xBC,0x55,0xCA,0x41,0xA1,0x9F,0x0B,0xCF,0x19,0x5E,0x70,0xB9,0x5E,0x39, + 0x4B,0x9E,0x31,0x1C,0x5F,0x87,0xAE,0x2A,0xAA,0xA8,0x2B,0xA2,0x1B,0x3B,0x10,0x23, + 0x5F,0x13,0xB1,0xDD,0x08,0x8C,0x4E,0x14,0xDA,0x83,0x81,0xE3,0xB5,0x8C,0xE3,0x68, + 0xED,0x24,0x67,0xCE,0x56,0xB6,0xAC,0x9B,0x73,0x96,0x44,0xDB,0x8A,0x8C,0xB3,0xD6, + 0xF0,0x71,0x93,0x8E,0xDB,0x71,0x54,0x4A,0xEB,0x73,0x59,0x6A,0x8F,0x70,0x51,0x2C, + 0x03,0x9F,0x97,0xD1,0xCC,0x11,0x7A,0xBC,0x62,0x0D,0x95,0x2A,0xC9,0x1C,0x75,0x57, + 0xE9,0xF5,0xC7,0xEA,0xBA,0x84,0x35,0xCB,0xC7,0x85,0x5A,0x7E,0xE4,0x4D,0xE1,0x11, + 0x97,0x7D,0x0E,0x20,0x34,0x45,0xDB,0xF1,0xA2,0x09,0xEB,0xEB,0x3D,0x9E,0xB8,0x96, + 0x43,0x5E,0x34,0x4B,0x08,0x25,0x1E,0x43,0x1A,0xA2,0xD9,0xB7,0x8A,0x01,0x34,0x3D, + 0xC3,0xF8,0xE5,0xAF,0x4F,0x8C,0xFF,0xCD,0x65,0xF0,0x23,0x4E,0xC5,0x97,0xB3,0x5C, + 0xDA,0x90,0x1C,0x82,0x85,0x0D,0x06,0x0D,0xC1,0x22,0xB6,0x7B,0x28,0xA4,0x03,0xC3, + 0x4C,0x53,0xD1,0x58,0xBC,0x72,0xBC,0x08,0x39,0xFC,0xA0,0x76,0xA8,0xA8,0xE9,0x4B, + 0x6E,0x88,0x3D,0xE3,0xB3,0x31,0x25,0x8C,0x73,0x29,0x48,0x0E,0x32,0x79,0x06,0xED, + 0x3D,0x43,0xF4,0xF6,0xE4,0xE9,0xFC,0x7D,0xBE,0x8E,0x08,0xD5,0x1F,0x02,0x03,0x01, + 0x00,0x01,0xA3,0x82,0x02,0x08,0x30,0x82,0x02,0x04,0x30,0x1D,0x06,0x03,0x55,0x1D, + 0x0E,0x04,0x16,0x04,0x14,0x4E,0x43,0xC8,0x1D,0x76,0xEF,0x37,0x53,0x7A,0x4F,0xF2, + 0x58,0x6F,0x94,0xF3,0x38,0xE2,0xD5,0xBD,0xDF,0x30,0x12,0x06,0x03,0x55,0x1D,0x13, + 0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x3D,0x06, + 0x03,0x55,0x1D,0x20,0x04,0x36,0x30,0x34,0x30,0x32,0x06,0x04,0x55,0x1D,0x20,0x00, + 0x30,0x2A,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1C, + 0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x76,0x65,0x72,0x69, + 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x70,0x73,0x30,0x3D,0x06,0x03, + 0x55,0x1D,0x1F,0x04,0x36,0x30,0x34,0x30,0x32,0xA0,0x30,0xA0,0x2E,0x86,0x2C,0x68, + 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x45,0x56,0x53,0x65,0x63,0x75,0x72,0x65,0x2D,0x63, + 0x72,0x6C,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F, + 0x70,0x63,0x61,0x33,0x2D,0x67,0x35,0x2E,0x63,0x72,0x6C,0x30,0x0E,0x06,0x03,0x55, + 0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x11,0x06,0x09,0x60, + 0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x6D, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0C,0x04,0x61,0x30,0x5F,0xA1,0x5D, + 0xA0,0x5B,0x30,0x59,0x30,0x57,0x30,0x55,0x16,0x09,0x69,0x6D,0x61,0x67,0x65,0x2F, + 0x67,0x69,0x66,0x30,0x21,0x30,0x1F,0x30,0x07,0x06,0x05,0x2B,0x0E,0x03,0x02,0x1A, + 0x04,0x14,0x8F,0xE5,0xD3,0x1A,0x86,0xAC,0x8D,0x8E,0x6B,0xC3,0xCF,0x80,0x6A,0xD4, + 0x48,0x18,0x2C,0x7B,0x19,0x2E,0x30,0x25,0x16,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F, + 0x2F,0x6C,0x6F,0x67,0x6F,0x2E,0x76,0x65,0x72,0x69,0x73,0x69,0x67,0x6E,0x2E,0x63, + 0x6F,0x6D,0x2F,0x76,0x73,0x6C,0x6F,0x67,0x6F,0x2E,0x67,0x69,0x66,0x30,0x29,0x06, + 0x03,0x55,0x1D,0x11,0x04,0x22,0x30,0x20,0xA4,0x1E,0x30,0x1C,0x31,0x1A,0x30,0x18, + 0x06,0x03,0x55,0x04,0x03,0x13,0x11,0x43,0x6C,0x61,0x73,0x73,0x33,0x43,0x41,0x32, + 0x30,0x34,0x38,0x2D,0x31,0x2D,0x34,0x38,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04, + 0x18,0x30,0x16,0x80,0x14,0x7F,0xD3,0x65,0xA7,0xC2,0xDD,0xEC,0xBB,0xF0,0x30,0x09, + 0xF3,0x43,0x39,0xFA,0x02,0xAF,0x33,0x31,0x33,0x30,0x3D,0x06,0x08,0x2B,0x06,0x01, + 0x05,0x05,0x07,0x01,0x01,0x04,0x31,0x30,0x2F,0x30,0x2D,0x06,0x08,0x2B,0x06,0x01, + 0x05,0x05,0x07,0x30,0x01,0x86,0x21,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x45,0x56, + 0x53,0x65,0x63,0x75,0x72,0x65,0x2D,0x6F,0x63,0x73,0x70,0x2E,0x76,0x65,0x72,0x69, + 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x34,0x06,0x03,0x55,0x1D,0x25,0x04, + 0x2D,0x30,0x2B,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,0x06,0x0A, + 0x60,0x86,0x48,0x01,0x86,0xF8,0x45,0x01,0x08,0x01,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x0D, + 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01, + 0x01,0x00,0x27,0x74,0xA6,0x34,0xEA,0x1D,0x9D,0xE1,0x53,0xD6,0x1C,0x9D,0x0C,0xA7, + 0x5B,0x4C,0xA9,0x67,0xF2,0xF0,0x32,0xB7,0x01,0x0F,0xFB,0x42,0x18,0x38,0xDE,0xE4, + 0xEE,0x49,0xC8,0x13,0xC9,0x0B,0xEC,0x04,0xC3,0x40,0x71,0x18,0x72,0x76,0x43,0x02, + 0x23,0x5D,0xAB,0x7B,0xC8,0x48,0x14,0x1A,0xC8,0x7B,0x1D,0xFC,0xF6,0x0A,0x9F,0x36, + 0xA1,0xD2,0x09,0x73,0x71,0x66,0x96,0x75,0x51,0x34,0xBF,0x99,0x30,0x51,0x67,0x9D, + 0x54,0xB7,0x26,0x45,0xAC,0x73,0x08,0x23,0x86,0x26,0x99,0x71,0xF4,0x8E,0xD7,0xEA, + 0x39,0x9B,0x06,0x09,0x23,0xBF,0x62,0xDD,0xA8,0xC4,0xB6,0x7D,0xA4,0x89,0x07,0x3E, + 0xF3,0x6D,0xAE,0x40,0x59,0x50,0x79,0x97,0x37,0x3D,0x32,0x78,0x7D,0xB2,0x63,0x4B, + 0xF9,0xEA,0x08,0x69,0x0E,0x13,0xED,0xE8,0xCF,0xBB,0xAC,0x05,0x86,0xCA,0x22,0xCF, + 0x88,0x62,0x5D,0x3C,0x22,0x49,0xD8,0x63,0xD5,0x24,0xA6,0xBD,0xEF,0x5C,0xE3,0xCC, + 0x20,0x3B,0x22,0xEA,0xFC,0x44,0xC6,0xA8,0xE5,0x1F,0xE1,0x86,0xCD,0x0C,0x4D,0x8F, + 0x93,0x53,0xD9,0x7F,0xEE,0xA1,0x08,0xA7,0xB3,0x30,0x96,0x49,0x70,0x6E,0xA3,0x6C, + 0x3D,0xD0,0x63,0xEF,0x25,0x66,0x63,0xCC,0xAA,0xB7,0x18,0x17,0x4E,0xEA,0x70,0x76, + 0xF6,0xBA,0x42,0xA6,0x80,0x37,0x09,0x4E,0x9F,0x66,0x88,0x2E,0x6B,0x33,0x66,0xC8, + 0xC0,0x71,0xA4,0x41,0xEB,0x5A,0xE3,0xFC,0x14,0x2E,0x4B,0x88,0xFD,0xAE,0x6E,0x5B, + 0x65,0xE9,0x27,0xE4,0xBF,0xE4,0xB0,0x23,0xC1,0xB2,0x7D,0x5B,0x62,0x25,0xD7,0x3E, + 0x10,0xD4, +}; + + +/* subject:/C=US/ST=California/L=Cupertino/O=Apple Inc/OU=Internet Operations/CN=xedge2.apple.com + issuer :/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority */ +const uint8_t xedge2_certificate[1385]={ + 0x30,0x82,0x05,0x65,0x30,0x82,0x04,0xCE,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x46, + 0x9C,0xDF,0x96,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05, + 0x05,0x00,0x30,0x81,0xC3,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02, + 0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x45,0x6E,0x74, + 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04, + 0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E, + 0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,0x6F,0x72,0x70,0x2E,0x20,0x62, + 0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,0x6D,0x69,0x74,0x73,0x20,0x6C, + 0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,0x13,0x1C, + 0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,0x6E,0x74,0x72,0x75,0x73,0x74, + 0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,0x31,0x3A,0x30,0x38, + 0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E, + 0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72, + 0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41, + 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x1E,0x17,0x0D,0x30,0x38,0x30,0x31, + 0x32,0x39,0x31,0x38,0x33,0x33,0x31,0x33,0x5A,0x17,0x0D,0x31,0x30,0x30,0x31,0x32, + 0x38,0x31,0x39,0x30,0x33,0x31,0x32,0x5A,0x30,0x81,0x83,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04, + 0x08,0x13,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61,0x31,0x12,0x30, + 0x10,0x06,0x03,0x55,0x04,0x07,0x13,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E, + 0x6F,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x41,0x70,0x70,0x6C, + 0x65,0x20,0x49,0x6E,0x63,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0B,0x13,0x13, + 0x49,0x6E,0x74,0x65,0x72,0x6E,0x65,0x74,0x20,0x4F,0x70,0x65,0x72,0x61,0x74,0x69, + 0x6F,0x6E,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13,0x10,0x78,0x65, + 0x64,0x67,0x65,0x32,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x81, + 0x9F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00, + 0x03,0x81,0x8D,0x00,0x30,0x81,0x89,0x02,0x81,0x81,0x00,0xC7,0xF3,0xA1,0x0E,0x0E, + 0xA4,0xDF,0xC5,0x3F,0x24,0x87,0xC3,0x6E,0xE7,0xD0,0x7C,0x2B,0x5A,0x1C,0xF3,0x67, + 0x6C,0x6B,0x56,0x0A,0x95,0xC9,0xE5,0x13,0x28,0x6E,0x16,0x9D,0x4F,0xB1,0x76,0xFB, + 0x7D,0x42,0x5B,0x2A,0x7C,0xCC,0x97,0x75,0xAA,0xA6,0xA9,0xDE,0xB2,0xEC,0xEF,0xE2, + 0xAB,0x40,0xAE,0x9A,0x23,0xF0,0x6A,0x10,0xB3,0x75,0x27,0xF0,0xF4,0x7D,0x08,0x67, + 0x8F,0xCE,0x41,0x24,0x74,0xAA,0x37,0xB6,0xC1,0x32,0x61,0xCF,0x7D,0x1C,0x21,0xCD, + 0xCF,0x7C,0x9E,0xE2,0x48,0x03,0x7E,0x78,0xB3,0x86,0x3D,0x06,0x6B,0x39,0xEC,0xC8, + 0x73,0x68,0xDB,0xE7,0x5B,0x97,0xF4,0xF9,0xA3,0xE7,0xFB,0x81,0x2E,0x4D,0x0B,0x3F, + 0xA9,0xCA,0xDE,0x32,0x26,0xF3,0xF0,0x97,0x72,0x65,0xAB,0x02,0x03,0x01,0x00,0x01, + 0xA3,0x82,0x02,0xA2,0x30,0x82,0x02,0x9E,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04, + 0x04,0x03,0x02,0x05,0xA0,0x30,0x2B,0x06,0x03,0x55,0x1D,0x10,0x04,0x24,0x30,0x22, + 0x80,0x0F,0x32,0x30,0x30,0x38,0x30,0x31,0x32,0x39,0x31,0x38,0x33,0x33,0x31,0x33, + 0x5A,0x81,0x0F,0x32,0x30,0x31,0x30,0x30,0x31,0x32,0x38,0x31,0x39,0x30,0x33,0x31, + 0x32,0x5A,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,0x04, + 0x04,0x03,0x02,0x06,0x40,0x30,0x13,0x06,0x03,0x55,0x1D,0x25,0x04,0x0C,0x30,0x0A, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x82,0x01,0x68,0x06,0x03, + 0x55,0x1D,0x20,0x04,0x82,0x01,0x5F,0x30,0x82,0x01,0x5B,0x30,0x82,0x01,0x57,0x06, + 0x09,0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x4B,0x02,0x30,0x82,0x01,0x48,0x30,0x26, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1A,0x68,0x74,0x74,0x70, + 0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E, + 0x65,0x74,0x2F,0x63,0x70,0x73,0x30,0x82,0x01,0x1C,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x02,0x02,0x30,0x82,0x01,0x0E,0x1A,0x82,0x01,0x0A,0x54,0x68,0x65,0x20, + 0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x20,0x53,0x53,0x4C,0x20,0x57,0x65,0x62,0x20, + 0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61, + 0x74,0x69,0x6F,0x6E,0x20,0x50,0x72,0x61,0x63,0x74,0x69,0x63,0x65,0x20,0x53,0x74, + 0x61,0x74,0x65,0x6D,0x65,0x6E,0x74,0x20,0x28,0x43,0x50,0x53,0x29,0x20,0x61,0x76, + 0x61,0x69,0x6C,0x61,0x62,0x6C,0x65,0x20,0x61,0x74,0x20,0x77,0x77,0x77,0x2E,0x65, + 0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,0x73,0x20,0x20, + 0x69,0x73,0x20,0x68,0x65,0x72,0x65,0x62,0x79,0x20,0x69,0x6E,0x63,0x6F,0x72,0x70, + 0x6F,0x72,0x61,0x74,0x65,0x64,0x20,0x69,0x6E,0x74,0x6F,0x20,0x79,0x6F,0x75,0x72, + 0x20,0x75,0x73,0x65,0x20,0x6F,0x72,0x20,0x72,0x65,0x6C,0x69,0x61,0x6E,0x63,0x65, + 0x20,0x6F,0x6E,0x20,0x74,0x68,0x69,0x73,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69, + 0x63,0x61,0x74,0x65,0x2E,0x20,0x20,0x54,0x68,0x69,0x73,0x20,0x43,0x50,0x53,0x20, + 0x63,0x6F,0x6E,0x74,0x61,0x69,0x6E,0x73,0x20,0x6C,0x69,0x6D,0x69,0x74,0x61,0x74, + 0x69,0x6F,0x6E,0x73,0x20,0x6F,0x6E,0x20,0x77,0x61,0x72,0x72,0x61,0x6E,0x74,0x69, + 0x65,0x73,0x20,0x61,0x6E,0x64,0x20,0x6C,0x69,0x61,0x62,0x69,0x6C,0x69,0x74,0x69, + 0x65,0x73,0x2E,0x20,0x43,0x6F,0x70,0x79,0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63, + 0x29,0x20,0x32,0x30,0x30,0x32,0x20,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x20,0x4C, + 0x69,0x6D,0x69,0x74,0x65,0x64,0x30,0x33,0x06,0x03,0x55,0x1D,0x1F,0x04,0x2C,0x30, + 0x2A,0x30,0x28,0xA0,0x26,0xA0,0x24,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F, + 0x63,0x72,0x6C,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F, + 0x73,0x65,0x72,0x76,0x65,0x72,0x31,0x2E,0x63,0x72,0x6C,0x30,0x33,0x06,0x08,0x2B, + 0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x27,0x30,0x25,0x30,0x23,0x06,0x08,0x2B, + 0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x17,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F, + 0x6F,0x63,0x73,0x70,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74, + 0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xF0,0x17,0x62, + 0x13,0x55,0x3D,0xB3,0xFF,0x0A,0x00,0x6B,0xFB,0x50,0x84,0x97,0xF3,0xED,0x62,0xD0, + 0x1A,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x2D,0xEF,0xD9,0xAF, + 0x1A,0x89,0x40,0x53,0x75,0x48,0x26,0x59,0x2F,0xEC,0x11,0x18,0xC0,0xD1,0x7A,0x34, + 0x30,0x09,0x06,0x03,0x55,0x1D,0x13,0x04,0x02,0x30,0x00,0x30,0x19,0x06,0x09,0x2A, + 0x86,0x48,0x86,0xF6,0x7D,0x07,0x41,0x00,0x04,0x0C,0x30,0x0A,0x1B,0x04,0x56,0x37, + 0x2E,0x31,0x03,0x02,0x03,0x28,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D, + 0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x77,0x33,0x2A,0x69,0x45,0x5A,0xB2, + 0xF5,0x74,0xF7,0xDF,0xC7,0x08,0x85,0x86,0x88,0x98,0x41,0x7F,0x57,0x49,0x01,0xBA, + 0x13,0x21,0x40,0xD0,0x0A,0x5C,0xA7,0x37,0xDF,0xB3,0x7E,0xF8,0xED,0x04,0x63,0xC3, + 0xE8,0x0F,0xA0,0xE5,0xC4,0x4F,0x3A,0x90,0xE4,0x87,0x5F,0xEC,0xDB,0x65,0x8B,0x6E, + 0x88,0x6E,0x6E,0xE4,0xBC,0x6A,0x7E,0x37,0x47,0x04,0xFF,0x09,0xC6,0x70,0xE1,0x65, + 0x8F,0xE3,0xE9,0x60,0xEB,0xE8,0x8E,0x29,0xAE,0xF9,0x81,0xCA,0x9A,0x97,0x3C,0x6F, + 0x7C,0xFA,0xA8,0x49,0xB4,0x33,0x76,0x9C,0x65,0x92,0x12,0xF6,0x7F,0x6A,0x62,0x84, + 0x29,0x5F,0x14,0x26,0x6E,0x07,0x6F,0x5C,0xB5,0x7C,0x21,0x64,0x7C,0xD9,0x93,0xF4, + 0x9C,0xC8,0xE7,0xEC,0xC6,0xAC,0x13,0xC4,0xF0 +}; + +const uint8_t entrust1024RootCA[1244]={ + 0x30,0x82,0x04,0xD8,0x30,0x82,0x04,0x41,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x37, + 0x4A,0xD2,0x43,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05, + 0x05,0x00,0x30,0x81,0xC3,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02, + 0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x45,0x6E,0x74, + 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,0x30,0x39,0x06,0x03,0x55,0x04, + 0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E, + 0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,0x6F,0x72,0x70,0x2E,0x20,0x62, + 0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,0x6D,0x69,0x74,0x73,0x20,0x6C, + 0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0B,0x13,0x1C, + 0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,0x6E,0x74,0x72,0x75,0x73,0x74, + 0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,0x31,0x3A,0x30,0x38, + 0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E, + 0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65,0x72,0x76,0x65,0x72, + 0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41, + 0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x1E,0x17,0x0D,0x39,0x39,0x30,0x35, + 0x32,0x35,0x31,0x36,0x30,0x39,0x34,0x30,0x5A,0x17,0x0D,0x31,0x39,0x30,0x35,0x32, + 0x35,0x31,0x36,0x33,0x39,0x34,0x30,0x5A,0x30,0x81,0xC3,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04, + 0x0A,0x13,0x0B,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B, + 0x30,0x39,0x06,0x03,0x55,0x04,0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74, + 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63, + 0x6F,0x72,0x70,0x2E,0x20,0x62,0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69, + 0x6D,0x69,0x74,0x73,0x20,0x6C,0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06, + 0x03,0x55,0x04,0x0B,0x13,0x1C,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45, + 0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74, + 0x65,0x64,0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74, + 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20, + 0x53,0x65,0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61, + 0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x81, + 0x9D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00, + 0x03,0x81,0x8B,0x00,0x30,0x81,0x87,0x02,0x81,0x81,0x00,0xCD,0x28,0x83,0x34,0x54, + 0x1B,0x89,0xF3,0x0F,0xAF,0x37,0x91,0x31,0xFF,0xAF,0x31,0x60,0xC9,0xA8,0xE8,0xB2, + 0x10,0x68,0xED,0x9F,0xE7,0x93,0x36,0xF1,0x0A,0x64,0xBB,0x47,0xF5,0x04,0x17,0x3F, + 0x23,0x47,0x4D,0xC5,0x27,0x19,0x81,0x26,0x0C,0x54,0x72,0x0D,0x88,0x2D,0xD9,0x1F, + 0x9A,0x12,0x9F,0xBC,0xB3,0x71,0xD3,0x80,0x19,0x3F,0x47,0x66,0x7B,0x8C,0x35,0x28, + 0xD2,0xB9,0x0A,0xDF,0x24,0xDA,0x9C,0xD6,0x50,0x79,0x81,0x7A,0x5A,0xD3,0x37,0xF7, + 0xC2,0x4A,0xD8,0x29,0x92,0x26,0x64,0xD1,0xE4,0x98,0x6C,0x3A,0x00,0x8A,0xF5,0x34, + 0x9B,0x65,0xF8,0xED,0xE3,0x10,0xFF,0xFD,0xB8,0x49,0x58,0xDC,0xA0,0xDE,0x82,0x39, + 0x6B,0x81,0xB1,0x16,0x19,0x61,0xB9,0x54,0xB6,0xE6,0x43,0x02,0x01,0x03,0xA3,0x82, + 0x01,0xD7,0x30,0x82,0x01,0xD3,0x30,0x11,0x06,0x09,0x60,0x86,0x48,0x01,0x86,0xF8, + 0x42,0x01,0x01,0x04,0x04,0x03,0x02,0x00,0x07,0x30,0x82,0x01,0x19,0x06,0x03,0x55, + 0x1D,0x1F,0x04,0x82,0x01,0x10,0x30,0x82,0x01,0x0C,0x30,0x81,0xDE,0xA0,0x81,0xDB, + 0xA0,0x81,0xD8,0xA4,0x81,0xD5,0x30,0x81,0xD2,0x31,0x0B,0x30,0x09,0x06,0x03,0x55, + 0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13, + 0x0B,0x45,0x6E,0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x31,0x3B,0x30,0x39, + 0x06,0x03,0x55,0x04,0x0B,0x13,0x32,0x77,0x77,0x77,0x2E,0x65,0x6E,0x74,0x72,0x75, + 0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x43,0x50,0x53,0x20,0x69,0x6E,0x63,0x6F,0x72, + 0x70,0x2E,0x20,0x62,0x79,0x20,0x72,0x65,0x66,0x2E,0x20,0x28,0x6C,0x69,0x6D,0x69, + 0x74,0x73,0x20,0x6C,0x69,0x61,0x62,0x2E,0x29,0x31,0x25,0x30,0x23,0x06,0x03,0x55, + 0x04,0x0B,0x13,0x1C,0x28,0x63,0x29,0x20,0x31,0x39,0x39,0x39,0x20,0x45,0x6E,0x74, + 0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x4C,0x69,0x6D,0x69,0x74,0x65,0x64, + 0x31,0x3A,0x30,0x38,0x06,0x03,0x55,0x04,0x03,0x13,0x31,0x45,0x6E,0x74,0x72,0x75, + 0x73,0x74,0x2E,0x6E,0x65,0x74,0x20,0x53,0x65,0x63,0x75,0x72,0x65,0x20,0x53,0x65, + 0x72,0x76,0x65,0x72,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, + 0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x0D,0x30,0x0B, + 0x06,0x03,0x55,0x04,0x03,0x13,0x04,0x43,0x52,0x4C,0x31,0x30,0x29,0xA0,0x27,0xA0, + 0x25,0x86,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x65,0x6E, + 0x74,0x72,0x75,0x73,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x43,0x52,0x4C,0x2F,0x6E,0x65, + 0x74,0x31,0x2E,0x63,0x72,0x6C,0x30,0x2B,0x06,0x03,0x55,0x1D,0x10,0x04,0x24,0x30, + 0x22,0x80,0x0F,0x31,0x39,0x39,0x39,0x30,0x35,0x32,0x35,0x31,0x36,0x30,0x39,0x34, + 0x30,0x5A,0x81,0x0F,0x32,0x30,0x31,0x39,0x30,0x35,0x32,0x35,0x31,0x36,0x30,0x39, + 0x34,0x30,0x5A,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x01,0x06, + 0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xF0,0x17,0x62, + 0x13,0x55,0x3D,0xB3,0xFF,0x0A,0x00,0x6B,0xFB,0x50,0x84,0x97,0xF3,0xED,0x62,0xD0, + 0x1A,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xF0,0x17,0x62,0x13, + 0x55,0x3D,0xB3,0xFF,0x0A,0x00,0x6B,0xFB,0x50,0x84,0x97,0xF3,0xED,0x62,0xD0,0x1A, + 0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x19, + 0x06,0x09,0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x41,0x00,0x04,0x0C,0x30,0x0A,0x1B, + 0x04,0x56,0x34,0x2E,0x30,0x03,0x02,0x04,0x90,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x90,0xDC,0x30,0x02, + 0xFA,0x64,0x74,0xC2,0xA7,0x0A,0xA5,0x7C,0x21,0x8D,0x34,0x17,0xA8,0xFB,0x47,0x0E, + 0xFF,0x25,0x7C,0x8D,0x13,0x0A,0xFB,0xE4,0x98,0xB5,0xEF,0x8C,0xF8,0xC5,0x10,0x0D, + 0xF7,0x92,0xBE,0xF1,0xC3,0xD5,0xD5,0x95,0x6A,0x04,0xBB,0x2C,0xCE,0x26,0x36,0x65, + 0xC8,0x31,0xC6,0xE7,0xEE,0x3F,0xE3,0x57,0x75,0x84,0x7A,0x11,0xEF,0x46,0x4F,0x18, + 0xF4,0xD3,0x98,0xBB,0xA8,0x87,0x32,0xBA,0x72,0xF6,0x3C,0xE2,0x3D,0x9F,0xD7,0x1D, + 0xD9,0xC3,0x60,0x43,0x8C,0x58,0x0E,0x22,0x96,0x2F,0x62,0xA3,0x2C,0x1F,0xBA,0xAD, + 0x05,0xEF,0xAB,0x32,0x78,0x87,0xA0,0x54,0x73,0x19,0xB5,0x5C,0x05,0xF9,0x52,0x3E, + 0x6D,0x2D,0x45,0x0B,0xF7,0x0A,0x93,0xEA,0xED,0x06,0xF9,0xB2, +}; + + +/* subject:/CN=garthc2.apple.com/O=Apple Inc./OU=DTS/ST=California/C=US/L=Cupertino/emailAddress=gcummings@apple.com + issuer :/CN=garthc2.apple.com/O=Apple Inc./OU=DTS/ST=California/C=US/L=Cupertino/emailAddress=gcummings@apple.com */ +const uint8_t garthc2_certificate[730]={ + 0x30,0x82,0x02,0xD6,0x30,0x82,0x02,0x3F,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, + 0x30,0x0B,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x30,0x81,0x99, + 0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x67,0x61,0x72,0x74,0x68, + 0x63,0x32,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x13,0x30,0x11, + 0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63, + 0x2E,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x0B,0x0C,0x03,0x44,0x54,0x53,0x31, + 0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F, + 0x72,0x6E,0x69,0x61,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55, + 0x53,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65, + 0x72,0x74,0x69,0x6E,0x6F,0x31,0x22,0x30,0x20,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x09,0x01,0x16,0x13,0x67,0x63,0x75,0x6D,0x6D,0x69,0x6E,0x67,0x73,0x40, + 0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,0x0D,0x30,0x39,0x30, + 0x37,0x31,0x36,0x32,0x32,0x34,0x39,0x31,0x30,0x5A,0x17,0x0D,0x31,0x30,0x30,0x37, + 0x31,0x36,0x32,0x32,0x34,0x39,0x31,0x30,0x5A,0x30,0x81,0x99,0x31,0x1A,0x30,0x18, + 0x06,0x03,0x55,0x04,0x03,0x0C,0x11,0x67,0x61,0x72,0x74,0x68,0x63,0x32,0x2E,0x61, + 0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04, + 0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0C,0x30, + 0x0A,0x06,0x03,0x55,0x04,0x0B,0x0C,0x03,0x44,0x54,0x53,0x31,0x13,0x30,0x11,0x06, + 0x03,0x55,0x04,0x08,0x0C,0x0A,0x43,0x61,0x6C,0x69,0x66,0x6F,0x72,0x6E,0x69,0x61, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x12,0x30, + 0x10,0x06,0x03,0x55,0x04,0x07,0x0C,0x09,0x43,0x75,0x70,0x65,0x72,0x74,0x69,0x6E, + 0x6F,0x31,0x22,0x30,0x20,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01, + 0x16,0x13,0x67,0x63,0x75,0x6D,0x6D,0x69,0x6E,0x67,0x73,0x40,0x61,0x70,0x70,0x6C, + 0x65,0x2E,0x63,0x6F,0x6D,0x30,0x81,0x9F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86, + 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x81,0x8D,0x00,0x30,0x81,0x89,0x02,0x81, + 0x81,0x00,0xCF,0x30,0xD9,0x9D,0x9C,0xD5,0x6F,0xCB,0xB1,0xD1,0xC2,0x73,0xE2,0xB4, + 0x06,0xC3,0x16,0x6D,0x0E,0x68,0x40,0x5E,0x92,0xFC,0xD9,0x14,0xD2,0x5E,0x21,0x50, + 0x66,0x41,0x96,0x3A,0x76,0x26,0xF6,0x6C,0x3C,0xA2,0xD4,0x84,0x91,0x09,0x2E,0x23, + 0x2D,0x07,0x38,0x48,0x58,0x31,0xE5,0x00,0x08,0xB1,0x6C,0x5D,0x39,0x50,0x30,0xF7, + 0x68,0x12,0x99,0xB5,0x4C,0x86,0x1E,0xA5,0xF4,0x0C,0xCB,0xCB,0x25,0xB0,0x7C,0x6A, + 0xFE,0x28,0xD4,0x34,0xA5,0xD2,0x94,0x5E,0xBE,0x5F,0xC1,0x61,0xAE,0xB5,0xD2,0xD2, + 0x18,0x34,0x07,0x02,0xA8,0x56,0xAC,0x55,0x4D,0x87,0x56,0x8A,0xBA,0x1B,0x17,0x26, + 0x11,0x9B,0xF8,0x88,0xD1,0x4F,0x94,0x03,0x01,0xCC,0x01,0xE7,0x0B,0x9B,0x14,0x43, + 0x25,0xFB,0x02,0x03,0x01,0x00,0x01,0xA3,0x2E,0x30,0x2C,0x30,0x0B,0x06,0x03,0x55, + 0x1D,0x0F,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04, + 0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B, + 0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x81,0x81,0x00,0x9D,0x8A,0x8A,0x9F,0xA5,0x36, + 0xA2,0xE6,0x1D,0xA9,0xF1,0x10,0xDF,0xC8,0xFC,0x1A,0x2B,0xA0,0x01,0x07,0x58,0xA4, + 0xD0,0x41,0xE1,0x32,0xD8,0xA9,0x84,0x9E,0xF3,0xE2,0xDE,0x48,0xD3,0x03,0xD7,0xC9, + 0x40,0x58,0x5A,0x91,0x85,0x70,0xF6,0xC7,0x34,0x90,0x3C,0x1B,0x06,0x8F,0x0C,0xEE, + 0xDD,0x79,0x14,0x42,0x72,0x4F,0x41,0xF9,0xB0,0xEC,0x04,0x9F,0xD6,0x75,0x68,0x06, + 0xA0,0xEA,0x11,0x0C,0xE9,0x16,0x2F,0x9E,0x23,0xFA,0x5D,0xC2,0x02,0x92,0x2A,0xDD, + 0xE8,0xBD,0xA1,0x8F,0x33,0x96,0x84,0xFA,0xFD,0x3C,0x70,0xD4,0x9D,0x43,0xA4,0xA0, + 0xE9,0xF4,0x49,0xB2,0xF4,0xCB,0x9F,0x43,0x87,0x04,0x8D,0xD0,0xEA,0xAC,0x21,0x24, + 0x2C,0x4C,0x36,0x5C,0x34,0x8C,0x61,0xA4,0xF4,0xB8, +}; + +const uint8_t prt_forest_fi_certificate[1797] = { + 0x30, 0x82, 0x07, 0x01, 0x30, 0x82, 0x05, 0xe9, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x11, 0x00, 0xfa, 0x69, 0x1a, 0xa7, 0xbf, 0x1b, 0x93, 0xbe, + 0x97, 0x11, 0xb0, 0xfe, 0xfc, 0xa8, 0x8d, 0x8c, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, + 0x39, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x46, 0x49, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, + 0x06, 0x53, 0x6f, 0x6e, 0x65, 0x72, 0x61, 0x31, 0x19, 0x30, 0x17, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x53, 0x6f, 0x6e, 0x65, 0x72, 0x61, + 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x32, 0x20, 0x43, 0x41, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x30, 0x31, 0x32, 0x30, 0x31, 0x30, 0x39, 0x33, 0x39, + 0x33, 0x33, 0x5a, 0x17, 0x0d, 0x31, 0x33, 0x31, 0x31, 0x33, 0x30, 0x30, + 0x39, 0x33, 0x39, 0x33, 0x33, 0x5a, 0x30, 0x57, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x46, 0x49, 0x31, 0x16, 0x30, + 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x50, 0x52, 0x54, 0x2d, + 0x46, 0x6f, 0x72, 0x65, 0x73, 0x74, 0x20, 0x4f, 0x79, 0x31, 0x16, 0x30, + 0x14, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0d, 0x54, 0x69, 0x65, 0x74, + 0x6f, 0x68, 0x61, 0x6c, 0x6c, 0x69, 0x6e, 0x74, 0x6f, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x2a, 0x2e, 0x70, 0x72, + 0x74, 0x2d, 0x66, 0x6f, 0x72, 0x65, 0x73, 0x74, 0x2e, 0x66, 0x69, 0x30, + 0x82, 0x04, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x04, 0x0f, 0x00, 0x30, + 0x82, 0x04, 0x0a, 0x02, 0x82, 0x04, 0x01, 0x00, 0xbc, 0x62, 0x25, 0x57, + 0xbc, 0x71, 0xb8, 0xa9, 0x5b, 0x0e, 0x04, 0xbc, 0xc4, 0x0e, 0xf1, 0x0e, + 0x1f, 0x20, 0xd2, 0xf4, 0x4f, 0x23, 0xfe, 0x14, 0x54, 0x34, 0x81, 0xd3, + 0x5b, 0xdd, 0x74, 0xed, 0xa1, 0xbe, 0x91, 0x99, 0x9d, 0x02, 0xb9, 0x36, + 0x70, 0x43, 0x5d, 0x73, 0xa6, 0xe5, 0x70, 0x7b, 0x0e, 0x0c, 0x3f, 0x33, + 0xbb, 0x71, 0xd6, 0xd4, 0x22, 0xb0, 0xeb, 0xf5, 0x6e, 0x07, 0x7c, 0xe7, + 0xc7, 0xd1, 0x20, 0x64, 0x72, 0x4e, 0xae, 0x5e, 0xae, 0xaf, 0x08, 0xfb, + 0x7d, 0x6d, 0xdb, 0x69, 0x5a, 0x31, 0x73, 0x7d, 0xbd, 0x53, 0xcb, 0x04, + 0x69, 0x6d, 0x74, 0x56, 0x6c, 0xbc, 0x84, 0xa6, 0x01, 0x39, 0x37, 0x0c, + 0xb9, 0x5c, 0x2e, 0x78, 0x50, 0x3a, 0x8d, 0x1f, 0xa2, 0x33, 0xf1, 0xd2, + 0xc2, 0x87, 0x51, 0xf4, 0x92, 0xc3, 0xa7, 0xaa, 0xc8, 0x36, 0x51, 0x1c, + 0xfb, 0x77, 0xbf, 0xcf, 0x24, 0x11, 0xfe, 0xf4, 0x11, 0x2f, 0x5c, 0xdf, + 0x26, 0xf6, 0xb9, 0x15, 0xc1, 0x46, 0x75, 0x83, 0x40, 0x77, 0xa4, 0x83, + 0x74, 0xce, 0xc0, 0x29, 0x31, 0xd3, 0xd8, 0x68, 0xfa, 0x2e, 0xcc, 0x15, + 0x2c, 0x59, 0x5c, 0xa7, 0x96, 0x65, 0x8f, 0x34, 0x87, 0x29, 0x22, 0x1d, + 0xde, 0x65, 0xc7, 0x1c, 0x5c, 0xd8, 0x33, 0x22, 0xf7, 0x93, 0xd9, 0xcd, + 0x96, 0x76, 0x22, 0xab, 0x75, 0x18, 0x04, 0xe7, 0x65, 0x2a, 0xeb, 0x42, + 0x75, 0x17, 0x13, 0x12, 0x00, 0xe3, 0xf4, 0xd9, 0xde, 0xd1, 0x9f, 0x1c, + 0x61, 0xee, 0xf6, 0xb9, 0xf9, 0x50, 0xb3, 0x1b, 0x79, 0x77, 0x38, 0x3c, + 0x6a, 0xcc, 0xa0, 0x1d, 0xe4, 0xd7, 0x43, 0xca, 0x8b, 0x22, 0xbf, 0x77, + 0x33, 0xea, 0xaa, 0x01, 0xcf, 0x1e, 0xd0, 0x0d, 0x04, 0x2b, 0xec, 0x42, + 0x7b, 0xec, 0x53, 0xed, 0xc7, 0x4f, 0x0c, 0xac, 0x29, 0xb7, 0x8b, 0x92, + 0x14, 0x3f, 0x9b, 0xc6, 0xd8, 0xa1, 0x30, 0x4d, 0x5a, 0x07, 0x0e, 0x1e, + 0x80, 0x5f, 0x38, 0x66, 0x4d, 0xc1, 0xad, 0x2f, 0xee, 0xae, 0x94, 0x50, + 0x8e, 0x38, 0x2a, 0x00, 0x80, 0xe2, 0xc4, 0x43, 0x2e, 0xd5, 0xcd, 0xca, + 0x3f, 0x3d, 0xcb, 0x35, 0x13, 0x96, 0xd2, 0xdc, 0x0e, 0xe7, 0x45, 0x57, + 0x4b, 0x8f, 0xee, 0xa1, 0xce, 0xe6, 0x57, 0x52, 0xcd, 0xd0, 0x82, 0xca, + 0x3b, 0x87, 0xf4, 0x22, 0xff, 0x81, 0x4b, 0xf5, 0xa3, 0xda, 0xc5, 0xb6, + 0x67, 0xb8, 0xf4, 0xaf, 0xff, 0x8d, 0x4e, 0x80, 0xb5, 0x22, 0x80, 0x3c, + 0x70, 0xe4, 0xa0, 0xae, 0xdc, 0xcf, 0x44, 0xff, 0x00, 0x98, 0x3f, 0x19, + 0x7b, 0x4c, 0x3d, 0xd8, 0xa5, 0xd8, 0xe0, 0x05, 0x73, 0x54, 0x06, 0x0c, + 0x4d, 0x50, 0xf8, 0xd8, 0x85, 0x0b, 0xa8, 0x49, 0xaa, 0x97, 0x87, 0x3b, + 0x32, 0xe8, 0x58, 0x22, 0xee, 0x34, 0x1c, 0x9f, 0xe3, 0x18, 0xba, 0x93, + 0x43, 0xea, 0xb7, 0x78, 0x35, 0xa2, 0xb5, 0x1e, 0x19, 0x16, 0x3b, 0xb3, + 0xf5, 0x12, 0xe8, 0x26, 0x62, 0x2d, 0xd7, 0x45, 0xc3, 0xa4, 0x4b, 0xda, + 0x38, 0x48, 0x00, 0x3f, 0x68, 0x62, 0xa2, 0x83, 0x9d, 0x32, 0x76, 0x27, + 0x40, 0x5d, 0x0e, 0x75, 0xb1, 0x08, 0xdb, 0x58, 0xfa, 0x20, 0x62, 0xf1, + 0x3f, 0xbd, 0x86, 0x2f, 0x7c, 0x07, 0x01, 0x14, 0x1d, 0x19, 0x61, 0xee, + 0x0a, 0x85, 0xbf, 0xc7, 0x4f, 0x4a, 0x06, 0xc0, 0xaf, 0x44, 0x5d, 0x6f, + 0xc3, 0x53, 0x23, 0xcb, 0xdf, 0x40, 0x7a, 0x18, 0xa1, 0x34, 0x80, 0x18, + 0x86, 0xfe, 0xe3, 0x87, 0xce, 0x30, 0x53, 0x33, 0x1c, 0x45, 0x4a, 0xb4, + 0xe1, 0x8c, 0x9b, 0x4b, 0xf5, 0x2c, 0x7c, 0x13, 0x56, 0x37, 0x8a, 0x94, + 0x24, 0xdb, 0x3a, 0x4b, 0x80, 0xb1, 0x26, 0x57, 0x5a, 0x75, 0x1c, 0x44, + 0xc5, 0xf7, 0x67, 0xb4, 0x61, 0x87, 0xe8, 0x2e, 0xd9, 0xe1, 0xb9, 0x45, + 0xcc, 0xdc, 0xdf, 0x3b, 0x8c, 0xce, 0xd0, 0x46, 0x6b, 0x87, 0xb5, 0xa9, + 0xfe, 0x35, 0x87, 0xe0, 0xca, 0xc6, 0x7d, 0xc8, 0x86, 0xc2, 0xfe, 0x89, + 0xec, 0xa9, 0x86, 0x33, 0x81, 0xdc, 0x41, 0xb3, 0xe7, 0xc4, 0x82, 0x3a, + 0x81, 0x05, 0xbd, 0x8b, 0x92, 0xb2, 0x6a, 0x2c, 0x3c, 0xca, 0xd0, 0x22, + 0xff, 0xc8, 0x8f, 0xf0, 0x5f, 0x0e, 0xfb, 0x0b, 0x36, 0x64, 0x6a, 0x12, + 0x77, 0x2d, 0x8a, 0x38, 0xde, 0x7d, 0xed, 0xc9, 0xa7, 0xc1, 0x85, 0x41, + 0xa2, 0x7b, 0xa5, 0xdc, 0x30, 0x96, 0xda, 0xf8, 0xb3, 0xc8, 0x21, 0x56, + 0x3c, 0xdb, 0xe4, 0x8c, 0xb0, 0xfb, 0xec, 0x0e, 0x58, 0x49, 0x3c, 0x75, + 0x3c, 0xc2, 0x41, 0xbd, 0xc0, 0x81, 0x37, 0xc7, 0x69, 0x5a, 0x41, 0x86, + 0x18, 0xe9, 0x41, 0x7f, 0xba, 0xff, 0xc3, 0x52, 0x56, 0xf9, 0x7c, 0x60, + 0x14, 0xf9, 0x66, 0x4c, 0x60, 0xb6, 0x3e, 0x23, 0xcd, 0xd1, 0x2d, 0x4f, + 0x43, 0x97, 0xea, 0xa3, 0x37, 0xa4, 0x2a, 0xa7, 0x81, 0x49, 0x90, 0xe3, + 0xb6, 0x12, 0x1b, 0xac, 0x78, 0x57, 0x20, 0x51, 0xb4, 0x16, 0x5e, 0x58, + 0x61, 0x0f, 0x1e, 0x35, 0xbc, 0x3f, 0x44, 0xc2, 0x85, 0xa5, 0x61, 0x8a, + 0x0a, 0x7c, 0x2e, 0xb0, 0x11, 0x12, 0xc6, 0xc0, 0xc8, 0xcb, 0xd8, 0x13, + 0xc3, 0x58, 0xf1, 0xcd, 0x06, 0x5f, 0x90, 0xa5, 0xd7, 0x74, 0xbc, 0x1a, + 0x9c, 0xdc, 0xab, 0xde, 0xea, 0x36, 0x67, 0x41, 0x4f, 0x62, 0x86, 0xc6, + 0xfe, 0x63, 0x14, 0x83, 0x11, 0xab, 0xfb, 0x61, 0x38, 0x11, 0xce, 0x01, + 0xe8, 0xee, 0x3a, 0x21, 0xbc, 0xaa, 0x4b, 0xb0, 0x8f, 0x2f, 0xcf, 0x58, + 0xe6, 0x55, 0x61, 0x38, 0xa7, 0xc3, 0xaa, 0x3b, 0xb0, 0x8c, 0xf4, 0x82, + 0xa0, 0x96, 0xc4, 0x13, 0x4a, 0xc0, 0xc8, 0x93, 0xb7, 0x3d, 0x28, 0x05, + 0xb9, 0xc8, 0x4c, 0xe8, 0x57, 0xda, 0x56, 0x8b, 0xda, 0x27, 0xab, 0xbf, + 0x7e, 0x66, 0x43, 0xdc, 0x57, 0x09, 0xdc, 0x88, 0x8e, 0xfb, 0xa7, 0x63, + 0x41, 0xfb, 0xf1, 0x67, 0xb5, 0xe1, 0x84, 0x5d, 0x1d, 0xe3, 0xb4, 0xc6, + 0x40, 0x97, 0xf8, 0x4d, 0xfc, 0x00, 0xcd, 0x56, 0xc2, 0xab, 0xff, 0x49, + 0x93, 0xff, 0x46, 0x56, 0x9b, 0xee, 0x6d, 0xa0, 0x5d, 0xf4, 0x78, 0x36, + 0x0e, 0xf6, 0xc9, 0x9c, 0x79, 0x89, 0xf9, 0x9c, 0xa7, 0x3e, 0xa0, 0x8d, + 0x62, 0x7c, 0xdc, 0x83, 0x0a, 0xfc, 0x46, 0x96, 0x31, 0xd3, 0x56, 0xc6, + 0xea, 0x7f, 0x1d, 0xaa, 0x49, 0xd1, 0x8b, 0x54, 0xa2, 0x6e, 0x59, 0x8c, + 0x2a, 0xec, 0x3a, 0xd7, 0xda, 0xd2, 0xc1, 0xfc, 0x1d, 0x78, 0x55, 0xce, + 0xd8, 0x0c, 0x1d, 0x7e, 0x99, 0xf8, 0x5e, 0x3c, 0x2d, 0xec, 0x63, 0xe2, + 0xda, 0xa1, 0x68, 0x6f, 0x28, 0x2e, 0xb4, 0xef, 0x07, 0xc4, 0xa8, 0x65, + 0xc7, 0xfd, 0x6b, 0x0f, 0x83, 0x23, 0xf8, 0xc2, 0xc9, 0x55, 0xfa, 0xa4, + 0xa8, 0x6a, 0xab, 0x12, 0xf4, 0x89, 0x42, 0x26, 0x72, 0xd1, 0x82, 0x2f, + 0x62, 0x14, 0xb6, 0x04, 0x23, 0x20, 0xb6, 0xd4, 0xef, 0x59, 0x8a, 0x40, + 0x43, 0xd7, 0x72, 0xe0, 0x5b, 0x0c, 0xb0, 0x73, 0x6f, 0x6a, 0x87, 0xc1, + 0x82, 0x50, 0x20, 0xdb, 0xaa, 0xf8, 0x8d, 0x70, 0xb6, 0x39, 0x46, 0xe0, + 0x68, 0xc4, 0xab, 0xea, 0xd1, 0x31, 0xad, 0xf7, 0x05, 0xfb, 0x3a, 0x3c, + 0x2e, 0x66, 0x4f, 0xc6, 0x0d, 0xf9, 0xb8, 0x29, 0xec, 0xdc, 0xfc, 0x81, + 0x56, 0x2b, 0xb0, 0xad, 0xd2, 0x12, 0x8f, 0x69, 0x70, 0x18, 0x27, 0x16, + 0xf9, 0xf0, 0x40, 0x93, 0xef, 0x6b, 0x95, 0x96, 0xcd, 0x5f, 0xe9, 0x5a, + 0x7b, 0xad, 0x7f, 0x98, 0xa7, 0x6a, 0xe5, 0x17, 0xeb, 0xc3, 0xdd, 0xc9, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x81, 0xe5, 0x30, 0x81, 0xe2, 0x30, + 0x13, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x0c, 0x30, 0x0a, 0x80, 0x08, + 0x4a, 0xa0, 0xaa, 0x58, 0x84, 0xd3, 0x5e, 0x3c, 0x30, 0x19, 0x06, 0x03, + 0x55, 0x1d, 0x20, 0x04, 0x12, 0x30, 0x10, 0x30, 0x0e, 0x06, 0x0c, 0x2b, + 0x06, 0x01, 0x04, 0x01, 0x82, 0x0f, 0x02, 0x03, 0x01, 0x01, 0x02, 0x30, + 0x72, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x6b, 0x30, 0x69, 0x30, 0x67, + 0xa0, 0x65, 0xa0, 0x63, 0x86, 0x61, 0x6c, 0x64, 0x61, 0x70, 0x3a, 0x2f, + 0x2f, 0x31, 0x39, 0x34, 0x2e, 0x32, 0x35, 0x32, 0x2e, 0x31, 0x32, 0x34, + 0x2e, 0x32, 0x34, 0x31, 0x3a, 0x33, 0x38, 0x39, 0x2f, 0x63, 0x6e, 0x3d, + 0x53, 0x6f, 0x6e, 0x65, 0x72, 0x61, 0x25, 0x32, 0x30, 0x43, 0x6c, 0x61, + 0x73, 0x73, 0x32, 0x25, 0x32, 0x30, 0x43, 0x41, 0x2c, 0x6f, 0x3d, 0x53, + 0x6f, 0x6e, 0x65, 0x72, 0x61, 0x2c, 0x63, 0x3d, 0x46, 0x49, 0x3f, 0x63, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x72, 0x65, + 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x6c, 0x69, 0x73, 0x74, + 0x3b, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x02, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, + 0x14, 0x85, 0xc2, 0x31, 0x35, 0x4f, 0x93, 0x92, 0x9d, 0x8a, 0xbc, 0x32, + 0x7d, 0x1b, 0xf0, 0xaa, 0x96, 0xb1, 0x03, 0x86, 0x71, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x00, 0x9e, 0x75, 0x2b, 0x95, 0x6a, 0x96, + 0x12, 0x24, 0xd5, 0x04, 0x6c, 0x34, 0x0a, 0x58, 0x5a, 0x7d, 0x59, 0xb9, + 0x03, 0x23, 0x13, 0xc3, 0xf5, 0x24, 0x57, 0x33, 0x8d, 0xca, 0x5f, 0xd8, + 0x26, 0xff, 0x64, 0x46, 0x13, 0x40, 0xe5, 0x04, 0xb2, 0xba, 0x92, 0xa5, + 0xa6, 0xa3, 0xd9, 0x2b, 0xff, 0x05, 0xef, 0xce, 0x3c, 0x28, 0xe8, 0x1b, + 0xa3, 0x10, 0x8a, 0xdd, 0x3d, 0x3a, 0x0a, 0xe1, 0x07, 0x3c, 0xb4, 0xf6, + 0xbb, 0xeb, 0xb5, 0xf2, 0x05, 0xe8, 0xd7, 0x16, 0x3e, 0xe5, 0x15, 0x49, + 0xdf, 0x8d, 0x34, 0xb8, 0x1b, 0xd4, 0xf2, 0x65, 0xa0, 0x70, 0x80, 0xd0, + 0xbf, 0xa5, 0x74, 0x5d, 0xfb, 0xd4, 0x52, 0x3b, 0x54, 0xca, 0x32, 0xba, + 0xf7, 0xe3, 0x90, 0xa5, 0xa8, 0xad, 0xd0, 0xe5, 0x5d, 0x18, 0x18, 0x87, + 0x60, 0xb0, 0xf3, 0xf9, 0x62, 0x20, 0x77, 0xaa, 0x0f, 0xdd, 0x16, 0x4c, + 0x01, 0x3a, 0xb1, 0x1f, 0x85, 0x7e, 0x01, 0x04, 0x5f, 0xf1, 0x37, 0x36, + 0xe3, 0x3a, 0xc1, 0xa3, 0x7c, 0x33, 0xca, 0xce, 0x0b, 0xb9, 0x34, 0xe2, + 0xe1, 0xe6, 0xed, 0x24, 0xc1, 0xc3, 0xc7, 0x74, 0x8f, 0x22, 0x2c, 0x6e, + 0xcb, 0x5c, 0x7a, 0x61, 0x99, 0xde, 0xea, 0x13, 0xe1, 0xa8, 0xa1, 0x94, + 0xd0, 0x85, 0x65, 0x65, 0xed, 0x97, 0x14, 0x6e, 0x97, 0xc9, 0xcf, 0x34, + 0x7c, 0xf2, 0x68, 0xeb, 0xc2, 0x7d, 0x03, 0x53, 0xf5, 0xdb, 0xa1, 0x11, + 0x8d, 0xda, 0xcc, 0x26, 0x13, 0xaa, 0x43, 0x76, 0x04, 0x9b, 0x85, 0x89, + 0xc3, 0x29, 0xd8, 0xb5, 0x54, 0x81, 0x09, 0xf5, 0x18, 0x52, 0xa5, 0x38, + 0x4a, 0x00, 0xc6, 0x1d, 0x4d, 0x5a, 0x15, 0xa0, 0xfd, 0xf7, 0x58, 0x27, + 0xcd, 0x6b, 0x56, 0x6b, 0xee, 0x7d, 0x73, 0xd3, 0xfd, 0x6c, 0xb6, 0xb1, + 0x3b, 0xbd, 0xbf, 0x5b, 0x4a, 0x6c, 0xd3, 0x1c, 0x47 +}; + +/* SHA1 Fingerprint=62:45:08:9B:4A:CC:45:58:8B:0F:A1:E8:E3:AE:61:5B:4B:FF:80:93 */ +/* subject:/C=US/ST=CA/O=Apple Inc./OU=ETS/CN=Escrow Service Key 5DBB9DF79A4272CB07F127CBAFFC5B9D2E7111EA68BF926199D828329535AFF1 */ +/* issuer :/serialNumber=101/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Escrow Service Root CA */ + +const uint8_t longleaf[1036]={ + 0x30,0x82,0x04,0x08,0x30,0x82,0x02,0xF0,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x5D, + 0xBB,0x9D,0xF7,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B, + 0x05,0x00,0x30,0x79,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x05,0x13,0x03,0x31, + 0x30,0x31,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31, + 0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20, + 0x49,0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41, + 0x70,0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, + 0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x1F,0x30,0x1D, + 0x06,0x03,0x55,0x04,0x03,0x13,0x16,0x45,0x73,0x63,0x72,0x6F,0x77,0x20,0x53,0x65, + 0x72,0x76,0x69,0x63,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x20,0x17, + 0x0D,0x31,0x34,0x30,0x34,0x30,0x32,0x32,0x32,0x35,0x33,0x35,0x39,0x5A,0x18,0x0F, + 0x39,0x39,0x39,0x39,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30, + 0x81,0x9B,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31, + 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x13,0x30,0x11, + 0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63, + 0x2E,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x0B,0x13,0x03,0x45,0x54,0x53,0x31, + 0x5C,0x30,0x5A,0x06,0x03,0x55,0x04,0x03,0x13,0x53,0x45,0x73,0x63,0x72,0x6F,0x77, + 0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x20,0x4B,0x65,0x79,0x20,0x35,0x44,0x42, + 0x42,0x39,0x44,0x46,0x37,0x39,0x41,0x34,0x32,0x37,0x32,0x43,0x42,0x30,0x37,0x46, + 0x31,0x32,0x37,0x43,0x42,0x41,0x46,0x46,0x43,0x35,0x42,0x39,0x44,0x32,0x45,0x37, + 0x31,0x31,0x31,0x45,0x41,0x36,0x38,0x42,0x46,0x39,0x32,0x36,0x31,0x39,0x39,0x44, + 0x38,0x32,0x38,0x33,0x32,0x39,0x35,0x33,0x35,0x41,0x46,0x46,0x31,0x30,0x82,0x01, + 0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00, + 0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0x85,0xDE, + 0xE9,0x68,0x2D,0x62,0x22,0x91,0xEC,0x24,0x65,0x90,0x94,0x5F,0xDC,0x17,0x22,0xAC, + 0xDF,0x76,0xD7,0x2F,0x20,0xE1,0xE0,0x3A,0x8A,0xE1,0x9C,0xF0,0x45,0x35,0xBE,0xB4, + 0xA5,0xD1,0x04,0xDB,0xAA,0x26,0x30,0xC0,0xBD,0x58,0x79,0x56,0x91,0xCE,0xC4,0xF2, + 0x48,0xE0,0xB2,0xCE,0xCC,0x30,0xCF,0xFE,0x32,0x7C,0xBE,0xB6,0x75,0x40,0x94,0xBC, + 0xCC,0x66,0xBD,0x4A,0xDC,0x7A,0x56,0x8F,0x70,0x67,0x33,0xC0,0x26,0xC4,0xF0,0x85, + 0xDB,0xF1,0x0F,0x8D,0x38,0xE0,0xA9,0x1E,0x22,0xB8,0xA2,0x53,0xEC,0x1A,0xD0,0xFC, + 0xB2,0x47,0xD4,0x3C,0xCE,0xA6,0x92,0xA0,0x85,0x32,0x28,0xFF,0x52,0x01,0xE1,0x32, + 0x51,0x4B,0x50,0x1E,0x1E,0x52,0x93,0x5B,0x32,0xA0,0x7C,0xF6,0x92,0xFF,0x48,0x96, + 0x3C,0x32,0x60,0x01,0x38,0xC4,0xA1,0xEE,0x9F,0xBB,0x19,0x45,0xE2,0xCA,0xE8,0xF0, + 0x5A,0xF6,0x4A,0xB2,0x56,0x8F,0x3A,0xD2,0xF0,0xCF,0x50,0x73,0xE5,0xB7,0x6D,0xC8, + 0x1F,0x30,0x3A,0x24,0xCB,0x43,0xDF,0xDE,0x5F,0xE0,0x74,0xCD,0xDB,0xDA,0x1E,0x57, + 0xAB,0x08,0x26,0xBC,0x22,0x31,0xD7,0x2B,0xF6,0xCE,0x21,0x4A,0x31,0x2B,0x75,0x22, + 0xD5,0x4B,0xB6,0x07,0x57,0x6F,0xBC,0x2C,0xD4,0xE4,0x69,0x3D,0x90,0x0B,0x3C,0x44, + 0xFB,0x4E,0x63,0x0C,0x72,0x75,0xEC,0x5C,0x83,0x83,0x16,0x85,0xCA,0xA5,0x94,0x0E, + 0x65,0x50,0x77,0x15,0xFE,0x1A,0x11,0xAF,0x96,0x62,0x19,0xEF,0x47,0x21,0x33,0x9C, + 0x07,0x48,0x5B,0xB6,0xC6,0x18,0x5F,0x8D,0x23,0x12,0x76,0x26,0x82,0x61,0x02,0x03, + 0x01,0x00,0x01,0xA3,0x73,0x30,0x71,0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01, + 0xFF,0x04,0x02,0x30,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04, + 0x04,0x03,0x02,0x05,0x20,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14, + 0xE9,0x6C,0x86,0x1C,0xA8,0x51,0xA8,0xFC,0x96,0x53,0xBA,0x47,0x3D,0x75,0xAC,0x40, + 0x6C,0x98,0x90,0x92,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80, + 0x14,0x17,0xE6,0x9A,0xB2,0xDD,0x97,0x13,0x41,0x71,0xD6,0x51,0x5E,0xBF,0xC0,0x24, + 0x2E,0x92,0x2D,0x0F,0x63,0x30,0x11,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64, + 0x06,0x17,0x01,0x04,0x03,0x02,0x01,0x0A,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86, + 0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x4B,0x2D,0x7A,0xF7, + 0x90,0xE5,0x0F,0x9A,0xD1,0xBD,0x9F,0x71,0xFC,0x73,0xE1,0x7B,0x4C,0x0F,0xBE,0x21, + 0x9D,0x84,0x67,0x46,0x0E,0x1F,0x00,0x13,0x3C,0x86,0x92,0xFD,0x20,0x72,0x6B,0x60, + 0xE3,0xCD,0xEF,0x89,0x1A,0x20,0x7D,0xFB,0x9D,0x6A,0x36,0x05,0xD6,0x42,0xC8,0x39, + 0x15,0xF5,0x8D,0x60,0x2E,0x4E,0x71,0x12,0xE1,0x9A,0x8C,0x3F,0xDE,0x0D,0xD5,0x35, + 0x26,0xFA,0xA0,0xDB,0xDA,0xCF,0xD8,0xF4,0xAE,0x75,0x6A,0xB1,0x57,0x34,0x5A,0x03, + 0x36,0x28,0xAA,0x71,0xE2,0x09,0x7D,0x9B,0x2F,0x17,0xD6,0x9E,0x5F,0x4D,0x9B,0x3E, + 0x19,0xA9,0xC7,0xEA,0x35,0xA7,0xCB,0x03,0xA8,0x8E,0xF8,0x6E,0xAD,0xD6,0x30,0xEC, + 0x2F,0xEA,0x16,0x65,0x1C,0xCF,0x57,0x65,0xC3,0xC6,0xD0,0xD3,0x22,0xE8,0x69,0x4E, + 0x32,0xA3,0x2B,0xDE,0xDE,0xB6,0xE7,0xBA,0x6F,0x82,0x6E,0x0C,0x82,0xDF,0x82,0xB4, + 0xB5,0x42,0x59,0xD2,0xEC,0x8C,0x22,0x4D,0xE7,0x38,0xC2,0x7A,0x75,0x1C,0x38,0x29, + 0x2D,0x01,0xE2,0xF8,0x27,0x05,0x26,0xB8,0xCC,0x1A,0xAA,0xA9,0xB0,0xCE,0x85,0x94, + 0x07,0x0C,0x24,0x4B,0xE4,0x67,0x47,0xA8,0x34,0xF5,0x82,0x4E,0xD7,0x23,0xA2,0x71, + 0x71,0x50,0x1A,0x44,0xE0,0x2F,0x54,0xCB,0x0E,0xD9,0xBA,0xDA,0x3B,0xE7,0x16,0xC5, + 0x58,0x8D,0xA9,0x5D,0x11,0xC9,0xA0,0x72,0xE6,0xB0,0x5D,0x33,0xA3,0xC3,0x4D,0xE0, + 0xDC,0x38,0x80,0xCF,0xAC,0x41,0xD6,0xE8,0xF8,0x8A,0xCC,0x62,0xB0,0xC8,0x02,0x50, + 0x31,0x45,0xD0,0x43,0x5A,0x93,0x7C,0x52,0x05,0xFD,0x43,0x4B, +}; + +/* SHA1 Fingerprint=51:12:47:75:89:D8:47:B9:88:47:6F:31:E0:B3:03:EF:1B:B5:79:62 */ +/* subject:/serialNumber=101/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Escrow Service Root CA */ +/* issuer :/serialNumber=101/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Escrow Service Root CA */ + +const uint8_t longroot[982]={ + 0x30,0x82,0x03,0xD2,0x30,0x82,0x02,0xBA,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x65, + 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30, + 0x79,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x05,0x13,0x03,0x31,0x30,0x31,0x31, + 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11, + 0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63, + 0x2E,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41,0x70,0x70,0x6C, + 0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20, + 0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55, + 0x04,0x03,0x13,0x16,0x45,0x73,0x63,0x72,0x6F,0x77,0x20,0x53,0x65,0x72,0x76,0x69, + 0x63,0x65,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x20,0x17,0x0D,0x31,0x34, + 0x30,0x34,0x30,0x32,0x32,0x32,0x35,0x33,0x35,0x37,0x5A,0x18,0x0F,0x39,0x39,0x39, + 0x39,0x31,0x32,0x33,0x31,0x32,0x33,0x35,0x39,0x35,0x39,0x5A,0x30,0x79,0x31,0x0C, + 0x30,0x0A,0x06,0x03,0x55,0x04,0x05,0x13,0x03,0x31,0x30,0x31,0x31,0x0B,0x30,0x09, + 0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55, + 0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x26, + 0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41,0x70,0x70,0x6C,0x65,0x20,0x43, + 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74, + 0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x1F,0x30,0x1D,0x06,0x03,0x55,0x04,0x03,0x13, + 0x16,0x45,0x73,0x63,0x72,0x6F,0x77,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x20, + 0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A, + 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30, + 0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0x9C,0x7D,0xD4,0x09,0x41,0xF9,0x9A,0x92, + 0x70,0x0A,0xD8,0x67,0x2C,0xC7,0x55,0xAD,0xCD,0x10,0xF3,0x27,0x1B,0xF6,0x7B,0xA3, + 0x09,0x2D,0x78,0xED,0xF3,0xF4,0xFB,0x16,0x37,0xF0,0xB3,0x36,0x1C,0xE5,0x18,0xC8, + 0x25,0xB0,0xE7,0x50,0xA5,0x5D,0xF1,0xC4,0x7C,0xEA,0x83,0xCD,0x71,0x87,0x4A,0xE7, + 0xEE,0x6D,0xFD,0xD8,0x03,0xA6,0xBA,0x02,0x9C,0x9D,0x5D,0xFE,0xD0,0x0D,0x0C,0xDE, + 0x8C,0x65,0x56,0xE4,0xC6,0x87,0x90,0xE0,0xF2,0x6B,0xA8,0x05,0x14,0xEF,0xDE,0x9C, + 0xFF,0xF3,0x81,0x21,0xD1,0x29,0x6E,0xA0,0xF1,0xDA,0xD1,0x0A,0xE6,0x7B,0x3C,0xD2, + 0x78,0x1A,0xE3,0xC1,0x1F,0xF7,0xE2,0x2C,0x11,0x1F,0x3D,0x95,0x29,0xE1,0x0C,0x0D, + 0x80,0xF3,0xDA,0xF4,0xCE,0xCF,0xF7,0x33,0x8D,0xAC,0x81,0xDA,0xDA,0xDF,0xAC,0x5D, + 0xE0,0x5A,0x00,0x8E,0xDB,0xDC,0x92,0x6C,0x0F,0x1B,0xA5,0xAF,0x2D,0x7F,0x2D,0x4B, + 0x6E,0xC1,0xC5,0xF2,0xFA,0x6D,0xF6,0x5D,0xAA,0x66,0x55,0xF9,0x7A,0x39,0xB9,0x35, + 0x8C,0xA4,0x74,0x21,0x3E,0xA1,0xDC,0x37,0xFC,0x78,0x08,0xE5,0xC2,0xB3,0x6A,0xBE, + 0xD9,0xA9,0x1C,0xE8,0xF2,0x53,0x1C,0x58,0xFD,0x21,0xB6,0x5C,0x91,0xC7,0x85,0x40, + 0xD5,0x2E,0x94,0xD6,0x4D,0x99,0xCA,0x3B,0xD8,0xB0,0x18,0x4E,0x07,0xCE,0x2A,0xE6, + 0xD5,0x9E,0x21,0xD1,0xCF,0x81,0xDD,0xF2,0xCF,0x09,0xB3,0xD3,0x16,0xCF,0x5B,0x03, + 0xF6,0xCD,0xFD,0xB5,0xE4,0x8A,0xD7,0xBB,0x19,0x66,0x9F,0xA6,0x77,0x70,0x4D,0x90, + 0x42,0x2C,0x96,0x2E,0x4A,0x71,0x9C,0x77,0x02,0x03,0x01,0x00,0x01,0xA3,0x63,0x30, + 0x61,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01, + 0x01,0xFF,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02, + 0x01,0x06,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x17,0xE6,0x9A, + 0xB2,0xDD,0x97,0x13,0x41,0x71,0xD6,0x51,0x5E,0xBF,0xC0,0x24,0x2E,0x92,0x2D,0x0F, + 0x63,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x17,0xE6, + 0x9A,0xB2,0xDD,0x97,0x13,0x41,0x71,0xD6,0x51,0x5E,0xBF,0xC0,0x24,0x2E,0x92,0x2D, + 0x0F,0x63,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05, + 0x00,0x03,0x82,0x01,0x01,0x00,0x22,0x04,0x6E,0x53,0x16,0xE9,0x82,0x69,0x28,0x1A, + 0x1C,0xC8,0xF4,0xE0,0x8C,0xC0,0xAC,0xDF,0xB2,0x5C,0xCD,0xD0,0xEC,0x57,0xB1,0x4C, + 0x77,0xD4,0xBB,0xE2,0xFC,0x19,0x0D,0xEA,0x16,0xAE,0xAE,0x16,0xA1,0x89,0xA4,0x87, + 0xAB,0x45,0x3A,0x9F,0xA5,0x82,0xB1,0x17,0x19,0x74,0x0C,0x04,0xB1,0x22,0xB2,0x63, + 0xB6,0x79,0xA3,0x4C,0x96,0x7A,0x17,0x34,0x9C,0x6C,0xA6,0x07,0x9E,0xA9,0x0E,0xD3, + 0x55,0xDE,0xA7,0x1E,0xEF,0x1A,0x5B,0x8E,0x6C,0x8D,0xB9,0x9F,0x4D,0xE6,0xB1,0xE4, + 0xCF,0xB8,0xF5,0x78,0x14,0xEC,0xDE,0x7E,0x1B,0xC8,0xC2,0xA9,0x2D,0x72,0xD3,0x43, + 0x7F,0xE1,0x38,0xF8,0x91,0x43,0xA6,0x81,0x71,0xBA,0x7C,0x12,0xBD,0x81,0x8A,0x6B, + 0x2D,0x77,0xC0,0xDA,0xE8,0xE8,0xF1,0xDA,0xE2,0xF6,0xF2,0x45,0xDE,0x3F,0xA8,0x09, + 0x29,0x98,0x7D,0xB1,0x67,0x3D,0x7A,0x14,0x7E,0xDD,0x0D,0x23,0x15,0x42,0x5B,0x21, + 0x1E,0x77,0x5D,0xF8,0x88,0x4D,0xFE,0x61,0x5A,0x6D,0xB4,0x73,0x5D,0x77,0x1B,0xC5, + 0xAC,0x97,0x78,0x5A,0xCD,0x35,0x0C,0x21,0x82,0x3D,0x0D,0xFD,0x30,0xDA,0x1B,0x19, + 0xC7,0xB7,0x68,0xFF,0xE0,0xA1,0x56,0x1D,0xE9,0x12,0x17,0x44,0x39,0x2C,0x0A,0x11, + 0xA5,0x69,0xBC,0xDF,0x12,0xA6,0x8F,0x43,0x1B,0xED,0x43,0x31,0xAA,0x0D,0xC6,0xE4, + 0x8F,0x35,0x4E,0x8D,0x17,0x0B,0xC5,0xBA,0xAD,0x81,0x9B,0x0C,0x54,0x74,0x25,0x7D, + 0xFC,0x8D,0x37,0x00,0xA6,0x47,0x89,0x40,0xC1,0x00,0x09,0x9E,0x7B,0x87,0xF6,0x32, + 0x91,0x57,0x4A,0x9C,0x99,0x26, +}; + diff --git a/OSX/sec/Security/Regressions/secitem/si-24-sectrust-shoebox.c b/OSX/sec/Security/Regressions/secitem/si-24-sectrust-shoebox.c index 3719b7b2..193e987c 100644 --- a/OSX/sec/Security/Regressions/secitem/si-24-sectrust-shoebox.c +++ b/OSX/sec/Security/Regressions/secitem/si-24-sectrust-shoebox.c @@ -968,11 +968,7 @@ static void tests(void) int si_24_sectrust_passbook(int argc, char *const *argv) { -#if TARGET_OS_SIMULATOR plan_tests(30); -#else - plan_tests(31); -#endif tests(); diff --git a/OSX/sec/Security/Regressions/secitem/si-87-sectrust-name-constraints.c b/OSX/sec/Security/Regressions/secitem/si-87-sectrust-name-constraints.c new file mode 100644 index 00000000..3a62d402 --- /dev/null +++ b/OSX/sec/Security/Regressions/secitem/si-87-sectrust-name-constraints.c @@ -0,0 +1,312 @@ +/* + * Copyright (c) 2015 Apple Inc. All Rights Reserved. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "Security_regressions.h" + +#include "si-87-sectrust-name-constraints.h" + +static void test_att(void) +{ + SecTrustRef trust = NULL; + SecPolicyRef policy = NULL; + SecCertificateRef leaf, int1, int2, cert3, root; + SecTrustResultType trustResult; + + isnt(leaf = SecCertificateCreateWithBytes(NULL, att_leaf, sizeof(att_leaf)), NULL, "create att leaf"); + isnt(int1 = SecCertificateCreateWithBytes(NULL, att_intermediate1, sizeof(att_intermediate1)), NULL, "create att intermediate 1"); + isnt(int2 = SecCertificateCreateWithBytes(NULL, att_intermediate2, sizeof(att_intermediate2)), NULL, "create att intermediate 2"); + isnt(cert3 = SecCertificateCreateWithBytes(NULL, att_intermediate3, sizeof(att_intermediate3)), NULL, "create att intermediate 3"); + isnt(root = SecCertificateCreateWithBytes(NULL, att_root, sizeof(att_root)), NULL, "create att root"); + + const void *v_certs[] = { leaf, int1, int2, cert3 }; + const void *v_roots[] = { root }; + CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks); + CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks); + + /* Create SSL policy with specific hostname. */ + isnt(policy = SecPolicyCreateSSL(true, CFSTR("nmd.mcd06643.sjc.wayport.net")), NULL, "create policy"); + + /* Create trust reference. */ + ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust"); + + /* Set explicit verify date: Aug 14 2015. */ + CFDateRef date = NULL; + isnt(date = CFDateCreateForGregorianZuluMoment(NULL, 2015, 8, 14, 12, 0, 0), NULL, "create verify date"); + ok_status(SecTrustSetVerifyDate(trust, date), "set date"); + + /* Provide root certificate. */ + ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors"); + + ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust"); + is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified"); + is(SecTrustGetCertificateCount(trust), 5, "cert count is 5"); + + CFReleaseSafe(date); + CFReleaseSafe(trust); + CFReleaseSafe(policy); + CFReleaseSafe(certs); + CFReleaseSafe(roots); + CFReleaseSafe(root); + CFReleaseSafe(cert3); + CFReleaseSafe(int2); + CFReleaseSafe(int1); + CFReleaseSafe(leaf); +} + +static void test_intel1(void) +{ + SecTrustRef trust = NULL; + SecPolicyRef policy = NULL; + SecCertificateRef leaf, int1, int2, root; + SecTrustResultType trustResult; + + isnt(leaf = SecCertificateCreateWithBytes(NULL, intel1_leaf, sizeof(intel1_leaf)), NULL, "create intel 1 leaf"); + isnt(int1 = SecCertificateCreateWithBytes(NULL, intel1_intermediate1, sizeof(intel1_intermediate1)), NULL, "create intel 1 intermediate 1"); + isnt(int2 = SecCertificateCreateWithBytes(NULL, intel_intermediate2, sizeof(intel_intermediate2)), NULL, "create intel intermediate 2"); + isnt(root = SecCertificateCreateWithBytes(NULL, intel_root, sizeof(intel_root)), NULL, "create intel root"); + + const void *v_certs[] = { leaf, int1, int2 }; + const void *v_roots[] = { root }; + CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks); + CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks); + + /* Create SSL policy with specific hostname. */ + isnt(policy = SecPolicyCreateSSL(true, CFSTR("myctx.intel.com")), NULL, "create policy"); + + /* Create trust reference. */ + ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust"); + + /* Set explicit verify date: Sep 3 2015. */ + CFDateRef date = NULL; + isnt(date = CFDateCreate(NULL, 463037436.0), NULL, "create verify date"); + ok_status(SecTrustSetVerifyDate(trust, date), "set date"); + + /* Provide root certificate. */ + ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors"); + + ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust"); + is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified"); + is(SecTrustGetCertificateCount(trust), 4, "cert count is 4"); + + CFReleaseSafe(date); + CFReleaseSafe(trust); + CFReleaseSafe(policy); + CFReleaseSafe(certs); + CFReleaseSafe(roots); + CFReleaseSafe(root); + CFReleaseSafe(int2); + CFReleaseSafe(int1); + CFReleaseSafe(leaf); +} + +static void test_intel2(void) +{ + SecTrustRef trust = NULL; + SecPolicyRef policy = NULL; + SecCertificateRef leaf, int1, int2, root; + SecTrustResultType trustResult; + + isnt(leaf = SecCertificateCreateWithBytes(NULL, intel2_leaf, sizeof(intel2_leaf)), NULL, "create intel 2 leaf"); + isnt(int1 = SecCertificateCreateWithBytes(NULL, intel2_intermediate1, sizeof(intel2_intermediate1)), NULL, "create intel 2 intermediate 1"); + isnt(int2 = SecCertificateCreateWithBytes(NULL, intel_intermediate2, sizeof(intel_intermediate2)), NULL, "create intel intermediate 2"); + isnt(root = SecCertificateCreateWithBytes(NULL, intel_root, sizeof(intel_root)), NULL, "create intel root"); + + const void *v_certs[] = { leaf, int1, int2 }; + const void *v_roots[] = { root }; + CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks); + CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks); + + /* Create SSL policy with specific hostname. */ + isnt(policy = SecPolicyCreateSSL(true, CFSTR("contact.intel.com")), NULL, "create policy"); + + /* Create trust reference. */ + ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust"); + + /* Set explicit verify date: Sep 3 2015. */ + CFDateRef date = NULL; + isnt(date = CFDateCreate(NULL, 463037436.0), NULL, "create verify date"); + ok_status(SecTrustSetVerifyDate(trust, date), "set date"); + + /* Provide root certificate. */ + ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors"); + + ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust"); + is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified"); + is(SecTrustGetCertificateCount(trust), 4, "cert count is 4"); + + CFReleaseSafe(date); + CFReleaseSafe(trust); + CFReleaseSafe(policy); + CFReleaseSafe(certs); + CFReleaseSafe(roots); + CFReleaseSafe(root); + CFReleaseSafe(int2); + CFReleaseSafe(int1); + CFReleaseSafe(leaf); +} + +static void test_abb(void) +{ + SecTrustRef trust = NULL; + SecPolicyRef policy = NULL; + SecCertificateRef leaf, int1, int2, root; + SecTrustResultType trustResult; + + isnt(leaf = SecCertificateCreateWithBytes(NULL, _ABB_PKI_cert, sizeof(_ABB_PKI_cert)), NULL, "create ABB leaf"); + isnt(int1 = SecCertificateCreateWithBytes(NULL, _ABBIssuingCA6, sizeof(_ABBIssuingCA6)), NULL, "create ABB intermediate 1"); + isnt(int2 = SecCertificateCreateWithBytes(NULL, _ABBIntermediateCA3, sizeof(_ABBIntermediateCA3)), NULL, "create ABB intermediate 2"); + isnt(root = SecCertificateCreateWithBytes(NULL, _ABBRootCA, sizeof(_ABBRootCA)), NULL, "create ABB root"); + + const void *v_certs[] = { leaf, int1, int2 }; + const void *v_roots[] = { root }; + CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks); + CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks); + + /* Create SSL policy with specific hostname. */ + isnt(policy = SecPolicyCreateSSL(true, CFSTR("pki.abb.com")), NULL, "create policy"); + + /* Create trust reference. */ + ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust"); + + /* Set explicit verify date: Sep 16 2015. */ + CFDateRef date = NULL; + isnt(date = CFDateCreate(NULL, 464128479.0), NULL, "create verify date"); + ok_status(SecTrustSetVerifyDate(trust, date), "set date"); + + /* Provide root certificate. */ + ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors"); + + ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust"); + is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified"); + is(SecTrustGetCertificateCount(trust), 4, "cert count is 4"); + + CFReleaseSafe(date); + CFReleaseSafe(trust); + CFReleaseSafe(policy); + CFReleaseSafe(certs); + CFReleaseSafe(roots); + CFReleaseSafe(root); + CFReleaseSafe(int2); + CFReleaseSafe(int1); + CFReleaseSafe(leaf); +} + +static void test_bechtel1(void) +{ + SecTrustRef trust = NULL; + SecPolicyRef policy = NULL; + SecCertificateRef leaf, int1, int2, root; + SecTrustResultType trustResult; + + isnt(leaf = SecCertificateCreateWithBytes(NULL, _bechtel_leaf_a, sizeof(_bechtel_leaf_a)), NULL, "create Bechtel leaf a"); + isnt(int1 = SecCertificateCreateWithBytes(NULL, _bechtel_int2a, sizeof(_bechtel_int2a)), NULL, "create Bechtel intermediate 2a"); + isnt(int2 = SecCertificateCreateWithBytes(NULL, _bechtel_int1, sizeof(_bechtel_int1)), NULL, "create Bechtel intermediate 1"); + isnt(root = SecCertificateCreateWithBytes(NULL, _bechtel_root, sizeof(_bechtel_root)), NULL, "create Bechtel root"); + + const void *v_certs[] = { leaf, int1, int2 }; + const void *v_roots[] = { root }; + CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks); + CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks); + + /* Create SSL policy with specific hostname. */ + isnt(policy = SecPolicyCreateSSL(true, CFSTR("supplier.bechtel.com")), NULL, "create policy"); + + /* Create trust reference. */ + ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust"); + + /* Set explicit verify date: Sep 29 2015. */ + CFDateRef date = NULL; + isnt(date = CFDateCreate(NULL, 465253810.0), NULL, "create verify date"); + ok_status(SecTrustSetVerifyDate(trust, date), "set date"); + + /* Provide root certificate. */ + ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors"); + + ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust"); + is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified"); + is(SecTrustGetCertificateCount(trust), 4, "cert count is 4"); + + CFReleaseSafe(date); + CFReleaseSafe(trust); + CFReleaseSafe(policy); + CFReleaseSafe(certs); + CFReleaseSafe(roots); + CFReleaseSafe(root); + CFReleaseSafe(int2); + CFReleaseSafe(int1); + CFReleaseSafe(leaf); +} + +static void test_bechtel2(void) +{ + SecTrustRef trust = NULL; + SecPolicyRef policy = NULL; + SecCertificateRef leaf, int1, int2, root; + SecTrustResultType trustResult; + + isnt(leaf = SecCertificateCreateWithBytes(NULL, _bechtel_leaf_b, sizeof(_bechtel_leaf_b)), NULL, "create Bechtel leaf b"); + isnt(int1 = SecCertificateCreateWithBytes(NULL, _bechtel_int2b, sizeof(_bechtel_int2b)), NULL, "create Bechtel intermediate 2b"); + isnt(int2 = SecCertificateCreateWithBytes(NULL, _bechtel_int1, sizeof(_bechtel_int1)), NULL, "create Bechtel intermediate 1"); + isnt(root = SecCertificateCreateWithBytes(NULL, _bechtel_root, sizeof(_bechtel_root)), NULL, "create Bechtel root"); + + const void *v_certs[] = { leaf, int1, int2 }; + const void *v_roots[] = { root }; + CFArrayRef certs = CFArrayCreate(NULL, v_certs, array_size(v_certs), &kCFTypeArrayCallBacks); + CFArrayRef roots = CFArrayCreate(NULL, v_roots, array_size(v_roots), &kCFTypeArrayCallBacks); + + /* Create SSL policy with specific hostname. */ + isnt(policy = SecPolicyCreateSSL(true, CFSTR("login.becpsn.com")), NULL, "create policy"); + + /* Create trust reference. */ + ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust"); + + /* Set explicit verify date: Sep 29 2015. */ + CFDateRef date = NULL; + isnt(date = CFDateCreate(NULL, 465253810.0), NULL, "create verify date"); + ok_status(SecTrustSetVerifyDate(trust, date), "set date"); + + /* Provide root certificate. */ + ok_status(SecTrustSetAnchorCertificates(trust, roots), "set anchors"); + + ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust"); + is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified"); + is(SecTrustGetCertificateCount(trust), 4, "cert count is 4"); + + CFReleaseSafe(date); + CFReleaseSafe(trust); + CFReleaseSafe(policy); + CFReleaseSafe(certs); + CFReleaseSafe(roots); + CFReleaseSafe(root); + CFReleaseSafe(int2); + CFReleaseSafe(int1); + CFReleaseSafe(leaf); +} + +int si_87_sectrust_name_constraints(int argc, char *const *argv) +{ + plan_tests(73); + + test_att(); + test_intel1(); + test_intel2(); + test_abb(); + test_bechtel1(); + test_bechtel2(); + + return 0; +} diff --git a/OSX/sec/Security/Regressions/secitem/si-87-sectrust-name-constraints.h b/OSX/sec/Security/Regressions/secitem/si-87-sectrust-name-constraints.h new file mode 100644 index 00000000..99a6783e --- /dev/null +++ b/OSX/sec/Security/Regressions/secitem/si-87-sectrust-name-constraints.h @@ -0,0 +1,2192 @@ +/* + * Copyright (c) 2015 Apple Inc. All Rights Reserved. + */ + +/* subject:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=nmd.mcd06643.sjc.wayport.net */ +/* issuer :/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=AWS Managed Device CA G2 */ + +static unsigned char att_leaf[1582]={ + 0x30,0x82,0x06,0x2A,0x30,0x82,0x05,0x12,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x0B, + 0x3B,0x5F,0x62,0x39,0x50,0xB5,0x6E,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x78,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04, + 0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05, + 0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10, + 0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63, + 0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x13,0x12,0x41,0x54,0x54,0x20,0x57, + 0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x21,0x30, + 0x1F,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x41,0x57,0x53,0x20,0x4D,0x61,0x6E,0x61, + 0x67,0x65,0x64,0x20,0x44,0x65,0x76,0x69,0x63,0x65,0x20,0x43,0x41,0x20,0x47,0x32, + 0x30,0x1E,0x17,0x0D,0x31,0x35,0x30,0x38,0x31,0x32,0x30,0x32,0x30,0x35,0x31,0x31, + 0x5A,0x17,0x0D,0x31,0x35,0x30,0x38,0x32,0x32,0x30,0x32,0x30,0x35,0x31,0x31,0x5A, + 0x30,0x7C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31, + 0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,0x54,0x65,0x78,0x61,0x73,0x31, + 0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x41,0x54,0x54,0x20,0x53,0x65, + 0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0x31,0x1B,0x30,0x19,0x06,0x03, + 0x55,0x04,0x0B,0x13,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53, + 0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x03, + 0x13,0x1C,0x6E,0x6D,0x64,0x2E,0x6D,0x63,0x64,0x30,0x36,0x36,0x34,0x33,0x2E,0x73, + 0x6A,0x63,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x82, + 0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05, + 0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xD0, + 0x65,0xD5,0x7A,0x99,0xB8,0x19,0x83,0x22,0x9F,0xE0,0x0E,0xDA,0x16,0x37,0x74,0x2A, + 0xDD,0xDA,0xD3,0x5A,0xBE,0xBC,0xDC,0xF7,0x3F,0xBC,0x16,0x24,0x94,0x3A,0xDA,0x51, + 0xD6,0xB4,0xA6,0x0E,0x2F,0xC6,0x87,0x74,0x50,0x0F,0x60,0xDD,0x6C,0xD5,0xD6,0x5B, + 0x0C,0x69,0x54,0x06,0x51,0x70,0xB7,0xA3,0x4D,0x2A,0x81,0x07,0xC8,0xE6,0xFB,0x08, + 0x0D,0x4B,0xA3,0xBE,0xC8,0x1D,0x83,0xBB,0x8D,0xD4,0xB6,0x67,0x5A,0x41,0x03,0xF4, + 0x14,0x31,0x23,0x14,0x25,0xF9,0x59,0xAA,0x0D,0x32,0xAF,0xA7,0x4E,0x65,0xDE,0x24, + 0x76,0x06,0x50,0x6D,0xF0,0x0A,0x2A,0x7F,0x88,0xA9,0x6A,0x52,0x1C,0xB0,0xFE,0xF3, + 0xD3,0xE2,0x33,0xBD,0x4E,0xBC,0xB8,0xFB,0x27,0xD0,0x24,0x1F,0x17,0xAF,0xA9,0xDE, + 0x5D,0x40,0xAD,0x20,0xBB,0xF8,0x88,0x90,0x4E,0x34,0x9F,0xEF,0x21,0x70,0xBB,0xB2, + 0x15,0x1C,0xB7,0x86,0x37,0x34,0x31,0x8F,0x73,0xBE,0x97,0xDF,0x25,0xE5,0x8F,0x2F, + 0x0D,0xB8,0xAA,0x24,0x8B,0x73,0x3D,0x73,0xD2,0xFB,0x50,0x0D,0x02,0x31,0x32,0xFC, + 0x8E,0x8E,0x45,0xC7,0x97,0x61,0x68,0xB0,0xFC,0xF3,0xD1,0x49,0xCE,0x66,0x83,0x6A, + 0x15,0x30,0xAF,0x3F,0x8D,0x8F,0xFC,0x0E,0x2D,0xA4,0x05,0x9E,0xAC,0xDF,0xFD,0xB9, + 0xF3,0x83,0x69,0x4A,0xEB,0xA9,0x0E,0x3F,0x32,0xA8,0x25,0x95,0xB5,0x10,0xFF,0xF9, + 0x29,0x1B,0x15,0xA7,0x23,0x35,0x65,0xA5,0x74,0xB3,0x1D,0x0D,0x18,0xE2,0x02,0x5C, + 0xEA,0xD7,0xB6,0x50,0x61,0x0C,0x2B,0x90,0x01,0xED,0x69,0xFA,0xEE,0xE8,0xD1,0x02, + 0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0xB2,0x30,0x82,0x02,0xAE,0x30,0x73,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x67,0x30,0x65,0x30,0x33,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x27,0x68,0x74,0x74,0x70,0x3A,0x2F, + 0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F, + 0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x6D,0x64,0x63,0x61,0x67,0x32,0x2E,0x63,0x72, + 0x74,0x30,0x2E,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x22,0x68, + 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2D,0x62,0x2E,0x70,0x6B,0x69, + 0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x3A,0x32,0x35,0x36, + 0x30,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x94,0x0A,0xF3,0x3D, + 0x5A,0x66,0xC1,0x2C,0x8B,0x68,0xD9,0x26,0xBB,0xD9,0x09,0x22,0x7F,0x34,0x85,0x96, + 0x30,0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,0x1F, + 0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x83,0x85,0x8B,0x92,0x05, + 0x1B,0x41,0x9E,0x45,0xAB,0xAB,0xB2,0xE3,0xFD,0xD5,0x44,0xCA,0x41,0xBD,0xE7,0x30, + 0x81,0xD4,0x06,0x03,0x55,0x1D,0x20,0x04,0x81,0xCC,0x30,0x81,0xC9,0x30,0x81,0xC6, + 0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,0x48,0x83,0x7D,0x01,0x01,0x30,0x81,0xB6, + 0x30,0x81,0x80,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x74,0x1E, + 0x72,0x00,0x43,0x00,0x6F,0x00,0x70,0x00,0x79,0x00,0x72,0x00,0x69,0x00,0x67,0x00, + 0x68,0x00,0x74,0x00,0x20,0x00,0x28,0x00,0x63,0x00,0x29,0x00,0x20,0x00,0x32,0x00, + 0x30,0x00,0x31,0x00,0x33,0x00,0x20,0x00,0x41,0x00,0x54,0x00,0x54,0x00,0x20,0x00, + 0x57,0x00,0x69,0x00,0x2D,0x00,0x46,0x00,0x69,0x00,0x20,0x00,0x53,0x00,0x65,0x00, + 0x72,0x00,0x76,0x00,0x69,0x00,0x63,0x00,0x65,0x00,0x73,0x00,0x20,0x00,0x41,0x00, + 0x6C,0x00,0x6C,0x00,0x20,0x00,0x52,0x00,0x69,0x00,0x67,0x00,0x68,0x00,0x74,0x00, + 0x73,0x00,0x20,0x00,0x52,0x00,0x65,0x00,0x73,0x00,0x65,0x00,0x72,0x00,0x76,0x00, + 0x65,0x00,0x64,0x30,0x31,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16, + 0x25,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B, + 0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70, + 0x73,0x2E,0x68,0x74,0x6D,0x6C,0x30,0x81,0xB9,0x06,0x03,0x55,0x1D,0x1F,0x04,0x81, + 0xB1,0x30,0x81,0xAE,0x30,0x81,0xAB,0xA0,0x2B,0xA0,0x29,0x86,0x27,0x68,0x74,0x74, + 0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61, + 0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x6D,0x64,0x63,0x61,0x67,0x32, + 0x2E,0x63,0x72,0x6C,0xA2,0x7C,0xA4,0x7A,0x30,0x78,0x31,0x21,0x30,0x1F,0x06,0x03, + 0x55,0x04,0x03,0x0C,0x18,0x41,0x57,0x53,0x20,0x4D,0x61,0x6E,0x61,0x67,0x65,0x64, + 0x20,0x44,0x65,0x76,0x69,0x63,0x65,0x20,0x43,0x41,0x20,0x47,0x32,0x31,0x1B,0x30, + 0x19,0x06,0x03,0x55,0x04,0x0B,0x0C,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46, + 0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x19,0x30,0x17,0x06,0x03, + 0x55,0x04,0x0A,0x0C,0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65, + 0x73,0x20,0x49,0x6E,0x63,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x0C,0x05, + 0x54,0x65,0x78,0x61,0x73,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02, + 0x55,0x53,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02, + 0x03,0xA8,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B, + 0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03, + 0x02,0x30,0x27,0x06,0x03,0x55,0x1D,0x11,0x04,0x20,0x30,0x1E,0x82,0x1C,0x6E,0x6D, + 0x64,0x2E,0x6D,0x63,0x64,0x30,0x36,0x36,0x34,0x33,0x2E,0x73,0x6A,0x63,0x2E,0x77, + 0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86, + 0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x19,0x90, + 0xD6,0x10,0xBA,0x3E,0x55,0x07,0x1B,0x4E,0x71,0x94,0x9F,0xCE,0x80,0xD7,0x1F,0x90, + 0x2A,0x23,0x79,0x45,0xFB,0x61,0x47,0x19,0xBD,0x32,0x58,0xB2,0x58,0xC5,0x37,0xE9, + 0x01,0x63,0x61,0x6B,0x1E,0x17,0x54,0xC5,0xE9,0x5F,0x2A,0x9F,0xF3,0x01,0x0A,0x4C, + 0x61,0x7C,0x18,0x9A,0x3E,0x91,0x7F,0x14,0x8E,0xDF,0xB2,0x2C,0xB8,0xEC,0x3B,0x7C, + 0xC7,0xE5,0x62,0xC4,0x72,0x22,0x42,0xBB,0x61,0x9C,0xB0,0x5D,0x49,0x44,0x47,0x90, + 0x8E,0xBF,0x85,0x88,0xFF,0x36,0x7A,0x4C,0xCE,0x35,0x1B,0x88,0x93,0xE4,0x0A,0xB4, + 0xD1,0x24,0x44,0x43,0x8E,0xC0,0xFC,0x7F,0xE8,0x03,0xCD,0x91,0xF5,0x21,0x6F,0x4B, + 0xB7,0x9C,0x06,0xDC,0xE0,0xE4,0x5A,0xFD,0x3C,0x33,0xC4,0xE1,0xFB,0xB7,0xC4,0xF5, + 0xD4,0xC4,0xFD,0x63,0x43,0xD8,0x9B,0x2C,0x6C,0x5D,0x45,0xBE,0xD2,0x25,0x80,0xF7, + 0x5D,0x4A,0x73,0xB5,0xB4,0xF0,0xEF,0xDD,0x91,0x11,0xEF,0xAB,0x85,0xD6,0xDF,0x92, + 0xC0,0xA6,0x3E,0xBE,0x7A,0x2B,0xC5,0xD0,0x6C,0x48,0x6C,0x2A,0x9E,0x7D,0x7B,0xFC, + 0x93,0x9D,0x80,0xD1,0xCB,0x2F,0x2C,0x3E,0x94,0x46,0x5B,0xF3,0x8A,0xE8,0xE9,0xC7, + 0x1A,0x49,0x67,0x2B,0xE7,0xDD,0x73,0x05,0x1C,0x83,0x08,0xC5,0xBB,0xBC,0x47,0x5D, + 0x90,0x38,0x08,0xAC,0x49,0x82,0xE7,0xA9,0x28,0xA2,0x42,0x3E,0xFD,0x15,0x5C,0xF9, + 0x63,0x50,0x18,0xCA,0x76,0x1B,0x9C,0x88,0xF7,0x4D,0x7C,0xF4,0x5B,0x0E,0x93,0x53, + 0xBC,0xFD,0x25,0x90,0x88,0x06,0xB7,0xDE,0x33,0x33,0x5D,0xD6,0x9C,0x03, +}; + + +/* subject:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=AWS Managed Device CA G2 */ +/* issuer :/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Root Certificate Authority G2 */ + +static unsigned char att_intermediate1[1578]={ + 0x30,0x82,0x06,0x26,0x30,0x82,0x05,0x0E,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x19, + 0x54,0xAA,0x5A,0x22,0x2C,0x5B,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0x90,0x31,0x0B,0x30,0x09,0x06,0x03,0x55, + 0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13, + 0x05,0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13, + 0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E, + 0x63,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x13,0x12,0x41,0x54,0x54,0x20, + 0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x39, + 0x30,0x37,0x06,0x03,0x55,0x04,0x03,0x13,0x30,0x41,0x54,0x54,0x20,0x57,0x69,0x2D, + 0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x52,0x6F,0x6F,0x74, + 0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74, + 0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x47,0x32,0x30,0x1E,0x17,0x0D,0x31,0x33,0x30, + 0x36,0x30,0x35,0x31,0x38,0x33,0x30,0x31,0x35,0x5A,0x17,0x0D,0x31,0x38,0x30,0x35, + 0x33,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x30,0x78,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04, + 0x08,0x13,0x05,0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04, + 0x0A,0x13,0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20, + 0x49,0x6E,0x63,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x13,0x12,0x41,0x54, + 0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73, + 0x31,0x21,0x30,0x1F,0x06,0x03,0x55,0x04,0x03,0x13,0x18,0x41,0x57,0x53,0x20,0x4D, + 0x61,0x6E,0x61,0x67,0x65,0x64,0x20,0x44,0x65,0x76,0x69,0x63,0x65,0x20,0x43,0x41, + 0x20,0x47,0x32,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02, + 0x82,0x01,0x01,0x00,0x8C,0xE4,0xEB,0x2B,0x6D,0x51,0x1E,0xFE,0xBE,0xB9,0x1D,0x72, + 0x6D,0xD9,0x0C,0xBB,0x30,0x58,0x28,0xA2,0xA2,0x03,0x5B,0x99,0xCF,0x12,0x8B,0xF5, + 0xAD,0x91,0x66,0x30,0xEC,0x33,0xDE,0x2D,0xF2,0x8C,0x27,0xD9,0x46,0xCC,0xC5,0x32, + 0x46,0x31,0xC5,0xCA,0x13,0x9A,0xE2,0xD2,0x5E,0x8F,0xCD,0x3C,0x77,0x91,0x71,0x88, + 0xD9,0xD9,0xA1,0x31,0x8F,0xDA,0x32,0x5E,0x61,0x19,0x65,0x80,0xE6,0x3B,0x0C,0xD8, + 0x85,0xBC,0x26,0x4F,0x89,0x6D,0x4F,0xFF,0x3D,0x02,0x8D,0xA7,0x81,0x26,0xF9,0xD5, + 0x2F,0xFD,0x1B,0x30,0xF4,0x7B,0x67,0x51,0x37,0xE3,0x45,0x88,0x2B,0xCF,0x49,0x4E, + 0xDD,0x22,0xFC,0x93,0xA7,0x25,0x4E,0xDE,0x1D,0x61,0x0D,0x8D,0xF4,0xF0,0xD4,0x65, + 0x89,0xAD,0xC0,0xBA,0x7E,0xB4,0x8F,0x05,0x02,0xA9,0xDA,0x48,0x1B,0xE0,0x9E,0x06, + 0x7C,0xC0,0x9C,0x50,0xFB,0x59,0x16,0x09,0xB2,0x91,0xAF,0xC6,0xAD,0x7D,0x18,0x41, + 0x0E,0x41,0xAC,0xBC,0x22,0xFD,0x78,0xF6,0xF7,0xA3,0x02,0x34,0x77,0x5D,0x11,0x47, + 0xC2,0x3B,0xAA,0x60,0x38,0x06,0xCA,0xAF,0x18,0xD5,0xC0,0x1E,0x97,0x4F,0x96,0xD4, + 0x65,0x37,0x23,0xD7,0xAA,0xF1,0xCB,0x27,0xB0,0x53,0xFF,0x74,0x76,0x66,0xEE,0x25, + 0x1A,0xE0,0x18,0x6C,0xFD,0x29,0x15,0xAE,0x89,0x86,0x6D,0xA1,0x56,0x41,0x5D,0x81, + 0x68,0x5A,0xC4,0x4A,0x43,0x30,0x38,0xDB,0x61,0x9B,0xDC,0x9A,0x83,0x26,0xF5,0xCE, + 0x64,0x48,0x1C,0x1A,0x9B,0xE3,0xCB,0xB1,0x8C,0x1C,0x51,0x6C,0x94,0x7C,0x88,0x73, + 0xDB,0x71,0xED,0x57,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0x99,0x30,0x82,0x02, + 0x95,0x30,0x70,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x64,0x30, + 0x62,0x30,0x35,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x29,0x68, + 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E, + 0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x72,0x6F,0x6F,0x74, + 0x63,0x61,0x67,0x32,0x2E,0x63,0x72,0x74,0x30,0x29,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x30,0x01,0x86,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73, + 0x70,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E, + 0x6E,0x65,0x74,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x83,0x85, + 0x8B,0x92,0x05,0x1B,0x41,0x9E,0x45,0xAB,0xAB,0xB2,0xE3,0xFD,0xD5,0x44,0xCA,0x41, + 0xBD,0xE7,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06, + 0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30, + 0x16,0x80,0x14,0xF3,0xD3,0xC7,0x5E,0x2C,0x45,0x26,0x7E,0xFD,0xE6,0xE4,0xB4,0x94, + 0xB8,0x04,0x0F,0x39,0x3B,0x10,0xDE,0x30,0x81,0xE3,0x06,0x03,0x55,0x1D,0x20,0x04, + 0x81,0xDB,0x30,0x81,0xD8,0x30,0x81,0xC6,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3, + 0x48,0x83,0x7D,0x01,0x01,0x30,0x81,0xB6,0x30,0x81,0x80,0x06,0x08,0x2B,0x06,0x01, + 0x05,0x05,0x07,0x02,0x02,0x30,0x74,0x1E,0x72,0x00,0x43,0x00,0x6F,0x00,0x70,0x00, + 0x79,0x00,0x72,0x00,0x69,0x00,0x67,0x00,0x68,0x00,0x74,0x00,0x20,0x00,0x28,0x00, + 0x63,0x00,0x29,0x00,0x20,0x00,0x32,0x00,0x30,0x00,0x31,0x00,0x33,0x00,0x20,0x00, + 0x41,0x00,0x54,0x00,0x54,0x00,0x20,0x00,0x57,0x00,0x69,0x00,0x2D,0x00,0x46,0x00, + 0x69,0x00,0x20,0x00,0x53,0x00,0x65,0x00,0x72,0x00,0x76,0x00,0x69,0x00,0x63,0x00, + 0x65,0x00,0x73,0x00,0x20,0x00,0x41,0x00,0x6C,0x00,0x6C,0x00,0x20,0x00,0x52,0x00, + 0x69,0x00,0x67,0x00,0x68,0x00,0x74,0x00,0x73,0x00,0x20,0x00,0x52,0x00,0x65,0x00, + 0x73,0x00,0x65,0x00,0x72,0x00,0x76,0x00,0x65,0x00,0x64,0x30,0x31,0x06,0x08,0x2B, + 0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x25,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F, + 0x63,0x72,0x6C,0x2D,0x62,0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72, + 0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,0x73,0x2E,0x68,0x74,0x6D,0x6C,0x30,0x0D, + 0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,0x48,0x83,0x7D,0x01,0x02,0x30,0x81,0xD6, + 0x06,0x03,0x55,0x1D,0x1F,0x04,0x81,0xCE,0x30,0x81,0xCB,0x30,0x81,0xC8,0xA0,0x2D, + 0xA0,0x2B,0x86,0x29,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2D,0x62, + 0x2E,0x70,0x6B,0x69,0x2E,0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74, + 0x2F,0x72,0x6F,0x6F,0x74,0x63,0x61,0x67,0x32,0x2E,0x63,0x72,0x6C,0xA2,0x81,0x96, + 0xA4,0x81,0x93,0x30,0x81,0x90,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13, + 0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x0C,0x05,0x54,0x65, + 0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x0C,0x10,0x41,0x54, + 0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0x31,0x1B, + 0x30,0x19,0x06,0x03,0x55,0x04,0x0B,0x0C,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D, + 0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x31,0x39,0x30,0x37,0x06, + 0x03,0x55,0x04,0x03,0x0C,0x30,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20, + 0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x65, + 0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6F,0x72, + 0x69,0x74,0x79,0x20,0x47,0x32,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF, + 0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D, + 0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x79,0xE7,0x9C,0xD0,0x93,0x93, + 0xB8,0xD6,0xC5,0x58,0x85,0xD4,0xDA,0xC1,0x22,0x73,0x87,0x2F,0x97,0x9C,0x79,0x9B, + 0x61,0xC1,0x87,0xBB,0xA8,0xFD,0x9F,0x07,0x0C,0x3D,0xA1,0xD3,0xFC,0x17,0x46,0x04, + 0x1E,0xBE,0xEF,0x8B,0x9A,0xB1,0x17,0x82,0x75,0x25,0x41,0x68,0xD6,0x46,0x13,0x7A, + 0x9E,0xFB,0x13,0xCE,0x01,0xCA,0x1F,0xD2,0x3F,0x7F,0xF1,0xF3,0xCB,0xC5,0xF7,0x8A, + 0xAA,0x0F,0x63,0x8E,0xC9,0x68,0x31,0xDB,0x3D,0x69,0x4C,0x55,0xC6,0x34,0x24,0x52, + 0x76,0xC0,0x51,0xF9,0x29,0x2B,0xB2,0x3C,0x3C,0x95,0x11,0x20,0x92,0x1A,0x25,0xB8, + 0x10,0x3E,0x45,0xA3,0x4F,0x27,0x51,0xA3,0x8A,0x1D,0xEC,0x00,0x40,0x35,0x3F,0xAC, + 0x2D,0x49,0xD0,0x20,0x85,0x01,0xAE,0xF7,0x7D,0xFC,0x62,0x4E,0x49,0x9C,0xAA,0x99, + 0x27,0x6A,0x14,0xE3,0x51,0x9D,0x1B,0x1F,0xA9,0x32,0x33,0x4E,0xA9,0xA2,0x55,0x21, + 0xDB,0xFF,0x57,0x5A,0x3D,0xC7,0x80,0x6F,0xF1,0x75,0x3F,0x38,0x09,0x52,0x80,0xD5, + 0x5D,0xFE,0x6D,0x84,0x3A,0x9B,0xA7,0x53,0x62,0x48,0x96,0xA9,0x75,0xB0,0xEA,0x6A, + 0x78,0xB4,0x92,0x1F,0xC4,0xD2,0x46,0x59,0xEA,0xE0,0x14,0x01,0x38,0xD7,0x6B,0x5D, + 0x7F,0xB3,0x30,0x15,0x34,0x11,0x52,0xD1,0xF9,0xFB,0xFF,0x21,0xDB,0x06,0xD4,0x3D, + 0xB8,0x69,0xA0,0x95,0x34,0x20,0x1E,0xA1,0x31,0xF5,0xBD,0x18,0x1E,0x08,0xD8,0x55, + 0x06,0xB3,0x28,0x3B,0xF8,0x58,0x94,0x0C,0xBB,0x23,0xCB,0x9E,0x10,0x28,0x64,0x2D, + 0xB9,0x19,0x86,0xB6,0x29,0x2C,0xF2,0xA5,0x36,0x6B, +}; + + +/* subject:/C=US/ST=Texas/O=ATT Services Inc/OU=ATT Wi-Fi Services/CN=ATT Wi-Fi Services Root Certificate Authority G2 */ +/* issuer :/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA G2 */ + +static unsigned char att_intermediate2[1833]={ + 0x30,0x82,0x07,0x25,0x30,0x82,0x06,0x0D,0xA0,0x03,0x02,0x01,0x02,0x02,0x11,0x5C, + 0xD7,0xD8,0x96,0xBA,0xD5,0xC9,0x77,0x11,0xBC,0x14,0xCF,0x0E,0xD3,0x5F,0x20,0x62, + 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30, + 0x5C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x42,0x45,0x31,0x15, + 0x30,0x13,0x06,0x03,0x55,0x04,0x0B,0x13,0x0C,0x54,0x72,0x75,0x73,0x74,0x65,0x64, + 0x20,0x52,0x6F,0x6F,0x74,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10, + 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,0x2D,0x73,0x61, + 0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,0x54,0x72,0x75,0x73,0x74, + 0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x20,0x47,0x32,0x30,0x1E,0x17, + 0x0D,0x31,0x33,0x30,0x35,0x33,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x17,0x0D, + 0x31,0x38,0x30,0x35,0x33,0x30,0x30,0x30,0x30,0x30,0x30,0x30,0x5A,0x30,0x81,0x90, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0E,0x30, + 0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,0x54,0x65,0x78,0x61,0x73,0x31,0x19,0x30, + 0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x41,0x54,0x54,0x20,0x53,0x65,0x72,0x76, + 0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04, + 0x0B,0x13,0x12,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72, + 0x76,0x69,0x63,0x65,0x73,0x31,0x39,0x30,0x37,0x06,0x03,0x55,0x04,0x03,0x13,0x30, + 0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69,0x20,0x53,0x65,0x72,0x76,0x69,0x63, + 0x65,0x73,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, + 0x61,0x74,0x65,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x20,0x47,0x32, + 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, + 0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01, + 0x00,0x83,0x87,0xD2,0xCE,0xE7,0xA6,0x57,0x09,0xA0,0x0A,0x5D,0xD3,0xBF,0x66,0x2B, + 0x82,0x7E,0xB2,0x8B,0xC2,0x32,0x68,0x61,0x36,0x7D,0xC4,0x96,0xCF,0x2A,0x64,0x7E, + 0xA7,0x9C,0x3F,0x67,0x3C,0x3E,0x50,0x6F,0x33,0x75,0x16,0x8E,0x81,0x70,0x67,0x5C, + 0x37,0x07,0xBD,0xD4,0xD4,0x70,0xD7,0x26,0x3B,0x38,0x25,0x3E,0xB4,0xB6,0x5E,0xCF, + 0x9A,0x89,0x45,0xA0,0x35,0xDE,0x15,0x83,0x36,0x9F,0x22,0x87,0xEA,0xFE,0xC8,0x4F, + 0xE8,0x6C,0x67,0xAA,0xEC,0xBC,0xA9,0xDA,0xA7,0xA4,0x3A,0xEB,0xB9,0xD5,0x31,0x4F, + 0x08,0x15,0x8A,0xCB,0x92,0x1B,0xFC,0xA2,0x5E,0xC6,0x6F,0x6B,0xA3,0x8E,0x9A,0x4C, + 0xAB,0x47,0xA3,0x75,0x06,0xED,0xB9,0xFA,0xD6,0xF4,0xA1,0x29,0xEA,0x3D,0xE1,0x8C, + 0xE5,0x85,0xCF,0x8E,0x35,0x81,0x20,0x9B,0x68,0x46,0x55,0x0F,0xA0,0x38,0x07,0xAF, + 0x6F,0x4F,0xAE,0xFD,0x7F,0x98,0xB6,0x6E,0x06,0xA8,0x14,0xCC,0x5B,0x8D,0xDD,0x4C, + 0xA7,0xC7,0x5A,0x4D,0xFA,0x17,0xFD,0xEC,0x77,0xD4,0x0D,0xA1,0xE8,0xFF,0x33,0x01, + 0x14,0x10,0xBC,0x82,0x38,0xEF,0xEF,0xBC,0xCE,0x8C,0x11,0x0A,0xFC,0xFE,0x55,0xA5, + 0x5B,0xA7,0x37,0xD6,0xBB,0xB2,0x5F,0x85,0x06,0xF6,0x96,0xFB,0x24,0x32,0xF4,0x51, + 0xB9,0x4D,0x1D,0x27,0x6A,0xB5,0xD2,0xC0,0x12,0x4B,0x8A,0x33,0xE0,0xC5,0x45,0x3D, + 0xD9,0x38,0xD6,0xE3,0xEF,0x28,0x32,0x77,0xD5,0x72,0xEE,0x99,0x06,0x6A,0xB0,0x05, + 0x43,0x4D,0xA2,0xB1,0x5F,0x22,0x92,0xD3,0x26,0xAC,0x0F,0x5C,0x91,0x6F,0x17,0x85, + 0x17,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,0xAB,0x30,0x82,0x03,0xA7,0x30,0x0E, + 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x82, + 0x01,0x0B,0x06,0x03,0x55,0x1D,0x20,0x04,0x82,0x01,0x02,0x30,0x81,0xFF,0x30,0x71, + 0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0xA0,0x32,0x01,0x3C,0x01,0x30,0x63,0x30,0x32, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x26,0x68,0x74,0x74,0x70, + 0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69, + 0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72, + 0x79,0x2F,0x30,0x2D,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x21, + 0x0C,0x1F,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x54,0x72,0x75, + 0x73,0x74,0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x20,0x50,0x72,0x6F,0x67,0x72,0x61, + 0x6D,0x30,0x81,0x89,0x06,0x0B,0x2B,0x06,0x01,0x04,0x01,0xA3,0x48,0x83,0x7D,0x01, + 0x01,0x30,0x7A,0x30,0x2F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16, + 0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70,0x6B,0x69,0x2E, + 0x77,0x61,0x79,0x70,0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x2F,0x63,0x70,0x73,0x2E, + 0x68,0x74,0x6D,0x6C,0x30,0x47,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, + 0x30,0x3B,0x0C,0x39,0x43,0x6F,0x70,0x79,0x72,0x69,0x67,0x68,0x74,0x20,0x28,0x63, + 0x29,0x20,0x32,0x30,0x31,0x33,0x20,0x41,0x54,0x54,0x20,0x57,0x69,0x2D,0x46,0x69, + 0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x41,0x6C,0x6C,0x20,0x52,0x69, + 0x67,0x68,0x74,0x73,0x20,0x52,0x65,0x73,0x65,0x72,0x76,0x65,0x64,0x30,0x12,0x06, + 0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01, + 0x01,0x30,0x82,0x01,0x4B,0x06,0x03,0x55,0x1D,0x1E,0x04,0x82,0x01,0x42,0x30,0x82, + 0x01,0x3E,0xA0,0x82,0x01,0x08,0x30,0x0D,0x82,0x0B,0x77,0x61,0x79,0x70,0x6F,0x72, + 0x74,0x2E,0x6E,0x65,0x74,0x30,0x0D,0x82,0x0B,0x61,0x74,0x74,0x77,0x69,0x66,0x69, + 0x2E,0x63,0x6F,0x6D,0x30,0x10,0x82,0x0E,0x73,0x75,0x70,0x65,0x72,0x63,0x6C,0x69, + 0x63,0x6B,0x2E,0x6E,0x65,0x74,0x30,0x10,0x82,0x0E,0x73,0x75,0x70,0x65,0x72,0x63, + 0x6C,0x69,0x63,0x6B,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x81,0x0B,0x77,0x61,0x79,0x70, + 0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x0E,0x81,0x0C,0x2E,0x77,0x61,0x79,0x70, + 0x6F,0x72,0x74,0x2E,0x6E,0x65,0x74,0x30,0x0D,0x81,0x0B,0x61,0x74,0x74,0x77,0x69, + 0x66,0x69,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x81,0x0C,0x2E,0x61,0x74,0x74,0x77,0x69, + 0x66,0x69,0x2E,0x63,0x6F,0x6D,0x30,0x10,0x81,0x0E,0x73,0x75,0x70,0x65,0x72,0x63, + 0x6C,0x69,0x63,0x6B,0x2E,0x6E,0x65,0x74,0x30,0x11,0x81,0x0F,0x2E,0x73,0x75,0x70, + 0x65,0x72,0x63,0x6C,0x69,0x63,0x6B,0x2E,0x6E,0x65,0x74,0x30,0x10,0x81,0x0E,0x73, + 0x75,0x70,0x65,0x72,0x63,0x6C,0x69,0x63,0x6B,0x2E,0x63,0x6F,0x6D,0x30,0x11,0x81, + 0x0F,0x2E,0x73,0x75,0x70,0x65,0x72,0x63,0x6C,0x69,0x63,0x6B,0x2E,0x63,0x6F,0x6D, + 0x30,0x3C,0xA4,0x3A,0x30,0x38,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13, + 0x02,0x55,0x53,0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x08,0x13,0x05,0x54,0x65, + 0x78,0x61,0x73,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x41,0x54, + 0x54,0x20,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x20,0x49,0x6E,0x63,0xA1,0x30, + 0x30,0x0A,0x87,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x22,0x87,0x20, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01, + 0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30, + 0x3D,0x06,0x03,0x55,0x1D,0x1F,0x04,0x36,0x30,0x34,0x30,0x32,0xA0,0x30,0xA0,0x2E, + 0x86,0x2C,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x67,0x6C,0x6F, + 0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x67,0x73,0x2F,0x74, + 0x72,0x75,0x73,0x74,0x72,0x6F,0x6F,0x74,0x67,0x32,0x2E,0x63,0x72,0x6C,0x30,0x81, + 0x84,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x78,0x30,0x76,0x30, + 0x33,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x27,0x68,0x74,0x74, + 0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x32,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C, + 0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x74,0x72,0x75,0x73,0x74,0x72,0x6F, + 0x6F,0x74,0x67,0x32,0x30,0x3F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, + 0x86,0x33,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x73,0x65,0x63,0x75,0x72,0x65,0x2E, + 0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x63, + 0x61,0x63,0x65,0x72,0x74,0x2F,0x74,0x72,0x75,0x73,0x74,0x72,0x6F,0x6F,0x74,0x67, + 0x32,0x2E,0x63,0x72,0x74,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14, + 0xF3,0xD3,0xC7,0x5E,0x2C,0x45,0x26,0x7E,0xFD,0xE6,0xE4,0xB4,0x94,0xB8,0x04,0x0F, + 0x39,0x3B,0x10,0xDE,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80, + 0x14,0x14,0xF6,0xE5,0x8B,0x31,0xB6,0x45,0x80,0x4A,0x4C,0x6D,0xFC,0xC2,0x87,0x89, + 0xCA,0x36,0xC3,0x90,0x62,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, + 0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x85,0xDE,0x66,0x4A,0x3A,0x3B,0xAD, + 0x8A,0xC7,0x32,0xFF,0x2D,0xD3,0x81,0x69,0x1D,0x1C,0xDE,0xE5,0x1E,0x87,0xE6,0x33, + 0xFE,0x34,0x80,0x1E,0xCF,0xC8,0xF8,0x93,0x38,0x12,0x9B,0x42,0xC4,0x9A,0x49,0x8B, + 0x98,0xAF,0x52,0xEC,0xD7,0x10,0xC4,0x44,0xEA,0x57,0xE6,0xA5,0xA5,0xC4,0x53,0x15, + 0xEB,0xEA,0x3D,0x8A,0xB2,0x9F,0xF2,0x90,0x1A,0x03,0xBA,0xB7,0xC8,0x89,0xCD,0x88, + 0x26,0xF6,0xA3,0xFD,0x41,0x3C,0x70,0x01,0xE1,0x03,0x99,0x33,0xFA,0xF6,0xB1,0x92, + 0xED,0x3C,0xF9,0x03,0xC5,0x28,0xBB,0x18,0xD8,0x25,0x8F,0x6C,0x13,0x12,0x70,0xFA, + 0x38,0x1E,0xB2,0xC8,0xC9,0x60,0x51,0x3A,0x43,0x86,0x4F,0x27,0xEF,0xAD,0x03,0x58, + 0x52,0xCC,0xAF,0x6F,0x03,0xDB,0x7B,0x3B,0xDA,0xF2,0xBC,0xE7,0x40,0x0D,0xE6,0xD9, + 0x8C,0x36,0x2E,0xEA,0x01,0xA9,0x66,0xCA,0x26,0x41,0x71,0x57,0x84,0xE0,0x38,0xA4, + 0x13,0xDE,0x05,0xC4,0xC4,0x0A,0x79,0xCF,0x5F,0xE3,0x8E,0xDE,0xCC,0xD8,0x8E,0x6E, + 0xBC,0x4F,0x50,0x2C,0xD4,0x68,0xDF,0xB6,0xA8,0x61,0x80,0x0B,0x03,0x74,0xF3,0xFF, + 0x09,0x4A,0x13,0xA0,0x57,0x96,0x0B,0xCB,0x62,0x09,0xB4,0x18,0xFB,0x07,0xD2,0x93, + 0x17,0x50,0xCF,0xFE,0x5B,0x50,0x03,0xCE,0x9F,0x19,0x65,0x1E,0x9D,0xAD,0xA1,0x49, + 0x0C,0xC0,0x3D,0xFC,0x1F,0xE9,0xA4,0xEF,0x2D,0x6C,0xFA,0x0C,0xF5,0x0D,0xBB,0x2D, + 0xCA,0x36,0x22,0x5B,0xCE,0xEB,0xC4,0x4F,0xF7,0x78,0xCD,0x3F,0xCC,0xCE,0xA8,0xCF, + 0x4F,0x0B,0x14,0x49,0x6E,0xA0,0xE7,0xF1,0x60, +}; + + +/* subject:/C=BE/OU=Trusted Root/O=GlobalSign nv-sa/CN=Trusted Root CA G2 */ +/* issuer :/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA */ + +static unsigned char att_intermediate3[1121]={ + 0x30,0x82,0x04,0x5D,0x30,0x82,0x03,0x45,0xA0,0x03,0x02,0x01,0x02,0x02,0x0B,0x04, + 0x00,0x00,0x00,0x00,0x01,0x36,0xE9,0x3A,0x3A,0xB3,0x30,0x0D,0x06,0x09,0x2A,0x86, + 0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x57,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x06,0x13,0x02,0x42,0x45,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04, + 0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76, + 0x2D,0x73,0x61,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x0B,0x13,0x07,0x52,0x6F, + 0x6F,0x74,0x20,0x43,0x41,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12, + 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x52,0x6F,0x6F,0x74,0x20, + 0x43,0x41,0x30,0x1E,0x17,0x0D,0x31,0x32,0x30,0x34,0x32,0x35,0x31,0x31,0x30,0x30, + 0x30,0x30,0x5A,0x17,0x0D,0x32,0x37,0x30,0x34,0x32,0x35,0x31,0x31,0x30,0x30,0x30, + 0x30,0x5A,0x30,0x5C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x42, + 0x45,0x31,0x15,0x30,0x13,0x06,0x03,0x55,0x04,0x0B,0x13,0x0C,0x54,0x72,0x75,0x73, + 0x74,0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04, + 0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76, + 0x2D,0x73,0x61,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,0x54,0x72, + 0x75,0x73,0x74,0x65,0x64,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x20,0x47,0x32, + 0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, + 0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01, + 0x00,0xAC,0xAE,0xBE,0xAA,0xED,0x70,0xCA,0xFB,0x83,0xB1,0x2E,0x35,0xBB,0xB8,0xB0, + 0xAC,0x31,0x33,0x5D,0xBB,0x52,0xC0,0xA6,0xC7,0x54,0x71,0x6F,0x1C,0x60,0x70,0x0A, + 0xC6,0x4B,0xBA,0xE3,0x89,0xE7,0xE9,0x04,0x7F,0xF0,0xE0,0xB6,0x2B,0xCA,0x68,0xDF, + 0xBD,0xCC,0x35,0xB9,0xEC,0x8C,0x36,0x8A,0x8B,0xA3,0xD9,0xC9,0x33,0x3F,0xCE,0x45, + 0x7B,0xA9,0x6F,0x7E,0x4D,0x35,0xF1,0x3A,0xEB,0xBA,0x6B,0x41,0x81,0xDA,0xFA,0xD4, + 0xE3,0x97,0x52,0x22,0x2A,0x90,0x7B,0x41,0x4C,0x2D,0xDF,0x05,0xCF,0xB9,0x33,0x05, + 0x25,0xAD,0x6D,0x5E,0xD8,0xCA,0xCE,0x4A,0x89,0xCA,0xE2,0x65,0x36,0xE3,0xCA,0x4F, + 0xBE,0x87,0x72,0x38,0x0D,0xAA,0x05,0x75,0xB3,0xDA,0x86,0xE3,0x83,0x03,0xE4,0x8D, + 0x89,0xBC,0x8D,0x76,0x76,0xEF,0x33,0x23,0x56,0xE0,0x75,0x0F,0xA5,0xFC,0xAB,0x17, + 0x91,0x37,0xDB,0x1A,0x35,0x2F,0x84,0xE2,0xCE,0x95,0x53,0x56,0x55,0x00,0xE9,0x2F, + 0xE6,0x0C,0x22,0xB1,0xAA,0x80,0x16,0x31,0xCB,0x94,0xD4,0x36,0x0A,0xC0,0x71,0x1B, + 0x70,0xA4,0xD7,0x52,0xD8,0xA9,0x05,0xE6,0x8B,0x52,0x98,0xCC,0x1E,0x55,0xBE,0x64, + 0x86,0x85,0x15,0xBF,0x7B,0xBC,0x53,0x14,0x07,0xFD,0x65,0x9B,0x36,0x11,0xEA,0xD5, + 0x1A,0xC8,0x96,0x0F,0xF4,0xAC,0x15,0x1F,0x8B,0xFC,0xE2,0x4A,0x16,0x05,0x48,0x1E, + 0xD4,0xF9,0xA2,0xF1,0xE4,0x3C,0x4F,0xA6,0x14,0xC5,0x06,0x20,0xEA,0xB9,0x01,0xA9, + 0xB4,0x1F,0x85,0x0B,0x82,0x6F,0x9E,0xE9,0x03,0x4A,0xD1,0x62,0x85,0x90,0x99,0xD5, + 0x1F,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0x23,0x30,0x82,0x01,0x1F,0x30,0x0E, + 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0F, + 0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30, + 0x47,0x06,0x03,0x55,0x1D,0x20,0x04,0x40,0x30,0x3E,0x30,0x3C,0x06,0x04,0x55,0x1D, + 0x20,0x00,0x30,0x34,0x30,0x32,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, + 0x16,0x26,0x68,0x74,0x74,0x70,0x73,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x67,0x6C, + 0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70, + 0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04, + 0x16,0x04,0x14,0x14,0xF6,0xE5,0x8B,0x31,0xB6,0x45,0x80,0x4A,0x4C,0x6D,0xFC,0xC2, + 0x87,0x89,0xCA,0x36,0xC3,0x90,0x62,0x30,0x33,0x06,0x03,0x55,0x1D,0x1F,0x04,0x2C, + 0x30,0x2A,0x30,0x28,0xA0,0x26,0xA0,0x24,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F, + 0x2F,0x63,0x72,0x6C,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,0x67,0x6E,0x2E, + 0x6E,0x65,0x74,0x2F,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x72,0x6C,0x30,0x3E,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x32,0x30,0x30,0x30,0x2E,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x22,0x68,0x74,0x74,0x70,0x3A,0x2F, + 0x2F,0x6F,0x63,0x73,0x70,0x32,0x2E,0x67,0x6C,0x6F,0x62,0x61,0x6C,0x73,0x69,0x67, + 0x6E,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x6F,0x6F,0x74,0x72,0x31,0x30,0x1F,0x06,0x03, + 0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x60,0x7B,0x66,0x1A,0x45,0x0D,0x97, + 0xCA,0x89,0x50,0x2F,0x7D,0x04,0xCD,0x34,0xA8,0xFF,0xFC,0xFD,0x4B,0x30,0x0D,0x06, + 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01, + 0x00,0xBE,0xC8,0x1B,0x49,0x7E,0x93,0x82,0xE4,0x72,0x92,0x3E,0x6B,0xF9,0x2F,0x66, + 0xC4,0x91,0xC1,0x23,0x38,0xB8,0x0E,0xB3,0x19,0x7D,0xF8,0x7B,0xBF,0x00,0xDA,0x8C, + 0xAD,0xAF,0xC4,0x46,0xF1,0xB2,0x70,0x55,0xBF,0x3E,0x00,0x73,0x14,0x0F,0xE5,0xDE, + 0xDA,0x46,0x1D,0x87,0xF5,0x23,0xFF,0x06,0x90,0x5D,0xFA,0x91,0xD0,0xE8,0x31,0x41, + 0x72,0xFD,0x0A,0xDE,0x19,0x33,0xE2,0x65,0x47,0x56,0xAF,0xB0,0xD2,0x97,0x58,0xBE, + 0x40,0xC1,0x85,0xC0,0x5C,0x23,0x81,0xDC,0x9E,0x4F,0x5B,0x65,0xCE,0x72,0x4E,0xC7, + 0x67,0x0D,0x2F,0x45,0xB1,0x90,0x86,0x35,0xA3,0x43,0x1F,0x81,0xE0,0xA3,0x94,0x16, + 0x0D,0x5B,0xDE,0x8B,0xFF,0xCF,0xA5,0xE4,0xAF,0x7C,0x9A,0x09,0xF4,0x50,0x85,0x78, + 0x7B,0x28,0x2D,0x01,0x73,0x44,0x57,0x3C,0xF1,0xB9,0x36,0xFE,0x65,0x09,0x6F,0xB3, + 0xB5,0xB6,0xE0,0xD3,0x33,0x26,0xDE,0x4C,0x9F,0x40,0x84,0xD1,0xBA,0xC3,0x12,0x83, + 0xA2,0x01,0xB0,0x32,0x6A,0x3A,0x78,0xDA,0x89,0xA2,0x90,0x45,0xC5,0xE2,0x0F,0x44, + 0xA4,0xE3,0x76,0x57,0x6F,0x66,0xD4,0x28,0xCC,0x42,0xEF,0xE4,0xDD,0xDD,0x02,0xF8, + 0x47,0x21,0xDC,0x58,0x96,0xD0,0xED,0x8C,0xA5,0x2D,0x34,0xBF,0xC7,0xE8,0xF1,0x58, + 0x87,0x0E,0x43,0x4A,0x0E,0xE7,0xFE,0x78,0xB7,0x93,0xD3,0x43,0x5E,0x27,0x79,0x88, + 0x4E,0xCF,0xDC,0x78,0x81,0x49,0x36,0x01,0x80,0x16,0xE9,0xDD,0x6F,0x78,0xFC,0x1B, + 0x85,0xC0,0xBC,0xAE,0x84,0x30,0x90,0x74,0xFB,0x1E,0xF7,0xD8,0x06,0x87,0x3B,0xE0, + 0x53, +}; + + +/* subject:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA */ +/* issuer :/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA */ + +static unsigned char att_root[889]={ + 0x30,0x82,0x03,0x75,0x30,0x82,0x02,0x5D,0xA0,0x03,0x02,0x01,0x02,0x02,0x0B,0x04, + 0x00,0x00,0x00,0x00,0x01,0x15,0x4B,0x5A,0xC3,0x94,0x30,0x0D,0x06,0x09,0x2A,0x86, + 0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x57,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x06,0x13,0x02,0x42,0x45,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04, + 0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76, + 0x2D,0x73,0x61,0x31,0x10,0x30,0x0E,0x06,0x03,0x55,0x04,0x0B,0x13,0x07,0x52,0x6F, + 0x6F,0x74,0x20,0x43,0x41,0x31,0x1B,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12, + 0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x52,0x6F,0x6F,0x74,0x20, + 0x43,0x41,0x30,0x1E,0x17,0x0D,0x39,0x38,0x30,0x39,0x30,0x31,0x31,0x32,0x30,0x30, + 0x30,0x30,0x5A,0x17,0x0D,0x32,0x38,0x30,0x31,0x32,0x38,0x31,0x32,0x30,0x30,0x30, + 0x30,0x5A,0x30,0x57,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x42, + 0x45,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x0A,0x13,0x10,0x47,0x6C,0x6F,0x62, + 0x61,0x6C,0x53,0x69,0x67,0x6E,0x20,0x6E,0x76,0x2D,0x73,0x61,0x31,0x10,0x30,0x0E, + 0x06,0x03,0x55,0x04,0x0B,0x13,0x07,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x31,0x1B, + 0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x13,0x12,0x47,0x6C,0x6F,0x62,0x61,0x6C,0x53, + 0x69,0x67,0x6E,0x20,0x52,0x6F,0x6F,0x74,0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82, + 0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xDA,0x0E,0xE6,0x99, + 0x8D,0xCE,0xA3,0xE3,0x4F,0x8A,0x7E,0xFB,0xF1,0x8B,0x83,0x25,0x6B,0xEA,0x48,0x1F, + 0xF1,0x2A,0xB0,0xB9,0x95,0x11,0x04,0xBD,0xF0,0x63,0xD1,0xE2,0x67,0x66,0xCF,0x1C, + 0xDD,0xCF,0x1B,0x48,0x2B,0xEE,0x8D,0x89,0x8E,0x9A,0xAF,0x29,0x80,0x65,0xAB,0xE9, + 0xC7,0x2D,0x12,0xCB,0xAB,0x1C,0x4C,0x70,0x07,0xA1,0x3D,0x0A,0x30,0xCD,0x15,0x8D, + 0x4F,0xF8,0xDD,0xD4,0x8C,0x50,0x15,0x1C,0xEF,0x50,0xEE,0xC4,0x2E,0xF7,0xFC,0xE9, + 0x52,0xF2,0x91,0x7D,0xE0,0x6D,0xD5,0x35,0x30,0x8E,0x5E,0x43,0x73,0xF2,0x41,0xE9, + 0xD5,0x6A,0xE3,0xB2,0x89,0x3A,0x56,0x39,0x38,0x6F,0x06,0x3C,0x88,0x69,0x5B,0x2A, + 0x4D,0xC5,0xA7,0x54,0xB8,0x6C,0x89,0xCC,0x9B,0xF9,0x3C,0xCA,0xE5,0xFD,0x89,0xF5, + 0x12,0x3C,0x92,0x78,0x96,0xD6,0xDC,0x74,0x6E,0x93,0x44,0x61,0xD1,0x8D,0xC7,0x46, + 0xB2,0x75,0x0E,0x86,0xE8,0x19,0x8A,0xD5,0x6D,0x6C,0xD5,0x78,0x16,0x95,0xA2,0xE9, + 0xC8,0x0A,0x38,0xEB,0xF2,0x24,0x13,0x4F,0x73,0x54,0x93,0x13,0x85,0x3A,0x1B,0xBC, + 0x1E,0x34,0xB5,0x8B,0x05,0x8C,0xB9,0x77,0x8B,0xB1,0xDB,0x1F,0x20,0x91,0xAB,0x09, + 0x53,0x6E,0x90,0xCE,0x7B,0x37,0x74,0xB9,0x70,0x47,0x91,0x22,0x51,0x63,0x16,0x79, + 0xAE,0xB1,0xAE,0x41,0x26,0x08,0xC8,0x19,0x2B,0xD1,0x46,0xAA,0x48,0xD6,0x64,0x2A, + 0xD7,0x83,0x34,0xFF,0x2C,0x2A,0xC1,0x6C,0x19,0x43,0x4A,0x07,0x85,0xE7,0xD3,0x7C, + 0xF6,0x21,0x68,0xEF,0xEA,0xF2,0x52,0x9F,0x7F,0x93,0x90,0xCF,0x02,0x03,0x01,0x00, + 0x01,0xA3,0x42,0x30,0x40,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04, + 0x04,0x03,0x02,0x01,0x06,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04, + 0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04, + 0x14,0x60,0x7B,0x66,0x1A,0x45,0x0D,0x97,0xCA,0x89,0x50,0x2F,0x7D,0x04,0xCD,0x34, + 0xA8,0xFF,0xFC,0xFD,0x4B,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, + 0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0xD6,0x73,0xE7,0x7C,0x4F,0x76,0xD0, + 0x8D,0xBF,0xEC,0xBA,0xA2,0xBE,0x34,0xC5,0x28,0x32,0xB5,0x7C,0xFC,0x6C,0x9C,0x2C, + 0x2B,0xBD,0x09,0x9E,0x53,0xBF,0x6B,0x5E,0xAA,0x11,0x48,0xB6,0xE5,0x08,0xA3,0xB3, + 0xCA,0x3D,0x61,0x4D,0xD3,0x46,0x09,0xB3,0x3E,0xC3,0xA0,0xE3,0x63,0x55,0x1B,0xF2, + 0xBA,0xEF,0xAD,0x39,0xE1,0x43,0xB9,0x38,0xA3,0xE6,0x2F,0x8A,0x26,0x3B,0xEF,0xA0, + 0x50,0x56,0xF9,0xC6,0x0A,0xFD,0x38,0xCD,0xC4,0x0B,0x70,0x51,0x94,0x97,0x98,0x04, + 0xDF,0xC3,0x5F,0x94,0xD5,0x15,0xC9,0x14,0x41,0x9C,0xC4,0x5D,0x75,0x64,0x15,0x0D, + 0xFF,0x55,0x30,0xEC,0x86,0x8F,0xFF,0x0D,0xEF,0x2C,0xB9,0x63,0x46,0xF6,0xAA,0xFC, + 0xDF,0xBC,0x69,0xFD,0x2E,0x12,0x48,0x64,0x9A,0xE0,0x95,0xF0,0xA6,0xEF,0x29,0x8F, + 0x01,0xB1,0x15,0xB5,0x0C,0x1D,0xA5,0xFE,0x69,0x2C,0x69,0x24,0x78,0x1E,0xB3,0xA7, + 0x1C,0x71,0x62,0xEE,0xCA,0xC8,0x97,0xAC,0x17,0x5D,0x8A,0xC2,0xF8,0x47,0x86,0x6E, + 0x2A,0xC4,0x56,0x31,0x95,0xD0,0x67,0x89,0x85,0x2B,0xF9,0x6C,0xA6,0x5D,0x46,0x9D, + 0x0C,0xAA,0x82,0xE4,0x99,0x51,0xDD,0x70,0xB7,0xDB,0x56,0x3D,0x61,0xE4,0x6A,0xE1, + 0x5C,0xD6,0xF6,0xFE,0x3D,0xDE,0x41,0xCC,0x07,0xAE,0x63,0x52,0xBF,0x53,0x53,0xF4, + 0x2B,0xE9,0xC7,0xFD,0xB6,0xF7,0x82,0x5F,0x85,0xD2,0x41,0x18,0xDB,0x81,0xB3,0x04, + 0x1C,0xC5,0x1F,0xA4,0x80,0x6F,0x15,0x20,0xC9,0xDE,0x0C,0x88,0x0A,0x1D,0xD6,0x66, + 0x55,0xE2,0xFC,0x48,0xC9,0x29,0x26,0x69,0xE0, +}; + +/* subject:/C=US/ST=CA/L=Santa Clara/O=Intel Corporation/CN=myctx.intel.com */ +/* issuer :/C=US/ST=CA/L=Santa Clara/O=Intel Corporation/CN=Intel External Basic Issuing CA 3A */ +unsigned char intel1_leaf[1644]={ + 0x30,0x82,0x06,0x68,0x30,0x82,0x05,0x50,0xA0,0x03,0x02,0x01,0x02,0x02,0x13,0x33, + 0x00,0x00,0xAC,0x1A,0x2A,0x79,0x37,0xC7,0x7C,0x92,0x90,0x70,0x00,0x03,0x00,0x00, + 0xAC,0x1A,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05, + 0x00,0x30,0x79,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30, + 0x12,0x06,0x03,0x55,0x04,0x07,0x13,0x0B,0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C, + 0x61,0x72,0x61,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E, + 0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31, + 0x2B,0x30,0x29,0x06,0x03,0x55,0x04,0x03,0x13,0x22,0x49,0x6E,0x74,0x65,0x6C,0x20, + 0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x49, + 0x73,0x73,0x75,0x69,0x6E,0x67,0x20,0x43,0x41,0x20,0x33,0x41,0x30,0x1E,0x17,0x0D, + 0x31,0x33,0x31,0x31,0x31,0x31,0x30,0x31,0x30,0x31,0x31,0x33,0x5A,0x17,0x0D,0x31, + 0x36,0x31,0x30,0x32,0x36,0x30,0x31,0x30,0x31,0x31,0x33,0x5A,0x30,0x66,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04, + 0x07,0x13,0x0B,0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C,0x61,0x72,0x61,0x31,0x1A, + 0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43, + 0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x18,0x30,0x16,0x06,0x03, + 0x55,0x04,0x03,0x13,0x0F,0x6D,0x79,0x63,0x74,0x78,0x2E,0x69,0x6E,0x74,0x65,0x6C, + 0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86, + 0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A, + 0x02,0x82,0x01,0x01,0x00,0xB5,0x28,0x2C,0x28,0x93,0x36,0x61,0x9D,0x2E,0xA9,0x69, + 0x3D,0xF6,0x28,0x32,0x06,0x63,0x0D,0x74,0x11,0xCF,0xAD,0x68,0x10,0xE4,0x99,0xCA, + 0x24,0x93,0xE2,0x06,0xA0,0xB7,0xC9,0xB4,0xCD,0x43,0xD7,0x2C,0xA0,0xC4,0x36,0x60, + 0x40,0x1D,0x89,0xD2,0xD7,0x71,0x92,0xB5,0x36,0xA3,0x7F,0xC5,0x4B,0x3A,0x85,0x61, + 0x2D,0xED,0x08,0x0E,0x7E,0x33,0xF2,0x48,0x5D,0x30,0x9E,0x8B,0xFB,0xA2,0x6E,0x8A, + 0xE0,0xD2,0xE8,0x21,0xBE,0x5F,0x0D,0xAB,0x41,0x06,0xFE,0xB6,0xCE,0x26,0x02,0x3E, + 0xFC,0xF8,0x12,0x62,0xB5,0xDC,0x89,0xA1,0x93,0xB7,0x11,0xAF,0x57,0x24,0xE4,0xB5, + 0x88,0x75,0x4D,0xFB,0xB8,0x14,0x3C,0xD6,0x1A,0x64,0x55,0x1D,0xE6,0xBE,0x54,0x84, + 0xD9,0x44,0x1C,0x9F,0xC4,0x4B,0xB2,0x11,0x42,0x27,0xC1,0xE6,0x0A,0x9A,0x0E,0x92, + 0xD1,0x38,0xEF,0x98,0x5F,0x22,0xF4,0xD9,0x43,0x97,0x8D,0x85,0x77,0x62,0x8B,0xB0, + 0x6E,0xEC,0xB1,0x7B,0x42,0x40,0x74,0xB3,0x46,0x95,0x20,0x40,0x5A,0xE7,0xCB,0x94, + 0x1E,0xAA,0xC5,0xFB,0x4D,0x32,0x05,0x5E,0x5E,0x24,0x1F,0x63,0x8A,0x32,0xFD,0x1E, + 0xC5,0xAD,0x71,0xBC,0x87,0xEB,0x16,0x55,0xD6,0xE9,0x6E,0xBF,0x69,0x1D,0x99,0xC9, + 0x85,0x5D,0xF9,0xC9,0xAB,0x97,0xEB,0x5F,0xF9,0x3B,0x9F,0xDB,0x88,0x92,0x4F,0xFB, + 0x41,0x44,0x18,0x12,0xBA,0x3F,0x37,0x62,0x64,0x07,0x6B,0xD7,0x0F,0x32,0x05,0x80, + 0xB2,0xF0,0x70,0xC3,0xAA,0xFA,0x98,0xE2,0xF8,0xE8,0x0E,0x5D,0x25,0xEB,0x47,0x33, + 0xA4,0xF2,0xCC,0xE4,0x7F,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0xFA,0x30,0x82, + 0x02,0xF6,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x05,0xA0,0x30, + 0x3D,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x07,0x04,0x30,0x30,0x2E, + 0x06,0x26,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x08,0x86,0xC3,0x8C,0x75,0x84, + 0x99,0xE5,0x51,0x83,0xFD,0x81,0x28,0x85,0x8E,0x9F,0x53,0x82,0x91,0xC0,0x09,0x67, + 0x82,0xFC,0xFB,0x17,0x85,0x9B,0xFA,0x24,0x02,0x01,0x64,0x02,0x01,0x0C,0x30,0x1D, + 0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x71,0x4F,0x14,0x9A,0x04,0x37,0x44, + 0x3B,0x7E,0xB1,0x8A,0xC7,0xB0,0x6F,0x94,0x0A,0xDD,0x79,0x28,0xE2,0x30,0x1F,0x06, + 0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x33,0x38,0x3D,0x81,0xCA,0xC4, + 0xA5,0xCC,0x51,0xBA,0xC5,0x83,0x68,0x84,0xAB,0x0A,0x61,0x6E,0xC9,0x98,0x30,0x81, + 0xCF,0x06,0x03,0x55,0x1D,0x1F,0x04,0x81,0xC7,0x30,0x81,0xC4,0x30,0x81,0xC1,0xA0, + 0x81,0xBE,0xA0,0x81,0xBB,0x86,0x57,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77, + 0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F, + 0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x43,0x52,0x4C,0x2F,0x49,0x6E,0x74,0x65,0x6C, + 0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61, + 0x73,0x69,0x63,0x25,0x32,0x30,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x25,0x32,0x30, + 0x43,0x41,0x25,0x32,0x30,0x33,0x41,0x28,0x33,0x29,0x2E,0x63,0x72,0x6C,0x86,0x60, + 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61, + 0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65, + 0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x43,0x52,0x4C,0x2F,0x49,0x6E,0x74, + 0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30, + 0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x25, + 0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x33,0x41,0x28,0x33,0x29,0x2E,0x63,0x72,0x6C, + 0x30,0x81,0xF5,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x81,0xE8, + 0x30,0x81,0xE5,0x30,0x6C,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86, + 0x60,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65, + 0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79, + 0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2F,0x49,0x6E, + 0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32, + 0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x49,0x73,0x73,0x75,0x69,0x6E,0x67, + 0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x33,0x41,0x28,0x33,0x29,0x2E,0x63,0x72, + 0x74,0x30,0x75,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x69,0x68, + 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74, + 0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70, + 0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63, + 0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74, + 0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30, + 0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x33, + 0x41,0x28,0x33,0x29,0x2E,0x63,0x72,0x74,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04, + 0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B, + 0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x27,0x06,0x09,0x2B,0x06,0x01,0x04,0x01, + 0x82,0x37,0x15,0x0A,0x04,0x1A,0x30,0x18,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x03,0x02,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, + 0x30,0x56,0x06,0x03,0x55,0x1D,0x11,0x04,0x4F,0x30,0x4D,0x82,0x12,0x6D,0x79,0x63, + 0x74,0x78,0x2D,0x66,0x6D,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x82, + 0x12,0x6D,0x79,0x63,0x74,0x78,0x2D,0x69,0x72,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E, + 0x63,0x6F,0x6D,0x82,0x12,0x6D,0x79,0x63,0x74,0x78,0x2D,0x70,0x67,0x2E,0x69,0x6E, + 0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x0F,0x6D,0x79,0x63,0x74,0x78,0x2E,0x69, + 0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86, + 0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x64,0xDC,0x71,0x94, + 0x8A,0x02,0xAF,0xA1,0xEB,0x83,0x15,0x8B,0xCB,0xB4,0x59,0x39,0x25,0x2D,0xB7,0xCC, + 0x44,0x76,0x03,0x16,0x77,0xED,0x33,0xE6,0x71,0x70,0xBA,0x56,0x75,0x44,0xD9,0x40, + 0x8B,0x1F,0xA0,0xCF,0x50,0x98,0x98,0xFD,0xE2,0x29,0x1A,0xC5,0x6D,0x7D,0x71,0xC5, + 0xF5,0x73,0x16,0x4B,0x89,0xF3,0x13,0xE1,0xBE,0x7C,0x77,0x01,0xD7,0xBC,0xC6,0x65, + 0xED,0xBC,0x7F,0x55,0x42,0xB8,0x32,0xEA,0x82,0x7F,0xE1,0xEF,0x91,0x31,0x92,0x10, + 0xCA,0xC3,0x21,0x0C,0x65,0x26,0xAB,0xBF,0xDB,0x5C,0xF1,0xC1,0x5F,0x54,0x7F,0xBE, + 0x78,0x7F,0x7E,0x1E,0x27,0x49,0xFA,0x86,0xE5,0x52,0x13,0x2D,0x49,0xE8,0x33,0x6F, + 0x71,0x87,0xB6,0x2A,0x94,0x71,0x81,0x40,0x46,0xD9,0xA3,0x3F,0x0D,0x5C,0x07,0x01, + 0x79,0x9D,0x5C,0x15,0x31,0xBC,0x33,0x38,0x41,0x29,0xC9,0x3D,0xDD,0x69,0xA1,0xB7, + 0x94,0x65,0x6F,0xC9,0x72,0x5F,0xAF,0x18,0x9A,0xE8,0xCC,0x4B,0x2D,0xB6,0x05,0x95, + 0x05,0xD8,0xA0,0x6A,0xA7,0x22,0xBD,0xA0,0x2D,0xCC,0x21,0x0B,0x25,0xD1,0x0B,0xF2, + 0x61,0xBE,0xE6,0xD0,0x6F,0xF1,0x16,0xF8,0x12,0xBD,0x95,0x2A,0xD5,0x90,0xE5,0x1D, + 0x79,0x51,0x29,0xBD,0xC9,0x19,0xEE,0xD6,0x88,0xDB,0xE3,0xD0,0x3A,0x85,0x53,0xA5, + 0xDC,0xC3,0xC0,0x93,0x34,0x48,0x41,0xC8,0x98,0xE2,0x82,0x85,0x76,0x7E,0xF7,0xFA, + 0x50,0x55,0xD8,0xEF,0xED,0xF8,0x71,0x1A,0x0D,0x3F,0xBA,0x51,0x91,0xBD,0x7F,0x41, + 0xD6,0x19,0x96,0x66,0x7B,0x97,0x8F,0x0C,0x9F,0x14,0x51,0x89, +}; + +/* subject:/C=US/ST=CA/L=Santa Clara/O=Intel Corporation/CN=Intel External Basic Issuing CA 3A */ +/* issuer :/C=US/O=Intel Corporation/CN=Intel External Basic Policy CA */ +unsigned char intel1_intermediate1[1725]={ + 0x30,0x82,0x06,0xB9,0x30,0x82,0x05,0xA1,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x61, + 0x2C,0x37,0xF2,0x00,0x01,0x00,0x00,0x00,0x0F,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x52,0x31,0x0B,0x30,0x09,0x06,0x03, + 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x0A, + 0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74, + 0x69,0x6F,0x6E,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x03,0x13,0x1E,0x49,0x6E, + 0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x42,0x61,0x73, + 0x69,0x63,0x20,0x50,0x6F,0x6C,0x69,0x63,0x79,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D, + 0x31,0x33,0x30,0x32,0x30,0x38,0x32,0x32,0x32,0x30,0x33,0x32,0x5A,0x17,0x0D,0x31, + 0x38,0x30,0x32,0x30,0x38,0x32,0x32,0x33,0x30,0x33,0x32,0x5A,0x30,0x79,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04, + 0x07,0x13,0x0B,0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C,0x61,0x72,0x61,0x31,0x1A, + 0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43, + 0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x2B,0x30,0x29,0x06,0x03, + 0x55,0x04,0x03,0x13,0x22,0x49,0x6E,0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72, + 0x6E,0x61,0x6C,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x49,0x73,0x73,0x75,0x69,0x6E, + 0x67,0x20,0x43,0x41,0x20,0x33,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A, + 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30, + 0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA6,0x7F,0x0B,0xB7,0x72,0xEB,0xBA,0x00, + 0x19,0x22,0xD7,0x22,0x56,0xF7,0x90,0x51,0x90,0x66,0x8E,0x54,0x9F,0x25,0x70,0x70, + 0xBD,0x3F,0x72,0xD0,0x44,0xE4,0x0F,0xEA,0x09,0x11,0x63,0xD6,0x4E,0x9F,0x5D,0x1E, + 0x2A,0x0F,0xB7,0x92,0x0E,0x72,0x26,0xAB,0x95,0xED,0x46,0xA7,0xC8,0x08,0xFA,0x5A, + 0xD3,0x5A,0x70,0xF8,0xBB,0xBF,0x14,0xEF,0x35,0x8D,0x15,0x9C,0x8F,0x42,0xBC,0xED, + 0x42,0xBB,0xE8,0xA9,0x17,0x39,0xB7,0x7B,0xC8,0x56,0x98,0x3D,0xF0,0x95,0x81,0x67, + 0x51,0x6B,0xEA,0x99,0xB6,0x60,0x72,0x44,0x87,0x26,0xD0,0x42,0x38,0x03,0x4D,0xC7, + 0x46,0x3D,0x6B,0xE1,0xB4,0xE9,0x82,0xEF,0x39,0xBE,0xFF,0x7D,0x63,0xD4,0x73,0x81, + 0x14,0x59,0xC8,0x32,0x42,0x21,0x53,0x43,0x1B,0x6C,0x1B,0x84,0x34,0x9D,0xBE,0x2F, + 0x87,0x31,0x5B,0x5D,0x65,0xF7,0xCC,0xB0,0x59,0xDC,0x94,0x39,0xAB,0xDF,0xAC,0xB2, + 0xC5,0xAB,0x9B,0xC7,0x69,0xD0,0xE8,0x0D,0xF5,0x7E,0x53,0x84,0x0A,0xA5,0xEB,0x25, + 0x1E,0xD1,0xB2,0xBB,0x84,0x55,0x19,0xE1,0x9F,0xD6,0x21,0xC7,0x44,0x68,0x18,0x87, + 0x45,0x60,0x05,0x3A,0xFC,0x5E,0x66,0xF9,0x20,0xD8,0x1B,0xF2,0xA9,0xC3,0x7C,0xBC, + 0x15,0xB6,0x34,0xB7,0x7C,0xDD,0x68,0xFC,0x7E,0xF7,0x1A,0xCA,0xED,0x0A,0x41,0x59, + 0xE0,0xDB,0xB1,0x32,0x64,0xB1,0xE1,0xCF,0x35,0x72,0xFF,0x24,0x58,0x81,0x8E,0x1B, + 0x0B,0x02,0x11,0x5C,0xD3,0x61,0x85,0x3D,0x23,0x32,0x58,0x31,0x72,0xC8,0x8C,0xCA, + 0xDA,0xFC,0xDC,0xFF,0x3F,0xF9,0x5B,0xD1,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03, + 0x68,0x30,0x82,0x03,0x64,0x30,0x12,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37, + 0x15,0x01,0x04,0x05,0x02,0x03,0x03,0x00,0x03,0x30,0x23,0x06,0x09,0x2B,0x06,0x01, + 0x04,0x01,0x82,0x37,0x15,0x02,0x04,0x16,0x04,0x14,0x4D,0x79,0xA3,0xAC,0x3C,0x5C, + 0xA2,0x96,0x30,0x07,0xC0,0xC5,0xE5,0xBD,0x91,0x39,0x8C,0xD9,0x1B,0x7B,0x30,0x1D, + 0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x33,0x38,0x3D,0x81,0xCA,0xC4,0xA5, + 0xCC,0x51,0xBA,0xC5,0x83,0x68,0x84,0xAB,0x0A,0x61,0x6E,0xC9,0x98,0x30,0x81,0xFA, + 0x06,0x03,0x55,0x1D,0x20,0x04,0x81,0xF2,0x30,0x81,0xEF,0x30,0x81,0xEC,0x06,0x0A, + 0x2A,0x86,0x48,0x86,0xF8,0x4D,0x01,0x05,0x01,0x69,0x30,0x81,0xDD,0x30,0x81,0x9C, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x81,0x8F,0x1E,0x81,0x8C, + 0x00,0x49,0x00,0x6E,0x00,0x74,0x00,0x65,0x00,0x6C,0x00,0x20,0x00,0x43,0x00,0x6F, + 0x00,0x72,0x00,0x70,0x00,0x6F,0x00,0x72,0x00,0x61,0x00,0x74,0x00,0x69,0x00,0x6F, + 0x00,0x6E,0x00,0x20,0x00,0x45,0x00,0x78,0x00,0x74,0x00,0x65,0x00,0x72,0x00,0x6E, + 0x00,0x61,0x00,0x6C,0x00,0x20,0x00,0x42,0x00,0x61,0x00,0x73,0x00,0x69,0x00,0x63, + 0x00,0x20,0x00,0x50,0x00,0x6F,0x00,0x6C,0x00,0x69,0x00,0x63,0x00,0x79,0x00,0x20, + 0x00,0x43,0x00,0x65,0x00,0x72,0x00,0x74,0x00,0x69,0x00,0x66,0x00,0x69,0x00,0x63, + 0x00,0x61,0x00,0x74,0x00,0x65,0x00,0x20,0x00,0x50,0x00,0x72,0x00,0x61,0x00,0x63, + 0x00,0x74,0x00,0x69,0x00,0x63,0x00,0x65,0x00,0x20,0x00,0x53,0x00,0x74,0x00,0x61, + 0x00,0x74,0x00,0x65,0x00,0x6D,0x00,0x65,0x00,0x6E,0x00,0x74,0x30,0x3C,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x30,0x68,0x74,0x74,0x70,0x3A,0x2F, + 0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72, + 0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x70,0x6B,0x69,0x63,0x70,0x73, + 0x2F,0x69,0x6E,0x64,0x65,0x78,0x2E,0x68,0x74,0x6D,0x30,0x19,0x06,0x09,0x2B,0x06, + 0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x04,0x0C,0x1E,0x0A,0x00,0x53,0x00,0x75,0x00, + 0x62,0x00,0x43,0x00,0x41,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02, + 0x01,0x86,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06, + 0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30, + 0x16,0x80,0x14,0x56,0x3A,0x6F,0x17,0xAB,0x24,0x0C,0xE5,0xB7,0x31,0x64,0xB0,0x11, + 0xED,0xDB,0xEA,0x23,0xBE,0x5E,0xBC,0x30,0x81,0xC3,0x06,0x03,0x55,0x1D,0x1F,0x04, + 0x81,0xBB,0x30,0x81,0xB8,0x30,0x81,0xB5,0xA0,0x81,0xB2,0xA0,0x81,0xAF,0x86,0x51, + 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C, + 0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F, + 0x43,0x52,0x4C,0x2F,0x49,0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65, + 0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x50, + 0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43,0x41,0x28,0x31,0x29,0x2E,0x63,0x72, + 0x6C,0x86,0x5A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x69,0x66, + 0x69,0x63,0x61,0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D, + 0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x43,0x52,0x4C,0x2F, + 0x49,0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C, + 0x25,0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63, + 0x79,0x25,0x32,0x30,0x43,0x41,0x28,0x31,0x29,0x2E,0x63,0x72,0x6C,0x30,0x81,0xE9, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x81,0xDC,0x30,0x81,0xD9, + 0x30,0x66,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x5A,0x68,0x74, + 0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63, + 0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x63,0x65, + 0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,0x74,0x65,0x6C, + 0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61, + 0x73,0x69,0x63,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43, + 0x41,0x28,0x31,0x29,0x2E,0x63,0x72,0x74,0x30,0x6F,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x30,0x02,0x86,0x63,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72, + 0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E, + 0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x63, + 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,0x74,0x65, + 0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42, + 0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30, + 0x43,0x41,0x28,0x31,0x29,0x2E,0x63,0x72,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x0B,0x3F,0x6F, + 0x3B,0xCC,0xC6,0x8E,0x21,0x82,0x96,0x87,0xCA,0xDC,0x9D,0x44,0x78,0x37,0x93,0x76, + 0xD7,0xAB,0x7E,0xDD,0xC3,0xF4,0x80,0xFD,0x35,0x4E,0xA8,0x0A,0xCA,0xCC,0x15,0xA9, + 0x5B,0xD9,0x6B,0x5C,0x6C,0x7B,0xE3,0xE5,0xF7,0xE0,0x28,0x44,0xE7,0x22,0x55,0x46, + 0xF1,0x12,0x34,0x20,0x8E,0xDA,0xF7,0x3A,0x6B,0xBC,0xD3,0x17,0x08,0x35,0xA5,0xCF, + 0xAB,0xF1,0x03,0xAE,0xAF,0x85,0x3D,0x4A,0xA1,0x5B,0x4E,0x07,0x98,0xAD,0x0C,0xDB, + 0xFC,0xEE,0xB1,0x2E,0xB9,0x9D,0xE4,0xFE,0xB5,0xC6,0x53,0xAB,0xC0,0xC2,0x92,0xE3, + 0x51,0x60,0xEA,0x87,0x7A,0xB0,0x3F,0x41,0x0E,0x92,0x76,0x54,0xFD,0x90,0x4F,0x5F, + 0xDA,0x0E,0x54,0x1A,0x43,0xF0,0x11,0xC6,0x42,0x99,0x1B,0xBA,0xA9,0xA0,0x69,0xCF, + 0xD1,0x3E,0x0D,0xE8,0xC7,0x0A,0x8D,0x07,0xD0,0x20,0x26,0xFC,0x49,0x46,0x65,0xC0, + 0xF2,0x1C,0x28,0x42,0xC7,0x49,0x2F,0x04,0x52,0xBA,0x64,0xAC,0xF8,0x4B,0x48,0x66, + 0x21,0x55,0x59,0x18,0x98,0x0B,0x08,0xAA,0x94,0x15,0x7E,0x78,0xB9,0x70,0xF5,0xA0, + 0xCD,0x30,0xE1,0x18,0x84,0xC0,0x0D,0xF2,0xBD,0xF3,0x67,0x5B,0x22,0x5F,0xE3,0xDF, + 0x3B,0x4C,0x9F,0xAD,0x96,0x07,0xB5,0xC3,0x21,0x95,0x03,0x40,0x08,0x20,0xF6,0x89, + 0x56,0xF6,0x11,0x6C,0x2A,0x65,0x87,0xAD,0xC6,0xF0,0x38,0xF1,0xE8,0x31,0x12,0xAF, + 0xAE,0xC8,0xE9,0x82,0x75,0xD4,0x41,0x50,0x01,0x26,0xCF,0x6F,0xC7,0x7D,0x40,0x20, + 0x4B,0x3C,0x15,0xC1,0x3E,0xD1,0xFE,0x92,0x07,0x71,0xF0,0x76,0xB4, +}; + +/* subject:/C=US/ST=CA/L=Santa Clara/O=Intel Corporation/CN=contact.intel.com */ +/* issuer :/C=US/ST=CA/L=Santa Clara/O=Intel Corporation/CN=Intel External Basic Issuing CA 3B */ +unsigned char intel2_leaf[1725]={ + 0x30,0x82,0x06,0xB9,0x30,0x82,0x05,0xA1,0xA0,0x03,0x02,0x01,0x02,0x02,0x13,0x33, + 0x00,0x00,0xB6,0x06,0x88,0x89,0x35,0x62,0x16,0x48,0xF1,0x1D,0x00,0x02,0x00,0x00, + 0xB6,0x06,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05, + 0x00,0x30,0x79,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30, + 0x12,0x06,0x03,0x55,0x04,0x07,0x13,0x0B,0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C, + 0x61,0x72,0x61,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E, + 0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31, + 0x2B,0x30,0x29,0x06,0x03,0x55,0x04,0x03,0x13,0x22,0x49,0x6E,0x74,0x65,0x6C,0x20, + 0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x49, + 0x73,0x73,0x75,0x69,0x6E,0x67,0x20,0x43,0x41,0x20,0x33,0x42,0x30,0x1E,0x17,0x0D, + 0x31,0x35,0x30,0x33,0x30,0x36,0x31,0x32,0x30,0x30,0x30,0x36,0x5A,0x17,0x0D,0x31, + 0x36,0x30,0x38,0x32,0x37,0x31,0x32,0x30,0x30,0x30,0x36,0x5A,0x30,0x68,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04, + 0x07,0x13,0x0B,0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C,0x61,0x72,0x61,0x31,0x1A, + 0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43, + 0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1A,0x30,0x18,0x06,0x03, + 0x55,0x04,0x03,0x13,0x11,0x63,0x6F,0x6E,0x74,0x61,0x63,0x74,0x2E,0x69,0x6E,0x74, + 0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86, + 0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82, + 0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xE8,0xAD,0x3F,0x95,0x76,0xD6,0x63,0xB4,0x9B, + 0x87,0x0C,0xF8,0x27,0x04,0xF8,0x0B,0x69,0x3B,0xE2,0xC1,0xA6,0xF7,0x28,0xFE,0x0E, + 0x7C,0x66,0x05,0x6C,0xBF,0xFE,0x3E,0x25,0x12,0xA0,0xAD,0x03,0x2F,0x77,0xAC,0x44, + 0x04,0xE8,0xB6,0x57,0x07,0x1D,0xF8,0x0B,0x67,0x35,0x13,0x3D,0x81,0x22,0x7E,0xE1, + 0x0D,0xFE,0x14,0x5B,0x4F,0x94,0x31,0x3C,0xB4,0xA5,0xE4,0xB5,0x6B,0x4E,0x73,0x48, + 0xE0,0x79,0xDD,0x37,0xDF,0xB9,0x26,0xC5,0x5C,0xAC,0x3B,0xB6,0x99,0x6E,0x56,0x4A, + 0x77,0x2A,0x55,0xBD,0xF6,0x71,0x71,0x50,0xBC,0xFC,0x33,0xD2,0x50,0x6E,0x37,0x71, + 0xFF,0x0E,0xFF,0x51,0x12,0xAF,0x19,0xAE,0xA3,0x64,0x1E,0xBA,0x10,0x0A,0xDE,0x9E, + 0xFA,0xEE,0xFE,0x41,0xAD,0xBB,0x15,0xCE,0x61,0x11,0x5A,0x1B,0xA4,0xA4,0x76,0x4A, + 0x32,0x0C,0xC6,0x9A,0x23,0xD2,0x7F,0xF0,0x62,0x94,0x60,0x29,0x38,0x56,0xBD,0xDE, + 0x52,0xDF,0xE6,0x23,0x1F,0xE0,0x2F,0x9D,0x75,0x04,0xF0,0xCA,0x13,0x68,0x9D,0xE1, + 0x80,0xD5,0x20,0x20,0x1F,0x11,0x7B,0xB0,0xCA,0x29,0x81,0xCC,0x15,0xA4,0xE1,0x4C, + 0xA4,0x0D,0xB2,0x20,0x63,0x7E,0xCD,0xB0,0xBC,0xD3,0x04,0x22,0x27,0x93,0x94,0x60, + 0x51,0x8D,0x30,0xB7,0x3D,0x29,0x06,0xBC,0x55,0x3D,0x31,0x8F,0x6B,0xED,0x26,0x98, + 0x6F,0xCB,0x40,0xF1,0xB5,0x22,0xC1,0xA8,0x33,0x0A,0x42,0x93,0x9E,0xCA,0xFA,0x04, + 0x72,0x0B,0xD5,0x31,0x5B,0x63,0x1C,0x35,0xD2,0x0D,0x03,0x37,0x29,0x2F,0xD9,0x79, + 0xF6,0xDA,0x07,0x7E,0x8D,0x31,0xC9,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03,0x49, + 0x30,0x82,0x03,0x45,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x05, + 0xA0,0x30,0x3D,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x07,0x04,0x30, + 0x30,0x2E,0x06,0x26,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x08,0x86,0xC3,0x8C, + 0x75,0x84,0x99,0xE5,0x51,0x83,0xFD,0x81,0x28,0x85,0x8E,0x9F,0x53,0x82,0x91,0xC0, + 0x09,0x67,0x82,0xFC,0xFB,0x17,0x85,0x9B,0xFA,0x24,0x02,0x01,0x64,0x02,0x01,0x0D, + 0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x4B,0x63,0x62,0x54,0x47, + 0xF3,0xCF,0x7F,0x7F,0x7A,0x8B,0x5D,0xC1,0x14,0x0E,0xD8,0x47,0x6C,0x3F,0x4A,0x30, + 0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xE5,0x9C,0x00,0xAE, + 0x43,0x00,0xBD,0x1A,0x5A,0x4A,0xB7,0x89,0xB6,0xE7,0x88,0xD0,0x0E,0x77,0x2D,0x22, + 0x30,0x81,0xCF,0x06,0x03,0x55,0x1D,0x1F,0x04,0x81,0xC7,0x30,0x81,0xC4,0x30,0x81, + 0xC1,0xA0,0x81,0xBE,0xA0,0x81,0xBB,0x86,0x57,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F, + 0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65, + 0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x43,0x52,0x4C,0x2F,0x49,0x6E,0x74, + 0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30, + 0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x25, + 0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x33,0x42,0x28,0x32,0x29,0x2E,0x63,0x72,0x6C, + 0x86,0x60,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69, + 0x63,0x61,0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F, + 0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x43,0x52,0x4C,0x2F,0x49, + 0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25, + 0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x49,0x73,0x73,0x75,0x69,0x6E, + 0x67,0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x33,0x42,0x28,0x32,0x29,0x2E,0x63, + 0x72,0x6C,0x30,0x82,0x01,0x1B,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, + 0x04,0x82,0x01,0x0D,0x30,0x82,0x01,0x09,0x30,0x6C,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x30,0x02,0x86,0x60,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77, + 0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73, + 0x69,0x74,0x6F,0x72,0x79,0x2F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74, + 0x65,0x73,0x2F,0x49,0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72, + 0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x49,0x73, + 0x73,0x75,0x69,0x6E,0x67,0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x33,0x42,0x28, + 0x32,0x29,0x2E,0x63,0x72,0x74,0x30,0x75,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x30,0x02,0x86,0x69,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F, + 0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x63,0x65,0x72, + 0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,0x74,0x65,0x6C,0x25, + 0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,0x73, + 0x69,0x63,0x25,0x32,0x30,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x25,0x32,0x30,0x43, + 0x41,0x25,0x32,0x30,0x33,0x42,0x28,0x32,0x29,0x2E,0x63,0x72,0x74,0x30,0x22,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x16,0x68,0x74,0x74,0x70,0x3A, + 0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D, + 0x2F,0x30,0x1D,0x06,0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06, + 0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, + 0x30,0x27,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x0A,0x04,0x1A,0x30, + 0x18,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x30,0x0A,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x7E,0x06,0x03,0x55,0x1D,0x11, + 0x04,0x77,0x30,0x75,0x82,0x11,0x63,0x6F,0x6E,0x74,0x61,0x63,0x74,0x2E,0x69,0x6E, + 0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x17,0x6D,0x79,0x70,0x68,0x6F,0x6E,0x65, + 0x61,0x74,0x77,0x6F,0x72,0x6B,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D, + 0x82,0x11,0x6D,0x69,0x61,0x64,0x6D,0x69,0x6E,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E, + 0x63,0x6F,0x6D,0x82,0x19,0x66,0x6D,0x73,0x76,0x73,0x70,0x70,0x72,0x6F,0x64,0x30, + 0x32,0x2E,0x66,0x6D,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x19, + 0x6A,0x66,0x73,0x76,0x73,0x70,0x70,0x72,0x6F,0x64,0x30,0x32,0x2E,0x6A,0x66,0x2E, + 0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x51,0xB1,0x05, + 0xDD,0xB7,0x55,0x8B,0xAC,0x41,0x7C,0x45,0x05,0x31,0x74,0x08,0x74,0x79,0xB3,0xD3, + 0x2C,0x61,0x82,0xAF,0x3E,0x73,0x44,0x6F,0xFD,0xF1,0x3C,0xEF,0x5C,0xC4,0xCF,0xA3, + 0x8D,0xEB,0x17,0x1F,0x04,0x66,0x41,0xF0,0x1C,0x4E,0x6D,0xEA,0x67,0xC7,0xFC,0x4E, + 0x36,0x68,0xC8,0x17,0xE5,0x8E,0x34,0xE5,0x09,0x4E,0x3E,0x43,0xA8,0xF7,0x4B,0x84, + 0xD7,0x10,0x0E,0x65,0x7B,0xB0,0x07,0xED,0xA1,0x0F,0x73,0x31,0x29,0xDB,0x88,0xFA, + 0xD6,0x87,0x51,0x7A,0x37,0xD9,0x64,0x60,0x25,0xB9,0x0F,0x49,0x0E,0xF7,0xC4,0x10, + 0x61,0xE1,0x47,0x41,0x13,0xEC,0x7D,0xE9,0xBB,0x69,0x51,0x27,0xDC,0x2B,0xAC,0x23, + 0x9A,0x00,0x44,0xE3,0xE8,0x22,0x38,0x06,0xA3,0x53,0x2F,0x8F,0x2D,0x0B,0x70,0xE2, + 0x79,0xC1,0x62,0x12,0xB7,0x89,0xE1,0x05,0x4E,0xA3,0xDF,0x84,0x39,0x29,0xD1,0xBB, + 0x70,0x22,0xA5,0x5A,0xB2,0x8B,0x5D,0xA4,0x95,0x5A,0x7E,0x7A,0xFB,0x36,0xFC,0x6A, + 0xC8,0x29,0xE0,0x7E,0x77,0x1E,0xE6,0x63,0x31,0x09,0x7D,0x42,0x94,0xF4,0xF4,0x6B, + 0x92,0x36,0xF6,0x5B,0x38,0x31,0xC8,0x65,0x35,0xEA,0xE6,0x5E,0x45,0xBC,0x7E,0xF8, + 0x6D,0xF4,0x8C,0x01,0xC2,0xAC,0xAF,0xAD,0xAC,0x56,0xCA,0x08,0x23,0xBB,0x06,0x0B, + 0xD1,0xC9,0xC9,0x8A,0x2C,0x49,0xDD,0xE6,0x34,0xF2,0xB9,0x0F,0x24,0x3F,0x26,0x7B, + 0xFC,0xA4,0xE2,0x86,0xFC,0xE1,0x83,0x35,0x1E,0xB2,0xCD,0xA4,0x01,0xFE,0x14,0xFE, + 0xC1,0x90,0xEF,0x87,0xD3,0x9F,0xB2,0xFC,0x9A,0xDA,0xEB,0x6A,0x6C, +}; + +/* subject:/C=US/ST=CA/L=Santa Clara/O=Intel Corporation/CN=Intel External Basic Issuing CA 3B */ +/* issuer :/C=US/O=Intel Corporation/CN=Intel External Basic Policy CA */ +unsigned char intel2_intermediate1[1725]={ + 0x30,0x82,0x06,0xB9,0x30,0x82,0x05,0xA1,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x61, + 0x2C,0xFF,0x88,0x00,0x01,0x00,0x00,0x00,0x10,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x52,0x31,0x0B,0x30,0x09,0x06,0x03, + 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1A,0x30,0x18,0x06,0x03,0x55,0x04,0x0A, + 0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74, + 0x69,0x6F,0x6E,0x31,0x27,0x30,0x25,0x06,0x03,0x55,0x04,0x03,0x13,0x1E,0x49,0x6E, + 0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x42,0x61,0x73, + 0x69,0x63,0x20,0x50,0x6F,0x6C,0x69,0x63,0x79,0x20,0x43,0x41,0x30,0x1E,0x17,0x0D, + 0x31,0x33,0x30,0x32,0x30,0x38,0x32,0x32,0x32,0x31,0x32,0x33,0x5A,0x17,0x0D,0x31, + 0x38,0x30,0x32,0x30,0x38,0x32,0x32,0x33,0x31,0x32,0x33,0x5A,0x30,0x79,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04, + 0x07,0x13,0x0B,0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C,0x61,0x72,0x61,0x31,0x1A, + 0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43, + 0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x2B,0x30,0x29,0x06,0x03, + 0x55,0x04,0x03,0x13,0x22,0x49,0x6E,0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72, + 0x6E,0x61,0x6C,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x49,0x73,0x73,0x75,0x69,0x6E, + 0x67,0x20,0x43,0x41,0x20,0x33,0x42,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A, + 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30, + 0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xB0,0x00,0x93,0xAE,0xF2,0xCA,0x6C,0xA6, + 0x4D,0xCC,0x48,0xBF,0x4A,0x23,0xFC,0x2A,0x9B,0xC8,0x6E,0xED,0x0B,0x83,0x07,0xB1, + 0x3C,0x67,0x39,0x75,0x62,0x80,0x6D,0x10,0xD1,0xA8,0xF0,0xD6,0xA7,0x33,0xA0,0x98, + 0xD8,0x85,0xFA,0x85,0xCF,0x0A,0xEB,0xC9,0xF5,0xBD,0x9B,0x0B,0xB4,0xF7,0xB8,0xB3, + 0xC1,0x64,0xE3,0x9F,0x60,0x3F,0xD0,0x4B,0x2D,0x9C,0x3F,0xBB,0x3E,0x1F,0xD6,0x8B, + 0x8A,0x68,0xA8,0x93,0x71,0xFE,0x30,0xD2,0xE5,0x97,0xAC,0xEF,0x20,0x86,0x15,0xEA, + 0xB1,0xF7,0x6E,0x43,0x7F,0x6D,0xF3,0x00,0x9E,0x73,0xA7,0xD7,0xA1,0xD4,0xA3,0x58, + 0xDB,0x6D,0x61,0xC2,0xBE,0x51,0x6A,0xA3,0x24,0xFA,0x6F,0x80,0x27,0x32,0xA0,0x12, + 0xD8,0x7C,0x9C,0xF6,0x46,0x58,0xB6,0xC8,0x1D,0x61,0x6A,0x05,0xAA,0x85,0xF7,0x28, + 0xE1,0x08,0x29,0xCB,0x02,0xA4,0xDF,0x73,0x76,0x2A,0xFB,0x1D,0xAE,0x98,0xBF,0xEB, + 0xD8,0x7F,0x09,0x1A,0x62,0x3B,0xBF,0xB1,0x0E,0x06,0xCB,0x8C,0x8C,0xE2,0xEA,0xCC, + 0x45,0x81,0xB2,0x95,0xE3,0xFA,0x87,0xF4,0xA8,0x17,0xEA,0xEC,0xBF,0x08,0x0F,0x7F, + 0xB1,0x40,0x0F,0x4F,0x7B,0xBC,0xE9,0xB6,0xAA,0x33,0xE2,0x64,0xC6,0x43,0x6F,0x12, + 0xAE,0x18,0xA9,0x72,0x04,0x1A,0xE5,0x26,0x10,0x13,0xF7,0xE1,0x2B,0x51,0x50,0xB0, + 0x16,0x9C,0x52,0x19,0x16,0x0A,0x24,0x0A,0x06,0xBB,0x26,0xDD,0xF0,0x1A,0xD3,0x1D, + 0x5E,0x31,0xAC,0xE0,0xC4,0xE7,0x2A,0xB3,0xFB,0x18,0x9F,0xCA,0xD3,0x05,0xC7,0x9D, + 0xDD,0x6F,0x6A,0x69,0xA9,0xB2,0x7E,0x85,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x03, + 0x68,0x30,0x82,0x03,0x64,0x30,0x12,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37, + 0x15,0x01,0x04,0x05,0x02,0x03,0x02,0x00,0x02,0x30,0x23,0x06,0x09,0x2B,0x06,0x01, + 0x04,0x01,0x82,0x37,0x15,0x02,0x04,0x16,0x04,0x14,0x06,0x65,0x8B,0xA6,0x92,0xAB, + 0x43,0xBC,0x42,0x5A,0x90,0x2D,0xF5,0xCB,0x91,0x68,0x96,0x06,0x79,0xCF,0x30,0x1D, + 0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xE5,0x9C,0x00,0xAE,0x43,0x00,0xBD, + 0x1A,0x5A,0x4A,0xB7,0x89,0xB6,0xE7,0x88,0xD0,0x0E,0x77,0x2D,0x22,0x30,0x81,0xFA, + 0x06,0x03,0x55,0x1D,0x20,0x04,0x81,0xF2,0x30,0x81,0xEF,0x30,0x81,0xEC,0x06,0x0A, + 0x2A,0x86,0x48,0x86,0xF8,0x4D,0x01,0x05,0x01,0x69,0x30,0x81,0xDD,0x30,0x81,0x9C, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x81,0x8F,0x1E,0x81,0x8C, + 0x00,0x49,0x00,0x6E,0x00,0x74,0x00,0x65,0x00,0x6C,0x00,0x20,0x00,0x43,0x00,0x6F, + 0x00,0x72,0x00,0x70,0x00,0x6F,0x00,0x72,0x00,0x61,0x00,0x74,0x00,0x69,0x00,0x6F, + 0x00,0x6E,0x00,0x20,0x00,0x45,0x00,0x78,0x00,0x74,0x00,0x65,0x00,0x72,0x00,0x6E, + 0x00,0x61,0x00,0x6C,0x00,0x20,0x00,0x42,0x00,0x61,0x00,0x73,0x00,0x69,0x00,0x63, + 0x00,0x20,0x00,0x50,0x00,0x6F,0x00,0x6C,0x00,0x69,0x00,0x63,0x00,0x79,0x00,0x20, + 0x00,0x43,0x00,0x65,0x00,0x72,0x00,0x74,0x00,0x69,0x00,0x66,0x00,0x69,0x00,0x63, + 0x00,0x61,0x00,0x74,0x00,0x65,0x00,0x20,0x00,0x50,0x00,0x72,0x00,0x61,0x00,0x63, + 0x00,0x74,0x00,0x69,0x00,0x63,0x00,0x65,0x00,0x20,0x00,0x53,0x00,0x74,0x00,0x61, + 0x00,0x74,0x00,0x65,0x00,0x6D,0x00,0x65,0x00,0x6E,0x00,0x74,0x30,0x3C,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x30,0x68,0x74,0x74,0x70,0x3A,0x2F, + 0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x72, + 0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x70,0x6B,0x69,0x63,0x70,0x73, + 0x2F,0x69,0x6E,0x64,0x65,0x78,0x2E,0x68,0x74,0x6D,0x30,0x19,0x06,0x09,0x2B,0x06, + 0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x04,0x0C,0x1E,0x0A,0x00,0x53,0x00,0x75,0x00, + 0x62,0x00,0x43,0x00,0x41,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02, + 0x01,0x86,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06, + 0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30, + 0x16,0x80,0x14,0x56,0x3A,0x6F,0x17,0xAB,0x24,0x0C,0xE5,0xB7,0x31,0x64,0xB0,0x11, + 0xED,0xDB,0xEA,0x23,0xBE,0x5E,0xBC,0x30,0x81,0xC3,0x06,0x03,0x55,0x1D,0x1F,0x04, + 0x81,0xBB,0x30,0x81,0xB8,0x30,0x81,0xB5,0xA0,0x81,0xB2,0xA0,0x81,0xAF,0x86,0x51, + 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C, + 0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F, + 0x43,0x52,0x4C,0x2F,0x49,0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65, + 0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x50, + 0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43,0x41,0x28,0x31,0x29,0x2E,0x63,0x72, + 0x6C,0x86,0x5A,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x69,0x66, + 0x69,0x63,0x61,0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D, + 0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x43,0x52,0x4C,0x2F, + 0x49,0x6E,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C, + 0x25,0x32,0x30,0x42,0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63, + 0x79,0x25,0x32,0x30,0x43,0x41,0x28,0x31,0x29,0x2E,0x63,0x72,0x6C,0x30,0x81,0xE9, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x81,0xDC,0x30,0x81,0xD9, + 0x30,0x66,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x5A,0x68,0x74, + 0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63, + 0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x63,0x65, + 0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,0x74,0x65,0x6C, + 0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42,0x61, + 0x73,0x69,0x63,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43, + 0x41,0x28,0x31,0x29,0x2E,0x63,0x72,0x74,0x30,0x6F,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x30,0x02,0x86,0x63,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72, + 0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2E,0x69,0x6E,0x74,0x65,0x6C,0x2E, + 0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69,0x74,0x6F,0x72,0x79,0x2F,0x63, + 0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x73,0x2F,0x49,0x6E,0x74,0x65, + 0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x42, + 0x61,0x73,0x69,0x63,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30, + 0x43,0x41,0x28,0x31,0x29,0x2E,0x63,0x72,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x47,0xBB,0x93, + 0xE6,0x03,0xB1,0xD9,0x57,0x0E,0xFF,0x60,0xE9,0x0F,0xC7,0x5E,0x86,0xE6,0x23,0xF7, + 0xDE,0xFA,0x6D,0xC2,0x77,0x32,0xEF,0x23,0xF6,0x8F,0xCC,0x6F,0x25,0x72,0xD4,0xA9, + 0x4B,0xAD,0x11,0xA2,0x73,0xBB,0x8B,0xD2,0xB7,0xB8,0x87,0x94,0x74,0x89,0x0C,0xCC, + 0x5C,0xEA,0x3A,0x9A,0xC0,0x75,0x3A,0x97,0x59,0x7C,0x22,0x00,0x3D,0x7A,0xC7,0xC5, + 0x5B,0xE8,0xD4,0x93,0x13,0xEC,0x8F,0x94,0xCD,0xA8,0x33,0xDF,0xA4,0xD7,0x9A,0xA1, + 0xC8,0xD8,0xA3,0xB4,0x49,0x7E,0x17,0x3A,0x02,0xE9,0x66,0x56,0x97,0x8D,0x16,0xB4, + 0x70,0xAB,0xBC,0x6B,0x10,0x48,0xE7,0x45,0x7B,0x13,0xC7,0x4D,0x05,0xBC,0xA0,0x2C, + 0x05,0x16,0xBE,0x06,0x7E,0xF6,0x79,0x67,0x8F,0x9C,0x34,0x54,0xE6,0x7E,0xEA,0x19, + 0x77,0x14,0xF1,0x9D,0x3B,0x55,0xE4,0x33,0x9F,0x69,0xBB,0xA7,0xA7,0x22,0x54,0x51, + 0x2C,0x67,0x7D,0x04,0x52,0xAA,0x7B,0x66,0xDE,0xA9,0x6A,0xAD,0x8C,0xA1,0x5C,0x79, + 0x39,0xCD,0x1C,0x85,0xEC,0x89,0x06,0x99,0x85,0x46,0x27,0xA0,0x01,0x57,0x6E,0x93, + 0x36,0x51,0x45,0xE1,0x5A,0x3A,0x59,0xAF,0x5B,0x41,0xF9,0x70,0x9D,0xC4,0x16,0x0E, + 0x05,0xE7,0x95,0xB4,0x01,0xB4,0x93,0x1A,0x59,0x0B,0x8A,0x31,0xF7,0xB6,0x48,0xC8, + 0x6A,0xF6,0x22,0x8C,0x9E,0x92,0x28,0x6F,0xA8,0x93,0xB4,0xA7,0x72,0x53,0x3A,0xDA, + 0x2C,0xFA,0xD4,0x3D,0xBF,0x09,0x23,0x7F,0xDF,0xCC,0x65,0x2A,0xD0,0x91,0xAA,0x50, + 0x31,0xC8,0x65,0xF5,0x38,0x58,0xD4,0xB3,0x9B,0xE6,0x31,0x10,0x08, +}; + +/* subject:/C=US/O=Intel Corporation/CN=Intel External Basic Policy CA */ +/* issuer :/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root */ +unsigned char intel_intermediate2[2397]={ + 0x30,0x82,0x09,0x59,0x30,0x82,0x08,0x41,0xA0,0x03,0x02,0x01,0x02,0x02,0x10,0x79, + 0x17,0x4A,0xA9,0x14,0x17,0x36,0xFE,0x15,0xA7,0xCA,0x9F,0x2C,0xFF,0x45,0x88,0x30, + 0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x6F, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x53,0x45,0x31,0x14,0x30, + 0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74, + 0x20,0x41,0x42,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41,0x64, + 0x64,0x54,0x72,0x75,0x73,0x74,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20, + 0x54,0x54,0x50,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x22,0x30,0x20,0x06, + 0x03,0x55,0x04,0x03,0x13,0x19,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x20,0x45, + 0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x43,0x41,0x20,0x52,0x6F,0x6F,0x74,0x30, + 0x1E,0x17,0x0D,0x31,0x33,0x30,0x32,0x30,0x31,0x30,0x30,0x30,0x30,0x30,0x30,0x5A, + 0x17,0x0D,0x32,0x30,0x30,0x35,0x33,0x30,0x31,0x30,0x34,0x38,0x33,0x38,0x5A,0x30, + 0x52,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1A, + 0x30,0x18,0x06,0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43, + 0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x27,0x30,0x25,0x06,0x03, + 0x55,0x04,0x03,0x13,0x1E,0x49,0x6E,0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72, + 0x6E,0x61,0x6C,0x20,0x42,0x61,0x73,0x69,0x63,0x20,0x50,0x6F,0x6C,0x69,0x63,0x79, + 0x20,0x43,0x41,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02, + 0x82,0x01,0x01,0x00,0xC2,0xB8,0x84,0x95,0x42,0x2D,0xDC,0xB0,0xAA,0x98,0x93,0x9B, + 0xB3,0xEC,0x83,0xA1,0x63,0xC3,0x17,0x92,0x2A,0x81,0x69,0x3A,0x9A,0x82,0x28,0x6D, + 0x88,0xCF,0x7D,0xEC,0x6D,0x66,0x26,0x14,0xE8,0x8D,0xC4,0x7E,0xF0,0x30,0xA0,0xDC, + 0x4F,0x0E,0x43,0x76,0x5A,0x8C,0x1C,0xA1,0xC5,0x19,0x30,0x96,0xC4,0x78,0x4A,0xB9, + 0x79,0xB0,0x64,0xB0,0x59,0xF1,0x7F,0x5D,0xA0,0x07,0x19,0x48,0x56,0x22,0x18,0xC1, + 0x90,0x33,0xBB,0xB6,0x85,0xBE,0x10,0xCC,0xC8,0xF2,0x90,0x23,0x70,0xBC,0x08,0x6D, + 0x19,0x48,0x2F,0x40,0x05,0x9D,0x44,0xDE,0xE9,0x9D,0x03,0x70,0x84,0xB9,0xE3,0x4E, + 0x98,0xFF,0xD3,0x0A,0x13,0x6A,0x0A,0x5D,0xB7,0xF8,0x11,0xB5,0x41,0xBF,0xCF,0x26, + 0x4A,0x40,0x3B,0xE1,0x9F,0xA5,0x64,0x95,0x85,0x37,0x15,0xE7,0x73,0x1F,0xFD,0xC2, + 0xAF,0x14,0x77,0x23,0x18,0xDA,0xF1,0xCD,0xD4,0xA8,0xAB,0xD7,0xF2,0x5B,0xB6,0xBA, + 0x81,0xF7,0x06,0x11,0x06,0x34,0x2D,0x59,0x26,0xC0,0x55,0x94,0x7C,0x9D,0x30,0x4F, + 0xC9,0x1A,0x78,0xBA,0xF4,0x13,0x4B,0x68,0xCE,0x42,0x1F,0xA3,0x4D,0x4A,0x35,0x63, + 0x73,0xBF,0xA3,0x5C,0x60,0xFF,0x34,0x40,0xE0,0x51,0x0E,0x50,0x29,0x5A,0xEF,0x4E, + 0x0E,0x61,0x15,0x24,0x73,0xC3,0x6E,0x5C,0x78,0x8F,0x34,0xD0,0xDC,0x92,0xDA,0xFB, + 0x80,0xEF,0x04,0xD3,0xA3,0x55,0x43,0xA9,0xFA,0x68,0x11,0x9A,0x38,0x96,0xD2,0xB2, + 0xDD,0xAF,0x1C,0x0E,0xC4,0x8A,0x88,0x3B,0x03,0x63,0xC1,0xE3,0x02,0xA7,0xF8,0x60, + 0xC5,0x7F,0xE1,0x4D,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x06,0x0C,0x30,0x82,0x06, + 0x08,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xAD,0xBD, + 0x98,0x7A,0x34,0xB4,0x26,0xF7,0xFA,0xC4,0x26,0x54,0xEF,0x03,0xBD,0xE0,0x24,0xCB, + 0x54,0x1A,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x56,0x3A,0x6F, + 0x17,0xAB,0x24,0x0C,0xE5,0xB7,0x31,0x64,0xB0,0x11,0xED,0xDB,0xEA,0x23,0xBE,0x5E, + 0xBC,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01, + 0x86,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01, + 0x01,0xFF,0x02,0x01,0x01,0x30,0x5E,0x06,0x03,0x55,0x1D,0x25,0x04,0x57,0x30,0x55, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x03,0x02,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x03,0x08,0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,0x06,0x0A, + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x0C,0x06,0x09,0x2B,0x06,0x01,0x04, + 0x01,0x82,0x37,0x15,0x05,0x30,0x17,0x06,0x03,0x55,0x1D,0x20,0x04,0x10,0x30,0x0E, + 0x30,0x0C,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF8,0x4D,0x01,0x05,0x01,0x69,0x30,0x49, + 0x06,0x03,0x55,0x1D,0x1F,0x04,0x42,0x30,0x40,0x30,0x3E,0xA0,0x3C,0xA0,0x3A,0x86, + 0x38,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x74,0x72,0x75,0x73, + 0x74,0x2D,0x70,0x72,0x6F,0x76,0x69,0x64,0x65,0x72,0x2E,0x63,0x6F,0x6D,0x2F,0x41, + 0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x43, + 0x41,0x52,0x6F,0x6F,0x74,0x2E,0x63,0x72,0x6C,0x30,0x81,0xC2,0x06,0x08,0x2B,0x06, + 0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x81,0xB5,0x30,0x81,0xB2,0x30,0x44,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x38,0x68,0x74,0x74,0x70,0x3A,0x2F, + 0x2F,0x63,0x72,0x74,0x2E,0x74,0x72,0x75,0x73,0x74,0x2D,0x70,0x72,0x6F,0x76,0x69, + 0x64,0x65,0x72,0x2E,0x63,0x6F,0x6D,0x2F,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74, + 0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x43,0x41,0x52,0x6F,0x6F,0x74,0x2E,0x70, + 0x37,0x63,0x30,0x3E,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x32, + 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x74,0x2E,0x74,0x72,0x75,0x73,0x74, + 0x2D,0x70,0x72,0x6F,0x76,0x69,0x64,0x65,0x72,0x2E,0x63,0x6F,0x6D,0x2F,0x41,0x64, + 0x64,0x54,0x72,0x75,0x73,0x74,0x55,0x54,0x4E,0x53,0x47,0x43,0x43,0x41,0x2E,0x63, + 0x72,0x74,0x30,0x2A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x1E, + 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x74,0x72,0x75,0x73, + 0x74,0x2D,0x70,0x72,0x6F,0x76,0x69,0x64,0x65,0x72,0x2E,0x63,0x6F,0x6D,0x30,0x82, + 0x04,0x17,0x06,0x03,0x55,0x1D,0x1E,0x04,0x82,0x04,0x0E,0x30,0x82,0x04,0x0A,0xA0, + 0x82,0x03,0xD4,0x30,0x0B,0x81,0x09,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D, + 0x30,0x0B,0x82,0x09,0x61,0x70,0x70,0x75,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x82, + 0x0C,0x63,0x6C,0x6F,0x75,0x64,0x6E,0x70,0x6F,0x2E,0x6F,0x72,0x67,0x30,0x13,0x82, + 0x11,0x65,0x64,0x61,0x63,0x61,0x64,0x74,0x6F,0x6F,0x6C,0x6B,0x69,0x74,0x2E,0x6F, + 0x72,0x67,0x30,0x0B,0x82,0x09,0x66,0x74,0x6C,0x31,0x30,0x2E,0x63,0x6F,0x6D,0x30, + 0x0B,0x82,0x09,0x69,0x68,0x63,0x6D,0x73,0x2E,0x6E,0x65,0x74,0x30,0x0E,0x82,0x0C, + 0x69,0x6E,0x63,0x2D,0x6E,0x65,0x73,0x74,0x2E,0x6E,0x65,0x74,0x30,0x16,0x82,0x14, + 0x69,0x6E,0x64,0x69,0x61,0x65,0x64,0x75,0x73,0x65,0x72,0x76,0x69,0x63,0x65,0x73, + 0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x82,0x0B,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F, + 0x2E,0x6A,0x70,0x30,0x0D,0x82,0x0B,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x2E, + 0x6B,0x72,0x30,0x0D,0x82,0x0B,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x2E,0x75, + 0x6B,0x30,0x0B,0x82,0x09,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0A, + 0x82,0x08,0x69,0x6E,0x74,0x65,0x6C,0x2E,0x66,0x72,0x30,0x0B,0x82,0x09,0x69,0x6E, + 0x74,0x65,0x6C,0x2E,0x6E,0x65,0x74,0x30,0x13,0x82,0x11,0x69,0x6E,0x74,0x65,0x6C, + 0x61,0x6C,0x6C,0x69,0x61,0x6E,0x63,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12, + 0x69,0x6E,0x74,0x65,0x6C,0x61,0x70,0x61,0x63,0x73,0x74,0x6F,0x72,0x65,0x2E,0x63, + 0x6F,0x6D,0x30,0x16,0x82,0x14,0x69,0x6E,0x74,0x65,0x6C,0x61,0x73,0x73,0x65,0x74, + 0x66,0x69,0x6E,0x64,0x65,0x72,0x2E,0x63,0x6F,0x6D,0x30,0x19,0x82,0x17,0x69,0x6E, + 0x74,0x65,0x6C,0x62,0x65,0x74,0x74,0x65,0x72,0x74,0x6F,0x67,0x65,0x74,0x68,0x65, + 0x72,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x69,0x6E,0x74,0x65,0x6C,0x63,0x68, + 0x61,0x6C,0x6C,0x65,0x6E,0x67,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x13,0x82,0x11,0x69, + 0x6E,0x74,0x65,0x6C,0x63,0x6C,0x6F,0x75,0x64,0x73,0x73,0x6F,0x2E,0x63,0x6F,0x6D, + 0x30,0x1E,0x82,0x1C,0x69,0x6E,0x74,0x65,0x6C,0x63,0x6F,0x6E,0x73,0x75,0x6D,0x65, + 0x72,0x65,0x6C,0x65,0x63,0x74,0x72,0x6F,0x6E,0x69,0x63,0x73,0x2E,0x63,0x6F,0x6D, + 0x30,0x12,0x82,0x10,0x69,0x6E,0x74,0x65,0x6C,0x63,0x6F,0x72,0x65,0x32,0x30,0x31, + 0x30,0x2E,0x72,0x75,0x30,0x16,0x82,0x14,0x69,0x6E,0x74,0x65,0x6C,0x66,0x65,0x6C, + 0x6C,0x6F,0x77,0x73,0x68,0x69,0x70,0x73,0x2E,0x63,0x6F,0x6D,0x30,0x16,0x82,0x14, + 0x69,0x6E,0x74,0x65,0x6C,0x68,0x79,0x62,0x72,0x69,0x64,0x63,0x6C,0x6F,0x75,0x64, + 0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x69,0x6E,0x74,0x65,0x6C,0x70,0x6F,0x72, + 0x74,0x66,0x6F,0x6C,0x69,0x6F,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x82,0x0C,0x69,0x6E, + 0x74,0x65,0x6C,0x2D,0x72,0x61,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x69,0x6E, + 0x74,0x65,0x6C,0x2D,0x72,0x65,0x73,0x65,0x61,0x72,0x63,0x68,0x2E,0x6E,0x65,0x74, + 0x30,0x14,0x82,0x12,0x69,0x6E,0x74,0x65,0x6C,0x72,0x6D,0x61,0x73,0x75,0x72,0x76, + 0x65,0x79,0x2E,0x63,0x6F,0x6D,0x30,0x18,0x82,0x16,0x69,0x6E,0x74,0x65,0x6C,0x73, + 0x6D,0x61,0x6C,0x6C,0x62,0x75,0x73,0x69,0x6E,0x65,0x73,0x73,0x2E,0x63,0x6F,0x6D, + 0x30,0x11,0x82,0x0F,0x6D,0x79,0x69,0x6E,0x74,0x65,0x6C,0x65,0x64,0x67,0x65,0x2E, + 0x63,0x6F,0x6D,0x30,0x11,0x82,0x0F,0x6D,0x79,0x2D,0x6C,0x61,0x70,0x74,0x6F,0x70, + 0x2E,0x63,0x6F,0x2E,0x75,0x6B,0x30,0x12,0x82,0x10,0x6F,0x72,0x69,0x67,0x69,0x6E, + 0x2D,0x61,0x70,0x70,0x75,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x82,0x1C,0x6F,0x72, + 0x69,0x67,0x69,0x6E,0x2D,0x69,0x6E,0x74,0x65,0x67,0x72,0x61,0x74,0x69,0x6F,0x6E, + 0x2D,0x61,0x70,0x70,0x75,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x08,0x82,0x06,0x70,0x63, + 0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x70,0x63,0x74,0x68,0x65,0x66,0x74,0x64, + 0x65,0x66,0x65,0x6E,0x63,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x70,0x63, + 0x74,0x68,0x65,0x66,0x74,0x64,0x65,0x66,0x65,0x6E,0x73,0x65,0x2E,0x63,0x6F,0x6D, + 0x30,0x0E,0x82,0x0C,0x70,0x76,0x61,0x74,0x72,0x69,0x61,0x6C,0x2E,0x6E,0x65,0x74, + 0x30,0x19,0x82,0x17,0x72,0x65,0x64,0x65,0x66,0x69,0x6E,0x65,0x79,0x6F,0x75,0x72, + 0x6E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x2E,0x63,0x6F,0x6D,0x30,0x0F,0x82,0x0D,0x72, + 0x65,0x74,0x61,0x69,0x6C,0x2D,0x69,0x61,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12, + 0x73,0x65,0x72,0x76,0x65,0x72,0x2D,0x69,0x6E,0x73,0x69,0x67,0x68,0x74,0x2E,0x63, + 0x6F,0x6D,0x30,0x13,0x82,0x11,0x74,0x68,0x65,0x69,0x6E,0x74,0x65,0x6C,0x73,0x74, + 0x6F,0x72,0x65,0x2E,0x63,0x6F,0x6D,0x30,0x1D,0x82,0x1B,0x74,0x68,0x72,0x65,0x61, + 0x64,0x69,0x6E,0x67,0x62,0x75,0x69,0x6C,0x64,0x69,0x6E,0x67,0x62,0x6C,0x6F,0x63, + 0x6B,0x73,0x2E,0x6F,0x72,0x67,0x30,0x1B,0x82,0x19,0x74,0x68,0x75,0x6E,0x64,0x65, + 0x72,0x62,0x6F,0x6C,0x74,0x74,0x65,0x63,0x68,0x6E,0x6F,0x6C,0x6F,0x67,0x79,0x2E, + 0x6E,0x65,0x74,0x30,0x20,0x82,0x1E,0x75,0x6C,0x74,0x72,0x61,0x62,0x6F,0x6F,0x6B, + 0x2D,0x73,0x6F,0x66,0x74,0x77,0x61,0x72,0x65,0x2D,0x63,0x6F,0x6E,0x74,0x65,0x73, + 0x74,0x2E,0x63,0x6F,0x6D,0x30,0x50,0xA4,0x4E,0x30,0x4C,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04, + 0x08,0x13,0x02,0x43,0x41,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x07,0x13,0x0B, + 0x53,0x61,0x6E,0x74,0x61,0x20,0x43,0x6C,0x61,0x72,0x61,0x31,0x1A,0x30,0x18,0x06, + 0x03,0x55,0x04,0x0A,0x13,0x11,0x49,0x6E,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70, + 0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0xA1,0x30,0x30,0x0A,0x87,0x08,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x30,0x22,0x87,0x20,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x58,0x6F,0xBF, + 0xCD,0x43,0x07,0x42,0x13,0xFC,0xB8,0xD0,0xAD,0x81,0x21,0xF2,0x8A,0x6F,0xEF,0x87, + 0xBC,0x26,0x8A,0x7C,0x00,0xBD,0x68,0x0C,0x2B,0x19,0x64,0x2C,0x11,0x67,0xB3,0xA9, + 0xD9,0x79,0x0A,0xAC,0x39,0x5D,0x65,0x00,0x16,0x3B,0x53,0x46,0x6E,0xA2,0xA6,0xB5, + 0x67,0x99,0xDB,0xE8,0xBF,0xA2,0x25,0xAE,0x04,0x95,0x11,0x09,0x3A,0x2F,0xDE,0xAC, + 0xB7,0x3D,0xB8,0xBC,0x01,0x74,0x30,0x80,0x47,0x48,0x54,0x4C,0xA0,0xFB,0x6B,0xA8, + 0xB8,0xA2,0x84,0xB7,0xF4,0x34,0xE5,0x7B,0xCE,0xDC,0x52,0x78,0xF4,0x31,0x6D,0x42, + 0x51,0xAE,0x87,0xBF,0x94,0xAC,0xBE,0x96,0x16,0xFB,0x55,0xE5,0x79,0x82,0x64,0xFD, + 0xAC,0x50,0x38,0xE4,0xDC,0xCB,0x81,0x2C,0xE7,0x77,0x6F,0x9D,0x9B,0x23,0x5C,0x7D, + 0x04,0x03,0xF4,0x07,0x9E,0x7E,0xD4,0x57,0xE2,0x66,0x94,0x4D,0xEB,0xB5,0x5C,0x5C, + 0x62,0x9E,0x8C,0x2D,0x83,0xE6,0x46,0x14,0xE2,0xA1,0x13,0x80,0xFD,0xDA,0xE0,0x86, + 0x27,0x11,0x92,0x2B,0xBD,0x87,0x17,0x4F,0xCB,0x19,0x18,0x4B,0x5E,0x8C,0xE6,0x0D, + 0xD9,0x8F,0x7D,0x23,0x76,0x6F,0xA4,0xFF,0xA0,0xBA,0x3D,0xE3,0x6D,0x37,0xD6,0x26, + 0x38,0xE8,0x1A,0x9C,0x23,0x92,0xC8,0x56,0x1F,0x1A,0x1A,0x8E,0x00,0xD6,0x33,0xA6, + 0x6B,0x95,0xFA,0x82,0x1E,0x74,0x0B,0x0F,0xA4,0x86,0xDF,0x23,0x33,0x7C,0x9E,0x36, + 0x14,0xB3,0x5C,0xE2,0xA3,0xED,0x48,0xA0,0x8E,0x28,0xF1,0xD7,0x4C,0xF6,0xC0,0x9B, + 0xB4,0xF5,0x3C,0xA3,0xE5,0xA8,0x63,0xA2,0x2C,0x08,0xA5,0xD5,0xFE, +}; + +/* subject:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root */ +/* issuer :/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root */ +unsigned char intel_root[1082]={ + 0x30,0x82,0x04,0x36,0x30,0x82,0x03,0x1E,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x01, + 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30, + 0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x53,0x45,0x31,0x14, + 0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x41,0x64,0x64,0x54,0x72,0x75,0x73, + 0x74,0x20,0x41,0x42,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41, + 0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C, + 0x20,0x54,0x54,0x50,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x22,0x30,0x20, + 0x06,0x03,0x55,0x04,0x03,0x13,0x19,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x20, + 0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x43,0x41,0x20,0x52,0x6F,0x6F,0x74, + 0x30,0x1E,0x17,0x0D,0x30,0x30,0x30,0x35,0x33,0x30,0x31,0x30,0x34,0x38,0x33,0x38, + 0x5A,0x17,0x0D,0x32,0x30,0x30,0x35,0x33,0x30,0x31,0x30,0x34,0x38,0x33,0x38,0x5A, + 0x30,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x53,0x45,0x31, + 0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x41,0x64,0x64,0x54,0x72,0x75, + 0x73,0x74,0x20,0x41,0x42,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D, + 0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61, + 0x6C,0x20,0x54,0x54,0x50,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31,0x22,0x30, + 0x20,0x06,0x03,0x55,0x04,0x03,0x13,0x19,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74, + 0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x43,0x41,0x20,0x52,0x6F,0x6F, + 0x74,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, + 0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01, + 0x01,0x00,0xB7,0xF7,0x1A,0x33,0xE6,0xF2,0x00,0x04,0x2D,0x39,0xE0,0x4E,0x5B,0xED, + 0x1F,0xBC,0x6C,0x0F,0xCD,0xB5,0xFA,0x23,0xB6,0xCE,0xDE,0x9B,0x11,0x33,0x97,0xA4, + 0x29,0x4C,0x7D,0x93,0x9F,0xBD,0x4A,0xBC,0x93,0xED,0x03,0x1A,0xE3,0x8F,0xCF,0xE5, + 0x6D,0x50,0x5A,0xD6,0x97,0x29,0x94,0x5A,0x80,0xB0,0x49,0x7A,0xDB,0x2E,0x95,0xFD, + 0xB8,0xCA,0xBF,0x37,0x38,0x2D,0x1E,0x3E,0x91,0x41,0xAD,0x70,0x56,0xC7,0xF0,0x4F, + 0x3F,0xE8,0x32,0x9E,0x74,0xCA,0xC8,0x90,0x54,0xE9,0xC6,0x5F,0x0F,0x78,0x9D,0x9A, + 0x40,0x3C,0x0E,0xAC,0x61,0xAA,0x5E,0x14,0x8F,0x9E,0x87,0xA1,0x6A,0x50,0xDC,0xD7, + 0x9A,0x4E,0xAF,0x05,0xB3,0xA6,0x71,0x94,0x9C,0x71,0xB3,0x50,0x60,0x0A,0xC7,0x13, + 0x9D,0x38,0x07,0x86,0x02,0xA8,0xE9,0xA8,0x69,0x26,0x18,0x90,0xAB,0x4C,0xB0,0x4F, + 0x23,0xAB,0x3A,0x4F,0x84,0xD8,0xDF,0xCE,0x9F,0xE1,0x69,0x6F,0xBB,0xD7,0x42,0xD7, + 0x6B,0x44,0xE4,0xC7,0xAD,0xEE,0x6D,0x41,0x5F,0x72,0x5A,0x71,0x08,0x37,0xB3,0x79, + 0x65,0xA4,0x59,0xA0,0x94,0x37,0xF7,0x00,0x2F,0x0D,0xC2,0x92,0x72,0xDA,0xD0,0x38, + 0x72,0xDB,0x14,0xA8,0x45,0xC4,0x5D,0x2A,0x7D,0xB7,0xB4,0xD6,0xC4,0xEE,0xAC,0xCD, + 0x13,0x44,0xB7,0xC9,0x2B,0xDD,0x43,0x00,0x25,0xFA,0x61,0xB9,0x69,0x6A,0x58,0x23, + 0x11,0xB7,0xA7,0x33,0x8F,0x56,0x75,0x59,0xF5,0xCD,0x29,0xD7,0x46,0xB7,0x0A,0x2B, + 0x65,0xB6,0xD3,0x42,0x6F,0x15,0xB2,0xB8,0x7B,0xFB,0xEF,0xE9,0x5D,0x53,0xD5,0x34, + 0x5A,0x27,0x02,0x03,0x01,0x00,0x01,0xA3,0x81,0xDC,0x30,0x81,0xD9,0x30,0x1D,0x06, + 0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xAD,0xBD,0x98,0x7A,0x34,0xB4,0x26,0xF7, + 0xFA,0xC4,0x26,0x54,0xEF,0x03,0xBD,0xE0,0x24,0xCB,0x54,0x1A,0x30,0x0B,0x06,0x03, + 0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13, + 0x01,0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x81,0x99,0x06,0x03,0x55, + 0x1D,0x23,0x04,0x81,0x91,0x30,0x81,0x8E,0x80,0x14,0xAD,0xBD,0x98,0x7A,0x34,0xB4, + 0x26,0xF7,0xFA,0xC4,0x26,0x54,0xEF,0x03,0xBD,0xE0,0x24,0xCB,0x54,0x1A,0xA1,0x73, + 0xA4,0x71,0x30,0x6F,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x53, + 0x45,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x0A,0x13,0x0B,0x41,0x64,0x64,0x54, + 0x72,0x75,0x73,0x74,0x20,0x41,0x42,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B, + 0x13,0x1D,0x41,0x64,0x64,0x54,0x72,0x75,0x73,0x74,0x20,0x45,0x78,0x74,0x65,0x72, + 0x6E,0x61,0x6C,0x20,0x54,0x54,0x50,0x20,0x4E,0x65,0x74,0x77,0x6F,0x72,0x6B,0x31, + 0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x13,0x19,0x41,0x64,0x64,0x54,0x72,0x75, + 0x73,0x74,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20,0x43,0x41,0x20,0x52, + 0x6F,0x6F,0x74,0x82,0x01,0x01,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D, + 0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0xB0,0x9B,0xE0,0x85,0x25,0xC2, + 0xD6,0x23,0xE2,0x0F,0x96,0x06,0x92,0x9D,0x41,0x98,0x9C,0xD9,0x84,0x79,0x81,0xD9, + 0x1E,0x5B,0x14,0x07,0x23,0x36,0x65,0x8F,0xB0,0xD8,0x77,0xBB,0xAC,0x41,0x6C,0x47, + 0x60,0x83,0x51,0xB0,0xF9,0x32,0x3D,0xE7,0xFC,0xF6,0x26,0x13,0xC7,0x80,0x16,0xA5, + 0xBF,0x5A,0xFC,0x87,0xCF,0x78,0x79,0x89,0x21,0x9A,0xE2,0x4C,0x07,0x0A,0x86,0x35, + 0xBC,0xF2,0xDE,0x51,0xC4,0xD2,0x96,0xB7,0xDC,0x7E,0x4E,0xEE,0x70,0xFD,0x1C,0x39, + 0xEB,0x0C,0x02,0x51,0x14,0x2D,0x8E,0xBD,0x16,0xE0,0xC1,0xDF,0x46,0x75,0xE7,0x24, + 0xAD,0xEC,0xF4,0x42,0xB4,0x85,0x93,0x70,0x10,0x67,0xBA,0x9D,0x06,0x35,0x4A,0x18, + 0xD3,0x2B,0x7A,0xCC,0x51,0x42,0xA1,0x7A,0x63,0xD1,0xE6,0xBB,0xA1,0xC5,0x2B,0xC2, + 0x36,0xBE,0x13,0x0D,0xE6,0xBD,0x63,0x7E,0x79,0x7B,0xA7,0x09,0x0D,0x40,0xAB,0x6A, + 0xDD,0x8F,0x8A,0xC3,0xF6,0xF6,0x8C,0x1A,0x42,0x05,0x51,0xD4,0x45,0xF5,0x9F,0xA7, + 0x62,0x21,0x68,0x15,0x20,0x43,0x3C,0x99,0xE7,0x7C,0xBD,0x24,0xD8,0xA9,0x91,0x17, + 0x73,0x88,0x3F,0x56,0x1B,0x31,0x38,0x18,0xB4,0x71,0x0F,0x9A,0xCD,0xC8,0x0E,0x9E, + 0x8E,0x2E,0x1B,0xE1,0x8C,0x98,0x83,0xCB,0x1F,0x31,0xF1,0x44,0x4C,0xC6,0x04,0x73, + 0x49,0x76,0x60,0x0F,0xC7,0xF8,0xBD,0x17,0x80,0x6B,0x2E,0xE9,0xCC,0x4C,0x0E,0x5A, + 0x9A,0x79,0x0F,0x20,0x0A,0x2E,0xD5,0x9E,0x63,0x26,0x1E,0x55,0x92,0x94,0xD8,0x82, + 0x17,0x5A,0x7B,0xD0,0xBC,0xC7,0x8F,0x4E,0x86,0x04, +}; + +/* subject:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */ +/* issuer :/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */ +unsigned char _ABBRootCA[891]={ + 0x30,0x82,0x03,0x77,0x30,0x82,0x02,0x5F,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x02, + 0x00,0x00,0xB9,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05, + 0x05,0x00,0x30,0x5A,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49, + 0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x42,0x61,0x6C,0x74, + 0x69,0x6D,0x6F,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x13,0x0A, + 0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03, + 0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x20,0x43, + 0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6F,0x6F,0x74,0x30,0x1E, + 0x17,0x0D,0x30,0x30,0x30,0x35,0x31,0x32,0x31,0x38,0x34,0x36,0x30,0x30,0x5A,0x17, + 0x0D,0x32,0x35,0x30,0x35,0x31,0x32,0x32,0x33,0x35,0x39,0x30,0x30,0x5A,0x30,0x5A, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,0x45,0x31,0x12,0x30, + 0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72, + 0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x13,0x0A,0x43,0x79,0x62,0x65, + 0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x13, + 0x19,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x20,0x43,0x79,0x62,0x65,0x72, + 0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6F,0x6F,0x74,0x30,0x82,0x01,0x22,0x30,0x0D, + 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01, + 0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA3,0x04,0xBB,0x22,0xAB, + 0x98,0x3D,0x57,0xE8,0x26,0x72,0x9A,0xB5,0x79,0xD4,0x29,0xE2,0xE1,0xE8,0x95,0x80, + 0xB1,0xB0,0xE3,0x5B,0x8E,0x2B,0x29,0x9A,0x64,0xDF,0xA1,0x5D,0xED,0xB0,0x09,0x05, + 0x6D,0xDB,0x28,0x2E,0xCE,0x62,0xA2,0x62,0xFE,0xB4,0x88,0xDA,0x12,0xEB,0x38,0xEB, + 0x21,0x9D,0xC0,0x41,0x2B,0x01,0x52,0x7B,0x88,0x77,0xD3,0x1C,0x8F,0xC7,0xBA,0xB9, + 0x88,0xB5,0x6A,0x09,0xE7,0x73,0xE8,0x11,0x40,0xA7,0xD1,0xCC,0xCA,0x62,0x8D,0x2D, + 0xE5,0x8F,0x0B,0xA6,0x50,0xD2,0xA8,0x50,0xC3,0x28,0xEA,0xF5,0xAB,0x25,0x87,0x8A, + 0x9A,0x96,0x1C,0xA9,0x67,0xB8,0x3F,0x0C,0xD5,0xF7,0xF9,0x52,0x13,0x2F,0xC2,0x1B, + 0xD5,0x70,0x70,0xF0,0x8F,0xC0,0x12,0xCA,0x06,0xCB,0x9A,0xE1,0xD9,0xCA,0x33,0x7A, + 0x77,0xD6,0xF8,0xEC,0xB9,0xF1,0x68,0x44,0x42,0x48,0x13,0xD2,0xC0,0xC2,0xA4,0xAE, + 0x5E,0x60,0xFE,0xB6,0xA6,0x05,0xFC,0xB4,0xDD,0x07,0x59,0x02,0xD4,0x59,0x18,0x98, + 0x63,0xF5,0xA5,0x63,0xE0,0x90,0x0C,0x7D,0x5D,0xB2,0x06,0x7A,0xF3,0x85,0xEA,0xEB, + 0xD4,0x03,0xAE,0x5E,0x84,0x3E,0x5F,0xFF,0x15,0xED,0x69,0xBC,0xF9,0x39,0x36,0x72, + 0x75,0xCF,0x77,0x52,0x4D,0xF3,0xC9,0x90,0x2C,0xB9,0x3D,0xE5,0xC9,0x23,0x53,0x3F, + 0x1F,0x24,0x98,0x21,0x5C,0x07,0x99,0x29,0xBD,0xC6,0x3A,0xEC,0xE7,0x6E,0x86,0x3A, + 0x6B,0x97,0x74,0x63,0x33,0xBD,0x68,0x18,0x31,0xF0,0x78,0x8D,0x76,0xBF,0xFC,0x9E, + 0x8E,0x5D,0x2A,0x86,0xA7,0x4D,0x90,0xDC,0x27,0x1A,0x39,0x02,0x03,0x01,0x00,0x01, + 0xA3,0x45,0x30,0x43,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xE5, + 0x9D,0x59,0x30,0x82,0x47,0x58,0xCC,0xAC,0xFA,0x08,0x54,0x36,0x86,0x7B,0x3A,0xB5, + 0x04,0x4D,0xF0,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30, + 0x06,0x01,0x01,0xFF,0x02,0x01,0x03,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01, + 0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x85,0x0C,0x5D,0x8E,0xE4, + 0x6F,0x51,0x68,0x42,0x05,0xA0,0xDD,0xBB,0x4F,0x27,0x25,0x84,0x03,0xBD,0xF7,0x64, + 0xFD,0x2D,0xD7,0x30,0xE3,0xA4,0x10,0x17,0xEB,0xDA,0x29,0x29,0xB6,0x79,0x3F,0x76, + 0xF6,0x19,0x13,0x23,0xB8,0x10,0x0A,0xF9,0x58,0xA4,0xD4,0x61,0x70,0xBD,0x04,0x61, + 0x6A,0x12,0x8A,0x17,0xD5,0x0A,0xBD,0xC5,0xBC,0x30,0x7C,0xD6,0xE9,0x0C,0x25,0x8D, + 0x86,0x40,0x4F,0xEC,0xCC,0xA3,0x7E,0x38,0xC6,0x37,0x11,0x4F,0xED,0xDD,0x68,0x31, + 0x8E,0x4C,0xD2,0xB3,0x01,0x74,0xEE,0xBE,0x75,0x5E,0x07,0x48,0x1A,0x7F,0x70,0xFF, + 0x16,0x5C,0x84,0xC0,0x79,0x85,0xB8,0x05,0xFD,0x7F,0xBE,0x65,0x11,0xA3,0x0F,0xC0, + 0x02,0xB4,0xF8,0x52,0x37,0x39,0x04,0xD5,0xA9,0x31,0x7A,0x18,0xBF,0xA0,0x2A,0xF4, + 0x12,0x99,0xF7,0xA3,0x45,0x82,0xE3,0x3C,0x5E,0xF5,0x9D,0x9E,0xB5,0xC8,0x9E,0x7C, + 0x2E,0xC8,0xA4,0x9E,0x4E,0x08,0x14,0x4B,0x6D,0xFD,0x70,0x6D,0x6B,0x1A,0x63,0xBD, + 0x64,0xE6,0x1F,0xB7,0xCE,0xF0,0xF2,0x9F,0x2E,0xBB,0x1B,0xB7,0xF2,0x50,0x88,0x73, + 0x92,0xC2,0xE2,0xE3,0x16,0x8D,0x9A,0x32,0x02,0xAB,0x8E,0x18,0xDD,0xE9,0x10,0x11, + 0xEE,0x7E,0x35,0xAB,0x90,0xAF,0x3E,0x30,0x94,0x7A,0xD0,0x33,0x3D,0xA7,0x65,0x0F, + 0xF5,0xFC,0x8E,0x9E,0x62,0xCF,0x47,0x44,0x2C,0x01,0x5D,0xBB,0x1D,0xB5,0x32,0xD2, + 0x47,0xD2,0x38,0x2E,0xD0,0xFE,0x81,0xDC,0x32,0x6A,0x1E,0xB5,0xEE,0x3C,0xD5,0xFC, + 0xE7,0x81,0x1D,0x19,0xC3,0x24,0x42,0xEA,0x63,0x39,0xA9, +}; + + +/* subject:/C=CH/L=Zurich/O=ABB/CN=ABB Intermediate CA 3 */ +/* issuer :/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */ +unsigned char _ABBIntermediateCA3[1866]={ + 0x30,0x82,0x07,0x46,0x30,0x82,0x06,0x2E,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x07, + 0x27,0xCD,0x79,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B, + 0x05,0x00,0x30,0x5A,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49, + 0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x42,0x61,0x6C,0x74, + 0x69,0x6D,0x6F,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x13,0x0A, + 0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03, + 0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x20,0x43, + 0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6F,0x6F,0x74,0x30,0x1E, + 0x17,0x0D,0x31,0x35,0x30,0x35,0x32,0x31,0x31,0x38,0x35,0x32,0x35,0x33,0x5A,0x17, + 0x0D,0x32,0x32,0x30,0x35,0x32,0x31,0x31,0x38,0x35,0x32,0x32,0x30,0x5A,0x30,0x4C, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x0F,0x30, + 0x0D,0x06,0x03,0x55,0x04,0x07,0x13,0x06,0x5A,0x75,0x72,0x69,0x63,0x68,0x31,0x0C, + 0x30,0x0A,0x06,0x03,0x55,0x04,0x0A,0x13,0x03,0x41,0x42,0x42,0x31,0x1E,0x30,0x1C, + 0x06,0x03,0x55,0x04,0x03,0x13,0x15,0x41,0x42,0x42,0x20,0x49,0x6E,0x74,0x65,0x72, + 0x6D,0x65,0x64,0x69,0x61,0x74,0x65,0x20,0x43,0x41,0x20,0x33,0x30,0x82,0x01,0x22, + 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03, + 0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xC3,0x8E,0x43, + 0xE2,0x4C,0xBA,0xC4,0xD2,0xC4,0xF9,0xD5,0xA5,0xA4,0xC3,0xA4,0xB1,0x1D,0x3D,0x24, + 0x09,0xE8,0x6E,0xE6,0x3A,0x74,0x64,0x3E,0x5C,0xAE,0x40,0x93,0x27,0xB0,0xAD,0x01, + 0xC8,0xDA,0xF2,0x6F,0x7A,0x27,0xE9,0x17,0xB4,0x6D,0x52,0x94,0xE6,0x36,0x65,0x7A, + 0xAB,0x36,0x70,0x69,0xC8,0x0A,0x13,0xEC,0xC7,0xE0,0xA9,0xC2,0x0A,0xCD,0x5A,0x71, + 0x1A,0x26,0x27,0x81,0x5A,0xD0,0xB4,0x9C,0xE3,0x4C,0xCE,0x3D,0xB7,0x52,0xAB,0x86, + 0xB4,0x60,0xC6,0x15,0x6A,0xBC,0x38,0xE9,0x77,0xDC,0xA5,0xE2,0x1E,0x7D,0x15,0x80, + 0xF9,0x6B,0x7C,0x8E,0xA5,0xE7,0x95,0xC8,0x46,0x0C,0x6C,0x88,0x7B,0xF2,0x2E,0x1E, + 0xF7,0x4B,0x9E,0x13,0x85,0xB4,0x6E,0xC9,0xAA,0xDD,0x32,0xCF,0x41,0x17,0x4E,0x30, + 0xEB,0xD3,0x6D,0xE3,0x2E,0x44,0x8A,0x15,0x1B,0x6E,0x1B,0x32,0x5A,0xEA,0x98,0xA7, + 0x4C,0xAF,0xC8,0xAD,0x95,0x48,0xA6,0x67,0x3B,0xE2,0x94,0x81,0xB7,0xBF,0x7A,0xFF, + 0x96,0x5B,0xBA,0x83,0x3C,0x09,0x3C,0xF0,0xEA,0xA2,0x49,0x8A,0x5B,0x4B,0xB0,0x3E, + 0x98,0x7E,0x9F,0x52,0x9F,0x1B,0xA3,0x51,0x17,0xCB,0x5A,0x25,0x6E,0x60,0xDB,0xE2, + 0x90,0x02,0x2A,0x61,0x47,0x35,0x33,0x91,0x26,0x37,0x29,0xB8,0xD4,0xB1,0x41,0xB2, + 0xE9,0x3B,0x2B,0x68,0x74,0xBC,0xF3,0xA3,0x4B,0xD9,0x10,0x59,0x16,0x11,0x88,0xA9, + 0x31,0xC3,0x2A,0xD4,0x1D,0x5F,0x28,0x37,0xEB,0x45,0xF2,0x6E,0x83,0x91,0x4C,0xE1, + 0x82,0x58,0x33,0xCA,0xA5,0xA7,0x64,0x81,0xD8,0x5A,0x74,0xC9,0xC9,0x02,0x03,0x01, + 0x00,0x01,0xA3,0x82,0x04,0x20,0x30,0x82,0x04,0x1C,0x30,0x12,0x06,0x03,0x55,0x1D, + 0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x01,0x30,0x82, + 0x01,0x10,0x06,0x03,0x55,0x1D,0x20,0x04,0x82,0x01,0x07,0x30,0x82,0x01,0x03,0x30, + 0x48,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0xB1,0x3E,0x01,0x00,0x30,0x3B,0x30,0x39, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x2D,0x68,0x74,0x74,0x70, + 0x3A,0x2F,0x2F,0x63,0x79,0x62,0x65,0x72,0x74,0x72,0x75,0x73,0x74,0x2E,0x6F,0x6D, + 0x6E,0x69,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73, + 0x69,0x74,0x6F,0x72,0x79,0x2E,0x63,0x66,0x6D,0x30,0x3B,0x06,0x0C,0x2B,0x06,0x01, + 0x04,0x01,0x81,0xD7,0x07,0x01,0x14,0x0A,0x02,0x30,0x2B,0x30,0x29,0x06,0x08,0x2B, + 0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F, + 0x63,0x70,0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x43, + 0x41,0x36,0x5F,0x53,0x53,0x4C,0x30,0x3C,0x06,0x0C,0x2B,0x06,0x01,0x04,0x01,0x81, + 0xD7,0x07,0x01,0x14,0x14,0x02,0x30,0x2C,0x30,0x2A,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x02,0x01,0x16,0x1E,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x70,0x2E, + 0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x41,0x36,0x5F, + 0x55,0x73,0x65,0x72,0x30,0x3C,0x06,0x0C,0x2B,0x06,0x01,0x04,0x01,0x81,0xD7,0x07, + 0x01,0x14,0x1E,0x02,0x30,0x2C,0x30,0x2A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x02,0x01,0x16,0x1E,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x70,0x2E,0x70,0x6B, + 0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x41,0x36,0x5F,0x53,0x69, + 0x67,0x6E,0x30,0x73,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x67, + 0x30,0x65,0x30,0x32,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x26, + 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x6F,0x6D,0x6E,0x69, + 0x72,0x6F,0x6F,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x62,0x61,0x6C,0x74,0x69,0x6D,0x6F, + 0x72,0x65,0x72,0x6F,0x6F,0x74,0x30,0x2F,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x30,0x02,0x86,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x61,0x69,0x61,0x2E,0x70, + 0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x4F,0x6D,0x6E,0x69,0x72, + 0x6F,0x6F,0x74,0x2E,0x63,0x72,0x74,0x30,0x82,0x01,0x6A,0x06,0x03,0x55,0x1D,0x1E, + 0x04,0x82,0x01,0x61,0x30,0x82,0x01,0x5D,0xA0,0x82,0x01,0x4B,0x30,0x09,0x82,0x07, + 0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x30,0x0A,0x82,0x08,0x2E,0x61,0x62,0x62,0x2E, + 0x63,0x6F,0x6D,0x30,0x08,0x82,0x06,0x61,0x62,0x62,0x2E,0x61,0x73,0x30,0x09,0x82, + 0x07,0x2E,0x61,0x62,0x62,0x2E,0x61,0x73,0x30,0x0C,0x82,0x0A,0x61,0x62,0x62,0x65, + 0x78,0x74,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x82,0x0B,0x2E,0x61,0x62,0x62,0x65,0x78, + 0x74,0x2E,0x63,0x6F,0x6D,0x30,0x0C,0x82,0x0A,0x76,0x65,0x6E,0x74,0x79,0x78,0x2E, + 0x63,0x6F,0x6D,0x30,0x0D,0x82,0x0B,0x2E,0x76,0x65,0x6E,0x74,0x79,0x78,0x2E,0x63, + 0x6F,0x6D,0x30,0x11,0x82,0x0F,0x72,0x6F,0x62,0x6F,0x74,0x73,0x74,0x75,0x64,0x69, + 0x6F,0x2E,0x63,0x6F,0x6D,0x30,0x12,0x82,0x10,0x2E,0x72,0x6F,0x62,0x6F,0x74,0x73, + 0x74,0x75,0x64,0x69,0x6F,0x2E,0x63,0x6F,0x6D,0x30,0x48,0xA4,0x46,0x30,0x44,0x31, + 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x0E,0x30,0x0C, + 0x06,0x03,0x55,0x04,0x07,0x13,0x05,0x42,0x61,0x64,0x65,0x6E,0x31,0x25,0x30,0x23, + 0x06,0x03,0x55,0x04,0x0A,0x13,0x1C,0x41,0x42,0x42,0x20,0x49,0x6E,0x66,0x6F,0x72, + 0x6D,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x79,0x73,0x74,0x65,0x6D,0x73,0x20,0x4C, + 0x74,0x64,0x2E,0x30,0x40,0xA4,0x3E,0x30,0x3C,0x31,0x0B,0x30,0x09,0x06,0x03,0x55, + 0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04,0x07,0x13, + 0x06,0x5A,0x75,0x72,0x69,0x63,0x68,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A, + 0x13,0x13,0x41,0x42,0x42,0x20,0x54,0x65,0x63,0x68,0x6E,0x6F,0x6C,0x6F,0x67,0x79, + 0x20,0x4C,0x74,0x64,0x2E,0x30,0x30,0xA4,0x2E,0x30,0x2C,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04, + 0x07,0x13,0x06,0x5A,0x75,0x72,0x69,0x63,0x68,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55, + 0x04,0x0A,0x13,0x03,0x41,0x42,0x42,0xA1,0x0C,0x30,0x0A,0x87,0x08,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04, + 0x04,0x03,0x02,0x01,0xE6,0x30,0x50,0x06,0x03,0x55,0x1D,0x25,0x04,0x49,0x30,0x47, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x03,0x02,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x03,0x08,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,0x06,0x09,0x2B,0x06, + 0x01,0x04,0x01,0x82,0x37,0x15,0x05,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18, + 0x30,0x16,0x80,0x14,0xE5,0x9D,0x59,0x30,0x82,0x47,0x58,0xCC,0xAC,0xFA,0x08,0x54, + 0x36,0x86,0x7B,0x3A,0xB5,0x04,0x4D,0xF0,0x30,0x6D,0x06,0x03,0x55,0x1D,0x1F,0x04, + 0x66,0x30,0x64,0x30,0x37,0xA0,0x35,0xA0,0x33,0x86,0x31,0x68,0x74,0x74,0x70,0x3A, + 0x2F,0x2F,0x63,0x64,0x70,0x31,0x2E,0x70,0x75,0x62,0x6C,0x69,0x63,0x2D,0x74,0x72, + 0x75,0x73,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x52,0x4C,0x2F,0x4F,0x6D,0x6E,0x69, + 0x72,0x6F,0x6F,0x74,0x32,0x30,0x32,0x35,0x2E,0x63,0x72,0x6C,0x30,0x29,0xA0,0x27, + 0xA0,0x25,0x86,0x23,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70, + 0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x4F,0x6D,0x6E,0x69,0x72, + 0x6F,0x6F,0x74,0x2E,0x63,0x72,0x6C,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16, + 0x04,0x14,0xD3,0xCB,0xD4,0xD2,0x44,0x75,0x8A,0x17,0x29,0x5E,0xC6,0xD7,0xF4,0x03, + 0xDB,0xB2,0x6B,0xB4,0x0C,0x3A,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D, + 0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0xA2,0x07,0xEA,0xF9,0xB4,0x31, + 0xA8,0x40,0x29,0x27,0x49,0x9B,0xE0,0x29,0x0F,0x5C,0x18,0xD5,0x2C,0xEE,0xE2,0xA1, + 0xE4,0x1E,0x05,0x88,0xAF,0x16,0xAE,0x05,0xC0,0xCD,0x10,0x10,0xF6,0xDB,0x6A,0xC5, + 0xB5,0xBA,0xE5,0x1B,0x95,0x40,0x26,0xC6,0x5F,0x5A,0x50,0xFA,0x7F,0x73,0xFD,0x0D, + 0x3F,0xA2,0x4D,0x56,0x3B,0x0B,0xD9,0xB8,0x0B,0x09,0x9F,0xD3,0x41,0xD7,0xCA,0x01, + 0xF0,0xCC,0xB2,0x41,0xD9,0xB5,0x8F,0x85,0x27,0xF4,0x1B,0xDB,0x9A,0xA1,0x54,0xB4, + 0x0D,0xC1,0x89,0xD7,0x6C,0xA0,0x9E,0xE1,0x7B,0x0F,0xA6,0xDC,0x1A,0x1F,0xD1,0x8F, + 0x26,0x1D,0xFB,0x61,0x64,0xBF,0x1A,0x58,0x10,0x6D,0x81,0x10,0x3A,0xBE,0x44,0x3E, + 0xC0,0xCB,0xAF,0xC8,0x21,0xD5,0x4C,0x11,0x69,0x8E,0x56,0x12,0x9A,0xF2,0x3B,0x0B, + 0x4A,0x11,0xAC,0x5B,0xEE,0x66,0x4F,0xFE,0xE4,0x5A,0x9E,0xFC,0x69,0x77,0x08,0x1C, + 0x05,0x13,0xA0,0xE1,0xDA,0x06,0x12,0x8A,0x74,0xEB,0x30,0x52,0xE5,0x7A,0xFD,0x9B, + 0x2C,0xAC,0xBA,0xB0,0xC1,0x12,0x9F,0x7E,0xD7,0x7F,0x58,0xCD,0x8E,0xC3,0xE8,0x8D, + 0xAE,0xDA,0x35,0x57,0x8E,0xB0,0x6B,0xC8,0x5F,0xE5,0x27,0xA3,0x38,0x58,0x66,0x0D, + 0x65,0x66,0xC3,0x4B,0x2E,0x12,0x11,0x31,0x70,0x08,0xFC,0x95,0xFD,0x21,0x0C,0x0F, + 0x1F,0x2E,0xCD,0xB8,0xDD,0x39,0xEC,0xE5,0x44,0x2D,0x15,0xF9,0xE6,0xF4,0x11,0xC7, + 0x34,0x33,0xFF,0xBB,0xD1,0x20,0xAF,0x5E,0xF1,0xCA,0x1B,0xFC,0x5A,0x67,0x07,0x2B, + 0xF8,0xFF,0x56,0x32,0xBD,0x34,0x38,0xD8,0xF0,0xD7, +}; + +/* subject:/C=CH/L=Zurich/O=ABB/CN=ABB Issuing CA 6 */ +/* issuer :/C=CH/L=Zurich/O=ABB/CN=ABB Intermediate CA 3 */ +unsigned char _ABBIssuingCA6[1360]={ + 0x30,0x82,0x05,0x4C,0x30,0x82,0x04,0x34,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x76, + 0x8D,0x23,0xB4,0x00,0x00,0x00,0x00,0x00,0x06,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x4C,0x31,0x0B,0x30,0x09,0x06,0x03, + 0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04,0x07, + 0x13,0x06,0x5A,0x75,0x72,0x69,0x63,0x68,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04, + 0x0A,0x13,0x03,0x41,0x42,0x42,0x31,0x1E,0x30,0x1C,0x06,0x03,0x55,0x04,0x03,0x13, + 0x15,0x41,0x42,0x42,0x20,0x49,0x6E,0x74,0x65,0x72,0x6D,0x65,0x64,0x69,0x61,0x74, + 0x65,0x20,0x43,0x41,0x20,0x33,0x30,0x1E,0x17,0x0D,0x31,0x35,0x30,0x33,0x30,0x34, + 0x30,0x39,0x34,0x36,0x34,0x33,0x5A,0x17,0x0D,0x32,0x30,0x30,0x33,0x30,0x34,0x30, + 0x39,0x35,0x36,0x34,0x33,0x5A,0x30,0x47,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04, + 0x06,0x13,0x02,0x43,0x48,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04,0x07,0x13,0x06, + 0x5A,0x75,0x72,0x69,0x63,0x68,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x0A,0x13, + 0x03,0x41,0x42,0x42,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13,0x10,0x41, + 0x42,0x42,0x20,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x20,0x43,0x41,0x20,0x36,0x30, + 0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01, + 0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00, + 0xB5,0x9E,0xBF,0x61,0x8C,0xEA,0x40,0x8F,0x15,0x6F,0xC3,0x01,0xE3,0x71,0xDA,0x07, + 0x48,0x34,0x25,0x55,0xCB,0x6D,0xCD,0xBC,0xA4,0xA6,0xF9,0xE8,0x58,0x75,0xF8,0x0A, + 0x2E,0xA5,0xD7,0xBB,0xEC,0xAA,0x82,0x8B,0xB6,0x85,0xD0,0x3F,0x85,0xFF,0x50,0xFF, + 0x42,0x42,0xFB,0x59,0xCD,0x12,0x5F,0x4D,0x74,0xE6,0x00,0x9A,0xE2,0x6A,0xFC,0x8C, + 0xEB,0x22,0xA5,0x0D,0xC1,0x3F,0xE1,0x14,0x09,0x7F,0xB9,0x54,0x3C,0x01,0xB9,0x94, + 0x8E,0x5D,0x2D,0x9D,0x40,0xA0,0xB3,0x2C,0x63,0x1C,0xA2,0x23,0xCA,0x44,0x08,0x05, + 0xE6,0x02,0xEE,0xED,0x79,0xA6,0xF4,0xC7,0xC5,0x38,0xA1,0x71,0x8F,0xDE,0x10,0x7F, + 0x46,0x20,0xE9,0x3D,0xF3,0x52,0x25,0x11,0xB2,0x4C,0xCA,0x11,0x00,0xA6,0xFF,0x66, + 0xA5,0x6A,0xD1,0x15,0xFC,0x24,0x6A,0xC3,0xE8,0xCB,0xBB,0x7D,0x9D,0xC3,0x5B,0xCC, + 0x08,0x80,0xDE,0x95,0x3D,0xA5,0x0D,0x30,0x54,0x0C,0x53,0x83,0xB2,0xE1,0x49,0x73, + 0x6F,0xA4,0x1E,0x7A,0x9D,0x4B,0xD4,0xC0,0x46,0xEC,0x8C,0x12,0xC2,0x70,0x47,0x91, + 0x64,0x3B,0x94,0x5F,0xE3,0xA4,0x6F,0xA8,0x8F,0xA9,0xB9,0x19,0x65,0x97,0x16,0x82, + 0xCF,0x70,0xD2,0x86,0x37,0xCD,0x2A,0x50,0x69,0x6E,0x10,0x4A,0x9C,0x7B,0x6B,0xA2, + 0xB2,0x91,0xCE,0xAC,0xD3,0x23,0x2C,0xD7,0xA5,0xD1,0x34,0xD3,0x54,0x7B,0xC0,0x71, + 0x05,0x22,0x73,0xDC,0x8B,0x75,0x67,0x1C,0x98,0x2D,0xA6,0x51,0x50,0xC3,0x5D,0xA0, + 0x20,0xBD,0xD7,0xE8,0xCC,0xBC,0x40,0xB0,0x90,0xE6,0x10,0x9C,0xFD,0x6F,0x01,0x51, + 0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0x33,0x30,0x82,0x02,0x2F,0x30,0x10,0x06, + 0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x01,0x04,0x03,0x02,0x01,0x00,0x30, + 0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x21,0x98,0x16,0xBF,0x7A,0x05, + 0x77,0xA6,0xAD,0xB7,0x7A,0x52,0xD4,0x9E,0x04,0x54,0xB0,0xFE,0xCC,0x51,0x30,0x19, + 0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x04,0x0C,0x1E,0x0A,0x00, + 0x53,0x00,0x75,0x00,0x62,0x00,0x43,0x00,0x41,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F, + 0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF, + 0x04,0x08,0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D, + 0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xD3,0xCB,0xD4,0xD2,0x44,0x75,0x8A,0x17,0x29, + 0x5E,0xC6,0xD7,0xF4,0x03,0xDB,0xB2,0x6B,0xB4,0x0C,0x3A,0x30,0x81,0xBF,0x06,0x03, + 0x55,0x1D,0x1F,0x04,0x81,0xB7,0x30,0x81,0xB4,0x30,0x81,0xB1,0xA0,0x81,0xAE,0xA0, + 0x81,0xAB,0x86,0x2D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70, + 0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x41,0x42,0x42,0x49,0x6E, + 0x74,0x65,0x72,0x6D,0x65,0x64,0x69,0x61,0x74,0x65,0x43,0x41,0x33,0x2E,0x63,0x72, + 0x6C,0x86,0x7A,0x6C,0x64,0x61,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70,0x6B, + 0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x4E,0x3D,0x41,0x42,0x42, + 0x49,0x6E,0x74,0x65,0x72,0x6D,0x65,0x64,0x69,0x61,0x74,0x65,0x43,0x41,0x33,0x2C, + 0x43,0x4E,0x3D,0x43,0x44,0x50,0x2C,0x43,0x4E,0x3D,0x50,0x4B,0x49,0x3F,0x63,0x65, + 0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x52,0x65,0x76,0x6F,0x63,0x61,0x74, + 0x69,0x6F,0x6E,0x4C,0x69,0x73,0x74,0x3F,0x62,0x61,0x73,0x65,0x3F,0x6F,0x62,0x6A, + 0x65,0x63,0x74,0x43,0x6C,0x61,0x73,0x73,0x3D,0x63,0x52,0x4C,0x44,0x69,0x73,0x74, + 0x72,0x69,0x62,0x75,0x74,0x69,0x6F,0x6E,0x50,0x6F,0x69,0x6E,0x74,0x30,0x81,0xC9, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x81,0xBC,0x30,0x81,0xB9, + 0x30,0x39,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x2D,0x68,0x74, + 0x74,0x70,0x3A,0x2F,0x2F,0x61,0x69,0x61,0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62, + 0x2E,0x63,0x6F,0x6D,0x2F,0x41,0x42,0x42,0x49,0x6E,0x74,0x65,0x72,0x6D,0x65,0x64, + 0x69,0x61,0x74,0x65,0x43,0x41,0x33,0x2E,0x63,0x72,0x74,0x30,0x7C,0x06,0x08,0x2B, + 0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x70,0x6C,0x64,0x61,0x70,0x3A,0x2F,0x2F, + 0x61,0x69,0x61,0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F, + 0x43,0x4E,0x3D,0x41,0x42,0x42,0x49,0x6E,0x74,0x65,0x72,0x6D,0x65,0x64,0x69,0x61, + 0x74,0x65,0x43,0x41,0x33,0x2C,0x43,0x4E,0x3D,0x41,0x49,0x41,0x2C,0x43,0x4E,0x3D, + 0x50,0x4B,0x49,0x3F,0x63,0x41,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74, + 0x65,0x3F,0x62,0x61,0x73,0x65,0x3F,0x6F,0x62,0x6A,0x65,0x63,0x74,0x43,0x6C,0x61, + 0x73,0x73,0x3D,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E, + 0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x11,0x06,0x03,0x55,0x1D,0x20, + 0x04,0x0A,0x30,0x08,0x30,0x06,0x06,0x04,0x55,0x1D,0x20,0x00,0x30,0x0D,0x06,0x09, + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00, + 0x3C,0x9E,0xF8,0xC7,0x59,0x55,0x55,0x4B,0x18,0xE3,0x6D,0x8D,0x9F,0xE4,0x8B,0x58, + 0xAE,0x1E,0xA6,0x9C,0xE0,0xCC,0x26,0xE4,0x80,0xD2,0x2A,0x22,0xC3,0x7D,0xE6,0x91, + 0x1F,0x7B,0x6C,0xDD,0x1F,0x6D,0x65,0xF9,0xEE,0x03,0x4D,0xE0,0x8C,0x4A,0xF0,0x6F, + 0x05,0xBB,0xF6,0xD7,0x8A,0x73,0x3C,0xC2,0x0C,0x73,0x4C,0x2C,0x89,0x33,0x5B,0x67, + 0x1E,0x97,0x60,0xB9,0xE8,0x46,0x09,0x5C,0xD0,0x44,0x9A,0xD1,0x88,0x00,0xF2,0x0F, + 0x79,0x5C,0x7B,0xFD,0xC5,0xE2,0xD2,0xA6,0x2C,0x1A,0x10,0x0A,0x70,0x78,0x75,0x20, + 0xD9,0x4C,0xB5,0xCF,0xF1,0x95,0x99,0xE9,0x71,0x7B,0xCD,0x51,0x1C,0x66,0x30,0x63, + 0x32,0xFF,0x78,0x12,0x1B,0x4A,0x44,0xB4,0xC5,0xF7,0x62,0xF5,0x00,0xCC,0x73,0x9B, + 0x41,0xBA,0xA5,0xDB,0x0C,0x85,0x7B,0xBC,0xCA,0xDB,0xC7,0xE9,0x11,0xB6,0x73,0x45, + 0x38,0xC6,0xF5,0x75,0x2B,0x40,0x18,0xA9,0xBE,0xAA,0x9D,0xA4,0x45,0x9A,0xED,0xB4, + 0x95,0xAB,0x53,0x3A,0x44,0x31,0xF3,0xC0,0x09,0x25,0x2E,0x15,0x06,0x12,0x13,0x11, + 0xB0,0x6B,0x0C,0xF2,0xD3,0xD1,0x68,0xAB,0x7C,0xFA,0xBC,0xD4,0x5C,0xEB,0xE8,0x24, + 0x99,0xE2,0xC5,0xD5,0x34,0xD3,0x72,0x2F,0xF1,0xEB,0x9C,0x52,0x8F,0x66,0xB2,0x05, + 0x76,0xDB,0xC2,0x8E,0x6F,0x32,0xE8,0x0A,0xD6,0xC5,0xAB,0x1E,0x78,0xF7,0x1D,0x24, + 0x1E,0xE8,0x9D,0x60,0xDA,0xDB,0xBA,0x01,0xFF,0x72,0x5B,0x11,0xE6,0xA5,0x9F,0xBA, + 0x11,0xCB,0x4F,0xA0,0x78,0xF7,0x8A,0x14,0x70,0x50,0x0B,0xAF,0x47,0xB3,0x52,0x72, +}; + +/* subject:/C=CH/L=Baden/O=ABB Information Systems Ltd./CN=pki.abb.com */ +/* issuer :/C=CH/L=Zurich/O=ABB/CN=ABB Issuing CA 6 */ +unsigned char _ABB_PKI_cert[1889]={ + 0x30,0x82,0x07,0x5D,0x30,0x82,0x06,0x45,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x1A, + 0xDF,0xD6,0x2B,0x00,0x00,0x00,0x00,0x00,0x4C,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x47,0x31,0x0B,0x30,0x09,0x06,0x03, + 0x55,0x04,0x06,0x13,0x02,0x43,0x48,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04,0x07, + 0x13,0x06,0x5A,0x75,0x72,0x69,0x63,0x68,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04, + 0x0A,0x13,0x03,0x41,0x42,0x42,0x31,0x19,0x30,0x17,0x06,0x03,0x55,0x04,0x03,0x13, + 0x10,0x41,0x42,0x42,0x20,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x20,0x43,0x41,0x20, + 0x36,0x30,0x1E,0x17,0x0D,0x31,0x35,0x30,0x33,0x30,0x36,0x31,0x34,0x32,0x38,0x34, + 0x37,0x5A,0x17,0x0D,0x31,0x37,0x30,0x38,0x32,0x32,0x31,0x34,0x32,0x38,0x34,0x37, + 0x5A,0x30,0x5A,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x43,0x48, + 0x31,0x0E,0x30,0x0C,0x06,0x03,0x55,0x04,0x07,0x13,0x05,0x42,0x61,0x64,0x65,0x6E, + 0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x0A,0x13,0x1C,0x41,0x42,0x42,0x20,0x49, + 0x6E,0x66,0x6F,0x72,0x6D,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x79,0x73,0x74,0x65, + 0x6D,0x73,0x20,0x4C,0x74,0x64,0x2E,0x31,0x14,0x30,0x12,0x06,0x03,0x55,0x04,0x03, + 0x13,0x0B,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01, + 0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00, + 0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA0,0x67, + 0x31,0xDC,0xE3,0x2F,0x44,0xA5,0xA1,0xFB,0x47,0xAD,0x4B,0x57,0xDE,0xE1,0x36,0x7E, + 0x7F,0x89,0xEB,0x85,0xB5,0x62,0x05,0x62,0x12,0x33,0xE9,0xDC,0xBA,0xD6,0x72,0x17, + 0x1C,0xFC,0xB3,0xFF,0x4A,0xE6,0xD1,0x84,0x70,0xDF,0x7E,0xAB,0xA9,0x14,0xD5,0x1E, + 0x18,0x82,0x87,0xEE,0x5F,0xC7,0xA7,0xE4,0xC3,0xC1,0xD2,0x15,0xE2,0xD8,0xCF,0x95, + 0xF9,0xDD,0xA4,0xD4,0xBE,0x9F,0xB1,0x8F,0x3C,0xCA,0xC2,0x53,0x67,0x8C,0x3D,0x35, + 0x8B,0x94,0x40,0xEC,0xF5,0xC6,0x9B,0xA4,0x63,0xBC,0xB5,0x30,0xA2,0x74,0xB9,0x25, + 0x62,0xE9,0x8D,0x47,0xC4,0xAE,0x5D,0xEB,0xF8,0x89,0x13,0x38,0x85,0x9E,0x9C,0x7C, + 0xF0,0x4B,0x27,0x43,0xC4,0x7D,0xEA,0x2E,0x48,0xD0,0x3F,0xCC,0x73,0xC6,0x7B,0x1F, + 0xBF,0xFB,0xCF,0x5A,0x0C,0x25,0xC0,0x4E,0x31,0xAA,0x9B,0xFF,0xFF,0x29,0x21,0x63, + 0xA1,0x51,0x81,0x49,0x69,0x6E,0x89,0x81,0x6C,0x41,0xC4,0x17,0xF0,0x65,0x3C,0xFD, + 0x4C,0x38,0x78,0x56,0x77,0xB8,0x7F,0x8C,0x3F,0x63,0x6A,0x90,0x1F,0x90,0x8F,0xD5, + 0x7A,0x3A,0xD6,0xE9,0xF8,0x5C,0xEC,0x32,0x6E,0xEB,0xFA,0x3B,0x3F,0x9A,0xFC,0xD3, + 0x87,0xBC,0xD9,0x2D,0xF5,0xC2,0xB7,0x15,0x8A,0x48,0x37,0x55,0x10,0x5D,0x6F,0x32, + 0xE3,0x6D,0xF0,0x79,0xAF,0xE9,0xDC,0xB1,0xAF,0xC6,0x89,0xE0,0x32,0x2E,0xBC,0x70, + 0x07,0x2F,0xE6,0xFB,0xF6,0xCB,0x8A,0x90,0x7E,0x23,0x46,0x7A,0xBF,0x5E,0x07,0x87, + 0xDD,0xC5,0x77,0xF4,0xEB,0x8B,0x82,0x73,0x9E,0xE6,0x11,0xB8,0xF1,0xBB,0x02,0x03, + 0x01,0x00,0x01,0xA3,0x82,0x04,0x36,0x30,0x82,0x04,0x32,0x30,0x0B,0x06,0x03,0x55, + 0x1D,0x0F,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04, + 0x16,0x04,0x14,0x07,0xF0,0xC8,0x84,0x00,0x5D,0x67,0x88,0xA7,0xC0,0xD0,0x02,0x48, + 0x38,0xF3,0xEF,0x1B,0xAE,0xBD,0x28,0x30,0x16,0x06,0x03,0x55,0x1D,0x11,0x04,0x0F, + 0x30,0x0D,0x82,0x0B,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x30, + 0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x21,0x98,0x16,0xBF, + 0x7A,0x05,0x77,0xA6,0xAD,0xB7,0x7A,0x52,0xD4,0x9E,0x04,0x54,0xB0,0xFE,0xCC,0x51, + 0x30,0x82,0x01,0x62,0x06,0x03,0x55,0x1D,0x1F,0x04,0x82,0x01,0x59,0x30,0x82,0x01, + 0x55,0x30,0x82,0x01,0x51,0xA0,0x82,0x01,0x4D,0xA0,0x82,0x01,0x49,0x86,0x28,0x68, + 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62, + 0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x41,0x42,0x42,0x49,0x73,0x73,0x75,0x69,0x6E,0x67, + 0x43,0x41,0x36,0x2E,0x63,0x72,0x6C,0x86,0x81,0xA5,0x6C,0x64,0x61,0x70,0x3A,0x2F, + 0x2F,0x2F,0x43,0x4E,0x3D,0x41,0x42,0x42,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x43, + 0x41,0x36,0x2C,0x43,0x4E,0x3D,0x43,0x44,0x50,0x2C,0x43,0x4E,0x3D,0x50,0x75,0x62, + 0x6C,0x69,0x63,0x25,0x32,0x30,0x4B,0x65,0x79,0x25,0x32,0x30,0x53,0x65,0x72,0x76, + 0x69,0x63,0x65,0x73,0x2C,0x43,0x4E,0x3D,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73, + 0x2C,0x43,0x4E,0x3D,0x43,0x6F,0x6E,0x66,0x69,0x67,0x75,0x72,0x61,0x74,0x69,0x6F, + 0x6E,0x2C,0x44,0x43,0x3D,0x61,0x62,0x62,0x2C,0x44,0x43,0x3D,0x63,0x6F,0x6D,0x3F, + 0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x52,0x65,0x76,0x6F,0x63, + 0x61,0x74,0x69,0x6F,0x6E,0x4C,0x69,0x73,0x74,0x3F,0x62,0x61,0x73,0x65,0x3F,0x6F, + 0x62,0x6A,0x65,0x63,0x74,0x43,0x6C,0x61,0x73,0x73,0x3D,0x63,0x52,0x4C,0x44,0x69, + 0x73,0x74,0x72,0x69,0x62,0x75,0x74,0x69,0x6F,0x6E,0x50,0x6F,0x69,0x6E,0x74,0x86, + 0x75,0x6C,0x64,0x61,0x70,0x3A,0x2F,0x2F,0x63,0x72,0x6C,0x2E,0x70,0x6B,0x69,0x2E, + 0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x4E,0x3D,0x41,0x42,0x42,0x49,0x73, + 0x73,0x75,0x69,0x6E,0x67,0x43,0x41,0x36,0x2C,0x43,0x4E,0x3D,0x43,0x44,0x50,0x2C, + 0x43,0x4E,0x3D,0x50,0x4B,0x49,0x3F,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61, + 0x74,0x65,0x52,0x65,0x76,0x6F,0x63,0x61,0x74,0x69,0x6F,0x6E,0x4C,0x69,0x73,0x74, + 0x3F,0x62,0x61,0x73,0x65,0x3F,0x6F,0x62,0x6A,0x65,0x63,0x74,0x43,0x6C,0x61,0x73, + 0x73,0x3D,0x63,0x52,0x4C,0x44,0x69,0x73,0x74,0x72,0x69,0x62,0x75,0x74,0x69,0x6F, + 0x6E,0x50,0x6F,0x69,0x6E,0x74,0x30,0x82,0x01,0x95,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x01,0x01,0x04,0x82,0x01,0x87,0x30,0x82,0x01,0x83,0x30,0x34,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x28,0x68,0x74,0x74,0x70,0x3A,0x2F, + 0x2F,0x61,0x69,0x61,0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D, + 0x2F,0x41,0x42,0x42,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x43,0x41,0x36,0x2E,0x63, + 0x72,0x74,0x30,0x81,0xA8,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86, + 0x81,0x9B,0x6C,0x64,0x61,0x70,0x3A,0x2F,0x2F,0x2F,0x43,0x4E,0x3D,0x41,0x42,0x42, + 0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x43,0x41,0x36,0x2C,0x43,0x4E,0x3D,0x41,0x49, + 0x41,0x2C,0x43,0x4E,0x3D,0x50,0x75,0x62,0x6C,0x69,0x63,0x25,0x32,0x30,0x4B,0x65, + 0x79,0x25,0x32,0x30,0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x2C,0x43,0x4E,0x3D, + 0x53,0x65,0x72,0x76,0x69,0x63,0x65,0x73,0x2C,0x43,0x4E,0x3D,0x43,0x6F,0x6E,0x66, + 0x69,0x67,0x75,0x72,0x61,0x74,0x69,0x6F,0x6E,0x2C,0x44,0x43,0x3D,0x61,0x62,0x62, + 0x2C,0x44,0x43,0x3D,0x63,0x6F,0x6D,0x3F,0x63,0x41,0x43,0x65,0x72,0x74,0x69,0x66, + 0x69,0x63,0x61,0x74,0x65,0x3F,0x62,0x61,0x73,0x65,0x3F,0x6F,0x62,0x6A,0x65,0x63, + 0x74,0x43,0x6C,0x61,0x73,0x73,0x3D,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61, + 0x74,0x69,0x6F,0x6E,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x77,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x6B,0x6C,0x64,0x61,0x70,0x3A, + 0x2F,0x2F,0x61,0x69,0x61,0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F, + 0x6D,0x2F,0x43,0x4E,0x3D,0x41,0x42,0x42,0x49,0x73,0x73,0x75,0x69,0x6E,0x67,0x43, + 0x41,0x36,0x2C,0x43,0x4E,0x3D,0x41,0x49,0x41,0x2C,0x43,0x4E,0x3D,0x50,0x4B,0x49, + 0x3F,0x63,0x41,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x3F,0x62, + 0x61,0x73,0x65,0x3F,0x6F,0x62,0x6A,0x65,0x63,0x74,0x43,0x6C,0x61,0x73,0x73,0x3D, + 0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F,0x6E,0x41,0x75,0x74, + 0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x27,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x30,0x01,0x86,0x1B,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x61,0x69,0x61,0x2E,0x70, + 0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x6F,0x63,0x73,0x70,0x30, + 0x3C,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x07,0x04,0x2F,0x30,0x2D, + 0x06,0x25,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x08,0xC7,0xA8,0x26,0x86,0xB0, + 0x84,0x7A,0x86,0xB5,0x8B,0x0A,0x82,0xEA,0x8D,0x6A,0x84,0x8F,0xAD,0x21,0x29,0x84, + 0xF3,0x8F,0x08,0x86,0xCE,0xF7,0x0F,0x02,0x01,0x64,0x02,0x01,0x16,0x30,0x1D,0x06, + 0x03,0x55,0x1D,0x25,0x04,0x16,0x30,0x14,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x03,0x02,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x46,0x06,0x03, + 0x55,0x1D,0x20,0x04,0x3F,0x30,0x3D,0x30,0x3B,0x06,0x0C,0x2B,0x06,0x01,0x04,0x01, + 0x81,0xD7,0x07,0x01,0x14,0x0A,0x02,0x30,0x2B,0x30,0x29,0x06,0x08,0x2B,0x06,0x01, + 0x05,0x05,0x07,0x02,0x01,0x16,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x70, + 0x2E,0x70,0x6B,0x69,0x2E,0x61,0x62,0x62,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x41,0x36, + 0x5F,0x53,0x53,0x4C,0x30,0x27,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15, + 0x0A,0x04,0x1A,0x30,0x18,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03, + 0x02,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x0D,0x06, + 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01, + 0x00,0x24,0xB7,0xBE,0x08,0xA4,0x97,0x8C,0x78,0x49,0xC7,0x93,0xB9,0x04,0x18,0xAB, + 0x11,0x00,0x39,0xFB,0xA0,0xBE,0xC3,0x39,0xBA,0x04,0x5F,0x3F,0xFE,0xA4,0x6C,0x79, + 0xF2,0xD9,0x00,0xC6,0xE0,0x55,0x7B,0xBE,0x93,0xC2,0x46,0x7B,0xFA,0x9E,0x8D,0xDC, + 0xA8,0x10,0x54,0xBF,0xC2,0x3F,0xC4,0xB1,0xFD,0x30,0xC2,0x27,0xBC,0x38,0x8D,0xAE, + 0x66,0xF4,0xE9,0x62,0x50,0x54,0x4F,0xCD,0x7A,0x2B,0x67,0x17,0xA0,0xA0,0x7E,0x03, + 0xE6,0xA6,0x68,0x0A,0x1B,0xD3,0x5E,0x7D,0xEC,0xF0,0x12,0x89,0xDF,0x3D,0xA5,0xB9, + 0xAC,0xA4,0x9D,0x62,0x3A,0x99,0x9B,0x67,0xA8,0xD9,0xCE,0x11,0xA7,0xCB,0xE4,0xED, + 0x81,0x3F,0xE4,0xDD,0xE7,0xE2,0x0C,0xEB,0x27,0x1E,0x1B,0xEE,0xA2,0x03,0x32,0x79, + 0xA3,0x43,0x50,0xBD,0x7D,0x17,0xE1,0x42,0x8F,0x3D,0x20,0x81,0xC9,0xE3,0x58,0x27, + 0xEC,0x94,0xA9,0xDA,0xC6,0x23,0xF1,0x31,0xF7,0x47,0xCF,0x48,0x9B,0xFE,0xC2,0x09, + 0xAA,0x41,0xFE,0xDE,0x51,0x2B,0x1F,0xBB,0xD1,0xA4,0x62,0xF7,0xA2,0x2C,0x9B,0x4B, + 0x3D,0xD5,0xB5,0x47,0x39,0xA1,0x43,0x9C,0x6B,0xDA,0x78,0x63,0x81,0xC4,0xA1,0x93, + 0x93,0xB9,0xB6,0xA5,0xC7,0xD5,0xA5,0x47,0xF5,0x47,0xC8,0x7F,0xF7,0x4C,0xE8,0x97, + 0xA1,0x99,0xAD,0x78,0x54,0x09,0xF7,0xB7,0xF5,0x2B,0x05,0x1F,0x38,0x32,0xEE,0x4A, + 0x1D,0xCC,0x63,0xE1,0x1A,0xB6,0xA6,0x67,0x4B,0xC6,0xC4,0xB9,0xA6,0x97,0xB3,0x41, + 0xD3,0x5C,0xBC,0xEB,0xD3,0x18,0xBD,0xFB,0x68,0x1C,0xC2,0xEF,0xEC,0x1B,0x06,0xFC, + 0xF0, +}; + +/* subject:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */ +/* issuer :/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */ +unsigned char _bechtel_root[891]={ + 0x30,0x82,0x03,0x77,0x30,0x82,0x02,0x5F,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x02, + 0x00,0x00,0xB9,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05, + 0x05,0x00,0x30,0x5A,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49, + 0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x42,0x61,0x6C,0x74, + 0x69,0x6D,0x6F,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x13,0x0A, + 0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03, + 0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x20,0x43, + 0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6F,0x6F,0x74,0x30,0x1E, + 0x17,0x0D,0x30,0x30,0x30,0x35,0x31,0x32,0x31,0x38,0x34,0x36,0x30,0x30,0x5A,0x17, + 0x0D,0x32,0x35,0x30,0x35,0x31,0x32,0x32,0x33,0x35,0x39,0x30,0x30,0x5A,0x30,0x5A, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49,0x45,0x31,0x12,0x30, + 0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72, + 0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x13,0x0A,0x43,0x79,0x62,0x65, + 0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x13, + 0x19,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x20,0x43,0x79,0x62,0x65,0x72, + 0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6F,0x6F,0x74,0x30,0x82,0x01,0x22,0x30,0x0D, + 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01, + 0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xA3,0x04,0xBB,0x22,0xAB, + 0x98,0x3D,0x57,0xE8,0x26,0x72,0x9A,0xB5,0x79,0xD4,0x29,0xE2,0xE1,0xE8,0x95,0x80, + 0xB1,0xB0,0xE3,0x5B,0x8E,0x2B,0x29,0x9A,0x64,0xDF,0xA1,0x5D,0xED,0xB0,0x09,0x05, + 0x6D,0xDB,0x28,0x2E,0xCE,0x62,0xA2,0x62,0xFE,0xB4,0x88,0xDA,0x12,0xEB,0x38,0xEB, + 0x21,0x9D,0xC0,0x41,0x2B,0x01,0x52,0x7B,0x88,0x77,0xD3,0x1C,0x8F,0xC7,0xBA,0xB9, + 0x88,0xB5,0x6A,0x09,0xE7,0x73,0xE8,0x11,0x40,0xA7,0xD1,0xCC,0xCA,0x62,0x8D,0x2D, + 0xE5,0x8F,0x0B,0xA6,0x50,0xD2,0xA8,0x50,0xC3,0x28,0xEA,0xF5,0xAB,0x25,0x87,0x8A, + 0x9A,0x96,0x1C,0xA9,0x67,0xB8,0x3F,0x0C,0xD5,0xF7,0xF9,0x52,0x13,0x2F,0xC2,0x1B, + 0xD5,0x70,0x70,0xF0,0x8F,0xC0,0x12,0xCA,0x06,0xCB,0x9A,0xE1,0xD9,0xCA,0x33,0x7A, + 0x77,0xD6,0xF8,0xEC,0xB9,0xF1,0x68,0x44,0x42,0x48,0x13,0xD2,0xC0,0xC2,0xA4,0xAE, + 0x5E,0x60,0xFE,0xB6,0xA6,0x05,0xFC,0xB4,0xDD,0x07,0x59,0x02,0xD4,0x59,0x18,0x98, + 0x63,0xF5,0xA5,0x63,0xE0,0x90,0x0C,0x7D,0x5D,0xB2,0x06,0x7A,0xF3,0x85,0xEA,0xEB, + 0xD4,0x03,0xAE,0x5E,0x84,0x3E,0x5F,0xFF,0x15,0xED,0x69,0xBC,0xF9,0x39,0x36,0x72, + 0x75,0xCF,0x77,0x52,0x4D,0xF3,0xC9,0x90,0x2C,0xB9,0x3D,0xE5,0xC9,0x23,0x53,0x3F, + 0x1F,0x24,0x98,0x21,0x5C,0x07,0x99,0x29,0xBD,0xC6,0x3A,0xEC,0xE7,0x6E,0x86,0x3A, + 0x6B,0x97,0x74,0x63,0x33,0xBD,0x68,0x18,0x31,0xF0,0x78,0x8D,0x76,0xBF,0xFC,0x9E, + 0x8E,0x5D,0x2A,0x86,0xA7,0x4D,0x90,0xDC,0x27,0x1A,0x39,0x02,0x03,0x01,0x00,0x01, + 0xA3,0x45,0x30,0x43,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xE5, + 0x9D,0x59,0x30,0x82,0x47,0x58,0xCC,0xAC,0xFA,0x08,0x54,0x36,0x86,0x7B,0x3A,0xB5, + 0x04,0x4D,0xF0,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30, + 0x06,0x01,0x01,0xFF,0x02,0x01,0x03,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01, + 0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x05,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x85,0x0C,0x5D,0x8E,0xE4, + 0x6F,0x51,0x68,0x42,0x05,0xA0,0xDD,0xBB,0x4F,0x27,0x25,0x84,0x03,0xBD,0xF7,0x64, + 0xFD,0x2D,0xD7,0x30,0xE3,0xA4,0x10,0x17,0xEB,0xDA,0x29,0x29,0xB6,0x79,0x3F,0x76, + 0xF6,0x19,0x13,0x23,0xB8,0x10,0x0A,0xF9,0x58,0xA4,0xD4,0x61,0x70,0xBD,0x04,0x61, + 0x6A,0x12,0x8A,0x17,0xD5,0x0A,0xBD,0xC5,0xBC,0x30,0x7C,0xD6,0xE9,0x0C,0x25,0x8D, + 0x86,0x40,0x4F,0xEC,0xCC,0xA3,0x7E,0x38,0xC6,0x37,0x11,0x4F,0xED,0xDD,0x68,0x31, + 0x8E,0x4C,0xD2,0xB3,0x01,0x74,0xEE,0xBE,0x75,0x5E,0x07,0x48,0x1A,0x7F,0x70,0xFF, + 0x16,0x5C,0x84,0xC0,0x79,0x85,0xB8,0x05,0xFD,0x7F,0xBE,0x65,0x11,0xA3,0x0F,0xC0, + 0x02,0xB4,0xF8,0x52,0x37,0x39,0x04,0xD5,0xA9,0x31,0x7A,0x18,0xBF,0xA0,0x2A,0xF4, + 0x12,0x99,0xF7,0xA3,0x45,0x82,0xE3,0x3C,0x5E,0xF5,0x9D,0x9E,0xB5,0xC8,0x9E,0x7C, + 0x2E,0xC8,0xA4,0x9E,0x4E,0x08,0x14,0x4B,0x6D,0xFD,0x70,0x6D,0x6B,0x1A,0x63,0xBD, + 0x64,0xE6,0x1F,0xB7,0xCE,0xF0,0xF2,0x9F,0x2E,0xBB,0x1B,0xB7,0xF2,0x50,0x88,0x73, + 0x92,0xC2,0xE2,0xE3,0x16,0x8D,0x9A,0x32,0x02,0xAB,0x8E,0x18,0xDD,0xE9,0x10,0x11, + 0xEE,0x7E,0x35,0xAB,0x90,0xAF,0x3E,0x30,0x94,0x7A,0xD0,0x33,0x3D,0xA7,0x65,0x0F, + 0xF5,0xFC,0x8E,0x9E,0x62,0xCF,0x47,0x44,0x2C,0x01,0x5D,0xBB,0x1D,0xB5,0x32,0xD2, + 0x47,0xD2,0x38,0x2E,0xD0,0xFE,0x81,0xDC,0x32,0x6A,0x1E,0xB5,0xEE,0x3C,0xD5,0xFC, + 0xE7,0x81,0x1D,0x19,0xC3,0x24,0x42,0xEA,0x63,0x39,0xA9, +}; + +/* subject:/C=US/O=Bechtel Corporation/OU=Information Security/CN=Bechtel External Policy CA 1 */ +/* issuer :/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root */ +unsigned char _bechtel_int1[2057]={ + 0x30,0x82,0x08,0x05,0x30,0x82,0x06,0xED,0xA0,0x03,0x02,0x01,0x02,0x02,0x04,0x07, + 0x27,0xC9,0x87,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B, + 0x05,0x00,0x30,0x5A,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x49, + 0x45,0x31,0x12,0x30,0x10,0x06,0x03,0x55,0x04,0x0A,0x13,0x09,0x42,0x61,0x6C,0x74, + 0x69,0x6D,0x6F,0x72,0x65,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0B,0x13,0x0A, + 0x43,0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x31,0x22,0x30,0x20,0x06,0x03, + 0x55,0x04,0x03,0x13,0x19,0x42,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x20,0x43, + 0x79,0x62,0x65,0x72,0x54,0x72,0x75,0x73,0x74,0x20,0x52,0x6F,0x6F,0x74,0x30,0x1E, + 0x17,0x0D,0x31,0x35,0x30,0x33,0x31,0x38,0x31,0x37,0x34,0x31,0x33,0x32,0x5A,0x17, + 0x0D,0x32,0x32,0x30,0x33,0x31,0x38,0x31,0x37,0x34,0x31,0x31,0x30,0x5A,0x30,0x71, + 0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1C,0x30, + 0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20, + 0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D,0x30,0x1B,0x06, + 0x03,0x55,0x04,0x0B,0x13,0x14,0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61,0x74,0x69,0x6F, + 0x6E,0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x31,0x25,0x30,0x23,0x06,0x03, + 0x55,0x04,0x03,0x13,0x1C,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x45,0x78,0x74, + 0x65,0x72,0x6E,0x61,0x6C,0x20,0x50,0x6F,0x6C,0x69,0x63,0x79,0x20,0x43,0x41,0x20, + 0x31,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, + 0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01, + 0x01,0x00,0xAD,0x18,0x32,0x22,0xCB,0x4E,0x4E,0x2D,0x8E,0x2D,0xA4,0x1B,0x5E,0x85, + 0x63,0x9E,0xF3,0x89,0x3A,0x8A,0x1B,0x85,0x9E,0x59,0xCD,0xB1,0xCC,0x31,0x6D,0x66, + 0x20,0xB6,0xA9,0xF9,0xEC,0xD2,0x9D,0x19,0x0B,0x1E,0xEA,0x31,0x2B,0x51,0x4B,0x41, + 0x18,0x9C,0x27,0xB0,0xA4,0x08,0x76,0x92,0xE8,0xF4,0x42,0xE6,0xBF,0x11,0x0D,0xF8, + 0xF8,0xD2,0x17,0xB8,0x6A,0xAB,0xDA,0x0E,0x50,0xE3,0x93,0xC5,0xE9,0x89,0x7B,0x2B, + 0xD7,0xD1,0x69,0xD1,0x71,0x6D,0xE1,0x7F,0x70,0x0D,0x26,0xED,0x4D,0xC7,0x3A,0xBA, + 0xAC,0x74,0x39,0x18,0x15,0x8C,0x06,0x4C,0x8F,0xA1,0x27,0xA8,0x39,0x65,0xE1,0x08, + 0xDE,0x7E,0x1B,0xF9,0x59,0x27,0x0A,0xCC,0x7A,0xD8,0xD4,0x48,0x37,0x74,0x4E,0x58, + 0xAA,0x7B,0x5A,0xD3,0x67,0x15,0x4D,0x66,0xF7,0x86,0xE2,0x8F,0x9E,0xB5,0x19,0x73, + 0x5B,0x7E,0xA8,0x6F,0x3C,0xE2,0x9C,0x27,0xD2,0xCC,0x7C,0x2B,0xB9,0x50,0x6D,0xF0, + 0x12,0x14,0x47,0x07,0x8B,0xA6,0x7D,0x9F,0xD2,0xCE,0x16,0x77,0x97,0x63,0x37,0x0E, + 0xED,0x98,0x09,0xC5,0xF1,0x6A,0x45,0x89,0xCC,0x72,0xE5,0xD3,0xEB,0xEB,0x86,0x4E, + 0xE3,0x13,0x77,0x05,0x36,0xAC,0x1F,0x9D,0x9F,0xD7,0x0F,0x67,0xBE,0x0D,0xDC,0x40, + 0x2D,0xB8,0xBA,0xF5,0x21,0x0D,0xF4,0x9E,0x2C,0x18,0x58,0x0E,0xB1,0x95,0x08,0x8B, + 0xBC,0x5A,0x9D,0xFE,0x1D,0x45,0x57,0xD2,0x62,0x5B,0x91,0xB2,0x02,0x42,0xB8,0x17, + 0x7E,0x7D,0x18,0xAE,0x46,0xF4,0xA4,0x22,0xFC,0x91,0xEB,0xB8,0xBE,0x11,0x6C,0x08, + 0xC9,0x6B,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x04,0xBA,0x30,0x82,0x04,0xB6,0x30, + 0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08,0x30,0x06,0x01,0x01,0xFF, + 0x02,0x01,0x01,0x30,0x6F,0x06,0x03,0x55,0x1D,0x20,0x04,0x68,0x30,0x66,0x30,0x48, + 0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0xB1,0x3E,0x01,0x00,0x30,0x3B,0x30,0x39,0x06, + 0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,0x16,0x2D,0x68,0x74,0x74,0x70,0x3A, + 0x2F,0x2F,0x63,0x79,0x62,0x65,0x72,0x74,0x72,0x75,0x73,0x74,0x2E,0x6F,0x6D,0x6E, + 0x69,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x6F,0x6D,0x2F,0x72,0x65,0x70,0x6F,0x73,0x69, + 0x74,0x6F,0x72,0x79,0x2E,0x63,0x66,0x6D,0x30,0x0C,0x06,0x0A,0x2B,0x06,0x01,0x04, + 0x01,0xFD,0x52,0x02,0x05,0x01,0x30,0x0C,0x06,0x0A,0x2B,0x06,0x01,0x04,0x01,0xFD, + 0x52,0x02,0x05,0x02,0x30,0x82,0x03,0x22,0x06,0x03,0x55,0x1D,0x1E,0x04,0x82,0x03, + 0x19,0x30,0x82,0x03,0x15,0xA0,0x82,0x03,0x03,0x30,0x0C,0x82,0x0A,0x62,0x65,0x63, + 0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x82,0x0B,0x2E,0x62,0x65,0x63,0x70, + 0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x0B,0x82,0x09,0x6D,0x79,0x70,0x73,0x6E,0x2E, + 0x63,0x6F,0x6D,0x30,0x0C,0x82,0x0A,0x2E,0x6D,0x79,0x70,0x73,0x6E,0x2E,0x63,0x6F, + 0x6D,0x30,0x0E,0x82,0x0C,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F, + 0x6D,0x30,0x0F,0x82,0x0D,0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63, + 0x6F,0x6D,0x30,0x0D,0x82,0x0B,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F, + 0x6D,0x30,0x0E,0x82,0x0C,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F, + 0x6D,0x30,0x0E,0x82,0x0C,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x61,0x73,0x69, + 0x61,0x30,0x0F,0x82,0x0D,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x61,0x73, + 0x69,0x61,0x30,0x0F,0x82,0x0D,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F, + 0x2E,0x75,0x6B,0x30,0x10,0x82,0x0E,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E, + 0x63,0x6F,0x2E,0x75,0x6B,0x30,0x10,0x82,0x0E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C, + 0x2E,0x63,0x6F,0x6D,0x2E,0x61,0x75,0x30,0x11,0x82,0x0F,0x2E,0x62,0x65,0x63,0x68, + 0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2E,0x61,0x75,0x30,0x0D,0x82,0x0B,0x62,0x61, + 0x63,0x73,0x72,0x6D,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x82,0x0C,0x2E,0x62,0x61, + 0x63,0x73,0x72,0x6D,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x13,0x82,0x11,0x63,0x6E,0x73, + 0x74,0x72,0x61,0x6E,0x73,0x69,0x74,0x69,0x6F,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x14, + 0x82,0x12,0x2E,0x63,0x6E,0x73,0x74,0x72,0x61,0x6E,0x73,0x69,0x74,0x69,0x6F,0x6E, + 0x2E,0x63,0x6F,0x6D,0x30,0x11,0x82,0x0F,0x74,0x7A,0x62,0x70,0x61,0x72,0x74,0x6E, + 0x65,0x72,0x73,0x2E,0x63,0x6F,0x6D,0x30,0x12,0x82,0x10,0x2E,0x74,0x7A,0x62,0x70, + 0x61,0x72,0x74,0x6E,0x65,0x72,0x73,0x2E,0x63,0x6F,0x6D,0x30,0x13,0x82,0x11,0x63, + 0x74,0x69,0x2D,0x6D,0x6F,0x74,0x69,0x76,0x61,0x63,0x65,0x70,0x2E,0x63,0x6F,0x6D, + 0x30,0x14,0x82,0x12,0x2E,0x63,0x74,0x69,0x2D,0x6D,0x6F,0x74,0x69,0x76,0x61,0x63, + 0x65,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x1C,0x82,0x1A,0x62,0x65,0x63,0x68,0x74,0x65, + 0x6C,0x74,0x72,0x61,0x6E,0x73,0x69,0x74,0x70,0x61,0x72,0x74,0x6E,0x65,0x72,0x73, + 0x2E,0x63,0x6F,0x6D,0x30,0x1D,0x82,0x1B,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C, + 0x74,0x72,0x61,0x6E,0x73,0x69,0x74,0x70,0x61,0x72,0x74,0x6E,0x65,0x72,0x73,0x2E, + 0x63,0x6F,0x6D,0x30,0x62,0xA4,0x60,0x30,0x5E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55, + 0x04,0x06,0x13,0x02,0x41,0x55,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x08,0x13, + 0x03,0x51,0x4C,0x44,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x42, + 0x72,0x69,0x73,0x62,0x61,0x6E,0x65,0x31,0x2E,0x30,0x2C,0x06,0x03,0x55,0x04,0x0A, + 0x13,0x25,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x41,0x75,0x73,0x74,0x72,0x61, + 0x6C,0x69,0x61,0x20,0x50,0x72,0x6F,0x70,0x72,0x69,0x65,0x74,0x61,0x72,0x79,0x20, + 0x4C,0x69,0x6D,0x69,0x74,0x65,0x64,0x30,0x38,0xA4,0x36,0x30,0x34,0x31,0x0B,0x30, + 0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x47,0x42,0x31,0x0F,0x30,0x0D,0x06,0x03, + 0x55,0x04,0x07,0x13,0x06,0x4C,0x6F,0x6E,0x64,0x6F,0x6E,0x31,0x14,0x30,0x12,0x06, + 0x03,0x55,0x04,0x0A,0x13,0x0B,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x4C,0x74, + 0x64,0x30,0x54,0xA4,0x52,0x30,0x50,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06, + 0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x13,0x02,0x43, + 0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x07,0x13,0x0D,0x53,0x61,0x6E,0x20, + 0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55, + 0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70, + 0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x30,0x0C,0x82,0x0A,0x62,0x65,0x63,0x68,0x74, + 0x65,0x6C,0x2E,0x63,0x6C,0x30,0x0D,0x82,0x0B,0x2E,0x62,0x65,0x63,0x68,0x74,0x65, + 0x6C,0x2E,0x63,0x6C,0x30,0x0C,0x82,0x0A,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E, + 0x61,0x65,0x30,0x0D,0x82,0x0B,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x61, + 0x65,0x30,0x0B,0x82,0x09,0x62,0x62,0x65,0x68,0x63,0x2E,0x63,0x6F,0x6D,0x30,0x0C, + 0x82,0x0A,0x2E,0x62,0x62,0x65,0x68,0x63,0x2E,0x63,0x6F,0x6D,0xA1,0x0C,0x30,0x0A, + 0x87,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x42,0x06,0x08,0x2B,0x06, + 0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x36,0x30,0x34,0x30,0x32,0x06,0x08,0x2B,0x06, + 0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x26,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F, + 0x63,0x73,0x70,0x2E,0x6F,0x6D,0x6E,0x69,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x6F,0x6D, + 0x2F,0x62,0x61,0x6C,0x74,0x69,0x6D,0x6F,0x72,0x65,0x72,0x6F,0x6F,0x74,0x30,0x0E, + 0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x31, + 0x06,0x03,0x55,0x1D,0x25,0x04,0x2A,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05, + 0x07,0x03,0x01,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B, + 0x06,0x01,0x05,0x05,0x07,0x03,0x09,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03, + 0x0E,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xE5,0x9D, + 0x59,0x30,0x82,0x47,0x58,0xCC,0xAC,0xFA,0x08,0x54,0x36,0x86,0x7B,0x3A,0xB5,0x04, + 0x4D,0xF0,0x30,0x42,0x06,0x03,0x55,0x1D,0x1F,0x04,0x3B,0x30,0x39,0x30,0x37,0xA0, + 0x35,0xA0,0x33,0x86,0x31,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x64,0x70,0x31, + 0x2E,0x70,0x75,0x62,0x6C,0x69,0x63,0x2D,0x74,0x72,0x75,0x73,0x74,0x2E,0x63,0x6F, + 0x6D,0x2F,0x43,0x52,0x4C,0x2F,0x4F,0x6D,0x6E,0x69,0x72,0x6F,0x6F,0x74,0x32,0x30, + 0x32,0x35,0x2E,0x63,0x72,0x6C,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04, + 0x14,0x07,0x88,0x41,0xE1,0x68,0x1D,0x6B,0x15,0x64,0xEE,0x7C,0x4D,0xA1,0x8D,0xFA, + 0x67,0xC3,0x53,0x59,0x37,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, + 0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x4D,0x7E,0x6A,0x4C,0x46,0x5E,0x32, + 0x6E,0x8E,0x77,0x9E,0xD3,0x70,0x7F,0xE2,0x58,0x97,0xE2,0x10,0xB7,0x68,0xC8,0x8A, + 0xAC,0x89,0xD0,0x3A,0x9C,0x6F,0x64,0x3B,0xC8,0xC0,0xE5,0x3B,0x9F,0x2C,0xC1,0x0A, + 0x10,0x05,0x4C,0xEA,0x02,0xD1,0xEA,0x84,0xA1,0x2E,0x37,0x88,0xC6,0x26,0x9B,0x27, + 0xB4,0x71,0x7C,0xBE,0x78,0x81,0x54,0x1F,0xC3,0xEB,0xA3,0x21,0x1B,0x40,0x6A,0x7C, + 0x1D,0xDB,0xE7,0x71,0xD2,0xB3,0xB9,0x08,0x8A,0xA4,0x69,0xA4,0x93,0xB8,0xCC,0x97, + 0xA9,0xFC,0x11,0x09,0x81,0xEE,0x3E,0x95,0xBE,0xFD,0xC9,0xB0,0xD7,0x8C,0x06,0xBD, + 0xFD,0x1B,0xE1,0xA1,0xDA,0xF9,0xD0,0x08,0x81,0x19,0x64,0x30,0xCD,0x22,0xEE,0x51, + 0x09,0xD5,0xD9,0xF0,0x74,0x8A,0x53,0x70,0xA4,0xB4,0xB8,0x87,0x81,0xB8,0xC0,0x2A, + 0x5C,0xDE,0x4E,0x94,0xA9,0x05,0x86,0xD0,0x4B,0xC9,0x53,0xE9,0xD2,0x3D,0x43,0xB0, + 0xE8,0x30,0x4A,0xD9,0x0C,0x31,0x54,0x26,0x44,0xB9,0x3D,0x85,0x42,0xEB,0xA6,0xCD, + 0x39,0x7E,0xDD,0x88,0xA4,0x04,0xB5,0xB3,0x35,0x38,0x29,0xAD,0x89,0x4D,0x95,0x49, + 0x70,0x31,0xFF,0x9F,0x53,0xC0,0x1E,0x66,0x75,0xD5,0x1D,0x7B,0x37,0xB3,0x3D,0x87, + 0xEB,0xD7,0x55,0xEF,0x80,0xAD,0x3D,0xD4,0x02,0x2C,0x19,0x2F,0x5C,0x83,0x4A,0xC9, + 0xD3,0xF1,0x2B,0x92,0xB7,0x5A,0xBE,0x2B,0xAD,0x91,0x76,0xCC,0x6A,0xC5,0x8A,0xFE, + 0x55,0x49,0x72,0xFA,0x75,0x2C,0x9B,0xF6,0xD9,0xFF,0xAC,0xD0,0xCC,0x60,0xAB,0xA9, + 0x09,0x70,0x8A,0xCF,0xC3,0x11,0xCB,0x4F,0x50, +}; + +/* subject:/C=US/ST=CA/L=San Francisco/O=Bechtel Corporation/OU=Information Security/CN=IEXTCA-SSL.ibechtel.com */ +/* issuer :/C=US/O=Bechtel Corporation/OU=Information Security/CN=Bechtel External Policy CA 1 */ +/* X509v3 Subject Key Identifier: 76:BB:3A:B1:8F:D3:F9:E8:F2:65:60:C9:3B:9D:EE:BB:ED:46:76:EE */ +unsigned char _bechtel_int2a[1353]={ + 0x30,0x82,0x05,0x45,0x30,0x82,0x04,0x2D,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x61, + 0x2D,0x7E,0x8B,0x00,0x04,0x00,0x00,0x00,0x24,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x71,0x31,0x0B,0x30,0x09,0x06,0x03, + 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A, + 0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72, + 0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D,0x30,0x1B,0x06,0x03,0x55,0x04,0x0B,0x13,0x14, + 0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x63,0x75, + 0x72,0x69,0x74,0x79,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x03,0x13,0x1C,0x42, + 0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20, + 0x50,0x6F,0x6C,0x69,0x63,0x79,0x20,0x43,0x41,0x20,0x31,0x30,0x1E,0x17,0x0D,0x31, + 0x35,0x30,0x33,0x31,0x39,0x31,0x32,0x35,0x31,0x30,0x37,0x5A,0x17,0x0D,0x32,0x32, + 0x30,0x33,0x31,0x38,0x31,0x37,0x34,0x31,0x31,0x30,0x5A,0x30,0x81,0x91,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04, + 0x07,0x13,0x0D,0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F, + 0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74, + 0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D, + 0x30,0x1B,0x06,0x03,0x55,0x04,0x0B,0x13,0x14,0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61, + 0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x31,0x20,0x30, + 0x1E,0x06,0x03,0x55,0x04,0x03,0x13,0x17,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53, + 0x53,0x4C,0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30, + 0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01, + 0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00, + 0xCF,0x3E,0xCD,0xB4,0xFF,0xC3,0x66,0x2C,0x9E,0x83,0xB7,0x9A,0xD0,0xB7,0x59,0x3A, + 0x74,0xB4,0xCE,0x3C,0xF4,0x97,0x67,0x43,0xD1,0xCA,0xFE,0x90,0x7F,0x27,0x35,0x86, + 0x9D,0x70,0x4C,0x1A,0x3D,0xD1,0xFE,0xA1,0x98,0x75,0x1C,0x82,0xBF,0x67,0x5F,0xB2, + 0xE0,0xF8,0xA0,0x34,0x84,0x06,0x17,0x54,0x5B,0xA3,0x0D,0x3B,0x69,0x87,0x79,0xB3, + 0x4E,0xBE,0xCA,0x51,0x15,0xF5,0x1F,0x5D,0x22,0xAE,0x87,0xC9,0x2F,0xE3,0xB0,0x16, + 0xFA,0x84,0x90,0xB1,0xED,0xBD,0x71,0xD8,0xDA,0xD9,0xA4,0xCD,0xDF,0x66,0x54,0xB8, + 0x20,0xF8,0x5D,0x8C,0xA3,0xD5,0xC4,0xC3,0x68,0xFB,0x07,0xE6,0x5F,0x9F,0xC4,0x2E, + 0x26,0xA3,0x4E,0x53,0x8B,0xAB,0xE1,0x80,0x09,0xD1,0x29,0xC4,0x52,0xEA,0xD2,0xEA, + 0xF7,0x5D,0x24,0x5F,0x93,0x6D,0x2A,0x93,0x6B,0xF9,0x29,0x23,0x56,0x2D,0x3F,0x17, + 0x1B,0x5C,0xE8,0xA3,0xB4,0x8A,0xF1,0x86,0x06,0xF6,0xF6,0xB8,0x6A,0x34,0x6F,0x37, + 0x2C,0x4F,0x81,0x1C,0xDF,0x7D,0xD5,0x05,0x10,0xB3,0x93,0x7B,0x2B,0xD7,0xF2,0x9C, + 0xD9,0x2E,0xC0,0xB3,0x14,0x37,0x9E,0x79,0xEF,0x40,0x17,0x7A,0xF9,0x28,0x7C,0x6F, + 0x29,0x48,0xDE,0x22,0x8A,0xDB,0x57,0x5D,0x52,0xE8,0xC5,0x95,0xD8,0xC0,0x6A,0x63, + 0xFD,0x36,0x7A,0xE6,0xA6,0x76,0x2E,0x35,0x8B,0xD5,0x50,0xEB,0xC1,0xA7,0x74,0x3D, + 0x15,0x0E,0x7D,0xEA,0xA4,0xD6,0xA9,0xA1,0x73,0xE8,0xD0,0x91,0x0F,0x77,0x10,0x7F, + 0x33,0x8F,0x66,0x1F,0x6E,0x1B,0x41,0xF8,0xC1,0x58,0xA8,0x94,0x31,0x2C,0xEA,0x8F, + 0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0xBC,0x30,0x82,0x01,0xB8,0x30,0x0B,0x06, + 0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x12,0x06,0x09,0x2B,0x06, + 0x01,0x04,0x01,0x82,0x37,0x15,0x01,0x04,0x05,0x02,0x03,0x01,0x00,0x01,0x30,0x23, + 0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x02,0x04,0x16,0x04,0x14,0x3F, + 0xB2,0xF0,0xC3,0x5A,0xC6,0xBA,0xC1,0x34,0xFD,0xBD,0x81,0x03,0xFC,0x0B,0x0E,0x17, + 0xB1,0x66,0x73,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x76,0xBB, + 0x3A,0xB1,0x8F,0xD3,0xF9,0xE8,0xF2,0x65,0x60,0xC9,0x3B,0x9D,0xEE,0xBB,0xED,0x46, + 0x76,0xEE,0x30,0x25,0x06,0x03,0x55,0x1D,0x20,0x04,0x1E,0x30,0x1C,0x30,0x0C,0x06, + 0x0A,0x2B,0x06,0x01,0x04,0x01,0xFD,0x52,0x02,0x05,0x01,0x30,0x0C,0x06,0x0A,0x2B, + 0x06,0x01,0x04,0x01,0xFD,0x52,0x02,0x05,0x02,0x30,0x19,0x06,0x09,0x2B,0x06,0x01, + 0x04,0x01,0x82,0x37,0x14,0x02,0x04,0x0C,0x1E,0x0A,0x00,0x53,0x00,0x75,0x00,0x62, + 0x00,0x43,0x00,0x41,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08, + 0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04, + 0x18,0x30,0x16,0x80,0x14,0x07,0x88,0x41,0xE1,0x68,0x1D,0x6B,0x15,0x64,0xEE,0x7C, + 0x4D,0xA1,0x8D,0xFA,0x67,0xC3,0x53,0x59,0x37,0x30,0x61,0x06,0x03,0x55,0x1D,0x1F, + 0x04,0x5A,0x30,0x58,0x30,0x56,0xA0,0x54,0xA0,0x52,0x86,0x50,0x68,0x74,0x74,0x70, + 0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x61,0x75,0x74,0x68,0x2E,0x62,0x65,0x63,0x68, + 0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x65,0x72,0x74,0x44,0x61,0x74,0x61, + 0x2F,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72, + 0x6E,0x61,0x6C,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43, + 0x41,0x25,0x32,0x30,0x31,0x28,0x34,0x29,0x2E,0x63,0x72,0x6C,0x30,0x77,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x6B,0x30,0x69,0x30,0x67,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x5B,0x68,0x74,0x74,0x70,0x3A,0x2F, + 0x2F,0x63,0x65,0x72,0x74,0x61,0x75,0x74,0x68,0x2E,0x62,0x65,0x63,0x68,0x74,0x65, + 0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x65,0x72,0x74,0x44,0x61,0x74,0x61,0x2F,0x70, + 0x6F,0x6C,0x65,0x78,0x74,0x63,0x61,0x30,0x31,0x5F,0x42,0x65,0x63,0x68,0x74,0x65, + 0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x50, + 0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x31,0x28,0x34, + 0x29,0x2E,0x63,0x72,0x74,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, + 0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x38,0xC9,0xFE,0x7A,0xEF,0xF0,0xD8, + 0x24,0x69,0x11,0x68,0x81,0x31,0xEC,0x1C,0x8A,0x9C,0xD9,0x77,0xF6,0xFD,0xC7,0x2E, + 0xAC,0x46,0x6A,0xA8,0xB9,0xD7,0x7F,0xB2,0xC7,0x99,0x2D,0xDF,0xFD,0x8D,0x09,0x89, + 0x54,0x02,0xB4,0x4D,0xA2,0x8A,0x2B,0xC2,0x2F,0x3F,0xBB,0x8C,0x23,0x57,0xC6,0x06, + 0xC0,0x7E,0x2C,0x08,0xEB,0x6A,0x1B,0x04,0x3A,0x89,0xAC,0x20,0x44,0x97,0x85,0x79, + 0x59,0x72,0x8A,0xFF,0x9C,0x77,0x49,0x3E,0x3B,0xAF,0x75,0xA1,0x24,0xFC,0xD7,0x1C, + 0xAC,0xDE,0x95,0x7F,0x8E,0x50,0x7B,0xED,0x7B,0x6D,0x6C,0x28,0xB7,0x74,0x5F,0x15, + 0x5B,0x64,0x93,0x2E,0xD6,0x4F,0x05,0xFA,0x5A,0x32,0xD1,0x0C,0x7C,0x33,0x4A,0x99, + 0xAF,0xAB,0xC2,0x2A,0x0C,0x9A,0x76,0x54,0xBE,0xF9,0x6B,0xC7,0x65,0x44,0x7F,0xC8, + 0x73,0xE4,0xFB,0x94,0x9C,0x53,0xAF,0xD0,0x66,0xA9,0xF9,0x0D,0xD6,0x26,0x5A,0xBD, + 0x2E,0xE9,0xE2,0xFC,0x8C,0x9D,0x78,0x56,0xE8,0xBF,0x87,0xFE,0x3C,0x79,0x41,0x9B, + 0xA6,0xBB,0x90,0x92,0x53,0xCC,0x3C,0x84,0x5E,0x14,0x9D,0x3E,0x4F,0x4E,0x80,0x63, + 0x4F,0x11,0xFC,0xDF,0x86,0xE3,0x0B,0x03,0x4C,0x41,0x88,0x91,0xE5,0x51,0x0A,0x77, + 0x12,0x2F,0x9F,0x5B,0xC5,0x19,0x41,0x96,0xA7,0xA1,0x72,0x11,0x46,0x59,0x4C,0xCB, + 0xC7,0x2E,0xF8,0xD5,0x11,0xF8,0x6A,0xB1,0x3A,0x3E,0x37,0x2E,0xA2,0x93,0x75,0xF5, + 0x9B,0xE7,0xFA,0xAC,0xB1,0x9D,0xE2,0x76,0x6C,0x6F,0xDE,0x62,0xEE,0x9F,0x26,0x51, + 0x38,0x17,0xB2,0x39,0x85,0x14,0x42,0x3A,0x68, +}; + +/* subject:/C=US/ST=CA/L=San Francisco/O=Bechtel Corporation/OU=Information Security/CN=IEXTCA-SSL.ibechtel.com */ +/* issuer :/C=US/O=Bechtel Corporation/OU=Information Security/CN=Bechtel External Policy CA 1 */ +/* X509v3 Subject Key Identifier: D9:44:EB:2D:3C:C0:9F:CA:19:3E:3C:6E:23:A0:EF:96:27:9F:DB:42 */ +unsigned char _bechtel_int2b[2242]={ + 0x30,0x82,0x08,0xBE,0x30,0x82,0x07,0xA6,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x61, + 0x12,0xEA,0x4E,0x00,0x04,0x00,0x00,0x00,0x25,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x71,0x31,0x0B,0x30,0x09,0x06,0x03, + 0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A, + 0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72, + 0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D,0x30,0x1B,0x06,0x03,0x55,0x04,0x0B,0x13,0x14, + 0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61,0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x63,0x75, + 0x72,0x69,0x74,0x79,0x31,0x25,0x30,0x23,0x06,0x03,0x55,0x04,0x03,0x13,0x1C,0x42, + 0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x20, + 0x50,0x6F,0x6C,0x69,0x63,0x79,0x20,0x43,0x41,0x20,0x31,0x30,0x1E,0x17,0x0D,0x31, + 0x35,0x30,0x39,0x31,0x38,0x31,0x31,0x35,0x33,0x33,0x32,0x5A,0x17,0x0D,0x32,0x32, + 0x30,0x33,0x31,0x38,0x31,0x37,0x34,0x31,0x31,0x30,0x5A,0x30,0x81,0x91,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04, + 0x07,0x13,0x0D,0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F, + 0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74, + 0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D, + 0x30,0x1B,0x06,0x03,0x55,0x04,0x0B,0x13,0x14,0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61, + 0x74,0x69,0x6F,0x6E,0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x31,0x20,0x30, + 0x1E,0x06,0x03,0x55,0x04,0x03,0x13,0x17,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53, + 0x53,0x4C,0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30, + 0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01, + 0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00, + 0x9C,0x41,0x41,0x35,0x28,0x9E,0x70,0x93,0xC9,0xAB,0x3B,0x18,0x46,0x19,0xB6,0x98, + 0x4A,0xD8,0xEC,0xE8,0x2C,0x56,0xBC,0xFC,0xF3,0xE4,0xD2,0x62,0x41,0x00,0xC0,0x19, + 0x72,0x6B,0xE6,0xFD,0xE7,0x91,0x94,0x0B,0xAC,0x25,0x9B,0xC1,0x0A,0xBB,0x18,0x52, + 0x1A,0x60,0x09,0xA5,0x32,0x26,0x36,0xBA,0x1D,0x55,0xDA,0xD8,0xB9,0x81,0x2E,0xF9, + 0x9E,0x50,0x19,0xC1,0x3F,0xB3,0xE1,0x99,0xE9,0x9B,0xE7,0x19,0x6E,0x0D,0x50,0xA3, + 0x5B,0xEE,0xE1,0xFF,0x7B,0x79,0x61,0xD0,0xE9,0x8E,0xD8,0xF3,0x65,0x5F,0xF3,0xF6, + 0xFA,0x70,0xAB,0xF1,0x4A,0xE0,0x61,0x6E,0x54,0xDE,0x98,0xE4,0xD5,0x3E,0x57,0x4E, + 0x88,0x93,0x2D,0x65,0x10,0x7C,0x75,0x71,0x88,0x24,0xE7,0x7C,0x37,0x02,0x02,0x53, + 0x01,0x79,0x7A,0xB0,0xB2,0xA2,0xEE,0x4B,0xF0,0x2F,0xB2,0xBD,0x6A,0x04,0x30,0xF7, + 0x0C,0xD9,0x29,0xB3,0x88,0x49,0x96,0xD6,0xB1,0x3B,0xB5,0x52,0x20,0xE8,0xF4,0xBF, + 0xE0,0xF5,0x1D,0x40,0x1F,0xF1,0x86,0xCF,0x1D,0xEB,0xC7,0xFC,0xC1,0xDA,0x7C,0x5F, + 0xAB,0x5C,0xC1,0x59,0x95,0x87,0x72,0x1E,0x86,0x13,0x6D,0xE7,0xF5,0x57,0x28,0xDA, + 0x83,0xBA,0x53,0x13,0xF7,0x32,0xAC,0xDC,0x70,0xD7,0xC7,0xB8,0x48,0x5D,0x84,0x5E, + 0xC6,0x4F,0x6D,0x9B,0x3B,0x79,0xCE,0xE0,0x09,0xE5,0x95,0x15,0xA6,0x5B,0x3A,0xB2, + 0x50,0x22,0x39,0xFE,0x0E,0xB7,0x88,0x48,0xDD,0x4E,0x49,0x86,0x33,0xB3,0xAA,0xD2, + 0x55,0x4C,0x06,0x21,0x9B,0xF1,0xD4,0xA3,0x60,0x05,0x5E,0xF9,0xDA,0x7B,0xC7,0x8F, + 0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x05,0x35,0x30,0x82,0x05,0x31,0x30,0x0B,0x06, + 0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x12,0x06,0x09,0x2B,0x06, + 0x01,0x04,0x01,0x82,0x37,0x15,0x01,0x04,0x05,0x02,0x03,0x02,0x00,0x02,0x30,0x23, + 0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x02,0x04,0x16,0x04,0x14,0xAA, + 0xE3,0xDD,0x81,0x94,0xC5,0x93,0x65,0x65,0x2A,0x65,0xB4,0x7C,0x7B,0xC7,0x2E,0x97, + 0x95,0xA3,0xA0,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xD9,0x44, + 0xEB,0x2D,0x3C,0xC0,0x9F,0xCA,0x19,0x3E,0x3C,0x6E,0x23,0xA0,0xEF,0x96,0x27,0x9F, + 0xDB,0x42,0x30,0x25,0x06,0x03,0x55,0x1D,0x20,0x04,0x1E,0x30,0x1C,0x30,0x0C,0x06, + 0x0A,0x2B,0x06,0x01,0x04,0x01,0xFD,0x52,0x02,0x05,0x01,0x30,0x0C,0x06,0x0A,0x2B, + 0x06,0x01,0x04,0x01,0xFD,0x52,0x02,0x05,0x02,0x30,0x19,0x06,0x09,0x2B,0x06,0x01, + 0x04,0x01,0x82,0x37,0x14,0x02,0x04,0x0C,0x1E,0x0A,0x00,0x53,0x00,0x75,0x00,0x62, + 0x00,0x43,0x00,0x41,0x30,0x12,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x08, + 0x30,0x06,0x01,0x01,0xFF,0x02,0x01,0x00,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04, + 0x18,0x30,0x16,0x80,0x14,0x07,0x88,0x41,0xE1,0x68,0x1D,0x6B,0x15,0x64,0xEE,0x7C, + 0x4D,0xA1,0x8D,0xFA,0x67,0xC3,0x53,0x59,0x37,0x30,0x61,0x06,0x03,0x55,0x1D,0x1F, + 0x04,0x5A,0x30,0x58,0x30,0x56,0xA0,0x54,0xA0,0x52,0x86,0x50,0x68,0x74,0x74,0x70, + 0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x61,0x75,0x74,0x68,0x2E,0x62,0x65,0x63,0x68, + 0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x65,0x72,0x74,0x44,0x61,0x74,0x61, + 0x2F,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72, + 0x6E,0x61,0x6C,0x25,0x32,0x30,0x50,0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43, + 0x41,0x25,0x32,0x30,0x31,0x28,0x34,0x29,0x2E,0x63,0x72,0x6C,0x30,0x77,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x6B,0x30,0x69,0x30,0x67,0x06,0x08, + 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86,0x5B,0x68,0x74,0x74,0x70,0x3A,0x2F, + 0x2F,0x63,0x65,0x72,0x74,0x61,0x75,0x74,0x68,0x2E,0x62,0x65,0x63,0x68,0x74,0x65, + 0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x43,0x65,0x72,0x74,0x44,0x61,0x74,0x61,0x2F,0x70, + 0x6F,0x6C,0x65,0x78,0x74,0x63,0x61,0x30,0x31,0x5F,0x42,0x65,0x63,0x68,0x74,0x65, + 0x6C,0x25,0x32,0x30,0x45,0x78,0x74,0x65,0x72,0x6E,0x61,0x6C,0x25,0x32,0x30,0x50, + 0x6F,0x6C,0x69,0x63,0x79,0x25,0x32,0x30,0x43,0x41,0x25,0x32,0x30,0x31,0x28,0x34, + 0x29,0x2E,0x63,0x72,0x74,0x30,0x82,0x03,0x42,0x06,0x03,0x55,0x1D,0x1E,0x04,0x82, + 0x03,0x39,0x30,0x82,0x03,0x35,0xA0,0x82,0x03,0x23,0x30,0x12,0xA0,0x10,0x06,0x0A, + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,0xA0,0x02,0x0C,0x00,0x30,0x02, + 0x81,0x00,0x30,0x0C,0x82,0x0A,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D, + 0x30,0x0D,0x82,0x0B,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x30, + 0x0B,0x82,0x09,0x6D,0x79,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x0C,0x82,0x0A, + 0x2E,0x6D,0x79,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x82,0x0C,0x69,0x62, + 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0F,0x82,0x0D,0x2E,0x69, + 0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x82,0x0B,0x62, + 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x82,0x0C,0x2E,0x62, + 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0E,0x82,0x0C,0x62,0x65, + 0x63,0x68,0x74,0x65,0x6C,0x2E,0x61,0x73,0x69,0x61,0x30,0x0F,0x82,0x0D,0x2E,0x62, + 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x61,0x73,0x69,0x61,0x30,0x0F,0x82,0x0D,0x62, + 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x2E,0x75,0x6B,0x30,0x10,0x82,0x0E, + 0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x2E,0x75,0x6B,0x30,0x10, + 0x82,0x0E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2E,0x61,0x75, + 0x30,0x11,0x82,0x0F,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D, + 0x2E,0x61,0x75,0x30,0x0D,0x82,0x0B,0x62,0x61,0x63,0x73,0x72,0x6D,0x70,0x2E,0x63, + 0x6F,0x6D,0x30,0x0E,0x82,0x0C,0x2E,0x62,0x61,0x63,0x73,0x72,0x6D,0x70,0x2E,0x63, + 0x6F,0x6D,0x30,0x13,0x82,0x11,0x63,0x6E,0x73,0x74,0x72,0x61,0x6E,0x73,0x69,0x74, + 0x69,0x6F,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x2E,0x63,0x6E,0x73,0x74, + 0x72,0x61,0x6E,0x73,0x69,0x74,0x69,0x6F,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x11,0x82, + 0x0F,0x74,0x7A,0x62,0x70,0x61,0x72,0x74,0x6E,0x65,0x72,0x73,0x2E,0x63,0x6F,0x6D, + 0x30,0x12,0x82,0x10,0x2E,0x74,0x7A,0x62,0x70,0x61,0x72,0x74,0x6E,0x65,0x72,0x73, + 0x2E,0x63,0x6F,0x6D,0x30,0x13,0x82,0x11,0x63,0x74,0x69,0x2D,0x6D,0x6F,0x74,0x69, + 0x76,0x61,0x63,0x65,0x70,0x2E,0x63,0x6F,0x6D,0x30,0x14,0x82,0x12,0x2E,0x63,0x74, + 0x69,0x2D,0x6D,0x6F,0x74,0x69,0x76,0x61,0x63,0x65,0x70,0x2E,0x63,0x6F,0x6D,0x30, + 0x1C,0x82,0x1A,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x74,0x72,0x61,0x6E,0x73,0x69, + 0x74,0x70,0x61,0x72,0x74,0x6E,0x65,0x72,0x73,0x2E,0x63,0x6F,0x6D,0x30,0x1D,0x82, + 0x1B,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x74,0x72,0x61,0x6E,0x73,0x69,0x74, + 0x70,0x61,0x72,0x74,0x6E,0x65,0x72,0x73,0x2E,0x63,0x6F,0x6D,0x30,0x0C,0x82,0x0A, + 0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6C,0x30,0x0D,0x82,0x0B,0x2E,0x62, + 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6C,0x30,0x0C,0x82,0x0A,0x62,0x65,0x63, + 0x68,0x74,0x65,0x6C,0x2E,0x61,0x65,0x30,0x0D,0x82,0x0B,0x2E,0x62,0x65,0x63,0x68, + 0x74,0x65,0x6C,0x2E,0x61,0x65,0x30,0x0B,0x82,0x09,0x62,0x62,0x65,0x68,0x63,0x2E, + 0x63,0x6F,0x6D,0x30,0x0C,0x82,0x0A,0x2E,0x62,0x62,0x65,0x68,0x63,0x2E,0x63,0x6F, + 0x6D,0x30,0x62,0xA4,0x60,0x30,0x5E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06, + 0x13,0x02,0x41,0x55,0x31,0x0C,0x30,0x0A,0x06,0x03,0x55,0x04,0x08,0x13,0x03,0x51, + 0x4C,0x44,0x31,0x11,0x30,0x0F,0x06,0x03,0x55,0x04,0x07,0x13,0x08,0x42,0x72,0x69, + 0x73,0x62,0x61,0x6E,0x65,0x31,0x2E,0x30,0x2C,0x06,0x03,0x55,0x04,0x0A,0x13,0x25, + 0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x41,0x75,0x73,0x74,0x72,0x61,0x6C,0x69, + 0x61,0x20,0x50,0x72,0x6F,0x70,0x72,0x69,0x65,0x74,0x61,0x72,0x79,0x20,0x4C,0x69, + 0x6D,0x69,0x74,0x65,0x64,0x30,0x38,0xA4,0x36,0x30,0x34,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x06,0x13,0x02,0x47,0x42,0x31,0x0F,0x30,0x0D,0x06,0x03,0x55,0x04, + 0x07,0x13,0x06,0x4C,0x6F,0x6E,0x64,0x6F,0x6E,0x31,0x14,0x30,0x12,0x06,0x03,0x55, + 0x04,0x0A,0x13,0x0B,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x4C,0x74,0x64,0x30, + 0x54,0xA4,0x52,0x30,0x50,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02, + 0x55,0x53,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31, + 0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x07,0x13,0x0D,0x53,0x61,0x6E,0x20,0x46,0x72, + 0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A, + 0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72, + 0x61,0x74,0x69,0x6F,0x6E,0x30,0x02,0x86,0x00,0x30,0x02,0x87,0x00,0xA1,0x0C,0x30, + 0x0A,0x87,0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x30,0x31,0x06,0x03,0x55, + 0x1D,0x25,0x04,0x2A,0x30,0x28,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, + 0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x03,0x09,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0E,0x30,0x0D, + 0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01, + 0x01,0x00,0x85,0x1F,0x94,0xB5,0x4E,0x94,0x8F,0xD8,0xEE,0xC5,0x01,0x6A,0x8F,0x19, + 0x82,0x94,0x61,0x60,0x8D,0xB5,0xA7,0xD9,0xD5,0xDB,0xFA,0x33,0x3A,0x8C,0xEB,0xD0, + 0x2E,0x12,0x74,0x16,0x75,0x1A,0x0B,0x8A,0x15,0x27,0x9E,0x96,0x57,0x2C,0x3E,0x54, + 0xF9,0x97,0x4B,0xA1,0xC4,0xFB,0xE8,0x5F,0x2C,0x60,0x80,0xB8,0x1C,0x93,0xB4,0x26, + 0x74,0x4D,0x04,0xD9,0xD9,0xDF,0x7A,0xE8,0xA4,0xD4,0xE5,0xF6,0x56,0x99,0x03,0xA1, + 0x0C,0x2E,0x55,0xFE,0x01,0xA6,0xC7,0x71,0x25,0xC3,0x75,0x8F,0xFA,0x5D,0x6D,0x77, + 0xEC,0x68,0x6A,0xAB,0xFA,0x3E,0xCD,0xAD,0xEB,0xB6,0x68,0x94,0x13,0x22,0x0F,0xB0, + 0x22,0xFD,0x66,0xE8,0x79,0xAC,0xB3,0x05,0x30,0x57,0x36,0x6C,0x67,0x70,0x17,0x3F, + 0xA9,0xFA,0x4B,0x6F,0xCB,0x08,0xAC,0x81,0x67,0x77,0x41,0xF7,0x3B,0x29,0xA5,0x73, + 0xE4,0x3D,0xE4,0x0F,0xC5,0x08,0xB0,0xF9,0x02,0x3B,0x6C,0xCF,0xC9,0x49,0x60,0xAE, + 0xAA,0xD8,0xFD,0x51,0x4D,0x2A,0xBC,0x74,0xDC,0x56,0xC5,0xFD,0xAD,0xBF,0x97,0x8F, + 0x45,0x99,0x8A,0x2B,0x6C,0xA6,0x3C,0x9B,0xD7,0x87,0xC7,0xC7,0x2F,0x7E,0x0C,0x6E, + 0x86,0xC6,0x47,0x35,0x40,0x69,0xA7,0xA2,0x42,0x77,0x1F,0xDD,0x03,0xC8,0x7A,0x44, + 0xB8,0x9E,0x59,0xA8,0x1E,0x87,0x30,0xE0,0x7D,0xF7,0x24,0xE0,0xE0,0xD2,0x72,0x5B, + 0x87,0x01,0x60,0xF1,0x5B,0x84,0x1E,0xAE,0x1D,0xF6,0x2D,0x69,0x9D,0xC0,0xCE,0x3D, + 0x35,0x17,0xDF,0x88,0x65,0xAA,0x1E,0x99,0x3E,0x15,0x36,0xDF,0x44,0xE6,0x8F,0xF3, + 0xD6,0xF6, +}; + +/* subject:/C=US/ST=CA/L=San Francisco/O=Bechtel Corporation/OU=IS&T/CN=MSAN_supplier.bechtel.com */ +/* issuer :/C=US/ST=CA/L=San Francisco/O=Bechtel Corporation/OU=Information Security/CN=IEXTCA-SSL.ibechtel.com */ +/* X509v3 Authority Key Identifier: keyid:76:BB:3A:B1:8F:D3:F9:E8:F2:65:60:C9:3B:9D:EE:BB:ED:46:76:EE */ +unsigned char _bechtel_leaf_a[1441]={ + 0x30,0x82,0x05,0x9D,0x30,0x82,0x04,0x85,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x3F, + 0xF2,0xCF,0x8E,0x00,0x01,0x00,0x00,0x10,0x1D,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x81,0x91,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04, + 0x08,0x13,0x02,0x43,0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x07,0x13,0x0D, + 0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,0x31,0x1C,0x30, + 0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20, + 0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D,0x30,0x1B,0x06, + 0x03,0x55,0x04,0x0B,0x13,0x14,0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61,0x74,0x69,0x6F, + 0x6E,0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x31,0x20,0x30,0x1E,0x06,0x03, + 0x55,0x04,0x03,0x13,0x17,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53,0x53,0x4C,0x2E, + 0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,0x0D, + 0x31,0x35,0x30,0x36,0x32,0x36,0x31,0x36,0x30,0x32,0x30,0x37,0x5A,0x17,0x0D,0x31, + 0x37,0x30,0x36,0x32,0x35,0x31,0x36,0x30,0x32,0x30,0x37,0x5A,0x30,0x81,0x83,0x31, + 0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09, + 0x06,0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55, + 0x04,0x07,0x13,0x0D,0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63, + 0x6F,0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68, + 0x74,0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31, + 0x0D,0x30,0x0B,0x06,0x03,0x55,0x04,0x0B,0x0C,0x04,0x49,0x53,0x26,0x54,0x31,0x22, + 0x30,0x20,0x06,0x03,0x55,0x04,0x03,0x0C,0x19,0x4D,0x53,0x41,0x4E,0x5F,0x73,0x75, + 0x70,0x70,0x6C,0x69,0x65,0x72,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63, + 0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D, + 0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82, + 0x01,0x01,0x00,0xAC,0xD5,0x28,0xD6,0x28,0x35,0xB7,0x8D,0x51,0x00,0x02,0xB9,0xAE, + 0x0C,0x1E,0x7D,0xF7,0xA1,0xE3,0x4E,0xC9,0x22,0x8B,0xE5,0x06,0x9A,0x55,0x6E,0xFD, + 0xAA,0x48,0x84,0x68,0x26,0x53,0xE7,0xC7,0x86,0x5C,0x7F,0x93,0xAB,0xE7,0xA0,0x4A, + 0xF2,0x26,0x01,0x21,0x43,0xF0,0x2A,0x38,0x69,0x34,0x29,0x09,0xDC,0x5F,0x19,0x84, + 0x2E,0x92,0x1F,0xB8,0x25,0x53,0x4A,0xFE,0x38,0x4F,0x8F,0x1D,0x5D,0x8F,0x22,0xD2, + 0x2D,0xB6,0xDD,0x81,0x94,0xEE,0x88,0xEE,0x35,0xDA,0x91,0xFA,0x0B,0xA8,0x26,0x35, + 0x50,0x87,0x5C,0xA8,0x34,0xE2,0x90,0x58,0x5C,0x99,0x5F,0xA1,0x81,0x53,0x5D,0x2D, + 0x31,0x97,0x3D,0xA9,0xC5,0x96,0xCB,0x46,0xB9,0xC9,0xAE,0x08,0xB9,0xDC,0x23,0xAE, + 0xCB,0xB7,0x5A,0xB5,0x5F,0x89,0x59,0x36,0x16,0x48,0xFA,0x4A,0x69,0x73,0xA8,0x67, + 0x57,0xF1,0xE6,0xA1,0xAC,0x40,0xF2,0x14,0x7E,0xA2,0x29,0xAB,0x03,0x2E,0xC4,0x53, + 0xD9,0xF9,0x5A,0xEC,0x5A,0xED,0x3D,0x99,0x62,0x68,0xDD,0x41,0xAD,0x13,0x46,0x8E, + 0xDE,0xD9,0x8F,0xCA,0x81,0x7D,0x43,0xF7,0x01,0x8F,0x42,0x1A,0xFD,0x96,0x09,0x93, + 0x14,0xBD,0x77,0x6B,0x43,0xBF,0xA3,0x88,0x2C,0xCC,0xF0,0xDF,0x8A,0xBE,0x11,0xE8, + 0x15,0x10,0x0C,0x87,0x0B,0x23,0xE9,0x60,0xE7,0x61,0xE4,0x5F,0x01,0x7E,0x4E,0x70, + 0x53,0x9A,0x40,0x87,0x8D,0x2A,0x76,0x89,0xE2,0xE7,0x6F,0x08,0xA0,0x34,0xE6,0x20, + 0xB8,0x37,0xF5,0xD1,0x36,0x5F,0x13,0x9A,0x15,0x14,0xCA,0x20,0xF4,0x3E,0xD7,0x72, + 0x2F,0x64,0xA7,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02,0x01,0x30,0x82,0x01,0xFD, + 0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02,0x05,0xA0,0x30,0x3E,0x06, + 0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x07,0x04,0x31,0x30,0x2F,0x06,0x27, + 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x08,0x81,0xA9,0xF0,0x78,0x83,0xE0,0xED, + 0x66,0x83,0xE9,0x87,0x15,0x85,0xC8,0xA3,0x18,0x86,0x94,0xF0,0x53,0x81,0x4C,0x82, + 0x9D,0xDA,0x36,0x84,0xC6,0xCC,0x1D,0x02,0x01,0x64,0x02,0x01,0x06,0x30,0x1D,0x06, + 0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0xBF,0x53,0xDA,0xE9,0xE8,0x25,0xCC,0x30, + 0x48,0x2D,0x54,0xB9,0x9E,0xE7,0xC9,0x18,0xC5,0xE1,0x0C,0x4F,0x30,0x1F,0x06,0x03, + 0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x76,0xBB,0x3A,0xB1,0x8F,0xD3,0xF9, + 0xE8,0xF2,0x65,0x60,0xC9,0x3B,0x9D,0xEE,0xBB,0xED,0x46,0x76,0xEE,0x30,0x54,0x06, + 0x03,0x55,0x1D,0x1F,0x04,0x4D,0x30,0x4B,0x30,0x49,0xA0,0x47,0xA0,0x45,0x86,0x43, + 0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x61,0x75,0x74,0x68,0x2E, + 0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x65,0x72,0x74, + 0x64,0x61,0x74,0x61,0x2F,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53,0x53,0x4C,0x2E, + 0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x28,0x31,0x29,0x2E, + 0x63,0x72,0x6C,0x30,0x77,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04, + 0x6B,0x30,0x69,0x30,0x67,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,0x86, + 0x5B,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74,0x61,0x75,0x74,0x68, + 0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x2F,0x63,0x65,0x72, + 0x74,0x64,0x61,0x74,0x61,0x2F,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53,0x53,0x4C, + 0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x5F,0x49,0x45, + 0x58,0x54,0x43,0x41,0x2D,0x53,0x53,0x4C,0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65, + 0x6C,0x2E,0x63,0x6F,0x6D,0x28,0x31,0x29,0x2E,0x63,0x72,0x74,0x30,0x13,0x06,0x03, + 0x55,0x1D,0x25,0x04,0x0C,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03, + 0x01,0x30,0x1B,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x0A,0x04,0x0E, + 0x30,0x0C,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x6D, + 0x06,0x03,0x55,0x1D,0x11,0x04,0x66,0x30,0x64,0x82,0x14,0x73,0x75,0x70,0x70,0x6C, + 0x69,0x65,0x72,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x82, + 0x18,0x73,0x75,0x70,0x70,0x6C,0x69,0x65,0x72,0x32,0x30,0x31,0x32,0x2E,0x62,0x65, + 0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x82,0x16,0x63,0x6F,0x6E,0x74,0x72, + 0x61,0x63,0x74,0x6F,0x72,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F, + 0x6D,0x82,0x1A,0x63,0x6F,0x6E,0x74,0x72,0x61,0x63,0x74,0x6F,0x72,0x32,0x30,0x31, + 0x32,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x0D,0x06, + 0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03,0x82,0x01,0x01, + 0x00,0xC5,0x7E,0x87,0xF0,0x3E,0x7C,0x26,0xE6,0x75,0x2E,0xA3,0x25,0x5E,0x44,0xB0, + 0x1C,0xF7,0x91,0x58,0x7A,0x97,0xC5,0x05,0x39,0x08,0x5E,0x5E,0x39,0x7F,0x65,0x6A, + 0x69,0xA3,0x7B,0x13,0xF1,0x7B,0xD7,0x50,0x25,0xD9,0x65,0xC0,0x31,0x6F,0x25,0x2E, + 0xCB,0x69,0xB3,0x1B,0xFB,0x19,0xE9,0x22,0x78,0xF0,0x9A,0x61,0xC4,0x3C,0x52,0x92, + 0xCE,0xFB,0x12,0xBA,0x58,0x44,0xC9,0xFC,0x4B,0x31,0x49,0x10,0x38,0xC7,0x95,0x08, + 0x86,0x43,0xEE,0xCD,0xDB,0x94,0xC7,0xDA,0x98,0x0F,0x00,0x05,0xEB,0xE4,0x98,0x3F, + 0x91,0x7E,0x9B,0x13,0x63,0x63,0x0F,0xD4,0x17,0x4C,0xDD,0x2A,0x94,0xEA,0x41,0x15, + 0x26,0xFF,0xE4,0xC0,0x77,0x50,0x1D,0x96,0x13,0x4A,0xC8,0x3C,0xBC,0xD7,0x05,0x47, + 0x72,0xFD,0x8D,0xBB,0xF3,0x76,0x0E,0x47,0x36,0xA8,0x13,0x8A,0xB0,0xDB,0x7F,0xD3, + 0xD1,0x53,0x09,0xFC,0xBE,0x5E,0xE7,0xB0,0x04,0x08,0x6A,0xC6,0x20,0xCE,0xFA,0x92, + 0xFB,0xE1,0x0A,0xA2,0xDF,0x3A,0x1C,0x58,0x83,0x5B,0x51,0x80,0x0B,0x48,0x05,0x0D, + 0xA2,0x7B,0x10,0xF2,0xF1,0x47,0x51,0x84,0xBA,0x00,0x5F,0x28,0x1F,0xA0,0xC5,0xFA, + 0x12,0xC5,0x8A,0x87,0x03,0xD0,0xA7,0x04,0xC5,0x44,0x10,0x4C,0x59,0x05,0x5E,0x5B, + 0x4A,0x02,0x04,0xC1,0x07,0x16,0x2D,0xA7,0xF5,0xCB,0x32,0xDE,0x8E,0x7A,0x57,0x0E, + 0xE3,0x07,0x3B,0x59,0x92,0x0C,0x20,0x03,0xF0,0xFE,0xC5,0xDB,0xCC,0xCF,0x49,0x11, + 0x05,0x90,0xF4,0xC3,0xA8,0x96,0x9B,0xC0,0x38,0x53,0xE1,0x8C,0xCF,0x65,0xFC,0x27, + 0xBD, +}; + +/* subject:/C=US/ST=CA/L=San Francisco/O=Bechtel Corporation/OU=IS&T/CN=MSAN.becpsn.com */ +/* issuer :/C=US/ST=CA/L=San Francisco/O=Bechtel Corporation/OU=Information Security/CN=IEXTCA-SSL.ibechtel.com */ +/* X509v3 Authority Key Identifier: keyid:D9:44:EB:2D:3C:C0:9F:CA:19:3E:3C:6E:23:A0:EF:96:27:9F:DB:42 */ +unsigned char _bechtel_leaf_b[1684]={ + 0x30,0x82,0x06,0x90,0x30,0x82,0x05,0x78,0xA0,0x03,0x02,0x01,0x02,0x02,0x0A,0x62, + 0xDD,0x4C,0x71,0x00,0x02,0x00,0x00,0x12,0xAA,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48, + 0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x30,0x81,0x91,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04, + 0x08,0x13,0x02,0x43,0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04,0x07,0x13,0x0D, + 0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F,0x31,0x1C,0x30, + 0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74,0x65,0x6C,0x20, + 0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x1D,0x30,0x1B,0x06, + 0x03,0x55,0x04,0x0B,0x13,0x14,0x49,0x6E,0x66,0x6F,0x72,0x6D,0x61,0x74,0x69,0x6F, + 0x6E,0x20,0x53,0x65,0x63,0x75,0x72,0x69,0x74,0x79,0x31,0x20,0x30,0x1E,0x06,0x03, + 0x55,0x04,0x03,0x13,0x17,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53,0x53,0x4C,0x2E, + 0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x30,0x1E,0x17,0x0D, + 0x31,0x35,0x30,0x39,0x31,0x38,0x31,0x34,0x34,0x33,0x30,0x33,0x5A,0x17,0x0D,0x31, + 0x37,0x30,0x39,0x31,0x37,0x31,0x34,0x34,0x33,0x30,0x33,0x5A,0x30,0x79,0x31,0x0B, + 0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x0B,0x30,0x09,0x06, + 0x03,0x55,0x04,0x08,0x13,0x02,0x43,0x41,0x31,0x16,0x30,0x14,0x06,0x03,0x55,0x04, + 0x07,0x13,0x0D,0x53,0x61,0x6E,0x20,0x46,0x72,0x61,0x6E,0x63,0x69,0x73,0x63,0x6F, + 0x31,0x1C,0x30,0x1A,0x06,0x03,0x55,0x04,0x0A,0x13,0x13,0x42,0x65,0x63,0x68,0x74, + 0x65,0x6C,0x20,0x43,0x6F,0x72,0x70,0x6F,0x72,0x61,0x74,0x69,0x6F,0x6E,0x31,0x0D, + 0x30,0x0B,0x06,0x03,0x55,0x04,0x0B,0x0C,0x04,0x49,0x53,0x26,0x54,0x31,0x18,0x30, + 0x16,0x06,0x03,0x55,0x04,0x03,0x13,0x0F,0x4D,0x53,0x41,0x4E,0x2E,0x62,0x65,0x63, + 0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A, + 0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30, + 0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xD9,0xC9,0x8F,0x11,0x2C,0x09,0x56,0x3D, + 0x07,0x48,0x07,0xD1,0x81,0x86,0x12,0xC1,0xD5,0x1B,0xA0,0x88,0xE1,0x12,0xEA,0x95, + 0x29,0x2B,0xB4,0x20,0xBB,0xFB,0x6A,0xFE,0x8E,0x99,0xA8,0x5D,0xFE,0x5B,0xD9,0xE4, + 0x45,0x87,0xF5,0x26,0x96,0x67,0xC6,0x3A,0xA0,0x40,0xFE,0x63,0x02,0x06,0x29,0xAE, + 0x5D,0xDF,0xC7,0xFE,0xFD,0x92,0x88,0x42,0x93,0xCB,0x34,0xC9,0x77,0xC6,0x2D,0xE5, + 0xB3,0x6F,0x30,0x66,0xF9,0x5C,0xC3,0xD3,0x5E,0x9E,0x47,0x07,0xE5,0x21,0x20,0xF2, + 0xAD,0x97,0x12,0x1D,0xA4,0xA4,0xC7,0xDC,0x7C,0xE8,0xE0,0xBC,0x86,0xE0,0xBD,0x14, + 0x11,0x9B,0x62,0x7B,0xC4,0x56,0x99,0x74,0x1F,0xFE,0x15,0x54,0xB4,0x28,0x0F,0x8E, + 0x06,0x13,0xA5,0xDE,0xB3,0xAB,0x76,0x9C,0xEA,0x49,0x66,0x39,0x64,0x0D,0x7A,0x4C, + 0xB0,0x07,0x5E,0x5F,0x41,0x2E,0x83,0xE1,0x3C,0xD4,0x29,0x1F,0x14,0x81,0xB9,0x03, + 0xD5,0xC3,0xC8,0xB9,0xB0,0xF2,0x0C,0x63,0x3B,0x45,0x50,0xB9,0x7A,0x3B,0x75,0xE8, + 0x85,0x23,0x06,0xB9,0x5E,0x38,0x98,0x52,0x97,0x09,0x70,0xB6,0x64,0x13,0x8E,0x54, + 0x4E,0xB2,0x5B,0x9F,0xCE,0xC3,0x96,0x4E,0x6B,0x23,0xDC,0x5F,0xB4,0x90,0x00,0xE2, + 0xFB,0x73,0x87,0xE1,0x00,0x4E,0x61,0x38,0x89,0xE4,0x8B,0xBE,0xEF,0x04,0x26,0xD2, + 0x02,0x5A,0xD3,0x3E,0x73,0xE5,0xBF,0x55,0xA1,0x12,0x89,0xA0,0x66,0x7D,0x7D,0xBD, + 0xB3,0xDE,0x14,0xCE,0x08,0x1A,0xC0,0x4E,0xC3,0x26,0xBE,0x51,0x78,0x15,0xD4,0xE2, + 0xC8,0x3D,0x4F,0x82,0xBD,0xDB,0x19,0xE3,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x02, + 0xFF,0x30,0x82,0x02,0xFB,0x30,0x0B,0x06,0x03,0x55,0x1D,0x0F,0x04,0x04,0x03,0x02, + 0x05,0xA0,0x30,0x3E,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x07,0x04, + 0x31,0x30,0x2F,0x06,0x27,0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x15,0x08,0x81,0xA9, + 0xF0,0x78,0x83,0xE0,0xED,0x66,0x83,0xE9,0x87,0x15,0x85,0xC8,0xA3,0x18,0x86,0x94, + 0xF0,0x53,0x81,0x4C,0x82,0x9D,0xDA,0x36,0x84,0xC6,0xCC,0x1D,0x02,0x01,0x64,0x02, + 0x01,0x06,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x8D,0x17,0xB9, + 0x2B,0xED,0x8E,0x93,0x41,0xF8,0xD9,0xC9,0xC4,0x38,0x9E,0x9D,0xB0,0x04,0x72,0xF2, + 0xF8,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xD9,0x44, + 0xEB,0x2D,0x3C,0xC0,0x9F,0xCA,0x19,0x3E,0x3C,0x6E,0x23,0xA0,0xEF,0x96,0x27,0x9F, + 0xDB,0x42,0x30,0x54,0x06,0x03,0x55,0x1D,0x1F,0x04,0x4D,0x30,0x4B,0x30,0x49,0xA0, + 0x47,0xA0,0x45,0x86,0x43,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72,0x74, + 0x61,0x75,0x74,0x68,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D, + 0x2F,0x63,0x65,0x72,0x74,0x64,0x61,0x74,0x61,0x2F,0x49,0x45,0x58,0x54,0x43,0x41, + 0x2D,0x53,0x53,0x4C,0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F, + 0x6D,0x28,0x32,0x29,0x2E,0x63,0x72,0x6C,0x30,0x77,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x01,0x01,0x04,0x6B,0x30,0x69,0x30,0x67,0x06,0x08,0x2B,0x06,0x01,0x05, + 0x05,0x07,0x30,0x02,0x86,0x5B,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x63,0x65,0x72, + 0x74,0x61,0x75,0x74,0x68,0x2E,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F, + 0x6D,0x2F,0x63,0x65,0x72,0x74,0x64,0x61,0x74,0x61,0x2F,0x49,0x45,0x58,0x54,0x43, + 0x41,0x2D,0x53,0x53,0x4C,0x2E,0x69,0x62,0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63, + 0x6F,0x6D,0x5F,0x49,0x45,0x58,0x54,0x43,0x41,0x2D,0x53,0x53,0x4C,0x2E,0x69,0x62, + 0x65,0x63,0x68,0x74,0x65,0x6C,0x2E,0x63,0x6F,0x6D,0x28,0x32,0x29,0x2E,0x63,0x72, + 0x74,0x30,0x13,0x06,0x03,0x55,0x1D,0x25,0x04,0x0C,0x30,0x0A,0x06,0x08,0x2B,0x06, + 0x01,0x05,0x05,0x07,0x03,0x01,0x30,0x1B,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0x82, + 0x37,0x15,0x0A,0x04,0x0E,0x30,0x0C,0x30,0x0A,0x06,0x08,0x2B,0x06,0x01,0x05,0x05, + 0x07,0x03,0x01,0x30,0x82,0x01,0x69,0x06,0x03,0x55,0x1D,0x11,0x04,0x82,0x01,0x60, + 0x30,0x82,0x01,0x5C,0x82,0x19,0x2A,0x2E,0x61,0x70,0x61,0x63,0x2E,0x73,0x74,0x61, + 0x67,0x69,0x6E,0x67,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82, + 0x14,0x2A,0x2E,0x61,0x70,0x61,0x63,0x2E,0x71,0x61,0x2E,0x62,0x65,0x63,0x70,0x73, + 0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x15,0x2A,0x2E,0x61,0x70,0x61,0x63,0x2E,0x64,0x65, + 0x76,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x11,0x2A,0x2E, + 0x61,0x70,0x61,0x63,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82, + 0x19,0x2A,0x2E,0x65,0x61,0x6D,0x73,0x2E,0x73,0x74,0x61,0x67,0x69,0x6E,0x67,0x2E, + 0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x14,0x2A,0x2E,0x65,0x61, + 0x6D,0x73,0x2E,0x71,0x61,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D, + 0x82,0x15,0x2A,0x2E,0x65,0x61,0x6D,0x73,0x2E,0x64,0x65,0x76,0x2E,0x62,0x65,0x63, + 0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x11,0x2A,0x2E,0x65,0x61,0x6D,0x73,0x2E, + 0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x1A,0x2A,0x2E,0x61,0x6D, + 0x65,0x72,0x73,0x2E,0x73,0x74,0x61,0x67,0x69,0x6E,0x67,0x2E,0x62,0x65,0x63,0x70, + 0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x15,0x2A,0x2E,0x61,0x6D,0x65,0x72,0x73,0x2E, + 0x71,0x61,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x16,0x2A, + 0x2E,0x61,0x6D,0x65,0x72,0x73,0x2E,0x64,0x65,0x76,0x2E,0x62,0x65,0x63,0x70,0x73, + 0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x12,0x2A,0x2E,0x61,0x6D,0x65,0x72,0x73,0x2E,0x62, + 0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82,0x14,0x2A,0x2E,0x73,0x74,0x61, + 0x67,0x69,0x6E,0x67,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D,0x82, + 0x0F,0x2A,0x2E,0x71,0x61,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D, + 0x82,0x10,0x2A,0x2E,0x64,0x65,0x76,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63, + 0x6F,0x6D,0x82,0x0C,0x2A,0x2E,0x62,0x65,0x63,0x70,0x73,0x6E,0x2E,0x63,0x6F,0x6D, + 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,0x05,0x00,0x03, + 0x82,0x01,0x01,0x00,0x24,0xAF,0x6F,0x43,0x26,0x70,0x05,0x1C,0x0D,0x3E,0x1C,0xFE, + 0x42,0x65,0x9B,0x8C,0xF0,0xCD,0x31,0x89,0x2F,0x55,0xAE,0xB4,0xA9,0x0E,0x94,0xA2, + 0x8D,0x32,0x38,0x65,0xC8,0xE3,0x32,0x30,0x47,0xAE,0x05,0x1C,0xB0,0xDC,0x2B,0x47, + 0xB0,0x4E,0x56,0x8E,0x01,0x93,0xAC,0x47,0xAC,0x1C,0x2D,0xF5,0x8A,0xBE,0x35,0x15, + 0x66,0xE8,0x45,0xFC,0x06,0xBD,0x98,0xA3,0x59,0x06,0x0B,0x20,0x8B,0x6C,0xF5,0xAA, + 0x08,0x79,0x16,0x9B,0x0A,0x08,0xE1,0x9E,0xEB,0x98,0xF7,0x82,0x4B,0x54,0x03,0xF5, + 0x22,0x60,0xF3,0x8E,0x3A,0xCB,0x1D,0x62,0x7A,0x65,0xA9,0x35,0xDF,0xCF,0x3F,0x2B, + 0x5B,0x0F,0x96,0x8B,0x70,0xAF,0xBF,0x9E,0x23,0x5F,0x1E,0x60,0x64,0x26,0x22,0xBE, + 0xC6,0xED,0x5E,0xA0,0x37,0xDD,0xDB,0xDF,0x23,0x3E,0xC9,0x4D,0xC8,0x4A,0x23,0xBB, + 0x5B,0x87,0x7E,0x65,0xD5,0x32,0x9A,0x5C,0xA6,0xCA,0x1A,0x7B,0xDF,0x08,0x65,0xD8, + 0x13,0xC6,0x9B,0x7E,0xA7,0x5E,0xCC,0x21,0x38,0x6A,0x3B,0xAE,0x6F,0xE7,0x73,0x74, + 0x56,0x18,0xB2,0xD6,0x39,0xA0,0xDD,0xAE,0x1E,0x8D,0x2D,0xE9,0xB2,0x54,0x45,0x71, + 0x8C,0xCC,0xD4,0xED,0x8C,0xCE,0x3D,0x4D,0xD8,0xCD,0x68,0x25,0x8D,0x0E,0xCE,0xD2, + 0x58,0x18,0x8A,0x1B,0x80,0xB9,0xA7,0xC8,0xFE,0x99,0x9A,0xDF,0x03,0xA7,0x6B,0x23, + 0x1D,0xBF,0xB8,0xF6,0x45,0x33,0x44,0xD1,0x9E,0xC5,0xBE,0x76,0xA4,0xFF,0xD3,0xE1, + 0x83,0x65,0x56,0x31,0x6D,0x3C,0xAA,0xC6,0xAB,0x55,0xD3,0x4E,0x94,0x60,0x3F,0xAE, + 0x5D,0x0C,0x18,0xED, +}; diff --git a/OSX/sec/Security/Regressions/secitem/si-88-sectrust-vpnprofile.c b/OSX/sec/Security/Regressions/secitem/si-88-sectrust-vpnprofile.c new file mode 100644 index 00000000..e808f871 --- /dev/null +++ b/OSX/sec/Security/Regressions/secitem/si-88-sectrust-vpnprofile.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2015 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +#include +#include +#include +#include + +#include "utilities/SecCFRelease.h" +#include "utilities/SecCFWrappers.h" + +#include "Security_regressions.h" + + +#include "si-88-sectrust-vpnprofile.h" + +static void tests(void) +{ + SecTrustRef trust = NULL; + SecPolicyRef policy = NULL; + SecCertificateRef cert0, cert1, cert2, cert3, rootcert; + SecTrustResultType trustResult; + + //Evaluation should succeed for cert0 and cert1 + + isnt(cert0 = SecCertificateCreateWithBytes(NULL, c0, sizeof(c0)), NULL, "create cert0"); + isnt(cert1 = SecCertificateCreateWithBytes(NULL, c1, sizeof(c1)), NULL, "create cert1"); + isnt(rootcert = SecCertificateCreateWithBytes(NULL, root, sizeof(root)), NULL, "create root cert"); + + const void *v_certs[] = { cert0, cert1 }; + CFArrayRef certs = CFArrayCreate(NULL, v_certs, sizeof(v_certs)/sizeof(*v_certs), &kCFTypeArrayCallBacks); + CFArrayRef anchor_certs = CFArrayCreate(NULL, (const void**)&rootcert, 1, &kCFTypeArrayCallBacks); + + /* Create AppleTV VPN profile signing policy instance. */ + isnt(policy = SecPolicyCreateAppleATVVPNProfileSigning(), NULL, "create policy"); + + /* Create trust reference. */ + ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust"); + + ok_status(SecTrustSetAnchorCertificates(trust, anchor_certs), "set anchor"); + + ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust"); + is_status(trustResult, kSecTrustResultUnspecified, "trustResult is kSecTrustResultUnspecified"); + is(SecTrustGetCertificateCount(trust), 3, "cert count is 3"); + + + CFReleaseSafe(trust); + CFReleaseSafe(policy); + CFReleaseSafe(certs); + CFReleaseSafe(cert1); + CFReleaseSafe(cert0); + + //Evaluation should fail for cert2 and cert3 (wrong OID, not Apple anchor) + + isnt(cert2 = SecCertificateCreateWithBytes(NULL, c2, sizeof(c2)), NULL, "create cert2"); + isnt(cert3 = SecCertificateCreateWithBytes(NULL, c3, sizeof(c3)), NULL, "create cert3"); + + const void *v_certs2[] = { cert2, cert3 }; + certs = CFArrayCreate(NULL, v_certs2, sizeof(v_certs2)/sizeof(*v_certs2), &kCFTypeArrayCallBacks); + + isnt(policy = SecPolicyCreateAppleATVVPNProfileSigning(), NULL, "create policy"); + ok_status(SecTrustCreateWithCertificates(certs, policy, &trust), "create trust"); + + ok_status(SecTrustEvaluate(trust, &trustResult), "evaluate trust"); + is_status(trustResult, kSecTrustResultRecoverableTrustFailure, "trustResult is kSecTrustResultRecoverableTrustFailure"); + + CFReleaseSafe(trust); + CFReleaseSafe(policy); + CFReleaseSafe(certs); + CFReleaseSafe(cert3); + CFReleaseSafe(cert2); +} + + + +int si_88_sectrust_vpnprofile(int argc, char *const *argv); + +int si_88_sectrust_vpnprofile(int argc, char *const *argv) +{ + plan_tests(15); + + tests(); + + return 0; +} diff --git a/OSX/sec/Security/Regressions/secitem/si-88-sectrust-vpnprofile.h b/OSX/sec/Security/Regressions/secitem/si-88-sectrust-vpnprofile.h new file mode 100644 index 00000000..4db7772a --- /dev/null +++ b/OSX/sec/Security/Regressions/secitem/si-88-sectrust-vpnprofile.h @@ -0,0 +1,450 @@ +/* + * Copyright (c) 2015 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + + +#ifndef si_88_sectrust_vpnprofile_h +#define si_88_sectrust_vpnprofile_h + +#include + + +/* + * Subject: CN=Apple TV OS VPN Profile Signing, OU=IS&T, O=Apple Inc., C=US + * Issuer: CN=Test Apple System Integration 2 Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US + */ + +static unsigned char c0[] = { + 0x30,0x82,0x04,0x20,0x30,0x82,0x03,0x08,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x33, + 0xb5,0x72,0x55,0xd4,0x16,0x04,0x76,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7, + 0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,0x81,0x8c,0x31,0x40,0x30,0x3e,0x06,0x03,0x55, + 0x04,0x03,0x0c,0x37,0x54,0x65,0x73,0x74,0x20,0x41,0x70,0x70,0x6c,0x65,0x20,0x53, + 0x79,0x73,0x74,0x65,0x6d,0x20,0x49,0x6e,0x74,0x65,0x67,0x72,0x61,0x74,0x69,0x6f, + 0x6e,0x20,0x32,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f, + 0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x26,0x30,0x24,0x06, + 0x03,0x55,0x04,0x0b,0x0c,0x1d,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x65,0x72,0x74, + 0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72, + 0x69,0x74,0x79,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70, + 0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04, + 0x06,0x13,0x02,0x55,0x53,0x30,0x1e,0x17,0x0d,0x31,0x35,0x31,0x30,0x30,0x38,0x30, + 0x38,0x33,0x37,0x33,0x35,0x5a,0x17,0x0d,0x31,0x37,0x31,0x31,0x30,0x36,0x30,0x38, + 0x33,0x37,0x33,0x35,0x5a,0x30,0x5b,0x31,0x28,0x30,0x26,0x06,0x03,0x55,0x04,0x03, + 0x0c,0x1f,0x41,0x70,0x70,0x6c,0x65,0x20,0x54,0x56,0x20,0x4f,0x53,0x20,0x56,0x50, + 0x4e,0x20,0x50,0x72,0x6f,0x66,0x69,0x6c,0x65,0x20,0x53,0x69,0x67,0x6e,0x69,0x6e, + 0x67,0x31,0x0d,0x30,0x0b,0x06,0x03,0x55,0x04,0x0b,0x0c,0x04,0x49,0x53,0x26,0x54, + 0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70,0x6c,0x65, + 0x20,0x49,0x6e,0x63,0x2e,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02, + 0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, + 0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82, + 0x01,0x01,0x00,0xdb,0x85,0xf8,0x04,0xc4,0xaf,0x59,0x41,0x4e,0xd5,0xd5,0xe8,0x25, + 0x32,0x6f,0x58,0x52,0x53,0x7f,0xca,0xe0,0x27,0xab,0x50,0xb0,0x17,0xd9,0x51,0x46, + 0xa1,0x5d,0xf6,0xb8,0xbb,0x20,0xb7,0xab,0x68,0x0c,0x75,0xc0,0x4a,0x67,0x9f,0x1e, + 0xd9,0x52,0x3a,0xa5,0x37,0x72,0xb6,0x45,0x2a,0x43,0x3b,0xe9,0x6d,0xd7,0xca,0x9b, + 0x59,0xc5,0xdd,0xe5,0x81,0xef,0xf4,0x11,0xe1,0xc5,0x76,0x05,0xe5,0xc3,0xf2,0x60, + 0x3b,0x3d,0xff,0x9e,0x5f,0x99,0x72,0x9f,0x73,0x90,0x6f,0x43,0x5b,0xe6,0x07,0xae, + 0xb2,0x60,0x18,0x35,0x69,0x2c,0xb5,0x2c,0x94,0xe6,0xb9,0x89,0x43,0xce,0x98,0x6d, + 0xa3,0x4e,0x01,0xbc,0x75,0x48,0x85,0xcf,0xff,0x78,0x84,0x45,0xf3,0x5a,0xa6,0x34, + 0x0e,0x05,0xc1,0x1c,0xb8,0xc9,0x96,0x6c,0xf4,0x47,0x07,0xb5,0xc0,0xe1,0x2d,0x5c, + 0x80,0x44,0x8f,0x9e,0x6a,0xf7,0x6d,0x11,0xd8,0x8c,0x47,0x82,0x02,0xec,0x3b,0x15, + 0x73,0x28,0x8e,0xdb,0x4f,0xaa,0x66,0x37,0x23,0x9f,0xf6,0x60,0x91,0xd2,0x74,0x30, + 0xa5,0x7c,0xd1,0x6a,0x29,0x69,0x72,0xcb,0xc8,0x54,0x1e,0x65,0x45,0x88,0xfc,0xae, + 0xb1,0x77,0x93,0x41,0xe4,0xff,0xf4,0x2c,0xae,0xfd,0x77,0x24,0x26,0x7e,0x35,0x95, + 0xa0,0x83,0x72,0x8d,0x3a,0x7e,0x45,0x1e,0xbc,0x9b,0x60,0x31,0x4d,0x26,0x8f,0x28, + 0xfe,0xd9,0x47,0x15,0xe4,0x90,0x21,0x4f,0xc3,0x09,0xa4,0x64,0x72,0x4b,0xfa,0x5b, + 0xf4,0xf8,0x41,0x6d,0x75,0x8b,0x3f,0xec,0xc5,0x8e,0xf5,0x3b,0x82,0x66,0xb3,0xee, + 0x57,0x96,0xb9,0x02,0x03,0x01,0x00,0x01,0xa3,0x81,0xb5,0x30,0x81,0xb2,0x30,0x41, + 0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x35,0x30,0x33,0x30,0x31, + 0x06,0x08,0x2b,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x25,0x68,0x74,0x74,0x70, + 0x3a,0x2f,0x2f,0x6f,0x63,0x73,0x70,0x2e,0x61,0x70,0x70,0x6c,0x65,0x2e,0x63,0x6f, + 0x6d,0x2f,0x6f,0x63,0x73,0x70,0x30,0x34,0x2d,0x61,0x73,0x69,0x32,0x63,0x61,0x30, + 0x31,0x30,0x1d,0x06,0x03,0x55,0x1d,0x0e,0x04,0x16,0x04,0x14,0x71,0xb8,0xd1,0xe1, + 0x65,0xc1,0x45,0xa6,0xd1,0x68,0x50,0x68,0x20,0x78,0x8c,0x90,0xff,0x53,0x5f,0x5f, + 0x30,0x0c,0x06,0x03,0x55,0x1d,0x13,0x01,0x01,0xff,0x04,0x02,0x30,0x00,0x30,0x1f, + 0x06,0x03,0x55,0x1d,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0xfd,0x1a,0x95,0xb8,0x3f, + 0x63,0x8a,0x39,0xa1,0x32,0x9e,0xae,0x33,0xa5,0x79,0xd3,0x5e,0xa1,0xb3,0xd4,0x30, + 0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01,0x01,0xff,0x04,0x04,0x03,0x02,0x07,0x80,0x30, + 0x0f,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x63,0x64,0x06,0x2b,0x04,0x02,0x05,0x00, + 0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03, + 0x82,0x01,0x01,0x00,0x70,0xb2,0xd9,0xf4,0x23,0xfc,0x51,0x3e,0x2f,0xf6,0x24,0xbb, + 0x2a,0x0b,0xa6,0x61,0xa8,0xb5,0x73,0x57,0x0f,0x9c,0xa0,0x23,0xe4,0x6d,0x0a,0xef, + 0xa1,0x6c,0x2b,0xa7,0x62,0x0c,0xca,0x0e,0x7a,0x28,0xcd,0xe3,0xe4,0xc5,0x05,0x61, + 0x27,0x59,0xf8,0xde,0xf5,0xf1,0x6a,0x97,0xc8,0x7c,0x53,0x0f,0x9c,0x05,0xda,0x59, + 0xce,0x43,0x9b,0x5e,0x8c,0xbd,0xe2,0xa8,0xcf,0x36,0xe3,0xfd,0x8d,0x4d,0x71,0x6d, + 0x08,0xb6,0xef,0x0d,0x77,0x90,0x24,0xd2,0x84,0x14,0xfd,0x13,0x59,0x49,0x7c,0xd7, + 0xa8,0xbc,0x75,0x03,0xda,0x7d,0xa6,0xb2,0x9e,0x61,0x8d,0x56,0xba,0x09,0x38,0x7c, + 0x69,0x92,0xf4,0x23,0x0a,0x78,0xce,0xd6,0xe5,0x90,0xb7,0xa7,0x07,0xb0,0x29,0xd2, + 0x03,0x36,0xa3,0x38,0x08,0xf7,0x9d,0xe6,0x3c,0x60,0x38,0x3f,0x81,0x4d,0x9b,0xb8, + 0x7d,0xe4,0xe2,0x97,0x70,0x62,0xed,0x00,0xa2,0x7e,0xed,0xd4,0x81,0xcc,0xc4,0x5d, + 0x99,0x23,0xb1,0x27,0x1b,0xb7,0xf6,0x74,0x0a,0xca,0x4d,0x6a,0x47,0x57,0xe2,0x7d, + 0xdb,0xb6,0xd8,0xb3,0xc6,0xc7,0xb4,0xbc,0x92,0xc9,0x09,0x2f,0xb9,0x00,0x3e,0x7e, + 0x2d,0x01,0xd7,0x79,0x69,0xdb,0x21,0xf2,0x03,0x44,0xf4,0xa0,0xb8,0x78,0x82,0x5b, + 0x29,0xd7,0x95,0x1c,0xcb,0x2a,0x10,0xf3,0xf5,0x78,0x82,0x73,0x10,0xc4,0x14,0x7b, + 0x7b,0x3d,0xca,0xa0,0xb6,0x35,0x89,0x8b,0x6b,0x54,0x97,0x7b,0xcc,0x64,0x39,0xa2, + 0xec,0x46,0xdb,0x47,0x6c,0x18,0x98,0x4b,0xda,0x00,0x7a,0x6b,0xf1,0xcf,0x09,0x1b, + 0x71,0xe6,0x4d,0x61}; + +/* + * Subject: CN=Test Apple System Integration 2 Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US + * Issuer: C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Test Apple Root CA + */ +static unsigned char c1[] = { + 0x30,0x82,0x04,0x2a,0x30,0x82,0x03,0x12,0xa0,0x03,0x02,0x01,0x02,0x02,0x08,0x4b, + 0x50,0x1c,0xd1,0xe0,0xd2,0x2a,0xd7,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7, + 0x0d,0x01,0x01,0x0b,0x05,0x00,0x30,0x67,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04, + 0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a, + 0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63,0x2e,0x31,0x26,0x30,0x24,0x06,0x03, + 0x55,0x04,0x0b,0x0c,0x1d,0x41,0x70,0x70,0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69, + 0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69, + 0x74,0x79,0x31,0x1b,0x30,0x19,0x06,0x03,0x55,0x04,0x03,0x0c,0x12,0x54,0x65,0x73, + 0x74,0x20,0x41,0x70,0x70,0x6c,0x65,0x20,0x52,0x6f,0x6f,0x74,0x20,0x43,0x41,0x30, + 0x1e,0x17,0x0d,0x31,0x35,0x30,0x36,0x30,0x39,0x30,0x31,0x31,0x31,0x32,0x34,0x5a, + 0x17,0x0d,0x32,0x37,0x30,0x39,0x31,0x33,0x32,0x32,0x33,0x35,0x33,0x37,0x5a,0x30, + 0x81,0x8c,0x31,0x40,0x30,0x3e,0x06,0x03,0x55,0x04,0x03,0x0c,0x37,0x54,0x65,0x73, + 0x74,0x20,0x41,0x70,0x70,0x6c,0x65,0x20,0x53,0x79,0x73,0x74,0x65,0x6d,0x20,0x49, + 0x6e,0x74,0x65,0x67,0x72,0x61,0x74,0x69,0x6f,0x6e,0x20,0x32,0x20,0x43,0x65,0x72, + 0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f, + 0x72,0x69,0x74,0x79,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0b,0x0c,0x1d,0x41, + 0x70,0x70,0x6c,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, + 0x6f,0x6e,0x20,0x41,0x75,0x74,0x68,0x6f,0x72,0x69,0x74,0x79,0x31,0x13,0x30,0x11, + 0x06,0x03,0x55,0x04,0x0a,0x0c,0x0a,0x41,0x70,0x70,0x6c,0x65,0x20,0x49,0x6e,0x63, + 0x2e,0x31,0x0b,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x30,0x82, + 0x01,0x22,0x30,0x0d,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d,0x01,0x01,0x01,0x05, + 0x00,0x03,0x82,0x01,0x0f,0x00,0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0xab, + 0x4b,0x9c,0x5d,0x27,0xad,0xd5,0x99,0x83,0x0d,0x6c,0x73,0x9d,0xb6,0x29,0x16,0x47, + 0x4e,0xa1,0xcf,0x24,0x3a,0x08,0x68,0xc8,0x18,0x5f,0xa0,0x50,0x8f,0xb8,0x79,0x44, + 0x25,0x6c,0x7a,0x46,0xc7,0xae,0x43,0xb0,0xe5,0x1f,0xf3,0x55,0x08,0x70,0xb6,0xe4, + 0xad,0xa1,0xad,0x1a,0xac,0xb8,0x8e,0x6a,0xd2,0xc6,0x0f,0x2f,0x6f,0xe0,0xcf,0xc6, + 0x97,0x4c,0x0a,0x62,0xd6,0x10,0x88,0x21,0x04,0xaa,0x8f,0xdb,0x17,0x82,0x83,0xcc, + 0xde,0xa5,0xd4,0x10,0x75,0x96,0x61,0x52,0x97,0xda,0x3c,0x00,0x2b,0x41,0x7a,0xe6, + 0xd6,0xda,0xa2,0x7f,0x77,0x44,0x31,0x96,0xc2,0x1b,0xd3,0x4c,0x42,0x0e,0x43,0x0a, + 0xa4,0x69,0xe0,0xea,0x84,0xf6,0x6c,0x74,0xc5,0xeb,0x37,0xe0,0xee,0xb5,0x59,0xbd, + 0xa8,0xaa,0xdb,0x8c,0x1e,0x44,0x79,0x4b,0x19,0x62,0x70,0x99,0xed,0x89,0x72,0x8c, + 0xfc,0x39,0x37,0xdf,0x3c,0x08,0x57,0x0b,0xfb,0x05,0xa6,0x34,0xdc,0x40,0x9b,0x2a, + 0x88,0x78,0xa1,0xd8,0x28,0x4d,0x1b,0xf9,0x42,0x8f,0xd8,0xfb,0x4f,0x32,0xbb,0xfb, + 0xc7,0xfa,0x01,0x80,0xff,0xbc,0x7c,0xaa,0x48,0x3f,0x0b,0x46,0x79,0x40,0xf4,0xa6, + 0x16,0x11,0x9d,0xb1,0x36,0x28,0xaf,0x5e,0x09,0xfe,0x61,0x5e,0x82,0x1b,0x6c,0xf5, + 0xad,0xd6,0x1a,0x2b,0x66,0xec,0xf7,0xe4,0x73,0x65,0x7c,0xe8,0x18,0x06,0x52,0x38, + 0xc9,0x16,0x00,0x13,0x50,0x5a,0x30,0xcd,0x03,0x37,0x3e,0x3a,0xd2,0x01,0x15,0xe0, + 0x56,0xb9,0x6e,0x99,0x00,0x3a,0x29,0x1e,0x95,0x23,0x5c,0xfc,0x2f,0xb5,0xe1,0x02, + 0x03,0x01,0x00,0x01,0xa3,0x81,0xb3,0x30,0x81,0xb0,0x30,0x1d,0x06,0x03,0x55,0x1d, + 0x0e,0x04,0x16,0x04,0x14,0xfd,0x1a,0x95,0xb8,0x3f,0x63,0x8a,0x39,0xa1,0x32,0x9e, + 0xae,0x33,0xa5,0x79,0xd3,0x5e,0xa1,0xb3,0xd4,0x30,0x0f,0x06,0x03,0x55,0x1d,0x13, + 0x01,0x01,0xff,0x04,0x05,0x30,0x03,0x01,0x01,0xff,0x30,0x1f,0x06,0x03,0x55,0x1d, + 0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x59,0xb8,0x2b,0x94,0x3a,0x1b,0xba,0xf1,0x00, + 0xae,0xee,0x50,0x52,0x23,0x33,0xc9,0x59,0xc3,0x54,0x98,0x30,0x3b,0x06,0x03,0x55, + 0x1d,0x1f,0x04,0x34,0x30,0x32,0x30,0x30,0xa0,0x2e,0xa0,0x2c,0x86,0x2a,0x68,0x74, + 0x74,0x70,0x3a,0x2f,0x2f,0x63,0x72,0x6c,0x2d,0x75,0x61,0x74,0x2e,0x63,0x6f,0x72, + 0x70,0x2e,0x61,0x70,0x70,0x6c,0x65,0x2e,0x63,0x6f,0x6d,0x2f,0x74,0x65,0x73,0x74, + 0x72,0x6f,0x6f,0x74,0x2e,0x63,0x72,0x6c,0x30,0x0e,0x06,0x03,0x55,0x1d,0x0f,0x01, + 0x01,0xff,0x04,0x04,0x03,0x02,0x01,0x06,0x30,0x10,0x06,0x0a,0x2a,0x86,0x48,0x86, + 0xf7,0x63,0x64,0x06,0x02,0x0a,0x04,0x02,0x05,0x00,0x30,0x0d,0x06,0x09,0x2a,0x86, + 0x48,0x86,0xf7,0x0d,0x01,0x01,0x0b,0x05,0x00,0x03,0x82,0x01,0x01,0x00,0x8e,0x39, + 0x3b,0xb3,0x24,0x07,0x5b,0x3a,0xce,0x2d,0x3e,0x6d,0x80,0x67,0x88,0x99,0x38,0xe3, + 0x5e,0x0f,0x5a,0x07,0xea,0xe4,0x50,0x2d,0x34,0xf0,0x7d,0x69,0xd3,0x9d,0x83,0x39, + 0x9f,0xf8,0xfd,0xae,0x94,0x4a,0x59,0xd9,0xd5,0x1a,0xf3,0xe6,0xba,0x2d,0xdc,0xbd, + 0x15,0x33,0xa0,0x66,0x13,0x05,0x4d,0xb4,0x46,0x41,0x1d,0x90,0xa3,0x84,0x03,0x5d, + 0x0c,0x6e,0xc7,0x65,0x67,0x4f,0xec,0x96,0xf2,0xdf,0x17,0x1e,0xa9,0xa0,0xa0,0xb9, + 0x65,0x79,0x85,0x7d,0x42,0x92,0x7d,0xfa,0xc7,0xfc,0x0a,0xa0,0xe4,0xab,0x25,0xe3, + 0x85,0x2e,0x92,0xc5,0x8f,0xd5,0x27,0xb4,0x71,0x32,0x07,0x3e,0x01,0x53,0x02,0x72, + 0x32,0x41,0x72,0x1e,0x4f,0x39,0xef,0xeb,0xc0,0x46,0x43,0xee,0xe7,0xab,0x68,0xf2, + 0x64,0x44,0x2c,0x99,0x0a,0x25,0xc2,0x53,0x58,0xdb,0x4a,0x64,0x14,0x7e,0x1a,0x04, + 0x12,0x18,0xf8,0xe8,0x2e,0x7a,0x38,0xc3,0x62,0xae,0x9c,0x9a,0x56,0x66,0x98,0x8d, + 0x33,0xb4,0x90,0x44,0xec,0xd1,0x03,0x2d,0xa8,0x0e,0x4d,0x50,0x2a,0xb7,0xa0,0x17, + 0xa4,0xd2,0x24,0xcf,0xab,0x2a,0x28,0x7b,0x53,0x74,0x7e,0x41,0xad,0x0e,0xf0,0xa3, + 0x2a,0x16,0x46,0x89,0x72,0xf6,0x7b,0xf2,0x77,0xd7,0x97,0x52,0xc2,0xcc,0x12,0x2a, + 0x1b,0xf5,0x47,0x6f,0x06,0xa6,0x16,0x59,0x52,0xf9,0xc6,0x9c,0xfa,0x76,0x5f,0xa7, + 0x4f,0x30,0xe9,0xa1,0x76,0x41,0x44,0x3d,0x3e,0x12,0x18,0xf1,0x4c,0xfd,0xfb,0x96, + 0xb5,0x81,0xae,0xc8,0xf5,0x7c,0x7b,0x4c,0xd2,0x4d,0x0c,0x44,0xdb,0xf2}; + +/* SHA1 Fingerprint=45:27:70:FE:5F:E9:C2:DD:F9:77:17:29:F7:2B:71:DC:23:37:D1:1B */ +/* subject:/CN=Mac OS X Provisioning Profile Signing/O=Apple Inc./C=US */ +/* issuer :/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority */ + +static unsigned char c2[1334]={ + 0x30,0x82,0x05,0x32,0x30,0x82,0x04,0x1A,0xA0,0x03,0x02,0x01,0x02,0x02,0x08,0x1A, + 0xA6,0x77,0xFE,0x20,0xB7,0x68,0x2E,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x05,0x05,0x00,0x30,0x81,0x96,0x31,0x0B,0x30,0x09,0x06,0x03,0x55, + 0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C, + 0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x2C,0x30,0x2A,0x06, + 0x03,0x55,0x04,0x0B,0x0C,0x23,0x41,0x70,0x70,0x6C,0x65,0x20,0x57,0x6F,0x72,0x6C, + 0x64,0x77,0x69,0x64,0x65,0x20,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x20, + 0x52,0x65,0x6C,0x61,0x74,0x69,0x6F,0x6E,0x73,0x31,0x44,0x30,0x42,0x06,0x03,0x55, + 0x04,0x03,0x0C,0x3B,0x41,0x70,0x70,0x6C,0x65,0x20,0x57,0x6F,0x72,0x6C,0x64,0x77, + 0x69,0x64,0x65,0x20,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x20,0x52,0x65, + 0x6C,0x61,0x74,0x69,0x6F,0x6E,0x73,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63, + 0x61,0x74,0x69,0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30, + 0x1E,0x17,0x0D,0x31,0x31,0x30,0x34,0x30,0x38,0x32,0x32,0x31,0x32,0x32,0x35,0x5A, + 0x17,0x0D,0x31,0x36,0x30,0x32,0x30,0x36,0x32,0x32,0x31,0x32,0x32,0x35,0x5A,0x30, + 0x52,0x31,0x2E,0x30,0x2C,0x06,0x03,0x55,0x04,0x03,0x0C,0x25,0x4D,0x61,0x63,0x20, + 0x4F,0x53,0x20,0x58,0x20,0x50,0x72,0x6F,0x76,0x69,0x73,0x69,0x6F,0x6E,0x69,0x6E, + 0x67,0x20,0x50,0x72,0x6F,0x66,0x69,0x6C,0x65,0x20,0x53,0x69,0x67,0x6E,0x69,0x6E, + 0x67,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70,0x70,0x6C, + 0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13, + 0x02,0x55,0x53,0x30,0x82,0x01,0x22,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7, + 0x0D,0x01,0x01,0x01,0x05,0x00,0x03,0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02, + 0x82,0x01,0x01,0x00,0xA6,0x4C,0x9D,0xD8,0xC4,0xF8,0x64,0x71,0xBB,0x53,0xAE,0xD6, + 0x76,0x93,0x70,0x22,0xA0,0xD1,0xB9,0x18,0x85,0x90,0x4A,0x50,0xB9,0x5A,0x68,0x59, + 0xCA,0x9C,0x71,0x40,0xD3,0x21,0xCA,0x0E,0x99,0xD5,0x44,0x1C,0xD8,0xE3,0x2B,0x77, + 0x21,0x6B,0x0D,0x92,0x19,0xEA,0x7C,0xE5,0x05,0xB9,0x1E,0x95,0xD8,0xAD,0xB4,0x1F, + 0xE6,0xAE,0xBB,0xF3,0x0B,0x29,0x44,0x40,0x4D,0x10,0xA5,0x37,0x48,0x26,0x56,0x37, + 0xD8,0x50,0xC1,0x5F,0x87,0x4E,0xE2,0x4D,0xD6,0xD6,0x7F,0x0D,0x39,0xA7,0xBB,0xB0, + 0x06,0x90,0x39,0xAB,0xB2,0x96,0x2C,0x4A,0x07,0x2F,0x17,0xEA,0x3C,0x00,0xBF,0x8F, + 0xEB,0xD3,0xE7,0x5E,0x5F,0x05,0x59,0x42,0xC2,0x24,0x59,0x29,0x81,0xEF,0x4E,0xB1, + 0x1F,0x82,0xB5,0x57,0x66,0xC7,0x37,0xBD,0xA9,0xED,0x21,0xB9,0xCB,0xC4,0x27,0xC2, + 0x58,0x37,0x8D,0x8A,0xF4,0x4B,0xBD,0x3F,0xFC,0x41,0x08,0x67,0x42,0x4B,0x3A,0xCA, + 0x72,0xFA,0x38,0xA8,0x77,0xF3,0xD3,0x6C,0x46,0xF7,0x73,0x5D,0x83,0xBA,0xD3,0x86, + 0x6A,0xEB,0x4E,0x61,0x6D,0x8A,0xCE,0x90,0xEC,0x0E,0xE7,0x39,0x69,0xDD,0x49,0xA0, + 0x7E,0xB3,0xD9,0x7E,0x2B,0x4C,0x51,0x5A,0x1D,0xDA,0x54,0x16,0xE5,0xA6,0xF1,0xB0, + 0x04,0x80,0xAC,0x87,0x77,0x11,0x2C,0x6D,0x5B,0x78,0x38,0x9C,0x71,0x4E,0xF6,0x0E, + 0xCD,0x78,0x2C,0x03,0x42,0xAC,0x4C,0x3B,0x3E,0xE2,0xBE,0xD2,0xBC,0x70,0x5B,0x00, + 0x6A,0xAA,0xA3,0x66,0xAB,0xBA,0x44,0x33,0x96,0x76,0xEC,0x37,0xA3,0x33,0xC8,0x2C, + 0xED,0x6E,0x37,0xB5,0x02,0x03,0x01,0x00,0x01,0xA3,0x82,0x01,0xC5,0x30,0x82,0x01, + 0xC1,0x30,0x3D,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,0x04,0x31,0x30, + 0x2F,0x30,0x2D,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x86,0x21,0x68, + 0x74,0x74,0x70,0x3A,0x2F,0x2F,0x6F,0x63,0x73,0x70,0x2E,0x61,0x70,0x70,0x6C,0x65, + 0x2E,0x63,0x6F,0x6D,0x2F,0x6F,0x63,0x73,0x70,0x2D,0x77,0x77,0x64,0x72,0x30,0x33, + 0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E,0x04,0x16,0x04,0x14,0x16,0x40,0x54,0xF8,0x17, + 0x37,0x2C,0x46,0xE4,0x5F,0x75,0x8C,0xF9,0x55,0x70,0x0E,0xEF,0x1E,0xE7,0xF1,0x30, + 0x0C,0x06,0x03,0x55,0x1D,0x13,0x01,0x01,0xFF,0x04,0x02,0x30,0x00,0x30,0x1F,0x06, + 0x03,0x55,0x1D,0x23,0x04,0x18,0x30,0x16,0x80,0x14,0x88,0x27,0x17,0x09,0xA9,0xB6, + 0x18,0x60,0x8B,0xEC,0xEB,0xBA,0xF6,0x47,0x59,0xC5,0x52,0x54,0xA3,0xB7,0x30,0x82, + 0x01,0x0F,0x06,0x03,0x55,0x1D,0x20,0x04,0x82,0x01,0x06,0x30,0x82,0x01,0x02,0x30, + 0x81,0xFF,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x05,0x01,0x30,0x81,0xF1, + 0x30,0x81,0xC3,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,0x30,0x81,0xB6, + 0x0C,0x81,0xB3,0x52,0x65,0x6C,0x69,0x61,0x6E,0x63,0x65,0x20,0x6F,0x6E,0x20,0x74, + 0x68,0x69,0x73,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20, + 0x62,0x79,0x20,0x61,0x6E,0x79,0x20,0x70,0x61,0x72,0x74,0x79,0x20,0x61,0x73,0x73, + 0x75,0x6D,0x65,0x73,0x20,0x61,0x63,0x63,0x65,0x70,0x74,0x61,0x6E,0x63,0x65,0x20, + 0x6F,0x66,0x20,0x74,0x68,0x65,0x20,0x74,0x68,0x65,0x6E,0x20,0x61,0x70,0x70,0x6C, + 0x69,0x63,0x61,0x62,0x6C,0x65,0x20,0x73,0x74,0x61,0x6E,0x64,0x61,0x72,0x64,0x20, + 0x74,0x65,0x72,0x6D,0x73,0x20,0x61,0x6E,0x64,0x20,0x63,0x6F,0x6E,0x64,0x69,0x74, + 0x69,0x6F,0x6E,0x73,0x20,0x6F,0x66,0x20,0x75,0x73,0x65,0x2C,0x20,0x63,0x65,0x72, + 0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x65,0x20,0x70,0x6F,0x6C,0x69,0x63,0x79,0x20, + 0x61,0x6E,0x64,0x20,0x63,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F, + 0x6E,0x20,0x70,0x72,0x61,0x63,0x74,0x69,0x63,0x65,0x20,0x73,0x74,0x61,0x74,0x65, + 0x6D,0x65,0x6E,0x74,0x73,0x2E,0x30,0x29,0x06,0x08,0x2B,0x06,0x01,0x05,0x05,0x07, + 0x02,0x01,0x16,0x1D,0x68,0x74,0x74,0x70,0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x61, + 0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D,0x2F,0x61,0x70,0x70,0x6C,0x65,0x63,0x61, + 0x2F,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01,0x01,0xFF,0x04,0x04,0x03,0x02,0x07, + 0x80,0x30,0x0F,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x04,0x0B,0x04,0x02, + 0x05,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05, + 0x00,0x03,0x82,0x01,0x01,0x00,0x41,0x76,0x9C,0x4B,0x42,0x36,0x40,0x75,0xF4,0x68, + 0x51,0x76,0x3F,0x77,0xBE,0x7A,0x66,0x04,0x08,0xA3,0xA8,0xDA,0xD9,0x60,0x30,0xA4, + 0x3A,0x5E,0x2D,0xF8,0x10,0x06,0x96,0x9B,0xD7,0x10,0x14,0x8C,0x95,0x71,0x26,0xC9, + 0x01,0x83,0xB2,0x27,0xA9,0x74,0xA6,0xDB,0x5F,0xB5,0xA9,0x39,0x67,0x54,0x6F,0x08, + 0x43,0x9E,0x4C,0x46,0xA1,0xA8,0x22,0xBF,0x58,0x49,0xB3,0x1C,0xC6,0xF0,0xAA,0xF3, + 0x67,0x89,0x5E,0xA6,0x79,0x3E,0x25,0xB7,0xE9,0x00,0x2B,0xD9,0xEE,0xED,0x6F,0xF8, + 0x48,0x3B,0x97,0x4A,0x54,0x27,0x38,0x54,0xC2,0x4A,0xBF,0x35,0x36,0x6F,0x92,0x02, + 0x65,0x35,0x2A,0x63,0x3D,0x13,0xA8,0x06,0x5D,0x51,0x7E,0x61,0x10,0xF7,0xF5,0x56, + 0x22,0xFB,0x28,0xA3,0x8F,0xAE,0xE6,0x28,0x4B,0xEA,0x7C,0x22,0x70,0x49,0x61,0x76, + 0x51,0xFC,0x9C,0x64,0x9A,0x88,0x8B,0x6C,0x4B,0x1A,0x22,0xF0,0xE8,0xB3,0xD2,0xF6, + 0x2C,0x31,0xD7,0xC4,0x30,0xBF,0x82,0xDD,0x22,0x93,0x14,0x20,0x73,0xAA,0xB8,0xD1, + 0x17,0x1E,0x3F,0x36,0x4F,0x94,0x9C,0xF3,0xF9,0x3B,0x9A,0xDB,0x69,0x1A,0x91,0x6D, + 0x56,0x60,0x2A,0x86,0xBD,0x25,0x68,0x24,0xCC,0x11,0x09,0x17,0x88,0xCE,0x27,0xA1, + 0xE1,0x6B,0x30,0xB2,0x8C,0xB9,0xA8,0xA0,0xB7,0xF0,0xAA,0x46,0xA4,0x95,0x21,0x13, + 0xC8,0x4F,0xE9,0xA9,0xB1,0x35,0x12,0x57,0xE6,0x04,0xD0,0x3D,0xFF,0x12,0xDC,0xEB, + 0xDA,0xC5,0xD9,0x85,0xD6,0xBC,0x96,0xCF,0x90,0x02,0xC7,0x66,0xC7,0xF7,0x78,0x77, + 0xDA,0xA6,0xD7,0x89,0x1B,0xAF, +}; + +/* SHA1 Fingerprint=09:50:B6:CD:3D:2F:37:EA:24:6A:1A:AA:20:DF:AA:DB:D6:FE:1F:75 */ +/* subject:/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority */ +/* issuer :/C=US/O=Apple Inc./OU=Apple Certification Authority/CN=Apple Root CA */ + +static unsigned char c3[1063]={ + 0x30,0x82,0x04,0x23,0x30,0x82,0x03,0x0B,0xA0,0x03,0x02,0x01,0x02,0x02,0x01,0x19, + 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,0x05,0x00,0x30, + 0x62,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13,0x02,0x55,0x53,0x31,0x13, + 0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x13,0x0A,0x41,0x70,0x70,0x6C,0x65,0x20,0x49, + 0x6E,0x63,0x2E,0x31,0x26,0x30,0x24,0x06,0x03,0x55,0x04,0x0B,0x13,0x1D,0x41,0x70, + 0x70,0x6C,0x65,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69,0x6F, + 0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x31,0x16,0x30,0x14,0x06, + 0x03,0x55,0x04,0x03,0x13,0x0D,0x41,0x70,0x70,0x6C,0x65,0x20,0x52,0x6F,0x6F,0x74, + 0x20,0x43,0x41,0x30,0x1E,0x17,0x0D,0x30,0x38,0x30,0x32,0x31,0x34,0x31,0x38,0x35, + 0x36,0x33,0x35,0x5A,0x17,0x0D,0x31,0x36,0x30,0x32,0x31,0x34,0x31,0x38,0x35,0x36, + 0x33,0x35,0x5A,0x30,0x81,0x96,0x31,0x0B,0x30,0x09,0x06,0x03,0x55,0x04,0x06,0x13, + 0x02,0x55,0x53,0x31,0x13,0x30,0x11,0x06,0x03,0x55,0x04,0x0A,0x0C,0x0A,0x41,0x70, + 0x70,0x6C,0x65,0x20,0x49,0x6E,0x63,0x2E,0x31,0x2C,0x30,0x2A,0x06,0x03,0x55,0x04, + 0x0B,0x0C,0x23,0x41,0x70,0x70,0x6C,0x65,0x20,0x57,0x6F,0x72,0x6C,0x64,0x77,0x69, + 0x64,0x65,0x20,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x20,0x52,0x65,0x6C, + 0x61,0x74,0x69,0x6F,0x6E,0x73,0x31,0x44,0x30,0x42,0x06,0x03,0x55,0x04,0x03,0x0C, + 0x3B,0x41,0x70,0x70,0x6C,0x65,0x20,0x57,0x6F,0x72,0x6C,0x64,0x77,0x69,0x64,0x65, + 0x20,0x44,0x65,0x76,0x65,0x6C,0x6F,0x70,0x65,0x72,0x20,0x52,0x65,0x6C,0x61,0x74, + 0x69,0x6F,0x6E,0x73,0x20,0x43,0x65,0x72,0x74,0x69,0x66,0x69,0x63,0x61,0x74,0x69, + 0x6F,0x6E,0x20,0x41,0x75,0x74,0x68,0x6F,0x72,0x69,0x74,0x79,0x30,0x82,0x01,0x22, + 0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,0x05,0x00,0x03, + 0x82,0x01,0x0F,0x00,0x30,0x82,0x01,0x0A,0x02,0x82,0x01,0x01,0x00,0xCA,0x38,0x54, + 0xA6,0xCB,0x56,0xAA,0xC8,0x24,0x39,0x48,0xE9,0x8C,0xEE,0xEC,0x5F,0xB8,0x7F,0x26, + 0x91,0xBC,0x34,0x53,0x7A,0xCE,0x7C,0x63,0x80,0x61,0x77,0x64,0x5E,0xA5,0x07,0x23, + 0xB6,0x39,0xFE,0x50,0x2D,0x15,0x56,0x58,0x70,0x2D,0x7E,0xC4,0x6E,0xC1,0x4A,0x85, + 0x3E,0x2F,0xF0,0xDE,0x84,0x1A,0xA1,0x57,0xC9,0xAF,0x7B,0x18,0xFF,0x6A,0xFA,0x15, + 0x12,0x49,0x15,0x08,0x19,0xAC,0xAA,0xDB,0x2A,0x32,0xED,0x96,0x63,0x68,0x52,0x15, + 0x3D,0x8C,0x8A,0xEC,0xBF,0x6B,0x18,0x95,0xE0,0x03,0xAC,0x01,0x7D,0x97,0x05,0x67, + 0xCE,0x0E,0x85,0x95,0x37,0x6A,0xED,0x09,0xB6,0xAE,0x67,0xCD,0x51,0x64,0x9F,0xC6, + 0x5C,0xD1,0xBC,0x57,0x6E,0x67,0x35,0x80,0x76,0x36,0xA4,0x87,0x81,0x6E,0x38,0x8F, + 0xD8,0x2B,0x15,0x4E,0x7B,0x25,0xD8,0x5A,0xBF,0x4E,0x83,0xC1,0x8D,0xD2,0x93,0xD5, + 0x1A,0x71,0xB5,0x60,0x9C,0x9D,0x33,0x4E,0x55,0xF9,0x12,0x58,0x0C,0x86,0xB8,0x16, + 0x0D,0xC1,0xE5,0x77,0x45,0x8D,0x50,0x48,0xBA,0x2B,0x2D,0xE4,0x94,0x85,0xE1,0xE8, + 0xC4,0x9D,0xC6,0x68,0xA5,0xB0,0xA3,0xFC,0x67,0x7E,0x70,0xBA,0x02,0x59,0x4B,0x77, + 0x42,0x91,0x39,0xB9,0xF5,0xCD,0xE1,0x4C,0xEF,0xC0,0x3B,0x48,0x8C,0xA6,0xE5,0x21, + 0x5D,0xFD,0x6A,0x6A,0xBB,0xA7,0x16,0x35,0x60,0xD2,0xE6,0xAD,0xF3,0x46,0x29,0xC9, + 0xE8,0xC3,0x8B,0xE9,0x79,0xC0,0x6A,0x61,0x67,0x15,0xB2,0xF0,0xFD,0xE5,0x68,0xBC, + 0x62,0x5F,0x6E,0xCF,0x99,0xDD,0xEF,0x1B,0x63,0xFE,0x92,0x65,0xAB,0x02,0x03,0x01, + 0x00,0x01,0xA3,0x81,0xAE,0x30,0x81,0xAB,0x30,0x0E,0x06,0x03,0x55,0x1D,0x0F,0x01, + 0x01,0xFF,0x04,0x04,0x03,0x02,0x01,0x86,0x30,0x0F,0x06,0x03,0x55,0x1D,0x13,0x01, + 0x01,0xFF,0x04,0x05,0x30,0x03,0x01,0x01,0xFF,0x30,0x1D,0x06,0x03,0x55,0x1D,0x0E, + 0x04,0x16,0x04,0x14,0x88,0x27,0x17,0x09,0xA9,0xB6,0x18,0x60,0x8B,0xEC,0xEB,0xBA, + 0xF6,0x47,0x59,0xC5,0x52,0x54,0xA3,0xB7,0x30,0x1F,0x06,0x03,0x55,0x1D,0x23,0x04, + 0x18,0x30,0x16,0x80,0x14,0x2B,0xD0,0x69,0x47,0x94,0x76,0x09,0xFE,0xF4,0x6B,0x8D, + 0x2E,0x40,0xA6,0xF7,0x47,0x4D,0x7F,0x08,0x5E,0x30,0x36,0x06,0x03,0x55,0x1D,0x1F, + 0x04,0x2F,0x30,0x2D,0x30,0x2B,0xA0,0x29,0xA0,0x27,0x86,0x25,0x68,0x74,0x74,0x70, + 0x3A,0x2F,0x2F,0x77,0x77,0x77,0x2E,0x61,0x70,0x70,0x6C,0x65,0x2E,0x63,0x6F,0x6D, + 0x2F,0x61,0x70,0x70,0x6C,0x65,0x63,0x61,0x2F,0x72,0x6F,0x6F,0x74,0x2E,0x63,0x72, + 0x6C,0x30,0x10,0x06,0x0A,0x2A,0x86,0x48,0x86,0xF7,0x63,0x64,0x06,0x02,0x01,0x04, + 0x02,0x05,0x00,0x30,0x0D,0x06,0x09,0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05, + 0x05,0x00,0x03,0x82,0x01,0x01,0x00,0xDA,0x32,0x00,0x96,0xC5,0x54,0x94,0xD3,0x3B, + 0x82,0x37,0x66,0x7D,0x2E,0x68,0xD5,0xC3,0xC6,0xB8,0xCB,0x26,0x8C,0x48,0x90,0xCF, + 0x13,0x24,0x6A,0x46,0x8E,0x63,0xD4,0xF0,0xD0,0x13,0x06,0xDD,0xD8,0xC4,0xC1,0x37, + 0x15,0xF2,0x33,0x13,0x39,0x26,0x2D,0xCE,0x2E,0x55,0x40,0xE3,0x0B,0x03,0xAF,0xFA, + 0x12,0xC2,0xE7,0x0D,0x21,0xB8,0xD5,0x80,0xCF,0xAC,0x28,0x2F,0xCE,0x2D,0xB3,0x4E, + 0xAF,0x86,0x19,0x04,0xC6,0xE9,0x50,0xDD,0x4C,0x29,0x47,0x10,0x23,0xFC,0x6C,0xBB, + 0x1B,0x98,0x6B,0x48,0x89,0xE1,0x5B,0x9D,0xDE,0x46,0xDB,0x35,0x85,0x35,0xEF,0x3E, + 0xD0,0xE2,0x58,0x4B,0x38,0xF4,0xED,0x75,0x5A,0x1F,0x5C,0x70,0x1D,0x56,0x39,0x12, + 0xE5,0xE1,0x0D,0x11,0xE4,0x89,0x25,0x06,0xBD,0xD5,0xB4,0x15,0x8E,0x5E,0xD0,0x59, + 0x97,0x90,0xE9,0x4B,0x81,0xE2,0xDF,0x18,0xAF,0x44,0x74,0x1E,0x19,0xA0,0x3A,0x47, + 0xCC,0x91,0x1D,0x3A,0xEB,0x23,0x5A,0xFE,0xA5,0x2D,0x97,0xF7,0x7B,0xBB,0xD6,0x87, + 0x46,0x42,0x85,0xEB,0x52,0x3D,0x26,0xB2,0x63,0xA8,0xB4,0xB1,0xCA,0x8F,0xF4,0xCC, + 0xE2,0xB3,0xC8,0x47,0xE0,0xBF,0x9A,0x59,0x83,0xFA,0xDA,0x98,0x53,0x2A,0x82,0xF5, + 0x7C,0x65,0x2E,0x95,0xD9,0x33,0x5D,0xF5,0xED,0x65,0xCC,0x31,0x37,0xC5,0x5A,0x04, + 0xE8,0x6B,0xE1,0xE7,0x88,0x03,0x4A,0x75,0x9E,0x9B,0x28,0xCB,0x4A,0x40,0x88,0x65, + 0x43,0x75,0xDD,0xCB,0x3A,0x25,0x23,0xC5,0x9E,0x57,0xF8,0x2E,0xCE,0xD2,0xA9,0x92, + 0x5E,0x73,0x2E,0x2F,0x25,0x75,0x15, +}; + +static unsigned char root[] = { + 0x30, 0x82, 0x04, 0xcc, 0x30, 0x82, 0x03, 0xb4, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x08, 0x3d, 0x00, 0x4b, 0x90, 0x3e, 0xde, 0xe0, 0xd0, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, + 0x05, 0x00, 0x30, 0x67, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 0x6e, + 0x63, 0x2e, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x1d, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x12, 0x54, 0x65, 0x73, 0x74, 0x20, 0x41, 0x70, + 0x70, 0x6c, 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30, + 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x34, 0x32, 0x32, 0x30, 0x32, 0x31, + 0x35, 0x34, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x35, 0x30, 0x32, 0x30, 0x39, + 0x32, 0x31, 0x34, 0x30, 0x33, 0x36, 0x5a, 0x30, 0x67, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a, 0x41, 0x70, 0x70, + 0x6c, 0x65, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x26, 0x30, 0x24, 0x06, + 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x1d, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, + 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x54, 0x65, + 0x73, 0x74, 0x20, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x52, 0x6f, 0x6f, + 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xc7, 0xd1, 0x43, 0x53, 0x7f, 0x0d, 0x88, 0x6b, 0xe6, 0xb1, 0x67, + 0x9d, 0xee, 0x67, 0xb6, 0xe7, 0x77, 0x12, 0x81, 0xc4, 0xdf, 0x24, 0x6b, + 0x7a, 0x75, 0x24, 0xf7, 0x01, 0x09, 0xce, 0x34, 0x92, 0xf5, 0x38, 0x08, + 0x42, 0x7e, 0xec, 0x9d, 0xf2, 0x5d, 0x38, 0x91, 0xb4, 0x93, 0x98, 0x35, + 0x11, 0x3c, 0x98, 0x00, 0x77, 0xd9, 0xd7, 0xf3, 0x4a, 0xf8, 0xf0, 0xbc, + 0xeb, 0x97, 0x5d, 0x4b, 0x61, 0x2e, 0xfb, 0xc5, 0xcc, 0x68, 0xb7, 0x6d, + 0x69, 0x10, 0xcc, 0xa5, 0x61, 0x78, 0xa8, 0x81, 0x02, 0x9e, 0xe7, 0x63, + 0xc5, 0xff, 0x29, 0x22, 0x82, 0x68, 0xaa, 0xaa, 0x0e, 0xfb, 0xa9, 0xd8, + 0x16, 0x73, 0x25, 0xbf, 0x9d, 0x08, 0x62, 0x2f, 0x78, 0x04, 0xf6, 0xf6, + 0x44, 0x07, 0x37, 0x6e, 0x99, 0x1b, 0x93, 0xd8, 0x7f, 0xee, 0x72, 0xde, + 0xe8, 0x32, 0xf6, 0x6d, 0x78, 0x04, 0xa0, 0xa8, 0x21, 0x26, 0x8a, 0x32, + 0xe3, 0xb1, 0x65, 0x85, 0xa1, 0x7b, 0x1a, 0xa9, 0x02, 0xb2, 0xbb, 0xee, + 0xdd, 0xdd, 0x8f, 0x41, 0x49, 0xc8, 0x3f, 0xdc, 0x1e, 0xdf, 0x21, 0xa3, + 0x95, 0x99, 0xbb, 0xfc, 0x29, 0xba, 0x40, 0x43, 0xb9, 0x1c, 0xcd, 0xc9, + 0x21, 0x45, 0x73, 0xad, 0xff, 0xfd, 0xa2, 0x6c, 0x5c, 0x3b, 0x1c, 0x37, + 0x91, 0x34, 0x8e, 0x5c, 0xd3, 0xd5, 0x03, 0x58, 0x28, 0xc7, 0xf2, 0x76, + 0x6f, 0x11, 0xc0, 0xb5, 0xbd, 0x7e, 0xef, 0x23, 0xb3, 0x3d, 0xb8, 0xbd, + 0x38, 0x66, 0x8c, 0xf2, 0x78, 0x95, 0xc1, 0x8b, 0x32, 0x65, 0x3a, 0x9b, + 0x49, 0x1a, 0x5c, 0x41, 0x3c, 0xc6, 0x85, 0x50, 0xec, 0x85, 0xf0, 0x59, + 0x17, 0x81, 0xe8, 0x96, 0xe8, 0x6a, 0xcc, 0xb3, 0xc7, 0x46, 0xbf, 0x81, + 0x48, 0xd1, 0x09, 0x1b, 0xbc, 0x73, 0x1e, 0xd7, 0xe8, 0x27, 0xa8, 0x49, + 0x48, 0xa2, 0x1c, 0x41, 0x1d, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, + 0x01, 0x7a, 0x30, 0x82, 0x01, 0x76, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, + 0x0e, 0x04, 0x16, 0x04, 0x14, 0x59, 0xb8, 0x2b, 0x94, 0x3a, 0x1b, 0xba, + 0xf1, 0x00, 0xae, 0xee, 0x50, 0x52, 0x23, 0x33, 0xc9, 0x59, 0xc3, 0x54, + 0x98, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x59, 0xb8, 0x2b, 0x94, 0x3a, + 0x1b, 0xba, 0xf1, 0x00, 0xae, 0xee, 0x50, 0x52, 0x23, 0x33, 0xc9, 0x59, + 0xc3, 0x54, 0x98, 0x30, 0x82, 0x01, 0x11, 0x06, 0x03, 0x55, 0x1d, 0x20, + 0x04, 0x82, 0x01, 0x08, 0x30, 0x82, 0x01, 0x04, 0x30, 0x82, 0x01, 0x00, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x63, 0x64, 0x05, 0x01, 0x30, + 0x81, 0xf2, 0x30, 0x2a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x02, 0x01, 0x16, 0x1e, 0x68, 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, + 0x77, 0x77, 0x77, 0x2e, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x61, 0x70, 0x70, 0x6c, 0x65, 0x63, 0x61, 0x2f, 0x30, 0x81, + 0xc3, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, 0x30, + 0x81, 0xb6, 0x0c, 0x81, 0xb3, 0x52, 0x65, 0x6c, 0x69, 0x61, 0x6e, 0x63, + 0x65, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x63, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x62, 0x79, + 0x20, 0x61, 0x6e, 0x79, 0x20, 0x70, 0x61, 0x72, 0x74, 0x79, 0x20, 0x61, + 0x73, 0x73, 0x75, 0x6d, 0x65, 0x73, 0x20, 0x61, 0x63, 0x63, 0x65, 0x70, + 0x74, 0x61, 0x6e, 0x63, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, + 0x20, 0x74, 0x68, 0x65, 0x6e, 0x20, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, + 0x61, 0x62, 0x6c, 0x65, 0x20, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, + 0x64, 0x20, 0x74, 0x65, 0x72, 0x6d, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, + 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x20, 0x6f, + 0x66, 0x20, 0x75, 0x73, 0x65, 0x2c, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x70, 0x72, 0x61, 0x63, + 0x74, 0x69, 0x63, 0x65, 0x20, 0x73, 0x74, 0x61, 0x74, 0x65, 0x6d, 0x65, + 0x6e, 0x74, 0x73, 0x2e, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, + 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0x10, 0x5e, 0x6c, 0x69, 0xfc, 0xa6, 0x0f, 0xe2, + 0x09, 0xd5, 0x94, 0x90, 0xa6, 0x7c, 0x22, 0xdc, 0xee, 0xb0, 0x8f, 0x24, + 0x22, 0x4f, 0xb3, 0x67, 0xdb, 0x32, 0xb0, 0xd6, 0x24, 0x87, 0xe6, 0xf3, + 0xea, 0x9e, 0xd0, 0x95, 0x75, 0xaa, 0xa7, 0x08, 0xff, 0xb0, 0x35, 0xd7, + 0x1f, 0xa3, 0xbf, 0x89, 0x55, 0x0c, 0x1c, 0xa4, 0xd0, 0xf8, 0x00, 0x17, + 0x44, 0x94, 0x36, 0x63, 0x3b, 0x83, 0xfe, 0x4e, 0xe5, 0xb3, 0xec, 0x7b, + 0x7d, 0xce, 0xfe, 0xa9, 0x54, 0xed, 0xbb, 0x12, 0xa6, 0x72, 0x2b, 0xb3, + 0x48, 0x00, 0xc7, 0x8e, 0xf5, 0x5b, 0x68, 0xc9, 0x24, 0x22, 0x7f, 0xa1, + 0x4d, 0xfc, 0x54, 0xd9, 0xd0, 0x5d, 0x82, 0x53, 0x71, 0x29, 0x66, 0xcf, + 0x0f, 0x6d, 0x32, 0xa6, 0x3f, 0xae, 0x54, 0x27, 0xc2, 0x8c, 0x12, 0x4c, + 0xf0, 0xd6, 0xc1, 0x80, 0x75, 0xc3, 0x33, 0x19, 0xd1, 0x8b, 0x58, 0xe6, + 0x00, 0x69, 0x76, 0xe7, 0xe5, 0x3d, 0x47, 0xf9, 0xc0, 0x9c, 0xe7, 0x19, + 0x1e, 0x95, 0xbc, 0x52, 0x15, 0xce, 0x94, 0xf8, 0x30, 0x14, 0x0b, 0x39, + 0x0e, 0x8b, 0xaf, 0x29, 0x30, 0x56, 0xaf, 0x5a, 0x28, 0xac, 0xe1, 0x0f, + 0x51, 0x76, 0x76, 0x9a, 0xe7, 0xb9, 0x7d, 0xa3, 0x30, 0xe8, 0xe3, 0x71, + 0x15, 0xe8, 0xbf, 0x0d, 0x4f, 0x12, 0x9b, 0x65, 0xab, 0xef, 0xa4, 0xe9, + 0x42, 0xf0, 0xd2, 0x4d, 0x20, 0x55, 0x29, 0x88, 0x58, 0x5c, 0x82, 0x67, + 0x63, 0x20, 0x50, 0xc6, 0xca, 0x04, 0xe8, 0xbc, 0x3d, 0x93, 0x06, 0x21, + 0xb2, 0xc0, 0xbf, 0x53, 0x1e, 0xe1, 0x8b, 0x48, 0xa9, 0xb9, 0xd7, 0xe6, + 0x5f, 0x4e, 0x5a, 0x2f, 0x43, 0xac, 0x35, 0xbd, 0x26, 0x60, 0x2f, 0x01, + 0xd5, 0x86, 0x6b, 0x64, 0xfa, 0x67, 0x05, 0x44, 0x55, 0x83, 0x5b, 0x93, + 0x9c, 0x7c, 0xa7, 0x26, 0x4e, 0x02, 0x2b, 0x48 +}; + + +#endif /* si_88_sectrust_vpnprofile_h */ diff --git a/OSX/sec/Security/SecCertificate.c b/OSX/sec/Security/SecCertificate.c index eb17eb4d..b342758c 100644 --- a/OSX/sec/Security/SecCertificate.c +++ b/OSX/sec/Security/SecCertificate.c @@ -819,6 +819,8 @@ static void SecCEPCrlDistributionPoints(SecCertificateRef certificate, policyQualifierId PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } */ +/* maximum number of policies of 8192 seems more than adequate */ +#define MAX_CERTIFICATE_POLICIES 8192 static void SecCEPCertificatePolicies(SecCertificateRef certificate, const SecCertificateExtension *extn) { secdebug("cert", "critical: %s", extn->critical ? "yes" : "no"); @@ -830,7 +832,8 @@ static void SecCEPCertificatePolicies(SecCertificateRef certificate, require_quiet(tag == ASN1_CONSTR_SEQUENCE, badDER); DERDecodedInfo piContent; DERSize policy_count = 0; - while ((drtn = DERDecodeSeqNext(&piSeq, &piContent)) == DR_Success) { + while ((policy_count < MAX_CERTIFICATE_POLICIES) && + (drtn = DERDecodeSeqNext(&piSeq, &piContent)) == DR_Success) { require_quiet(piContent.tag == ASN1_CONSTR_SEQUENCE, badDER); policy_count++; } @@ -839,7 +842,8 @@ static void SecCEPCertificatePolicies(SecCertificateRef certificate, * (policy_count > 0 ? policy_count : 1)); DERDecodeSeqInit(&extn->extnValue, &tag, &piSeq); DERSize policy_ix = 0; - while ((drtn = DERDecodeSeqNext(&piSeq, &piContent)) == DR_Success) { + while ((policy_ix < (policy_count > 0 ? policy_count : 1)) && + (drtn = DERDecodeSeqNext(&piSeq, &piContent)) == DR_Success) { DERPolicyInformation pi; drtn = DERParseSequenceContent(&piContent.content, DERNumPolicyInformationItemSpecs, @@ -2200,7 +2204,7 @@ CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes, if (month > 2) day += is_leap_year; - CFAbsoluteTime absTime = (CFAbsoluteTime)((day * 24 + hour) * 60 + minute) * 60 + second; + CFAbsoluteTime absTime = (CFAbsoluteTime)((day * 24.0 + hour) * 60.0 + minute) * 60.0 + second; return absTime - timeZoneOffset; } diff --git a/OSX/sec/Security/SecExports.exp-in b/OSX/sec/Security/SecExports.exp-in index af3e3878..6d95a578 100644 --- a/OSX/sec/Security/SecExports.exp-in +++ b/OSX/sec/Security/SecExports.exp-in @@ -74,6 +74,7 @@ _kSecPolicyApplePPQSigning _kSecPolicyAppleTestPPQSigning _kSecPolicyAppleATVAppSigning _kSecPolicyAppleTestATVAppSigning +_kSecPolicyAppleATVVPNProfileSigning _kSecPolicyApplePayIssuerEncryption _kSecPolicyAppleAnchorIncludeTestRoots _kSecPolicyCheckAnchorSHA1 @@ -174,6 +175,7 @@ _SecPolicyCreateiPhoneDeviceCertificate _SecPolicyCreateiPhoneProfileApplicationSigning _SecPolicyCreateiPhoneProvisioningProfileSigning _SecPolicyCreateAppleTVOSApplicationSigning +_SecPolicyCreateAppleATVVPNProfileSigning _SecPolicyCreateiTunesStoreURLBag _SecPolicyCreateLockdownPairing _SecPolicyCreateMobileAsset diff --git a/OSX/sec/Security/SecKey.c b/OSX/sec/Security/SecKey.c index ca2b7d12..2d4e8d1a 100644 --- a/OSX/sec/Security/SecKey.c +++ b/OSX/sec/Security/SecKey.c @@ -402,7 +402,7 @@ SecKeyRef SecKeyCopyMatchingPrivateKey(SecKeyRef publicKey, CFErrorRef *error) { CFTypeRef queryResult = NULL; CFDictionaryRef query = NULL; - require_action_quiet(publicKey != NULL, errOut, SecError(errSecParam, error, NULL, CFSTR("Null Public Key"))); + require_action_quiet(publicKey != NULL, errOut, SecError(errSecParam, error, CFSTR("Null Public Key"))); query = CreatePrivateKeyMatchingQuery(publicKey, false); diff --git a/OSX/sec/Security/SecPolicy.c b/OSX/sec/Security/SecPolicy.c index f94406a8..94053fd1 100644 --- a/OSX/sec/Security/SecPolicy.c +++ b/OSX/sec/Security/SecPolicy.c @@ -216,6 +216,8 @@ SEC_CONST_DECL (kSecPolicyAppleATVAppSigning, "1.2.840.113625.100.1.37"); SEC_CONST_DECL (kSecPolicyAppleTestATVAppSigning, "1.2.840.113625.100.1.38"); SEC_CONST_DECL (kSecPolicyApplePayIssuerEncryption, "1.2.840.113625.100.1.39"); SEC_CONST_DECL (kSecPolicyAppleOSXProvisioningProfileSigning, "1.2.840.113625.100.1.40"); +SEC_CONST_DECL (kSecPolicyAppleATVVPNProfileSigning, "1.2.840.113625.100.1.41"); +// TODO need confirmation that OID for kSecPolicyAppleATVVPNProfileSigning is reserved SEC_CONST_DECL (kSecPolicyOid, "SecPolicyOid"); SEC_CONST_DECL (kSecPolicyName, "SecPolicyName"); @@ -273,6 +275,7 @@ static CFStringRef kSecPolicyOIDAppleATVAppSigning = CFSTR("AppleATVAppSigning") static CFStringRef kSecPolicyOIDAppleTestATVAppSigning = CFSTR("AppleTestATVAppSigning"); static CFStringRef kSecPolicyOIDApplePayIssuerEncryption = CFSTR("ApplePayIssuerEncryption"); static CFStringRef kSecPolicyOIDAppleOSXProvisioningProfileSigning = CFSTR("AppleOSXProvisioningProfileSigning"); +static CFStringRef kSecPolicyOIDAppleATVVPNProfileSigning = CFSTR("AppleATVVPNProfileSigning"); /* Policies will now change to multiple categories of checks. @@ -637,6 +640,9 @@ SecPolicyRef SecPolicyCreateWithProperties(CFTypeRef policyIdentifier, } else if (CFEqual(policyIdentifier, kSecPolicyApplePayIssuerEncryption)) { policy = SecPolicyCreateApplePayIssuerEncryption(); + } + else if (CFEqual(policyIdentifier, kSecPolicyAppleATVVPNProfileSigning)) { + policy = SecPolicyCreateAppleATVVPNProfileSigning(); } else { secerror("ERROR: policy \"%@\" is unsupported", policyIdentifier); @@ -741,6 +747,9 @@ CFDictionaryRef SecPolicyCopyProperties(SecPolicyRef policyRef) { else if (CFEqual(oid, kSecPolicyOIDAppleOSXProvisioningProfileSigning)) { outOid = kSecPolicyAppleOSXProvisioningProfileSigning; } + else if (CFEqual(oid, kSecPolicyOIDAppleATVVPNProfileSigning)) { + outOid = kSecPolicyAppleATVVPNProfileSigning; + } // Set kSecPolicyOid CFDictionarySetValue(properties, (const void *)kSecPolicyOid, @@ -2917,3 +2926,51 @@ errOut: CFReleaseSafe(options); return result; } + +/*! + @function SecPolicyCreateAppleATVVPNProfileSigning + @abstract Check for leaf marker OID 1.2.840.113635.100.6.43, + intermediate marker OID 1.2.840.113635.100.6.2.10, + chains to Apple Root CA, path length 3 + */ +SecPolicyRef SecPolicyCreateAppleATVVPNProfileSigning(void) +{ + SecPolicyRef result = NULL; + CFMutableDictionaryRef options = NULL; + CFMutableDictionaryRef appleAnchorOptions = NULL; + require(options = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, + &kCFTypeDictionaryKeyCallBacks, + &kCFTypeDictionaryValueCallBacks), errOut); + + SecPolicyAddBasicCertOptions(options); + + // Require pinning to the Apple CAs (including test CA for internal releases) + appleAnchorOptions = CFDictionaryCreateMutableForCFTypes(NULL); + require(appleAnchorOptions, errOut); + + if (SecIsInternalRelease()) { + CFDictionarySetValue(appleAnchorOptions, + kSecPolicyAppleAnchorIncludeTestRoots, kCFBooleanTrue); + } + + add_element(options, kSecPolicyCheckAnchorApple, appleAnchorOptions); + + // Cert chain length 3 + require(SecPolicyAddChainLengthOptions(options, 3), errOut); + + // Check leaf for Apple ATV VPN Profile Signing OID (1.2.840.113635.100.6.43) + add_leaf_marker(options, &oidAppleCertExtATVVPNProfileSigning); + + // Check intermediate for Apple System Integration 2 CA intermediate marker (1.2.840.113635.100.6.2.10) + add_oid(options, kSecPolicyCheckIntermediateMarkerOid, &oidAppleIntmMarkerAppleSystemIntg2); + + // Ensure that revocation is checked (OCSP only) + CFDictionaryAddValue(options, kSecPolicyCheckRevocation, kCFBooleanFalse); + + require(result = SecPolicyCreate(kSecPolicyAppleATVVPNProfileSigning, options), errOut); + +errOut: + CFReleaseSafe(options); + CFReleaseSafe(appleAnchorOptions); + return result; +} diff --git a/OSX/sec/Security/SecPolicyPriv.h b/OSX/sec/Security/SecPolicyPriv.h index 1d33127a..d0debccc 100644 --- a/OSX/sec/Security/SecPolicyPriv.h +++ b/OSX/sec/Security/SecPolicyPriv.h @@ -564,6 +564,16 @@ SecPolicyRef SecPolicyCreateTestAppleATVAppSigning(void) SecPolicyRef SecPolicyCreateApplePayIssuerEncryption(void) __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); + +/*! + @function SecPolicyCreateAppleATVVPNProfileSigning + @abstract Check for leaf marker OID 1.2.840.113635.100.6.43, + intermediate marker OID 1.2.840.113635.100.6.2.10, + chains to Apple Root CA, path length 3 + */ +SecPolicyRef SecPolicyCreateAppleATVVPNProfileSigning(void) +__OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0); + __END_DECLS #endif /* !_SECURITY_SECPOLICYPRIV_H_ */ diff --git a/OSX/sec/Security/SecSCEP.c b/OSX/sec/Security/SecSCEP.c index af2bbdd5..e8f0254d 100644 --- a/OSX/sec/Security/SecSCEP.c +++ b/OSX/sec/Security/SecSCEP.c @@ -179,18 +179,19 @@ out: return hash_pubkey_data; } -static void generate_sender_nonce(CFMutableDictionaryRef dict) +static int generate_sender_nonce(CFMutableDictionaryRef dict) { /* random sender nonce, to be verified against recipient nonce in reply */ CFDataRef senderNonce_oid_data = scep_oid(senderNonce); uint8_t senderNonce_value[18] = { 4, 16, }; - SecRandomCopyBytes(kSecRandomDefault, sizeof(senderNonce_value) - 2, senderNonce_value + 2); + int status = SecRandomCopyBytes(kSecRandomDefault, sizeof(senderNonce_value) - 2, senderNonce_value + 2); CFDataRef senderNonce_value_data = CFDataCreate(kCFAllocatorDefault, senderNonce_value, sizeof(senderNonce_value)); if (senderNonce_oid_data && senderNonce_value_data) CFDictionarySetValue(dict, senderNonce_oid_data, senderNonce_value_data); CFReleaseNull(senderNonce_oid_data); CFReleaseNull(senderNonce_value_data); + return status; } SecIdentityRef SecSCEPCreateTemporaryIdentity(SecKeyRef publicKey, SecKeyRef privateKey) @@ -303,7 +304,7 @@ SecSCEPGenerateCertificateRequest(CFArrayRef subject, CFDictionaryRef parameters CFReleaseNull(msgtype_value_data); /* random sender nonce, to be verified against recipient nonce in reply */ - generate_sender_nonce(simple_attr); + require(generate_sender_nonce(simple_attr) == errSecSuccess, out); /* XXX/cs remove auto-generation once managedconfig is no longer using this */ if (signer) { diff --git a/OSX/sec/Security/SecTrust.c b/OSX/sec/Security/SecTrust.c index 7c9f0d05..a7e7158d 100644 --- a/OSX/sec/Security/SecTrust.c +++ b/OSX/sec/Security/SecTrust.c @@ -1311,7 +1311,7 @@ static void applyDetailProperty(const void *_key, const void *_value, tf->hostnameMismatch = true; } else if (CFEqual(key, kSecPolicyCheckValidIntermediates) || CFEqual(key, kSecPolicyCheckValidLeaf) - || CFEqual(key, kSecPolicyCheckValidLeaf)) { + || CFEqual(key, kSecPolicyCheckValidRoot)) { tf->invalidCert = true; } else /* Anything else is a policy failure. */ diff --git a/OSX/sec/Security/SecuritydXPC.c b/OSX/sec/Security/SecuritydXPC.c index ab7a4b13..01a29884 100644 --- a/OSX/sec/Security/SecuritydXPC.c +++ b/OSX/sec/Security/SecuritydXPC.c @@ -405,12 +405,17 @@ CFTypeRef SecXPCDictionaryCopyPList(xpc_object_t message, const char *key, CFErr } const uint8_t *der_end = der + size; - der = der_decode_plist(kCFAllocatorDefault, kCFPropertyListImmutable, + /* use the sensitive allocator so that the dictionary is zeroized upon deallocation */ + const uint8_t *decode_end = der_decode_plist(CFAllocatorSensitive(), kCFPropertyListImmutable, &cfobject, error, der, der_end); - if (der != der_end) { + if (decode_end != der_end) { SecError(errSecParam, error, CFSTR("trailing garbage after der decoded object for key %s"), key); CFReleaseNull(cfobject); } + + /* zeroize xpc value as it may have contained raw key material */ + cc_clear(size, (void *)der); + return cfobject; } diff --git a/OSX/sec/Security/Tool/SecurityCommands.h b/OSX/sec/Security/Tool/SecurityCommands.h index cf063695..033e43fd 100644 --- a/OSX/sec/Security/Tool/SecurityCommands.h +++ b/OSX/sec/Security/Tool/SecurityCommands.h @@ -144,3 +144,18 @@ SECURITY_COMMAND("log", log_control, " -s scope_list set log scopes to scope_list.\n" " -c scope_list set log scopes to scope_list for all devices in circle.\n", "control logging settings") + +SECURITY_COMMAND_IOS("verify-cert", verify_cert, + "[options]\n" + " -c certFile Certificate to verify. Can be specified multiple times.\n" + " -r rootCertFile Root Certificate. Can be specified multiple times.\n" + " -p policy Verify policy (basic, ssl, smime, eap, IPSec, appleID,\n" + " codeSign, timestamp, revocation).\n" + " -d date Set date and time to use when verifying certificate,\n" + " provided in the form of YYYY-MM-DD-hh:mm:ss (time optional) in GMT.\n" + " e.g: 2016-04-25-15:59:59 for April 25, 2016 at 3:59:59 pm in GMT\n" + " -L Local certs only.\n" + " -n Name of the host (ssl, IPSec, smime)\n" + " -q Quiet.\n" + " -C Set client to true. Otherwise, verify-cert defaults to server (ssl, IPSec, eap).\n", + "Verify certificate(s).") diff --git a/OSX/sec/Security/Tool/keychain_find.c b/OSX/sec/Security/Tool/keychain_find.c index dc0151f5..91071d54 100644 --- a/OSX/sec/Security/Tool/keychain_find.c +++ b/OSX/sec/Security/Tool/keychain_find.c @@ -1,9 +1,27 @@ -// -// -// -// - - +/* + * Copyright (c) 2003-2007,2009-2010,2013-2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + * + * keychain_find.c + */ #include diff --git a/OSX/sec/Security/Tool/log_control.c b/OSX/sec/Security/Tool/log_control.c index d4792aa4..82a6a17c 100644 --- a/OSX/sec/Security/Tool/log_control.c +++ b/OSX/sec/Security/Tool/log_control.c @@ -1,8 +1,27 @@ -// -// log_control.c -// -// sec -// +/* + * Copyright (c) 2003-2007,2009-2010,2013-2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + * + * log_control.c + */ #include #include diff --git a/OSX/sec/Security/Tool/verify_cert.c b/OSX/sec/Security/Tool/verify_cert.c new file mode 100644 index 00000000..a1b8ebfd --- /dev/null +++ b/OSX/sec/Security/Tool/verify_cert.c @@ -0,0 +1,434 @@ +/* + * Copyright (c) 2003-2007,2009-2010,2013-2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + * + * verify-cert.c + */ + +#define CFRELEASE(cf) if (cf) { CFRelease(cf); } + +#include +#include +#include + +#include +#include +#include + +int readFile(const char *fileName, unsigned char **bytes, unsigned *numBytes); +CFStringRef policyToConstant(const char *policy); +int verify_cert(int argc, char * const *argv); + +/* Read an entire file. Copied from cuFileIo.c */ +int readFile( + const char *fileName, + unsigned char **bytes, /* malloc'd and returned */ + unsigned *numBytes) /* returned */ +{ + int rtn; + int fd; + unsigned char *buf; + struct stat sb; + unsigned size; + + *numBytes = 0; + *bytes = NULL; + fd = open(fileName, O_RDONLY, 0); + if (fd < 0) { + return errno; + } + + rtn = fstat(fd, &sb); + if (rtn) { + goto errOut; + } + size = (unsigned)sb.st_size; + buf = malloc(size); + if (buf == NULL) { + rtn = ENOMEM; + goto errOut; + } + + rtn = (int)lseek(fd, 0, SEEK_SET); + if (rtn < 0) { + free(buf); + goto errOut; + } + + rtn = (int)read(fd, buf, (size_t)size); + if (rtn != (int)size) { + if (rtn >= 0) { + printf("readFile: short read\n"); + } + free(buf); + rtn = EIO; + } + else { + rtn = 0; + *bytes = buf; + *numBytes = size; + } +errOut: + close(fd); + return rtn; +} + +static int addCertFile(const char *fileName, CFMutableArrayRef *array) { + SecCertificateRef certRef = NULL; + CFDataRef dataRef = NULL; + unsigned char *buf = NULL; + unsigned int numBytes; + int rtn = 0; + + if (readFile(fileName, &buf, &numBytes)) { + rtn = -1; + goto errOut; + } + + dataRef = CFDataCreate(NULL, buf, numBytes); + certRef = SecCertificateCreateWithData(NULL, dataRef); + + if (*array == NULL) { + *array = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + } + + CFArrayAppendValue(*array, certRef); + +errOut: + /* Cleanup */ + free(buf); + CFRELEASE(dataRef); + CFRELEASE(certRef); + return rtn; +} + +CFStringRef policyToConstant(const char *policy) { + if (policy == NULL) { + return NULL; + } + else if (!strcmp(policy, "basic")) { + return kSecPolicyAppleX509Basic; + } + else if (!strcmp(policy, "ssl")) { + return kSecPolicyAppleSSL; + } + else if (!strcmp(policy, "smime")) { + return kSecPolicyAppleSMIME; + } + else if (!strcmp(policy, "eap")) { + return kSecPolicyAppleEAP; + } + else if (!strcmp(policy, "IPSec")) { + return kSecPolicyAppleIPsec; + } + else if (!strcmp(policy, "appleID")) { + return kSecPolicyAppleIDValidation; + } + else if (!strcmp(policy, "codeSign")) { + return kSecPolicyAppleCodeSigning; + } + else if (!strcmp(policy, "timestamping")) { + return kSecPolicyAppleTimeStamping; + } + else if (!strcmp(policy, "revocation")) { + return kSecPolicyAppleRevocation; + } + else if (!strcmp(policy, "passbook")) { + /* Passbook not implemented */ + return NULL; + } + else { + return NULL; + } +} + +int verify_cert(int argc, char * const *argv) { + extern char *optarg; + extern int optind; + int arg; + + CFMutableArrayRef certs = NULL; + CFMutableArrayRef roots = NULL; + + CFMutableDictionaryRef dict = NULL; + const char *name = NULL; + bool client = false; + + OSStatus ortn; + int ourRtn = 0; + bool quiet = false; + + struct tm time; + CFGregorianDate gregorianDate; + CFDateRef dateRef = NULL; + + CFStringRef policy = NULL; + SecPolicyRef policyRef = NULL; + Boolean fetch = true; + SecTrustRef trustRef = NULL; + SecTrustResultType resultType; + + if (argc < 2) { + /* Return 2 triggers usage message. */ + return 2; + } + + optind = 1; + + while ((arg = getopt(argc, argv, "c:r:p:d:n:LqC")) != -1) { + switch (arg) { + case 'c': + /* Can be specified multiple times */ + if (addCertFile(optarg, &certs)) { + fprintf(stderr, "Cert file error\n"); + ourRtn = 1; + goto errOut; + } + break; + case 'r': + /* Can be specified multiple times */ + if (addCertFile(optarg, &roots)) { + fprintf(stderr, "Root file error\n"); + ourRtn = 1; + goto errOut; + } + break; + case 'p': + policy = policyToConstant(optarg); + if (policy == NULL) { + fprintf(stderr, "Policy processing error\n"); + ourRtn = 2; + goto errOut; + } + break; + case 'L': + /* Force no network fetch of certs */ + fetch = false; + break; + case 'n': + if (name != NULL) { + name = optarg; + } + break; + case 'q': + quiet = true; + break; + case 'C': + /* Set to client */ + client = true; + break; + case 'd': + memset(&time, 0, sizeof(struct tm)); + if (strptime(optarg, "%Y-%m-%d-%H:%M:%S", &time) == NULL) { + if (strptime(optarg, "%Y-%m-%d", &time) == NULL) { + fprintf(stderr, "Date processing error\n"); + ourRtn = 2; + goto errOut; + } + } + + gregorianDate.second = time.tm_sec; + gregorianDate.minute = time.tm_min; + gregorianDate.hour = time.tm_hour; + gregorianDate.day = time.tm_mday; + gregorianDate.month = time.tm_mon + 1; + gregorianDate.year = time.tm_year + 1900; + + if (dateRef == NULL) { + dateRef = CFDateCreate(NULL, CFGregorianDateGetAbsoluteTime(gregorianDate, NULL)); + } + break; + default: + fprintf(stderr, "Usage error\n"); + ourRtn = 2; + goto errOut; + } + } + + if (optind != argc) { + ourRtn = 2; + goto errOut; + } + + if (policy == NULL) { + policy = kSecPolicyAppleX509Basic; + } + + if (certs == NULL) { + if (roots == NULL) { + fprintf(stderr, "No certs specified.\n"); + ourRtn = 2; + goto errOut; + } + if (CFArrayGetCount(roots) != 1) { + fprintf(stderr, "Multiple roots and no certs not allowed.\n"); + ourRtn = 2; + goto errOut; + } + + /* No certs and one root: verify the root */ + certs = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + CFArrayAppendValue(certs, CFArrayGetValueAtIndex(roots, 0)); + } + + /* Per-policy options */ + if (!CFStringCompare(policy, kSecPolicyAppleSSL, 0) || !CFStringCompare(policy, kSecPolicyAppleIPsec, 0)) { + dict = CFDictionaryCreateMutable(NULL, 2, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + + if (name == NULL) { + ourRtn = 2; + goto errOut; + } + CFDictionaryAddValue(dict, kSecPolicyName, name); + CFDictionaryAddValue(dict, kSecPolicyClient, &client); + } + else if (!CFStringCompare(policy, kSecPolicyAppleEAP, 0)) { + dict = CFDictionaryCreateMutable(NULL, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + + CFDictionaryAddValue(dict, kSecPolicyClient, &client); + } + else if (!CFStringCompare(policy, kSecPolicyAppleSMIME, 0)) { + dict = CFDictionaryCreateMutable(NULL, 1, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks); + + if (name == NULL) { + ourRtn = 2; + goto errOut; + } + CFDictionaryAddValue(dict, kSecPolicyName, name); + } + + policyRef = SecPolicyCreateWithProperties(policy, dict); + + /* Now create a SecTrustRef and set its options */ + ortn = SecTrustCreateWithCertificates(certs, policyRef, &trustRef); + if (ortn) { + fprintf(stderr, "SecTrustCreateWithCertificates\n"); + ourRtn = 1; + goto errOut; + } + + /* Roots (anchors) are optional */ + if (roots != NULL) { + ortn = SecTrustSetAnchorCertificates(trustRef, roots); + if (ortn) { + fprintf(stderr, "SecTrustSetAnchorCertificates\n"); + ourRtn = 1; + goto errOut; + } + } + if (fetch == false) { + ortn = SecTrustSetNetworkFetchAllowed(trustRef, fetch); + if (ortn) { + fprintf(stderr, "SecTrustSetNetworkFetchAllowed\n"); + ourRtn = 1; + goto errOut; + } + } + + /* Set verification time for trust object */ + if (dateRef != NULL) { + ortn = SecTrustSetVerifyDate(trustRef, dateRef); + if (ortn) { + fprintf(stderr, "SecTrustSetVerifyDate\n"); + ourRtn = 1; + goto errOut; + } + } + + /* Evaluate certs */ + ortn = SecTrustEvaluate(trustRef, &resultType); + if (ortn) { + /* Should never fail - error doesn't mean the cert verified badly */ + fprintf(stderr, "SecTrustEvaluate\n"); + ourRtn = 1; + goto errOut; + } + switch (resultType) { + case kSecTrustResultUnspecified: + /* Cert chain valid, no special UserTrust assignments */ + case kSecTrustResultProceed: + /* Cert chain valid AND user explicitly trusts this */ + break; + case kSecTrustResultDeny: + /* User-configured denial */ + if (!quiet) { + fprintf(stderr, "SecTrustEvaluate result: kSecTrustResultDeny\n"); + } + ourRtn = 1; + break; + case kSecTrustResultConfirm: + /* Cert chain may well have verified OK, but user has flagged + one of these certs as untrustable. */ + if (!quiet) { + fprintf(stderr, "SecTrustEvaluate result: kSecTrustResultConfirm\n"); + } + ourRtn = 1; + break; + case kSecTrustResultInvalid: + /* SecTrustEvaluate not called yet */ + if (!quiet) { + fprintf(stderr, "SecTrustEvaluate result: kSecTrustResultInvalid\n"); + } + ourRtn = 1; + break; + case kSecTrustResultRecoverableTrustFailure: + /* Failure, can be user-overridden */ + if (!quiet) { + fprintf(stderr, "SecTrustEvaluate result: kSecTrustResultRecoverableTrustFailure\n"); + } + ourRtn = 1; + break; + case kSecTrustResultFatalTrustFailure: + /* Complete failure */ + if (!quiet) { + fprintf(stderr, "SecTrustEvaluate result: kSecTrustResultFatalTrustFailure\n"); + } + ourRtn = 1; + break; + case kSecTrustResultOtherError: + /* Failure unrelated to trust evaluation */ + if (!quiet) { + fprintf(stderr, "SecTrustEvaluate result: kSecTrustResultOtherError\n"); + } + ourRtn = 1; + break; + default: + /* Error is not a defined SecTrustResultType */ + if (!quiet) { + fprintf(stderr, "Cert Verify Result: %u\n", resultType); + } + ourRtn = 1; + break; + } + + if ((ourRtn == 0) && !quiet) { + printf("...certificate verification successful.\n"); + } +errOut: + /* Cleanup */ + CFRELEASE(certs); + CFRELEASE(roots); + CFRELEASE(dateRef); + CFRELEASE(dict); + CFRELEASE(policyRef); + CFRELEASE(trustRef); + return ourRtn; +} diff --git a/OSX/sec/SecurityTool/security.1 b/OSX/sec/SecurityTool/security.1 index dba4ac93..e411c50c 100644 --- a/OSX/sec/SecurityTool/security.1 +++ b/OSX/sec/SecurityTool/security.1 @@ -136,6 +136,8 @@ Install (or re-install) the MDS database. Run .Pa /usr/bin/leaks on this proccess. +.It Nm verify-cert +Verify certificate(s). .El .Sh "COMMON COMMAND OPTIONS" This section describes the @@ -219,7 +221,7 @@ Unset it if no keychain is specified. .Op Fl p Ar password .Op Ar keychain... .Bl -item -offset -indent -Create keychains and add them to the search list. if no keychains are specified the user is prompted for one. +Create keychains and add them to the search list. If no keychains are specified the user is prompted for one. .It Options: .Bl -tag -compact -width -indent-indent @@ -321,7 +323,7 @@ Dump raw (possibly ciphertext) data of items. .Op Fl n Ar name .Op Fl A Ns | Ns Fl T Ar app1:app2:... .Bl -item -offset -indent -Create an assymetric keypair. +Create an asymmetric keypair. .El .It .Nm add-internet-password @@ -381,7 +383,7 @@ arguments are provided, will search the default search list. .It Options: -.Bl -tag -compact -width -indent-indent +.Bl -tag -compact -width -indent .It Fl a Find all matching certificates, not just the first one. .It Fl g Ar dl Ns | Ns Ar cspdl @@ -549,7 +551,42 @@ Ignore leaks called from .Ar symbol Ns . .El .El +.It +.Nm verify-cert +.Op Fl c Ar certFile +.Op Fl r Ar rootCertFile +.Op Fl p Ar policy +.Op Fl d Ar date +.Op Fl n Ar name +.Op Fl L +.Op Fl q +.Op Fl C +.Bl -item -offset -indent +Verify one or more certificates. +.It +Options: +.Bl -tag -compact -width -indent-indent +.It Fl c Ar certFile +Certificate to verify, in DER or PEM format. Can be specified more than once; leaf certificate has to be specified first. +.It Fl r Ar rootCertFile +Root certificate, in DER or PEM format. Can be specified more than once. If not specified, the system anchor certificates are used. +.It Fl p Ar policy +Specify verification policy (ssl, smime, codeSign, IPSec, basic, eap, appleID, timestamping, revocation). Default is basic. +.It Fl d Ar date +Date to set for verification. Specified in the format of YYYY-MM-DD-hh:mm:ss (time optional). e.g: 2016-04-25-15:59:59 for April 25, 2016 at 3:59:59 pm in GMT +.It Fl n Ar name +Specify name for the policy (ssl, IPSec, smime). +.It Fl L +Use local certificates only. If an issuing CA certificate is missing, this option will avoid accessing the network to fetch it. +.It Fl q +Quiet, no stdout or stderr. +.It Fl C +Set to client-side. Otherwise, defaults to server. .El +.It +.Sy Examples +.Bl -tag -width -indent +.Dl security> verify-cert -r serverbasic.crt .El .Sh ENVIRONMENT \" May not be needed .Bl -tag -width -indent diff --git a/OSX/sec/ipc/server.c b/OSX/sec/ipc/server.c index d12b66e9..4d008578 100644 --- a/OSX/sec/ipc/server.c +++ b/OSX/sec/ipc/server.c @@ -50,6 +50,7 @@ #include #include #include +#include #include #include @@ -414,6 +415,14 @@ bool xpc_dictionary_set_and_consume_PeerInfoArray(xpc_object_t xdict, const char return success; } +static bool +EntitlementMissing(enum SecXPCOperation op, SecTaskRef clientTask, CFStringRef entitlement, CFErrorRef *error) +{ + SecError(errSecMissingEntitlement, error, CFSTR("%@: %@ lacks entitlement %@"), SOSCCGetOperationDescription(op), clientTask, entitlement); + return false; +} + + static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, xpc_object_t event) { xpc_type_t type = xpc_get_type(event); @@ -459,7 +468,7 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, // operations before kSecXPCOpTryUserCredentials don't need this entitlement. hasEntitlement = (operation < kSecXPCOpTryUserCredentials) || - (clientTask && SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementKeychainCloudCircle)); + (clientTask && SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementKeychainCloudCircle)); // Per Disable the entitlement check for "keychain-cloud-circle" // we disable entitlement enforcement. However, we still log so we know who needs the entitlement @@ -555,7 +564,7 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, } } } else { - SecError(errSecMissingEntitlement, &error, CFSTR("%@: %@ lacks entitlement %@"), SOSCCGetOperationDescription((enum SecXPCOperation)operation), clientTask, kSecEntitlementModifyAnchorCertificates); + EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementModifyAnchorCertificates, &error); } break; } @@ -572,7 +581,7 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, } } } else { - SecError(errSecMissingEntitlement, &error, CFSTR("%@: %@ lacks entitlement %@"), SOSCCGetOperationDescription((enum SecXPCOperation)operation), clientTask, kSecEntitlementModifyAnchorCertificates); + EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementModifyAnchorCertificates, &error); } break; } @@ -621,7 +630,7 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, } CFRelease(replyError); } else { - secdebug("ipc", "%@ %@ reponding %@", clientTask, SOSCCGetOperationDescription((enum SecXPCOperation)operation), asyncReply); + secdebug("ipc", "%@ %@ responding %@", clientTask, SOSCCGetOperationDescription((enum SecXPCOperation)operation), asyncReply); } xpc_connection_send_message(connection, asyncReply); @@ -641,35 +650,43 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, } case sec_keychain_backup_id: { - CFDataRef keybag = NULL, passcode = NULL; - if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyKeybag, &keybag, &error)) { - if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) { - CFDataRef backup = _SecServerKeychainBackup(keybag, passcode, &error); - if (backup) { - SecXPCDictionarySetData(replyMessage, kSecXPCKeyResult, backup, &error); - CFRelease(backup); + if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) { + CFDataRef keybag = NULL, passcode = NULL; + if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyKeybag, &keybag, &error)) { + if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) { + CFDataRef backup = _SecServerKeychainBackup(keybag, passcode, &error); + if (backup) { + SecXPCDictionarySetData(replyMessage, kSecXPCKeyResult, backup, &error); + CFRelease(backup); + } + CFReleaseSafe(passcode); } - CFReleaseSafe(passcode); + CFReleaseSafe(keybag); } - CFReleaseSafe(keybag); + } else { + EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error); } break; } case sec_keychain_restore_id: { - CFDataRef backup = SecXPCDictionaryCopyData(event, kSecXPCKeyBackup, &error); - if (backup) { - CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error); - if (keybag) { - CFDataRef passcode = NULL; - if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) { - bool result = _SecServerKeychainRestore(backup, keybag, passcode, &error); - xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result); - CFReleaseSafe(passcode); + if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) { + CFDataRef backup = SecXPCDictionaryCopyData(event, kSecXPCKeyBackup, &error); + if (backup) { + CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error); + if (keybag) { + CFDataRef passcode = NULL; + if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) { + bool result = _SecServerKeychainRestore(backup, keybag, passcode, &error); + xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result); + CFReleaseSafe(passcode); + } + CFRelease(keybag); } - CFRelease(keybag); + CFRelease(backup); } - CFRelease(backup); + } else { + EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error); } break; } @@ -686,106 +703,132 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, } case sec_keychain_backup_syncable_id: { - CFDictionaryRef oldbackup = NULL; - if (SecXPCDictionaryCopyDictionaryOptional(event, kSecXPCKeyBackup, &oldbackup, &error)) { - CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error); - if (keybag) { - CFDataRef passcode = NULL; - if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) { - CFDictionaryRef newbackup = _SecServerBackupSyncable(oldbackup, keybag, passcode, &error); - if (newbackup) { - SecXPCDictionarySetPList(replyMessage, kSecXPCKeyResult, newbackup, &error); - CFRelease(newbackup); + if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) { + + CFDictionaryRef oldbackup = NULL; + if (SecXPCDictionaryCopyDictionaryOptional(event, kSecXPCKeyBackup, &oldbackup, &error)) { + CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error); + if (keybag) { + CFDataRef passcode = NULL; + if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) { + CFDictionaryRef newbackup = _SecServerBackupSyncable(oldbackup, keybag, passcode, &error); + if (newbackup) { + SecXPCDictionarySetPList(replyMessage, kSecXPCKeyResult, newbackup, &error); + CFRelease(newbackup); + } + CFReleaseSafe(passcode); } - CFReleaseSafe(passcode); + CFRelease(keybag); } - CFRelease(keybag); + CFReleaseSafe(oldbackup); } - CFReleaseSafe(oldbackup); + } else { + EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error); } break; } case sec_keychain_restore_syncable_id: { - CFDictionaryRef backup = SecXPCDictionaryCopyDictionary(event, kSecXPCKeyBackup, &error); - if (backup) { - CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error); - if (keybag) { - CFDataRef passcode = NULL; - if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) { - bool result = _SecServerRestoreSyncable(backup, keybag, passcode, &error); - xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result); - CFReleaseSafe(passcode); + if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) { + + CFDictionaryRef backup = SecXPCDictionaryCopyDictionary(event, kSecXPCKeyBackup, &error); + if (backup) { + CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error); + if (keybag) { + CFDataRef passcode = NULL; + if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyUserPassword, &passcode, &error)) { + bool result = _SecServerRestoreSyncable(backup, keybag, passcode, &error); + xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result); + CFReleaseSafe(passcode); + } + CFRelease(keybag); } - CFRelease(keybag); + CFRelease(backup); } - CFRelease(backup); + } else { + EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error); } break; } case sec_item_backup_copy_names_id: { - CFArrayRef names = SecServerItemBackupCopyNames(&error); - SecXPCDictionarySetPListOptional(replyMessage, kSecXPCKeyResult, names, &error); - CFReleaseSafe(names); + if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) { + CFArrayRef names = SecServerItemBackupCopyNames(&error); + SecXPCDictionarySetPListOptional(replyMessage, kSecXPCKeyResult, names, &error); + CFReleaseSafe(names); + } else { + EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error); + } break; } case sec_item_backup_handoff_fd_id: { - CFStringRef backupName = SecXPCDictionaryCopyString(event, kSecXPCKeyBackup, &error); - int fd = -1; - if (backupName) { - fd = SecServerItemBackupHandoffFD(backupName, &error); - CFRelease(backupName); + if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) { + CFStringRef backupName = SecXPCDictionaryCopyString(event, kSecXPCKeyBackup, &error); + int fd = -1; + if (backupName) { + fd = SecServerItemBackupHandoffFD(backupName, &error); + CFRelease(backupName); + } + SecXPCDictionarySetFileDescriptor(replyMessage, kSecXPCKeyResult, fd, &error); + if (fd != -1) + close(fd); + } else { + EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error); } - SecXPCDictionarySetFileDescriptor(replyMessage, kSecXPCKeyResult, fd, &error); - if (fd != -1) - close(fd); break; } case sec_item_backup_set_confirmed_manifest_id: { - CFDataRef keybagDigest = NULL; - if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyKeybag, &keybagDigest, &error)) { - CFDataRef manifest = NULL; - if (SecXPCDictionaryCopyDataOptional(event, kSecXPCData, &manifest, &error)) { - CFStringRef backupName = SecXPCDictionaryCopyString(event, kSecXPCKeyBackup, &error); - if (backupName) { - bool result = SecServerItemBackupSetConfirmedManifest(backupName, keybagDigest, manifest, &error); - CFRelease(backupName); - xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result); + if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) { + CFDataRef keybagDigest = NULL; + if (SecXPCDictionaryCopyDataOptional(event, kSecXPCKeyKeybag, &keybagDigest, &error)) { + CFDataRef manifest = NULL; + if (SecXPCDictionaryCopyDataOptional(event, kSecXPCData, &manifest, &error)) { + CFStringRef backupName = SecXPCDictionaryCopyString(event, kSecXPCKeyBackup, &error); + if (backupName) { + bool result = SecServerItemBackupSetConfirmedManifest(backupName, keybagDigest, manifest, &error); + CFRelease(backupName); + xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result); + } + CFReleaseSafe(manifest); } - CFReleaseSafe(manifest); + CFReleaseNull(keybagDigest); } - CFRelease(keybagDigest); + } else { + EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error); } break; } case sec_item_backup_restore_id: { - bool result = false; - CFStringRef backupName = SecXPCDictionaryCopyString(event, kSecXPCKeyBackup, &error); - if (backupName) { - CFStringRef peerID = NULL; - if (SecXPCDictionaryCopyStringOptional(event, kSecXPCKeyDigest, &peerID, &error)) { - CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error); - if (keybag) { - CFDataRef secret = SecXPCDictionaryCopyData(event, kSecXPCKeyUserPassword, &error); - if (secret) { - CFDataRef backup = SecXPCDictionaryCopyData(event, kSecXPCData, &error); - if (backup) { - result = SecServerItemBackupRestore(backupName, peerID, keybag, secret, backup, &error); - CFRelease(backup); + if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) { + bool result = false; + CFStringRef backupName = SecXPCDictionaryCopyString(event, kSecXPCKeyBackup, &error); + if (backupName) { + CFStringRef peerID = NULL; + if (SecXPCDictionaryCopyStringOptional(event, kSecXPCKeyDigest, &peerID, &error)) { + CFDataRef keybag = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error); + if (keybag) { + CFDataRef secret = SecXPCDictionaryCopyData(event, kSecXPCKeyUserPassword, &error); + if (secret) { + CFDataRef backup = SecXPCDictionaryCopyData(event, kSecXPCData, &error); + if (backup) { + result = SecServerItemBackupRestore(backupName, peerID, keybag, secret, backup, &error); + CFRelease(backup); + } + CFRelease(secret); } - CFRelease(secret); + CFRelease(keybag); } - CFRelease(keybag); + CFReleaseSafe(peerID); } - CFReleaseSafe(peerID); + CFRelease(backupName); } - CFRelease(backupName); + xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result); + } else { + EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error); } - xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, result); break; } case sec_ota_pki_asset_version_id: @@ -1084,26 +1127,34 @@ static void securityd_xpc_dictionary_handler(const xpc_connection_t connection, break; case kSecXPCOpSetNewPublicBackupKey: { - CFDataRef publicBackupKey = SecXPCDictionaryCopyData(event, kSecXPCKeyNewPublicBackupKey, &error); - SOSPeerInfoRef peerInfo = SOSCCSetNewPublicBackupKey_Server(publicBackupKey, &error); - CFDataRef peerInfoData = peerInfo ? SOSPeerInfoCopyEncodedData(peerInfo, kCFAllocatorDefault, &error) : NULL; - CFReleaseNull(peerInfo); - if (peerInfoData) { - xpc_object_t xpc_object = _CFXPCCreateXPCObjectFromCFObject(peerInfoData); - xpc_dictionary_set_value(replyMessage, kSecXPCKeyResult, xpc_object); - xpc_release(xpc_object); - } - CFReleaseNull(peerInfoData); - CFReleaseSafe(publicBackupKey); + if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) { + CFDataRef publicBackupKey = SecXPCDictionaryCopyData(event, kSecXPCKeyNewPublicBackupKey, &error); + SOSPeerInfoRef peerInfo = SOSCCSetNewPublicBackupKey_Server(publicBackupKey, &error); + CFDataRef peerInfoData = peerInfo ? SOSPeerInfoCopyEncodedData(peerInfo, kCFAllocatorDefault, &error) : NULL; + CFReleaseNull(peerInfo); + if (peerInfoData) { + xpc_object_t xpc_object = _CFXPCCreateXPCObjectFromCFObject(peerInfoData); + xpc_dictionary_set_value(replyMessage, kSecXPCKeyResult, xpc_object); + xpc_release(xpc_object); + } + CFReleaseNull(peerInfoData); + CFReleaseSafe(publicBackupKey); + } else { + EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error); + } } break; case kSecXPCOpSetBagForAllSlices: { - CFDataRef backupSlice = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error); - bool includeV0 = xpc_dictionary_get_bool(event, kSecXPCKeyIncludeV0); - xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, backupSlice && SOSCCRegisterSingleRecoverySecret_Server(backupSlice, includeV0, &error)); - CFReleaseSafe(backupSlice); + if (SecTaskGetBooleanValueForEntitlement(clientTask, kSecEntitlementRestoreKeychain)) { + CFDataRef backupSlice = SecXPCDictionaryCopyData(event, kSecXPCKeyKeybag, &error); + bool includeV0 = xpc_dictionary_get_bool(event, kSecXPCKeyIncludeV0); + xpc_dictionary_set_bool(replyMessage, kSecXPCKeyResult, backupSlice && SOSCCRegisterSingleRecoverySecret_Server(backupSlice, includeV0, &error)); + CFReleaseSafe(backupSlice); + } else { + EntitlementMissing(((enum SecXPCOperation)operation), clientTask, kSecEntitlementRestoreKeychain, &error); + } } break; case kSecXPCOpCopyApplicantPeerInfo: diff --git a/OSX/sec/sec.xcodeproj/project.pbxproj b/OSX/sec/sec.xcodeproj/project.pbxproj index 24aaabd7..337f6fee 100644 --- a/OSX/sec/sec.xcodeproj/project.pbxproj +++ b/OSX/sec/sec.xcodeproj/project.pbxproj @@ -56,6 +56,8 @@ 18D4057014CE53DD00A2BE4E /* SecTrustServer.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD566114CB6F79008233F2 /* SecTrustServer.c */; }; 18D4057114CE53DD00A2BE4E /* SecTrustStoreServer.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD566314CB6F79008233F2 /* SecTrustStoreServer.c */; }; 18D4057214CE547400A2BE4E /* spi.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD566514CB6F79008233F2 /* spi.c */; }; + 32FBBBE71B556F8900AEF9ED /* verify_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = 32FBBBE61B556F8900AEF9ED /* verify_cert.c */; }; + 32FBBBE81B55B30E00AEF9ED /* verify_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = 32FBBBE61B556F8900AEF9ED /* verify_cert.c */; }; 3A70988218CDF648009FD2CC /* si_77_SecAccessControl.c in Sources */ = {isa = PBXBuildFile; fileRef = 3A70988118CDF648009FD2CC /* si_77_SecAccessControl.c */; }; 43C3B1681AFD588800786702 /* IDS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD6C9BF81A813D52002AB913 /* IDS.framework */; }; 43C3B1691AFD58AB00786702 /* IDS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = CD6C9BF81A813D52002AB913 /* IDS.framework */; }; @@ -289,10 +291,12 @@ 72B5923B17C6924000AE738B /* iCloudTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = 72B5923A17C6924000AE738B /* iCloudTrace.h */; }; 72B5923D17C6939A00AE738B /* iCloudTrace.c in Sources */ = {isa = PBXBuildFile; fileRef = 72B5923C17C6939A00AE738B /* iCloudTrace.c */; }; 7DE20930192D29D90066419C /* si-79-smp-cert-policy.c in Sources */ = {isa = PBXBuildFile; fileRef = 7DE2092F192D29D90066419C /* si-79-smp-cert-policy.c */; }; + 858A54681BC6FE62008A03FA /* si-88-sectrust-vpnprofile.c in Sources */ = {isa = PBXBuildFile; fileRef = 858A54641BC6FD3E008A03FA /* si-88-sectrust-vpnprofile.c */; }; + 858A54691BC6FE62008A03FA /* si-88-sectrust-vpnprofile.h in Headers */ = {isa = PBXBuildFile; fileRef = 858A54651BC6FD3E008A03FA /* si-88-sectrust-vpnprofile.h */; }; ACFD56BE19007B2D00F5F5D9 /* ios6_1_keychain_2_db.h in Headers */ = {isa = PBXBuildFile; fileRef = ACFD56BD19007B2D00F5F5D9 /* ios6_1_keychain_2_db.h */; }; - BE037D351B7E8DC700D21A94 /* si-20-sectrust-att.c in Sources */ = {isa = PBXBuildFile; fileRef = BE037D331B7E8DC200D21A94 /* si-20-sectrust-att.c */; }; BE061FCF1899E5BD00C739F6 /* si-76-shared-credentials.c in Sources */ = {isa = PBXBuildFile; fileRef = BE061FCE1899E5BD00C739F6 /* si-76-shared-credentials.c */; }; BE0CC6081A96B69000662E69 /* si-83-seccertificate-sighashalg.c in Sources */ = {isa = PBXBuildFile; fileRef = BE0CC6061A96B68400662E69 /* si-83-seccertificate-sighashalg.c */; }; + BE3171931BB3559600BBB212 /* si-20-sectrust.h in Headers */ = {isa = PBXBuildFile; fileRef = BE3171921BB3559600BBB212 /* si-20-sectrust.h */; settings = {ASSET_TAGS = (); }; }; BE4AC9B518B8022D00B84964 /* swcagent_client.h in Headers */ = {isa = PBXBuildFile; fileRef = BEF9640918B418A400813FA3 /* swcagent_client.h */; }; BE4AC9B618B8038400B84964 /* SecuritydXPC.c in Sources */ = {isa = PBXBuildFile; fileRef = E7B01B8816572579000485F1 /* SecuritydXPC.c */; }; BE53FA301B0AC5C300719A63 /* SecKey.c in Sources */ = {isa = PBXBuildFile; fileRef = 18AD563C14CB6EB9008233F2 /* SecKey.c */; }; @@ -404,6 +408,8 @@ D4273AA61B5D54E70007D67B /* nameconstraints.c in Sources */ = {isa = PBXBuildFile; fileRef = D4273AA21B5D54CA0007D67B /* nameconstraints.c */; }; D445CDE11B44D53C005040AC /* si-84-sectrust-atv-appsigning.c in Sources */ = {isa = PBXBuildFile; fileRef = D445CDDF1B44D372005040AC /* si-84-sectrust-atv-appsigning.c */; }; D4B4A9A81B8BB9B70097B393 /* si-85-sectrust-ssl-policy.c in Sources */ = {isa = PBXBuildFile; fileRef = D4B4A9A61B8801960097B393 /* si-85-sectrust-ssl-policy.c */; }; + D4DFC94A1B9958D00040945C /* si-87-sectrust-name-constraints.c in Sources */ = {isa = PBXBuildFile; fileRef = D4DFC9481B9958D00040945C /* si-87-sectrust-name-constraints.c */; }; + D4DFC94B1B9958D00040945C /* si-87-sectrust-name-constraints.h in Headers */ = {isa = PBXBuildFile; fileRef = D4DFC9491B9958D00040945C /* si-87-sectrust-name-constraints.h */; }; E703811514E1FEEF007CB458 /* SOSCloudCircle.h in Headers */ = {isa = PBXBuildFile; fileRef = E703811114E1FEE4007CB458 /* SOSCloudCircle.h */; }; E71049F3169E023B00DB0045 /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 521C0B9815FA5C4A00604B61 /* Foundation.framework */; }; E7104A01169E036E00DB0045 /* SecurityTool.c in Sources */ = {isa = PBXBuildFile; fileRef = E71049FF169E036E00DB0045 /* SecurityTool.c */; }; @@ -630,6 +636,8 @@ 18AD568814CB865E008233F2 /* SecItemServer.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; lineEnding = 0; path = SecItemServer.c; sourceTree = ""; xcLanguageSpecificationIdentifier = xcode.lang.c; }; 18D4043514CE0CF300A2BE4E /* libsecurity.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurity.a; sourceTree = BUILT_PRODUCTS_DIR; }; 18D4056214CE53C200A2BE4E /* libsecurityd.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libsecurityd.a; sourceTree = BUILT_PRODUCTS_DIR; }; + 32FBBBE11B50365D00AEF9ED /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = System/Library/Frameworks/CoreFoundation.framework; sourceTree = SDKROOT; }; + 32FBBBE61B556F8900AEF9ED /* verify_cert.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = verify_cert.c; sourceTree = ""; }; 3A70988118CDF648009FD2CC /* si_77_SecAccessControl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = si_77_SecAccessControl.c; sourceTree = ""; }; 4406660E19069707000DA171 /* si-80-empty-data.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "si-80-empty-data.c"; sourceTree = ""; }; 4469FC2A1AA0A69E0021AA26 /* secd-33-keychain-ctk.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = "secd-33-keychain-ctk.c"; sourceTree = ""; }; @@ -880,10 +888,12 @@ 72E2DC0616BC47C800E7B236 /* OTATrustUtilities.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = OTATrustUtilities.c; sourceTree = ""; }; 72E2DC0716BC47C800E7B236 /* OTATrustUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OTATrustUtilities.h; sourceTree = ""; }; 7DE2092F192D29D90066419C /* si-79-smp-cert-policy.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-79-smp-cert-policy.c"; sourceTree = ""; }; + 858A54641BC6FD3E008A03FA /* si-88-sectrust-vpnprofile.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-88-sectrust-vpnprofile.c"; sourceTree = ""; }; + 858A54651BC6FD3E008A03FA /* si-88-sectrust-vpnprofile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-88-sectrust-vpnprofile.h"; sourceTree = ""; }; ACFD56BD19007B2D00F5F5D9 /* ios6_1_keychain_2_db.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ios6_1_keychain_2_db.h; sourceTree = ""; }; - BE037D331B7E8DC200D21A94 /* si-20-sectrust-att.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-20-sectrust-att.c"; sourceTree = ""; }; BE061FCE1899E5BD00C739F6 /* si-76-shared-credentials.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-76-shared-credentials.c"; sourceTree = ""; }; BE0CC6061A96B68400662E69 /* si-83-seccertificate-sighashalg.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-83-seccertificate-sighashalg.c"; sourceTree = ""; }; + BE3171921BB3559600BBB212 /* si-20-sectrust.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-20-sectrust.h"; sourceTree = ""; }; BE556A5D19550E1600E6EE8C /* SecPolicyCerts.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecPolicyCerts.h; sourceTree = ""; }; BE62D75F1747FF3E001EAA9D /* si-72-syncableitems.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-72-syncableitems.c"; sourceTree = ""; }; BE62D7611747FF51001EAA9D /* si-70-sectrust-unified.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-70-sectrust-unified.c"; sourceTree = ""; }; @@ -975,6 +985,8 @@ D4273AA31B5D54CA0007D67B /* nameconstraints.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = nameconstraints.h; sourceTree = ""; }; D445CDDF1B44D372005040AC /* si-84-sectrust-atv-appsigning.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-84-sectrust-atv-appsigning.c"; sourceTree = ""; }; D4B4A9A61B8801960097B393 /* si-85-sectrust-ssl-policy.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-85-sectrust-ssl-policy.c"; sourceTree = ""; }; + D4DFC9481B9958D00040945C /* si-87-sectrust-name-constraints.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = "si-87-sectrust-name-constraints.c"; sourceTree = ""; }; + D4DFC9491B9958D00040945C /* si-87-sectrust-name-constraints.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "si-87-sectrust-name-constraints.h"; sourceTree = ""; }; E702E75614E1F3EA00CDE635 /* libSecureObjectSync.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSecureObjectSync.a; sourceTree = BUILT_PRODUCTS_DIR; }; E702E77814E1F48800CDE635 /* libSOSRegressions.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = libSOSRegressions.a; sourceTree = BUILT_PRODUCTS_DIR; }; E703811114E1FEE4007CB458 /* SOSCloudCircle.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCloudCircle.h; sourceTree = ""; }; @@ -1499,8 +1511,8 @@ 4CC92A1C15A3ABD400C6D578 /* si-15-certificate.c */, 4CC92A1D15A3ABD400C6D578 /* si-16-ec-certificate.c */, 4CC92A1E15A3ABD400C6D578 /* si-20-sectrust-activation.c */, - BE037D331B7E8DC200D21A94 /* si-20-sectrust-att.c */, 4CC92A1F15A3ABD400C6D578 /* si-20-sectrust.c */, + BE3171921BB3559600BBB212 /* si-20-sectrust.h */, 4CC92A2015A3ABD400C6D578 /* si-21-sectrust-asr.c */, 4CC92A2115A3ABD400C6D578 /* si-22-sectrust-iap.c */, 4CC92A2215A3ABD400C6D578 /* si-23-sectrust-ocsp.c */, @@ -1561,6 +1573,10 @@ D4B4A9A61B8801960097B393 /* si-85-sectrust-ssl-policy.c */, BECC54E31B98FF0000FB91DC /* si-86-sectrust-eap-tls.c */, BECC54E41B98FF0000FB91DC /* si-86-sectrust-eap-tls.h */, + D4DFC9481B9958D00040945C /* si-87-sectrust-name-constraints.c */, + D4DFC9491B9958D00040945C /* si-87-sectrust-name-constraints.h */, + 858A54641BC6FD3E008A03FA /* si-88-sectrust-vpnprofile.c */, + 858A54651BC6FD3E008A03FA /* si-88-sectrust-vpnprofile.h */, ); name = secitem; path = Regressions/secitem; @@ -1689,6 +1705,7 @@ 521C0B9715FA5C4900604B61 /* Frameworks */ = { isa = PBXGroup; children = ( + 32FBBBE11B50365D00AEF9ED /* CoreFoundation.framework */, CD6C9BF81A813D52002AB913 /* IDS.framework */, CD558FA8193544F800CFB3B1 /* IDSFoundation.framework */, EB97322D189C56DB0063DFED /* CoreFoundation.framework */, @@ -1791,6 +1808,7 @@ E7104A0F169E1F0800DB0045 /* Tool */ = { isa = PBXGroup; children = ( + 32FBBBE61B556F8900AEF9ED /* verify_cert.c */, F697632118F6CC3F0090438B /* keychain_util.c */, F697632218F6CC3F0090438B /* keychain_util.h */, E790C136169E5C6200E0C0C9 /* add_internet_password.c */, @@ -2136,7 +2154,9 @@ 4CC92AC015A3BC4300C6D578 /* Security_regressions.h in Headers */, 4CC92A8C15A3ABD400C6D578 /* getcacert-mdes.h in Headers */, 4CC92A8D15A3ABD400C6D578 /* getcacert-mdesqa.h in Headers */, + BE3171931BB3559600BBB212 /* si-20-sectrust.h in Headers */, 4CC92A8F15A3ABD400C6D578 /* si-63-scep.h in Headers */, + D4DFC94B1B9958D00040945C /* si-87-sectrust-name-constraints.h in Headers */, 4CC92A9015A3ABD400C6D578 /* attached_no_data_signed_data.h in Headers */, 4CC92A9115A3ABD400C6D578 /* attached_signed_data.h in Headers */, BECC54E61B98FF0000FB91DC /* si-86-sectrust-eap-tls.h in Headers */, @@ -2154,6 +2174,7 @@ 4CC92AA015A3ABD400C6D578 /* login.yahoo.com.2.cer.h in Headers */, 4CC92AA115A3ABD400C6D578 /* login.yahoo.com.cer.h in Headers */, 4CC92AA215A3ABD400C6D578 /* mail.google.com.cer.h in Headers */, + 858A54691BC6FE62008A03FA /* si-88-sectrust-vpnprofile.h in Headers */, 4CC92AA315A3ABD400C6D578 /* www.google.com.cer.h in Headers */, ); runOnlyForDeploymentPostprocessing = 0; @@ -2735,6 +2756,7 @@ 18D4044E14CE1FE400A2BE4E /* SecTrustSettings.c in Sources */, BE642BB2188F32C200C899A2 /* SecSharedCredential.c in Sources */, 52FD829A1AEA9CEF00634FD3 /* SecItemBackup.c in Sources */, + 32FBBBE71B556F8900AEF9ED /* verify_cert.c in Sources */, CDC765C21729A72800721712 /* SecPasswordGenerate.c in Sources */, 18D4044F14CE1FE400A2BE4E /* SecTrustStore.c in Sources */, 18D4045014CE1FE400A2BE4E /* vmdh.c in Sources */, @@ -2831,15 +2853,16 @@ BE061FCF1899E5BD00C739F6 /* si-76-shared-credentials.c in Sources */, 4CC92A6B15A3ABD400C6D578 /* si-16-ec-certificate.c in Sources */, 4CC92A6C15A3ABD400C6D578 /* si-20-sectrust-activation.c in Sources */, - BE037D351B7E8DC700D21A94 /* si-20-sectrust-att.c in Sources */, 4CC92A6D15A3ABD400C6D578 /* si-20-sectrust.c in Sources */, BE62D7601747FF3E001EAA9D /* si-72-syncableitems.c in Sources */, + 858A54681BC6FE62008A03FA /* si-88-sectrust-vpnprofile.c in Sources */, 4CC92A6E15A3ABD400C6D578 /* si-21-sectrust-asr.c in Sources */, 4CC92A6F15A3ABD400C6D578 /* si-22-sectrust-iap.c in Sources */, 4CC92A7015A3ABD400C6D578 /* si-23-sectrust-ocsp.c in Sources */, 4CC92A7115A3ABD400C6D578 /* si-24-sectrust-appleid.c in Sources */, 4CC92A7215A3ABD400C6D578 /* si-24-sectrust-digicert-malaysia.c in Sources */, 4CC92A7315A3ABD400C6D578 /* si-24-sectrust-diginotar.c in Sources */, + D4DFC94A1B9958D00040945C /* si-87-sectrust-name-constraints.c in Sources */, CDB6A8B81A409BC600646CD6 /* otr-60-slowroll.c in Sources */, 4CC92A7415A3ABD400C6D578 /* si-24-sectrust-itms.c in Sources */, 4CC92A7515A3ABD400C6D578 /* si-24-sectrust-mobileasset.c in Sources */, @@ -3055,6 +3078,7 @@ isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( + 32FBBBE81B55B30E00AEF9ED /* verify_cert.c in Sources */, F697632318F6CFD60090438B /* keychain_util.c in Sources */, E790C141169E5C6200E0C0C9 /* add_internet_password.c in Sources */, E790C142169E5C6200E0C0C9 /* codesign.c in Sources */, diff --git a/OSX/sec/securityd/Regressions/secd-33-keychain-ctk.c b/OSX/sec/securityd/Regressions/secd-33-keychain-ctk.c index 4d4f4fde..794e2ace 100644 --- a/OSX/sec/securityd/Regressions/secd-33-keychain-ctk.c +++ b/OSX/sec/securityd/Regressions/secd-33-keychain-ctk.c @@ -592,6 +592,7 @@ static void test_key_generate_with_params(void) { SecKeyRef publicKey = NULL, privateKey = NULL; phase = 0; + diag("This will produce an internal assert - on purpose"); is_status(SecKeyGeneratePair(params, &publicKey, &privateKey), errSecUserCanceled); is(phase, 2); diff --git a/OSX/sec/securityd/Regressions/secd-62-account-backup.c b/OSX/sec/securityd/Regressions/secd-62-account-backup.c index 67a90eb0..72b643db 100644 --- a/OSX/sec/securityd/Regressions/secd-62-account-backup.c +++ b/OSX/sec/securityd/Regressions/secd-62-account-backup.c @@ -64,7 +64,7 @@ static CFDataRef CopyBackupKeyForString(CFStringRef string, CFErrorRef *error) return result; } -static int kTestTestCount = 114; +static int kTestTestCount = 112; #else static int kTestTestCount = 1; #endif @@ -158,7 +158,7 @@ static void tests(void) CFReleaseNull(error); //Alice should kick Bob out of the backup! - is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 3, "updates"); + is(ProcessChangesUntilNoChange(changes, alice_account, bob_account, NULL), 2, "updates"); ok(SOSAccountIsMyPeerInBackupAndCurrentInView(alice_account, kTestView1), "Bob left the circle, Alice is not in the backup"); diff --git a/OSX/sec/securityd/Regressions/secd-81-item-acl.c b/OSX/sec/securityd/Regressions/secd-81-item-acl.c index 761cefce..eb0efa3c 100644 --- a/OSX/sec/securityd/Regressions/secd-81-item-acl.c +++ b/OSX/sec/securityd/Regressions/secd-81-item-acl.c @@ -400,6 +400,7 @@ static void item_with_acl_caused_maxauth(uint32_t *item_num) __security_simulatecrash_enable(false); LASetErrorCodeBlock(okBlock); + diag("this will cause an internal assert - on purpose"); is_status(SecItemAdd(item, NULL), errSecAuthFailed, "max auth attempts failed"); is(__security_simulatecrash_enable(true), 1, "Expecting simcrash max auth threshold passed"); diff --git a/OSX/sec/securityd/Regressions/secd-82-persistent-ref.c b/OSX/sec/securityd/Regressions/secd-82-persistent-ref.c index b7f37d53..87ec19aa 100644 --- a/OSX/sec/securityd/Regressions/secd-82-persistent-ref.c +++ b/OSX/sec/securityd/Regressions/secd-82-persistent-ref.c @@ -13,7 +13,7 @@ int secd_82_persistent_ref(int argc, char *const *argv) { - plan_tests(5); + plan_tests(4); /* custom keychain dir */ secd_test_setup_temp_keychain("secd_82_persistent_ref", NULL); diff --git a/OSX/sec/securityd/Regressions/secd_regressions.h b/OSX/sec/securityd/Regressions/secd_regressions.h index a140ce67..b4ca0f1e 100644 --- a/OSX/sec/securityd/Regressions/secd_regressions.h +++ b/OSX/sec/securityd/Regressions/secd_regressions.h @@ -55,7 +55,7 @@ ONE_TEST(secd_62_account_backup) ONE_TEST(secd_63_account_resurrection) ONE_TEST(secd_64_circlereset) ONE_TEST(secd_65_account_retirement_reset) -ONE_TEST(secd_70_engine) +DISABLED_ONE_TEST(secd_70_engine) ONE_TEST(secd_70_engine_corrupt) ONE_TEST(secd_70_engine_smash) DISABLED_ONE_TEST(secd_70_otr_remote) diff --git a/OSX/sec/securityd/SOSCloudCircleServer.c b/OSX/sec/securityd/SOSCloudCircleServer.c index 4e28d5f1..fbba5450 100644 --- a/OSX/sec/securityd/SOSCloudCircleServer.c +++ b/OSX/sec/securityd/SOSCloudCircleServer.c @@ -469,7 +469,7 @@ static SOSAccountRef GetSharedAccount(void) { if (CFSetContainsValue(peer_additions, me)) { // TODO: Potentially remove from here and move this to the engine - // TODO: We also need to do this when our views change. + // TODO: We also need to do this when our views change. SOSCCSyncWithAllPeers(); } } @@ -1158,9 +1158,8 @@ bool SOSCCIDSDeviceIDIsAvailableTest_Server(CFErrorRef *error){ result = SOSAccountRetrieveDeviceIDFromIDSKeychainSyncingProxy(account, &blockError); return result; }); - if(blockError != NULL && error != NULL) + if(blockError && error != NULL) *error = blockError; - return didSendTestMessages; } @@ -1386,14 +1385,14 @@ bool SOSCCWaitForInitialSync_Server(CFErrorRef* error) { } static CFArrayRef SOSAccountCopyYetToSyncViews(SOSAccountRef account, CFErrorRef *error) { - CFArrayRef result = NULL; + __block CFArrayRef result = NULL; CFTypeRef valueFetched = SOSAccountGetValue(account, kSOSUnsyncedViewsKey, error); if (valueFetched == kCFBooleanTrue) { SOSPeerInfoRef myPI = SOSAccountGetMyPeerInfo(account); if (myPI) { SOSPeerInfoWithEnabledViewSet(myPI, ^(CFSetRef enabled) { - CFSetCopyValues(enabled); + result = CFSetCopyValues(enabled); }); } } else if (isSet(valueFetched)) { diff --git a/OSX/sec/securityd/SecItemServer.c b/OSX/sec/securityd/SecItemServer.c index 3e1f1565..09e4287a 100644 --- a/OSX/sec/securityd/SecItemServer.c +++ b/OSX/sec/securityd/SecItemServer.c @@ -1190,12 +1190,12 @@ _SecAddSharedWebCredential(CFDictionaryRef attributes, CFTypeRef *result, CFErrorRef *error) { - CFStringRef fqdn = CFDictionaryGetValue(attributes, kSecAttrServer); - CFStringRef account = CFDictionaryGetValue(attributes, kSecAttrAccount); + CFStringRef fqdn = CFRetainSafe(CFDictionaryGetValue(attributes, kSecAttrServer)); + CFStringRef account = CFRetainSafe(CFDictionaryGetValue(attributes, kSecAttrAccount)); #if TARGET_OS_IPHONE && !TARGET_OS_WATCH - CFStringRef password = CFDictionaryGetValue(attributes, kSecSharedPassword); + CFStringRef password = CFRetainSafe(CFDictionaryGetValue(attributes, kSecSharedPassword)); #else - CFStringRef password = CFDictionaryGetValue(attributes, CFSTR("spwd")); + CFStringRef password = CFRetainSafe(CFDictionaryGetValue(attributes, CFSTR("spwd"))); #endif CFStringRef accessGroup = CFSTR("*"); CFArrayRef accessGroups = NULL; @@ -1212,7 +1212,6 @@ _SecAddSharedWebCredential(CFDictionaryRef attributes, // parse fqdn with CFURL here, since it could be specified as domain:port if (fqdn) { - CFRetainSafe(fqdn); CFStringRef urlStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("%@%@"), kSecSharedCredentialUrlScheme, fqdn); if (urlStr) { CFURLRef url = CFURLCreateWithString(kCFAllocatorDefault, urlStr, nil); @@ -1291,7 +1290,7 @@ _SecAddSharedWebCredential(CFDictionaryRef attributes, // check for presence of Safari's negative entry ('passwords not saved') CFDictionarySetValue(query, kSecAttrAccount, kSecSafariPasswordsNotSaved); ok = _SecItemCopyMatching(query, accessGroups, result, error); - CFReleaseNull(*result); + if(result) CFReleaseNull(*result); CFReleaseNull(*error); if (ok) { SecError(errSecDuplicateItem, error, CFSTR("Item already exists for this server")); @@ -1310,7 +1309,7 @@ _SecAddSharedWebCredential(CFDictionaryRef attributes, // look up existing password if (_SecItemCopyMatching(query, accessGroups, result, error)) { // found it, so this becomes either an "update password" or "delete password" operation - CFReleaseNull(*result); + if(result) CFReleaseNull(*result); CFReleaseNull(*error); update = (password != NULL); if (update) { @@ -1342,7 +1341,7 @@ _SecAddSharedWebCredential(CFDictionaryRef attributes, } goto cleanup; } - CFReleaseNull(*result); + if(result) CFReleaseNull(*result); CFReleaseNull(*error); // password does not exist, so prepare to add it @@ -1401,6 +1400,8 @@ cleanup: CFReleaseSafe(query); CFReleaseSafe(accessGroups); CFReleaseSafe(fqdn); + CFReleaseSafe(account); + CFReleaseSafe(password); return ok; } diff --git a/OSX/sec/securityd/nameconstraints.c b/OSX/sec/securityd/nameconstraints.c index f1eddf65..fb520f6a 100644 --- a/OSX/sec/securityd/nameconstraints.c +++ b/OSX/sec/securityd/nameconstraints.c @@ -48,7 +48,7 @@ static bool SecDNSNameConstraintsMatch(CFStringRef DNSName, CFStringRef constrai /* Ensure that character to the left of the constraint in the DNSName is a '.' so that badexample.com does not match example.com, but good.example.com does. */ - if ((dlength != clength) && + if ((dlength != clength) && ('.' != CFStringGetCharacterAtIndex(constraint, 0)) && ('.' != CFStringGetCharacterAtIndex(DNSName, dlength - clength -1))) { return false; } @@ -473,16 +473,19 @@ OSStatus SecNameContraintsMatchSubtrees(SecCertificateRef certificate, CFArrayRe /* If we are excluding based on the subtrees, lack of names of the same type is not a match. But if we are permitting, it is. - This logic is unfortunately complicated and could be cleaned up with - two separate functions for excluded and permitted subtrees. */ if (subject_match.present) { if (san_match.present && ((subject_match.isMatch && !san_match.isMatch) || (!subject_match.isMatch && san_match.isMatch))) { + /* If both san and subject types are present, but don't agree on match + * we should exclude on the basis of the match and not permit on the + * basis of the failed match. */ *matched = permit ? false : true; } else { + /* If san type wasn't present or both had the same result, use the + * result from matching against the subject. */ *matched = subject_match.isMatch; } } @@ -490,6 +493,8 @@ OSStatus SecNameContraintsMatchSubtrees(SecCertificateRef certificate, CFArrayRe *matched = san_match.isMatch; } else { + /* Neither subject nor san had same type as subtrees, permit and don't + * exclude the cert. */ *matched = permit ? true : false; } @@ -499,57 +504,80 @@ out: return status; } +typedef struct { + CFMutableArrayRef existing_trees; + CFMutableArrayRef trees_to_add; +} nc_intersect_context_t; + +static SecCEGeneralNameType nc_gn_type_convert (DERTag tag) { + switch (tag) { + case ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0: + return GNT_OtherName; + case ASN1_CONTEXT_SPECIFIC | 1: + return GNT_RFC822Name; + case ASN1_CONTEXT_SPECIFIC | 2: + return GNT_DNSName; + case ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3: + return GNT_X400Address; + case ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 4: + return GNT_DirectoryName; + case ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 5: + return GNT_EdiPartyName; + case ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 6: + case ASN1_CONTEXT_SPECIFIC | 6: + return GNT_URI; + case ASN1_CONTEXT_SPECIFIC | 7: + return GNT_IPAddress; + case ASN1_CONTEXT_SPECIFIC | 8: + return GNT_RegisteredID; + default: + return GNT_OtherName; + } +} + /* The recommended processing algorithm states: * If permittedSubtrees is present in the certificate, set the permitted_subtrees state variable to the intersection * of its previous value and the value indicated in the extension field. - * However, in practice, certs are issued with permittedSubtrees whose intersection would be the empty set. Wherever - * a new permittedSubtree is a subset of an existing subtree, we'll replace the existing subtree; otherwise, we just - * append the new subtree. + * However, in practice, certs are issued with permittedSubtrees whose intersection would be the empty set. For now, + * wherever a new permittedSubtree is a subset of an existing subtree, we'll replace the existing subtree; otherwise, + * we just append the new subtree. */ static void nc_intersect_tree_with_subtrees (const void *value, void *context) { CFDataRef new_subtree = value; - CFMutableArrayRef *existing_subtrees = context; - - if (!new_subtree || !*existing_subtrees) return; - + nc_intersect_context_t *intersect_context = context; + CFMutableArrayRef existing_subtrees = intersect_context->existing_trees; + CFMutableArrayRef trees_to_append = intersect_context->trees_to_add; + + if (!new_subtree || !existing_subtrees) return; + /* convert new subtree to DERItem */ const DERItem general_name = { (unsigned char *)CFDataGetBytePtr(new_subtree), CFDataGetLength(new_subtree) }; DERDecodedInfo general_name_content; if(DR_Success != DERDecodeItem(&general_name, &general_name_content)) return; - + SecCEGeneralNameType gnType; DERItem *new_subtree_item = &general_name_content.content; - + /* Attempt to intersect if one of the supported types: DirectoryName and DNSName. - * Otherwise, just append the new tree. - */ - switch (general_name_content.tag) { - case ASN1_CONTEXT_SPECIFIC | 2: { - gnType = GNT_DNSName; - break; - } - case ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 4: { - gnType = GNT_DirectoryName; - break; - } - default: { - CFArrayAppendValue(*existing_subtrees, new_subtree); - return; - } + * Otherwise, just append the new tree. */ + gnType = nc_gn_type_convert(general_name_content.tag); + if (!(gnType == GNT_DirectoryName || gnType == GNT_DNSName)) { + CFArrayAppendValue(trees_to_append, new_subtree); } - + CFIndex subtreeIX; - CFIndex num_existing_subtrees = CFArrayGetCount(*existing_subtrees); + CFIndex num_existing_subtrees = CFArrayGetCount(existing_subtrees); match_t match = { false, false }; nc_match_context_t match_context = { gnType, new_subtree_item, &match}; for (subtreeIX = 0; subtreeIX < num_existing_subtrees; subtreeIX++) { - CFDataRef candidate_subtree = CFArrayGetValueAtIndex(*existing_subtrees, subtreeIX); + CFDataRef candidate_subtree = CFArrayGetValueAtIndex(existing_subtrees, subtreeIX); /* Convert candidate subtree to DERItem */ const DERItem candidate = { (unsigned char *)CFDataGetBytePtr(candidate_subtree), CFDataGetLength(candidate_subtree) }; DERDecodedInfo candidate_content; /* We could probably just delete any subtrees in the array that don't decode */ if(DR_Success != DERDecodeItem(&candidate, &candidate_content)) continue; - + + /* first test whether new tree matches the existing tree */ OSStatus status = SecCertificateParseGeneralNameContentProperty(candidate_content.tag, &candidate_content.content, &match_context, @@ -557,14 +585,29 @@ static void nc_intersect_tree_with_subtrees (const void *value, void *context) { if((status == errSecSuccess) && match.present && match.isMatch) { break; } + + /* then test whether existing tree matches the new tree*/ + match_t local_match = { false , false }; + nc_match_context_t local_match_context = { nc_gn_type_convert(candidate_content.tag), + &candidate_content.content, + &local_match }; + status = SecCertificateParseGeneralNameContentProperty(general_name_content.tag, + &general_name_content.content, + &local_match_context, + nc_compare_subtree); + if((status == errSecSuccess) && local_match.present && local_match.isMatch) { + break; + } } if (subtreeIX == num_existing_subtrees) { /* No matches found. Append new subtree */ - CFArrayAppendValue(*existing_subtrees, new_subtree); + CFArrayAppendValue(trees_to_append, new_subtree); } - else { - CFArraySetValueAtIndex(*existing_subtrees, subtreeIX, new_subtree); + else if (match.present && match.isMatch) { + /* new subtree \subseteq existing subtree, replace existing tree */ + CFArraySetValueAtIndex(existing_subtrees, subtreeIX, new_subtree); } + /* existing subtree \subset new subtree, drop the new tree so as not to broaden constraints*/ return; } @@ -575,5 +618,24 @@ void SecNameConstraintsIntersectSubtrees(CFMutableArrayRef subtrees_state, CFArr CFIndex num_new_trees = CFArrayGetCount(subtrees_new); CFRange range = { 0, num_new_trees }; - CFArrayApplyFunction(subtrees_new, range, nc_intersect_tree_with_subtrees, &subtrees_state); + + /* if existing subtrees state contains no subtrees, append new subtrees whole */ + if (!CFArrayGetCount(subtrees_state)) { + CFArrayAppendArray(subtrees_state, subtrees_new, range); + return; + } + + CFMutableArrayRef trees_to_append = NULL; + trees_to_append = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); + nc_intersect_context_t context = { subtrees_state , trees_to_append }; + CFArrayApplyFunction(subtrees_new, range, nc_intersect_tree_with_subtrees, &context); + + /* don't append to the state until we've processed all the new trees */ + num_new_trees = CFArrayGetCount(trees_to_append); + if (trees_to_append && num_new_trees) { + range.length = num_new_trees; + CFArrayAppendArray(subtrees_state, trees_to_append, range); + } + + CFReleaseNull(trees_to_append); } diff --git a/OSX/utilities/src/SecCFWrappers.c b/OSX/utilities/src/SecCFWrappers.c index f6678bff..ed6d47c1 100644 --- a/OSX/utilities/src/SecCFWrappers.c +++ b/OSX/utilities/src/SecCFWrappers.c @@ -238,3 +238,44 @@ void withStringOfAbsoluteTime(CFAbsoluteTime at, void (^action)(CFStringRef decr CFReleaseNull(formattedString); } + + +// +// MARK: Custom Sensitive Data Allocator +// +#include +static CFStringRef SecCFAllocatorCopyDescription(const void *info) { + return CFSTR("Custom CFAllocator for sensitive data"); +} + +// primary goal of this allocator is to clear memory when it is deallocated +static void SecCFAllocatorDeallocate(void *ptr, void *info) { + if (!ptr) return; + size_t sz = malloc_size(ptr); + if(sz) cc_clear(sz, ptr); + + CFAllocatorDeallocate(NULL, ptr); +} + +CFAllocatorRef CFAllocatorSensitive(void) { + static dispatch_once_t sOnce = 0; + static CFAllocatorRef sAllocator = NULL; + dispatch_once(&sOnce, ^{ + CFAllocatorContext defaultCtx; + CFAllocatorGetContext(NULL, &defaultCtx); + + CFAllocatorContext ctx = {0, + defaultCtx.info, + defaultCtx.retain, + defaultCtx.release, + SecCFAllocatorCopyDescription, + defaultCtx.allocate, + defaultCtx.reallocate, + SecCFAllocatorDeallocate, + defaultCtx.preferredSize}; + + sAllocator = CFAllocatorCreate(NULL, &ctx); + }); + + return sAllocator; +} \ No newline at end of file diff --git a/OSX/utilities/src/SecCFWrappers.h b/OSX/utilities/src/SecCFWrappers.h index b25d1b5d..8e49fdb0 100644 --- a/OSX/utilities/src/SecCFWrappers.h +++ b/OSX/utilities/src/SecCFWrappers.h @@ -153,7 +153,7 @@ void withStringOfAbsoluteTime(CFAbsoluteTime at, void (^action)(CFStringRef decr // -// Call block function +// MARK: Call block function // @@ -168,7 +168,7 @@ static void apply_block_2(const void *key, const void *value, void *context) } // -// CFEqual Helpers +// MARK CFEqual Helpers // static inline bool CFEqualSafe(CFTypeRef left, CFTypeRef right) @@ -181,7 +181,7 @@ static inline bool CFEqualSafe(CFTypeRef left, CFTypeRef right) // -// Printing +// MARK: Printing // static void fprint_string(FILE *file, CFStringRef string) { @@ -218,7 +218,7 @@ static inline void cffprint(FILE *file, CFStringRef fmt, ...) { } // -// CFError Helpers +// MARK: CFError Helpers // /* Return false if possibleError is set. Propagates possibleError into *error @@ -237,7 +237,7 @@ bool CFErrorPropagate(CFErrorRef possibleError CF_CONSUMED, CFErrorRef *error) { } // -// CFNumber Helpers +// MARK: CFNumber Helpers // static inline CFNumberRef CFNumberCreateWithCFIndex(CFAllocatorRef allocator, CFIndex value) @@ -246,7 +246,7 @@ static inline CFNumberRef CFNumberCreateWithCFIndex(CFAllocatorRef allocator, CF } // -// CFData Helpers +// MARK: CFData Helpers // static inline CFMutableDataRef CFDataCreateMutableWithScratch(CFAllocatorRef allocator, CFIndex size) { @@ -325,7 +325,7 @@ static inline CFDataRef CFDataCreateCopyFromPositions(CFAllocatorRef allocator, // -// CFString Helpers +// MARK: CFString Helpers // // @@ -680,6 +680,17 @@ static inline void CFSetSubtract(CFMutableSetRef set, CFSetRef subtract) { }); } +static inline bool CFSetIsSubset(CFSetRef smaller, CFSetRef bigger) { + __block bool isSubset = true; + CFSetForEach(smaller, ^(const void *value) { + if (!CFSetContainsValue(bigger, value)) { + isSubset = false; + } + }); + + return isSubset; +} + static inline void CFSetSetValues(CFMutableSetRef set, CFArrayRef valuesToSet) { CFArrayForEach(valuesToSet, ^(const void *value) { CFSetSetValue(set, value); @@ -912,6 +923,10 @@ static inline CF_RETURNS_RETAINED CFPropertyListRef CFPropertyListReadFromFile(C return result; } +// +// MARK: Custom Allocator for Sensitive Data +// +CFAllocatorRef CFAllocatorSensitive(void); __END_DECLS diff --git a/OSX/utilities/src/SecdUsage.c b/OSX/utilities/src/SecdUsage.c new file mode 100644 index 00000000..e69de29b diff --git a/OSX/utilities/utilities.xcodeproj/project.pbxproj b/OSX/utilities/utilities.xcodeproj/project.pbxproj index 897ef66f..e0ec9aff 100644 --- a/OSX/utilities/utilities.xcodeproj/project.pbxproj +++ b/OSX/utilities/utilities.xcodeproj/project.pbxproj @@ -56,6 +56,7 @@ 72B918A2179723C100940533 /* iCloudKeychainTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = 72B918A0179723AE00940533 /* iCloudKeychainTrace.h */; }; BEA22A361811E4C800BE7682 /* SecCertificateTrace.c in Sources */ = {isa = PBXBuildFile; fileRef = BEA22A341811E4A600BE7682 /* SecCertificateTrace.c */; }; BEA22A371811E4CF00BE7682 /* SecCertificateTrace.h in Headers */ = {isa = PBXBuildFile; fileRef = BEA22A351811E4A600BE7682 /* SecCertificateTrace.h */; }; + D4DFE88E1BE5678B00E8A196 /* SecdUsage.c in Sources */ = {isa = PBXBuildFile; fileRef = D4DFE88D1BE5678B00E8A196 /* SecdUsage.c */; }; E706B78A18FC822B00797907 /* simulate_crash.c in Sources */ = {isa = PBXBuildFile; fileRef = E706B78918FC822B00797907 /* simulate_crash.c */; }; E7188DF81AAA819400B46156 /* SecBuffer.c in Sources */ = {isa = PBXBuildFile; fileRef = E7188DF61AAA819400B46156 /* SecBuffer.c */; }; E7188DF91AAA819400B46156 /* SecBuffer.h in Headers */ = {isa = PBXBuildFile; fileRef = E7188DF71AAA819400B46156 /* SecBuffer.h */; }; @@ -135,6 +136,7 @@ 72B918A0179723AE00940533 /* iCloudKeychainTrace.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = iCloudKeychainTrace.h; sourceTree = ""; }; BEA22A341811E4A600BE7682 /* SecCertificateTrace.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = SecCertificateTrace.c; sourceTree = ""; }; BEA22A351811E4A600BE7682 /* SecCertificateTrace.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecCertificateTrace.h; sourceTree = ""; }; + D4DFE88D1BE5678B00E8A196 /* SecdUsage.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecdUsage.c; sourceTree = ""; }; E706B78918FC822B00797907 /* simulate_crash.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = simulate_crash.c; sourceTree = ""; }; E7188DF61AAA819400B46156 /* SecBuffer.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = SecBuffer.c; sourceTree = ""; }; E7188DF71AAA819400B46156 /* SecBuffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SecBuffer.h; sourceTree = ""; }; @@ -239,6 +241,7 @@ 4C3600441680DEB90049891B /* iOSforOSX-SecRandom.c */, 4C143CF7165172AD003035A3 /* SecDb.c */, 4C143CF9165172C0003035A3 /* SecDb.h */, + D4DFE88D1BE5678B00E8A196 /* SecdUsage.c */, 52743BD516BB278C001A299D /* SecFileLocations.c */, 52743BD716BB27A1001A299D /* SecFileLocations.h */, 52E2E4941738371400E78313 /* SecXPCError.h */, @@ -456,6 +459,7 @@ E777C72315B74038004044A8 /* SecCFError.c in Sources */, 489E6E501A71B07600D7EB8C /* der_set.c in Sources */, 4C143CF8165172AD003035A3 /* SecDb.c in Sources */, + D4DFE88E1BE5678B00E8A196 /* SecdUsage.c in Sources */, 4CF1FAC21654EAD100261CF4 /* SecCFWrappers.c in Sources */, 521C60C61A9D31580034F742 /* SecCFCCWrappers.c in Sources */, 52E2E4971738394C00E78313 /* SecXPCError.c in Sources */, diff --git a/Security.exp-in b/Security.exp-in index ed48f133..73587fdd 100644 --- a/Security.exp-in +++ b/Security.exp-in @@ -99,6 +99,19 @@ _SSLWrite _SSLSetSessionStrengthPolicy _SSLSetDHEEnabled _SSLGetDHEEnabled +_SSLSetSessionConfig +_SSLGetSessionConfig + +_kSSLSessionConfig_default +_kSSLSessionConfig_ATSv1 +_kSSLSessionConfig_ATSv1_noPFS +_kSSLSessionConfig_legacy +_kSSLSessionConfig_standard +_kSSLSessionConfig_RC4_fallback +_kSSLSessionConfig_TLSv1_fallback +_kSSLSessionConfig_TLSv1_RC4_fallback +_kSSLSessionConfig_legacy_DHE + /* Those are deprecated */ __SSLCopyPeerCertificates diff --git a/Security.xcodeproj/project.pbxproj b/Security.xcodeproj/project.pbxproj index 2a29209c..3f766e4f 100644 --- a/Security.xcodeproj/project.pbxproj +++ b/Security.xcodeproj/project.pbxproj @@ -224,6 +224,7 @@ 438169E31B4EDEE200C54D58 /* SOSCCAuthPlugin.m in Sources */ = {isa = PBXBuildFile; fileRef = 438169E21B4EDEE200C54D58 /* SOSCCAuthPlugin.m */; }; 438169E41B4EE13B00C54D58 /* Accounts.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4CF4C19C171E0EA600877419 /* Accounts.framework */; }; 438169E51B4EE14D00C54D58 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 4C32C0AF0A4975F6002891BD /* Security.framework */; }; + 43DB54551BB1F8920083C3F1 /* ProtectedCloudStorage.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 43DB542E1BB1F85B0083C3F1 /* ProtectedCloudStorage.framework */; }; 4432AF8B1A014664000958DC /* libcoreauthd_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */; }; 4432AF8D1A01472C000958DC /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; 4432B0B71A014987000958DC /* libaks_acl.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 4432AF8C1A01472C000958DC /* libaks_acl.a */; }; @@ -1510,6 +1511,7 @@ EB5D73101B0CB09E009CAA47 /* SOSTypes.h in Old SOS header location */ = {isa = PBXBuildFile; fileRef = 52F8DE4D1AF2EB8F00A2C271 /* SOSTypes.h */; }; EB5D73111B0CB0BE009CAA47 /* SOSPeerInfo.h in Old SOS header location */ = {isa = PBXBuildFile; fileRef = E7450BAD16D42B17009C07B8 /* SOSPeerInfo.h */; }; EBD8495B1B24BEA000C5FD1E /* print_cert.c in Sources */ = {isa = PBXBuildFile; fileRef = EBD8495A1B24BEA000C5FD1E /* print_cert.c */; }; + EBE54D761BE32F6F000C4856 /* AggregateDictionary.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 72B368BD179891FC004C37CE /* AggregateDictionary.framework */; }; F93C493B1AB8FF530047E01A /* ckcdiagnose.sh in CopyFiles */ = {isa = PBXBuildFile; fileRef = F93C493A1AB8FF530047E01A /* ckcdiagnose.sh */; settings = {ATTRIBUTES = (CodeSignOnCopy, ); }; }; /* End PBXBuildFile section */ @@ -3924,6 +3926,7 @@ 4381690F1B4EDCBD00C54D58 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; 438169E11B4EDEE200C54D58 /* SOSCCAuthPlugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SOSCCAuthPlugin.h; sourceTree = ""; }; 438169E21B4EDEE200C54D58 /* SOSCCAuthPlugin.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = SOSCCAuthPlugin.m; sourceTree = ""; }; + 43DB542E1BB1F85B0083C3F1 /* ProtectedCloudStorage.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = ProtectedCloudStorage.framework; path = System/Library/PrivateFrameworks/ProtectedCloudStorage.framework; sourceTree = SDKROOT; }; 4432AF6A1A01458F000958DC /* libcoreauthd_client.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; name = libcoreauthd_client.a; path = usr/local/lib/libcoreauthd_client.a; sourceTree = SDKROOT; }; 4432AF8C1A01472C000958DC /* libaks_acl.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; name = libaks_acl.a; path = usr/local/lib/libaks_acl.a; sourceTree = SDKROOT; }; 443381D918A3D81400215606 /* SecAccessControl.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecAccessControl.h; sourceTree = ""; }; @@ -4650,6 +4653,7 @@ E7FCBE451314471B000DE34E /* CoreGraphics.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreGraphics.framework; path = System/Library/Frameworks/CoreGraphics.framework; sourceTree = SDKROOT; }; E7FEFB80169E26E200E18152 /* sub_commands.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = sub_commands.h; sourceTree = ""; }; EBD8495A1B24BEA000C5FD1E /* print_cert.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = print_cert.c; path = OSX/sec/SecurityTool/print_cert.c; sourceTree = SOURCE_ROOT; }; + EBE54D771BE33227000C4856 /* libmis.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libmis.dylib; path = usr/lib/libmis.dylib; sourceTree = SDKROOT; }; F93C493A1AB8FF530047E01A /* ckcdiagnose.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = ckcdiagnose.sh; sourceTree = ""; }; /* End PBXFileReference section */ @@ -4719,6 +4723,7 @@ 4C8A38C917B93DF10001B4C0 /* CloudServices.framework in Frameworks */, 4C7913251799A5CC00A9633E /* MobileCoreServices.framework in Frameworks */, 4381603B1B4DCEFF00C54D58 /* AggregateDictionary.framework in Frameworks */, + 43DB54551BB1F8920083C3F1 /* ProtectedCloudStorage.framework in Frameworks */, 4C3DD6BD179760280093F9D8 /* libMobileGestalt.dylib in Frameworks */, 533B5D4F177CD63100995334 /* SpringBoardServices.framework in Frameworks */, 7200D76F177B9999009BB396 /* ManagedConfiguration.framework in Frameworks */, @@ -4902,6 +4907,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + EBE54D761BE32F6F000C4856 /* AggregateDictionary.framework in Frameworks */, 438168941B4ED42300C54D58 /* CoreFoundation.framework in Frameworks */, E7D690A21652E0870079537A /* libMobileGestalt.dylib in Frameworks */, 18F7F67214D77ED000F88A12 /* libsecurityd.a in Frameworks */, @@ -6368,6 +6374,7 @@ E7FCBE401314471B000DE34E /* Frameworks */ = { isa = PBXGroup; children = ( + EBE54D771BE33227000C4856 /* libmis.dylib */, 4CF4C19C171E0EA600877419 /* Accounts.framework */, 72B368BD179891FC004C37CE /* AggregateDictionary.framework */, 4C84DA541720698900AEE225 /* AppleAccount.framework */, @@ -6385,6 +6392,7 @@ 4C7913241799A5CB00A9633E /* MobileCoreServices.framework */, E7FC30AB1332DE9000802946 /* MobileKeyBag.framework */, 5E1D7E0319A5EBB700D322DA /* Preferences.framework */, + 43DB542E1BB1F85B0083C3F1 /* ProtectedCloudStorage.framework */, 52D82BD316A5EADA0078DFE5 /* Security.framework */, 4C079EBC1794A96200D73970 /* ServiceManagement.framework */, 52222CC0167BDAE100EDD09C /* SpringBoardServices.framework */, @@ -9612,6 +9620,7 @@ MobileKeyBag, "-laks", "-lACM", + "-lmis", ); "OTHER_LDFLAGS[sdk=iphonesimulator*]" = "$(OTHER_LDFLAGS)"; PRODUCT_NAME = securityd; @@ -9636,6 +9645,7 @@ MobileKeyBag, "-laks", "-lACM", + "-lmis", ); "OTHER_LDFLAGS[sdk=iphonesimulator*]" = "$(OTHER_LDFLAGS)"; PRODUCT_NAME = securityd; diff --git a/Security.xcodeproj/xcshareddata/xcschemes/Debug.xcscheme b/Security.xcodeproj/xcshareddata/xcschemes/Debug.xcscheme index f614c807..c32b0529 100644 --- a/Security.xcodeproj/xcshareddata/xcschemes/Debug.xcscheme +++ b/Security.xcodeproj/xcshareddata/xcschemes/Debug.xcscheme @@ -208,10 +208,6 @@ argument = "si_20_sectrust" isEnabled = "NO"> - - @@ -444,6 +440,14 @@ argument = "si_86_sectrust_eap_tls" isEnabled = "NO"> + + + + diff --git a/Security.xcodeproj/xcshareddata/xcschemes/Release.xcscheme b/Security.xcodeproj/xcshareddata/xcschemes/Release.xcscheme index 8c3ffdd5..003d4150 100644 --- a/Security.xcodeproj/xcshareddata/xcschemes/Release.xcscheme +++ b/Security.xcodeproj/xcshareddata/xcschemes/Release.xcscheme @@ -418,6 +418,14 @@ argument = "si_86_sectrust_eap_tls" isEnabled = "NO"> + + + + diff --git a/SecurityTests/clxutils/certcrl/Makefile b/SecurityTests/clxutils/certcrl/Makefile index ba2a6619..b6cfde8b 100644 --- a/SecurityTests/clxutils/certcrl/Makefile +++ b/SecurityTests/clxutils/certcrl/Makefile @@ -29,7 +29,7 @@ OTHER_TO_CLEAN= # # non-standard frameworks (e.g., -framework foo) # -PROJ_FRAMEWORKS= +PROJ_FRAMEWORKS=-framework IOKit # # project-specific includes, with leading -I diff --git a/SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/crl.scr b/SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/crl.scr index 01e1d7a7..345610f0 100644 --- a/SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/crl.scr +++ b/SecurityTests/clxutils/certcrl/testSubjects/GarthCRL/crl.scr @@ -15,5 +15,6 @@ cert = CNTMTT68S21G224G.cer crl = fetched.crl root = InfoCamereRoot.cer root = InfoCamereFirmaQualificata.cer +verifyTime = 20060101125959 end diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF0.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF0.der new file mode 100644 index 0000000000000000000000000000000000000000..2f8f7fa4ba7e6983d5667fe0b51d04269ae96df7 GIT binary patch literal 1305 zcmXqLVih%LV*0y)nTe5!iIw5r+I=4kc-c6$+C196^D;8BvN9Od7;+nMvN4CUun9AT z1{(?+2!c2qJY3F+IhkqsMR}QthC&7cAVGE>PUq5s)S{BiynI6u10j$Y7Z0~%K|xNc zj)G@ivYw%=fiy^zn@1!#HMz7Xv!qhNH7`9gFEzC&GcVncA80#Jnwf{KB(=E2+0j5w zoY&CQz}(ot$k4>V&@2kbH8U_bvV?LC(ur^#SuWu-;DNY=732~lgC<5L~}0u33|R|3rb>E7^$fm2yR`k~70R6Ly!LnUH_$ z$uaM!*&anglE)iO`?tK9vsgoIpIf8d%pV=TQVbu=59~bpa>e9jx99zjo#9foO7=28 z3-3FF*TsGvcimv|5=y}7!3G;;V8=w;;}F@ zu`VzW2Jux{cnrAMIJDV-X^fqj$v_q)$j2haA|iK9ZKqf(cfWD#_$yWe zd62X+i-dt#gNS@jXiyn@_Qbm4O^>`+?>*9f(AC($3T74~Ba5Daj)4}8Z@}0lmr+tu zV5P60l$2PUnUkuQ2uhE7$@#ff7C@kn9Ie0v&)mes$dKo$(YE+Xx{ha`ECnerMgcFcS}6q{%%3{$~^fjUTf4iyHDL&@IA)r=#x1q zcZKJ0hfOO~^xTl(9)Iv}Wa%!EVL(=ItV{1dM~8RJiB-r!!N_eC3E+(>81v| zEP5%IJn>k&Q`4iHZqxPGZ_ly`Z+bCvU(hmbr@v{oU}@#3LO^i{?MAQbU2hX#Ze(c1@M5^yRykaqZq$UlrWrVzbEK7S<9H+-T*qCP*^I z_R$HY^8ZiGt?aFf1-{V@e}AftyLwr4^5#cJ-&$RDoK|+< zneD~Ay}eqGSAJ94+HPUq5s)S{BiynI6u10j$Y7Z0~%K|xNc zj)G@ivYw%=fiy^zn@1!#HMz7Xv!qhNH7`9gFEzC&GcVncA80#Jnwf{KB(=E2+0j5w zoY&CQ(7@2lz`)qp#5fAbH3M=@pd87gG}>Bg5l#ivow0Qa;;msa`$w zL-&Yc+tCxfu?y{e^Y7iCyz;$t!0Wsf>E`BDyp;7w*=~B76BD*#> zZu~NhR) z$uq>KPRu*%n|S%bYnERv-B#=~?3YfMUEItqS=hp!&F%g(;f>AngK1xuRqvSCt}RjI zVd0@J+i|-(ZOewH3q@{IJ73xmHN;OJaVnVot<0l%)`8jG z=B_`lYpsbY^WP}eJ6n@y%1g~eml}&CFB#XeXII`n`>lDe=7)lLN51E#vcym(W=00a z#f{AdjSU7oz%Z2+W@P-&!eqc;zz5>-gLo{=OsoqGgh6~&79ImGHV$nzVDe*UW-^ck z3G%Usv51&eIrzCOZb%jG^3nM`&+@~*TF;#Z@*rtt76}8f1`+w5(4aE*?1^>7n;vDwy%B<8IWhROh6;=rD_5as8cDH4)OOm!HSV^A*2c_ObHJ%+)W}{Wo;% zefmLa)5Z1A*1S?EC|qzWx~PLw%ev;-SAmaL8b0vedb)=FGv@}0>krn?eUVa+i>;YgKd>6!pAO|o%QF_pX;nP>p}J(ng2Ejrkr;-jhUQR=h3D@T>UZxjW#| z$=-)|j~Y0&ZhX*|%Cx{NzVu{zrty}`^ZI9Y7${Wy`tnH2{9Hft&ns6PI#;}3!fVye zJ6|bpvykP4u6^52CQGh2wRoSnUoW&FX>w0_{;tsTOb;!Ye%~mLRbK2kY4x|JJt8Of z9uX_(jrkDUpZVm%?cKW^8GWN~zt)`Art4hVu3)Id{{N7SO0mjKzX>-dUAJq!rSiL@ ythO|Gna?zZ^AQod6VnpUXmd2!&Y0I4Uby{w(v`yGm4>?eWm#?Sy0k2_It~D34*+QZ literal 0 HcmV?d00001 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF5.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF5.der new file mode 100644 index 0000000000000000000000000000000000000000..b445dc588cf92d96df8745be9703c0a7f5cf4f84 GIT binary patch literal 1356 zcmXqLV)Za+Vm4U7%*4pV#L94Q?Y^%Dylk9WZ60mkc^Mg5Ss4s!47m+B*_cCF*o2uv zgAIiZ1VJ1Q9xms^oXoWRqP)yRLm>kJkRUq`r*mmRYEemMUcRA-fe=WHi-+5>pdcqz zN5L~MS}Vh- z&TD9DXkch&Xklb-WElnIngO|{P_98^BN5Ic%PATLY7nQ$yOrkTZl`k>SNHF;kAvZ)q)_-!88& zycyKiKd*N~^sn1u>sxsL9qGSlzp&$De!uXkJ^yZP{K3F@@Vv>YJ2QV-vaHo{-Eif{ z^{*S;wobTXzWwBs6_3MnEf2pne%hvTWnZlRGRc+IE2RH6>&LIFQC_>ZYh7JqfBo8( z@_Wv<%LXv6kUO(A_Q8M8`gz!p?RBXC8GRX5KW_=P@Zk{T4Q|H@KwO8}wm&yhxB(9^Ol5@`8UM2|888^|fq48N9t$%Q>jDE|5MPyr$AF8CLz@kl{Meb9 z3}iuqd@N!tB6Ahg_f&71I=9^UxWmDgUyE0NuKr>m50X}9kuVTz5RvZ*4Ju>Lo>*7B z>5=#9y+_&)x*8hcC@oM}AlD|7QBqQ1rLUinUtFS>T9KFwOrHA5MLC9g zK*B(If#L%BHd!P!Mwp6F^9XYj6C;CAj6#F1XSC;QAtuI^4IbMxqVhDq&2xDBxj-oP zLUDX_-{QNice({~($uEiT_Lmd=tTzhomDUQgmXQVdowRzZ1Ta2O}p-G+t_qQD|lOk z<*uV@PlcQm&YtVjNi%!)F-k^RYVPaL4{SI7oo&BS^Wnltl~Md_t~*%GdtdqHQ>oK_ ze`C4+#wT02d#)s$(%_w6y3o6E^ZlSG+hm@rXU#S*V;0w+XWGxW?vYkQo5!7**Mz*z z#$An;6BcCr_r;mr2Vpd}+m_qO+a*YhSOZ_?9{2O7@AuU(4s^ zyNP^d{GYkuX0EH#rivA({{H+?#o2eRaq>T9+k5MduV|L}U>vUfJ(**RN3q%2o}GL4 zHNP^RcA(PCYF0(+Lv4+jTPK>IsOPnQZ+JB~_|>ZC`<`kVzO(KLnOf^G{mmi6^By36SBJNzeqP7kx4U@{luRRL~Qz6M~V%bA}MvEi>6W1H^ literal 0 HcmV?d00001 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF6.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF6.der new file mode 100644 index 0000000000000000000000000000000000000000..05184b73da7d9743fc1059d0d1160b6f3e56f47c GIT binary patch literal 1323 zcmXqLVpTV2V&-4K%*4pV#L94Q?Y?gYylk9WZ60mkc^Mg5Ss4s!47m+B*_cCF*o2uv zgAIiZ1VJ1Q9xms^oXoWRqP)yRLm>kJkRUq`r*mmRYEemMUcRA-fe=WHi-+5>pdcqz zN5L~MS}Vh- z&TD9DXkch&Xklz@Y8VCNngO|{P_98^D-q5k%PBerS`eowyOrkTZl`kzsr66SjEo5)Zkl zj_oVuqw9<79=z{((Q1(O;`v|0J*V#Qyql%^rm&;wX+1)s4r+%}11jFf!3|NPr$q3o5jdnZi`%Gl2?pniB^@1$q8$8^8? zPcxNjW!Smya_gygI{Cp$TP;-`BMx^T%jo6!-zJ-K?VFPbZ|Z*`rYCzu40kK7yI{OF zXGz2H=dU}epVU<;vuv~A`rs0FN^Jd|m8#ltS<>e6?C*TqSB6#l>m6KOdaeKZhows& zyKJ0P*N~XXHO)%0kx~4I(Oveo@4-Lk3+TtZ|F`DD_vKPHtn4axYUet?m!2c+wfagm z6EhY(MzpJ%mpS<{p6w? zLp>mY9FxE-z}&>d$RHq;{q~R3#4zb=_bkk3dR}`i<^94uHR$nt4ST+oeL9mnh!>Zyj=HqTutbQT7pa>LDrf@2*aWJlvDiSiVVm_L9rYBC^w+*EMRhX?!`h zdUM^G7cYIk=oH+zD%5zc<^Rmv4<^DBngOCGLTIms(6`r1~b)%(nI zg!7Yk9M*U}EptxXH1p32C$;8Z=sFW)bu;Qf_oQaShNL@NCO?c>dQ0?s(hE+lG_$Lz zwvDMwyLO5GcwSU=_(S`XexbD!_O0qj-Cv>OqqO?gNjc7~hb1N)uS7KA*>M_{{4K2NqVgG-w@p_`Uuu@9M%c>D<3k zm+Y{dyXBzF2HtPdr+fst7ngjJ_B*xyH}|sT5BAT{t1#r)U?~3ixj;n!k6- zdFhdpF#F&l(TI+Yx#gt~>h5>$)>m)%eOGzM{&itzeeUPx>zd8~WqP2l`2WmPJu{EV pOnk7GTY5v3Mf^1Rj%M#|@!lPc6X(2qlXdTg(>|-8=2z}=003OH4;cUe literal 0 HcmV?d00001 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF7.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/DEADBEF7.der new file mode 100644 index 0000000000000000000000000000000000000000..9543cd7dda9826107f71e1de8710322d1769a78e GIT binary patch literal 1354 zcmXqLVs$fUV%A&0%*4pV#L94Q?Y{2@ylk9WZ60mkc^Mg5Ss4s!47m+B*_cCF*o2uv zgAIiZ1VJ1Q9xms^oXoWRqP)yRLm>kJkRUq`r*mmRYEemMUcRA-fe=WHi-+5>pdcqz zN5L~MS}Vh- z&TD9DXkch&XklV#Y90mTngO|{P_98^D-q5k%PBerS`eowyOrkTZl`k>N{>qRp?YWow0# zV6*@Xbnn)-LzcQ*H9I;I?$r zKXOa9y6>2gq4{^kb=@Cx-hU`#-spBms3)ebF(8U^;v;ZZR$kOxUCvq%_-HHgUfga(zdXHTpv z-t@?O_1+`x2VIQ~d_W51SzHaA4ICHPFR*Qs$tWo)u+rDh$S*F@ORY%E1twAbB#@+ojs>Re%q)XU1%%NyZXnEy4p;I z^6=Ko&AL&>uXeng!)D6wZ4CMb#2uJX5UjzHri9K3RnavnJB3#o#~sgN>6mN!-69R)~16t}!Q@7v2Q6K+iTKh>kTEdJ~#x9)5$#pSg>Sxy|UmoNEPbLz!j z@jnwMaDEOjcr$6PT;Y~as_uU`ez-T|;;Jw!hF^TXXVi|jtp55`oUzaMc;IBmqnCKU z)QCt)y}HZJT>GO~H{<}H@He5kKhLx~<>l_X$-nB z<=oFJ`Jb0p@Albc`%h5|P}&Whf}dEM{6-&VUbQAQaJ1~cZ0?Gbu>MRxkC z)7Oo5JYAWhdDHGqaLvVzE!}S~wryg}TjsF(yUD%9GUCBIqTjHxve?AEJFI4u^C@#d tffS$0xkH5!TbYWF&iB3BJk2U?_ocNT*UbClmyxD6<>wY7iMI%GnZWz{|#|)#lOmotKf3m6gGu#*o{9lZ`o) zg-w_#G}utsKoG>?;Nfyk%*jm4FUreIG!!xr012}5a5|S3q!yKA=H(lT7zlyHxOli7 z3kq^lbrd}FlJyK_4WvP$+&m(|smY~9nI)A9u6gO1d8w&InR)4k{6O1*(#$+;C8@4iAf1LxENU(n46gR84Q}3xR{!l z7#Ws*II`vM7x9l#x2?4KT`zK*RS3u>iQHE`*wt0u*|nUr{PNbC{>Ud*T5J6t|I{l8 zTP%2dbJ@KGOLy38Ub^I+YW5EGb<+(wpI(mFF=Mzjv(q<8<1Uxe3(KkRcg=i~Wj{sa z&3>r_&s)cp_s!*5HFvtbnJ9-`aoCEQ1rn*;PVU-^PW)>uS?w`-^8^1A#TVJb<$8|` z%T2k#({aVrYp?T%z>-@FRFs+D)V;a;$oO=%^1TzM#oXsiQK?wSx!t59^lPCKr|6uf zvmcLluS;z^BluZOxOKLu*O}DB3i&`O7Lx?t;Hcui$w@C}N{`u~qEr zME%Z-n=k9XzqjII{q3xqm9jr;)qn2c-t_6V+&N!^Uz_&1@AX*lf?bd8Swfv+d4a%fo;m^Ql|DUwe^Y*6O}yTC|CU&0npSd-tC#ni->=a;x9-=T(g<>APLd#`7t( z{dbK@-Ki7K{qi5@lxCi@r6NBR-zk}L2o*e9x^s%gssg8+E6MJ^6%q~@#!I}Idgj%~ zOPjir6(1(**Kl3De6fY6d#5+!!Z#Lm(fcb{)0{&~Pv7vm<0idxPlaFq?2`{(I*0Z% zn$Kb>Tbp_?TtF(F_hz%or1|{9=}gRw42+9i4V=MwK~|WN@jnZP0UMBFVq`Yp115D@ zevlXoFb}dB$b$HMEMhDo@;#wJW$f7#>xwr$@?O37Nc%xoW8{Pe%$LA~#>gOP?EfQp ztxdphGyVvrkYwY0?RiPI8uu8(OAL>2B{4NtwSE6xsWz?dokNi5rA<=1&c5%Je0QQI zf6v001rw@SQkTrsj+LDgFe~X(jOfkXDRvge7kux!W90BOH}H8m^LN+3tYPz_rf0K? zhwbQC(4hUUbglm9RcpS))z0s5`MK%$x?b0^nNimw6qonbe)*v2+}~bT8GLqyaH@Vx zb<^QRyINGH-Mg2{-~RX-@7auklOA!$KK#{rog(z%!lreJ3yY0TUu@JCvVXAOH>U60 zs+o^JPma=G+!puul(q7;z;984tBp4}7_W<#Ef8^vJ+3xg_({8hSo-Y}@h_3>6FbFa z-FXjw+;A`{Uv~1;dv7?co4S2W?7nfj#RxRn?YkdyZ^N244PTc#A0FLO@viQfncRG{ zch%E7g>3U)H>NS~{+u(ZR%z4j)AFC2zi%-}nRE88{;uflZ$C|YqEVV%qgHzU?34Y; z4NC$pI4P%ZT`|W~?98#>dxOPmT>?2L8M2--^9-=xw}m5*TYOm=uM~r+z-6vq>FN$D zDz;qfU#xiIcDXKK?$fpX2OhlHsKsz%(!oR1{O|MG++_afZ~T-k?%1gXm$O)PiZlO9 ST0AEokc#-1TxaIB)Cd3$hg_ln literal 0 HcmV?d00001 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl1.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl1.der new file mode 100644 index 0000000000000000000000000000000000000000..b22ff9210b31f5e614931f386ed9ca4dc60540fc GIT binary patch literal 868 zcmXqLVooqQkWIjK4do_Wc7hO!3I zAW?1}k>J$i(xS|gN(I-v^vt}})S}G1bVGii?LcW}9=4Ly;u2>^ab81HLjyxI10Xgw ziGpyAU|a(q0~ID#hI?!Gy$8t{m>U}!8JHTG7)2TI7;pg%k`-lP=3-=qsrm?4Wo%?> zY>29gae^z}3Hi%axUD-v^op3zS($}!Xf z5(Z)*^&%|%OuRxSNDwU$nVXmx8J0+htrEAW)7Y}GynEeIMsMev>=uP??|=E6*^sj8 zjOYKi))S*v<;#|5$iIJY5cIBR|M?Q{y-FoLZPRuZwLfM^Z1_7*_{*Y+&*q#x5w>jk zw=EeG6M0HDrmvDYv$9J3z8zD0;J()~7tZ!`Stc&n#c3$TP_%IU?~5t@;vz*)Oul|! zdC~d}*T%AJ|7CMm>aV~2QlqKotLxgI5&wM)SAUzN9v8l?Xl~Trdvju@KepTXR&ffS zWBaT5&s)BCJ$0JDcJfrw>x+!-R{vSNsmXgmQN^xr?jcT$4{^ykokoI-aTELQ7!5ztfVNysj2R_gJW^eUTHfE(rJD zS1#LhzL#fdr(RLjRNn9twYKwj%|2U^x#!d|*4Z<%ye|mvnmYaDT5e5KrTyyL?SqSx zSvq!eyZ%4$K4>$a?xu1xUcXx;rqE=PmRN4%<6(eejc-=a#!aekgeT znBm_3-!e-c{NS#6#-@EizWIlhOnl(Xg*>%Jeo+tRO`r8E`pv}Jx6)THp2*7AWPIQkWIjK4do_Wc7hO!3I zAW?1}k>J$i(xS|gN(I-v^vt}})S}G1bVGii?LcW}9=4Ly;u2>^ab81HLjyxILklAd zQ;R4F*9gWn@G($fVr96ucHeuDjDfkap^<^9k%>{10gnL}&>&e+7G^F+W|*pva8<@e zrpAV-su&k!8l)Tef^^9+GX7_AHgH^EzreOlCZnXJz)D{~Bfq#rFSQ~u7w8%Ncp0?|V z_Md-#uVv($`)nrkuXY!2+Qh5WSIJ@LQDacAt1(Z@Iro8fN3{~?o(=uq4;2(}vz!bl z`S;<=*R#7Di!2TcuS(;ef1##IeDg}z+054*ckJ1%_vXU7=f~wUcXLdLe*F87e@4XI zs;NIW&N50_`L|lY^~K#^J0I(0?rINOd?%SX-E?;0q#Ol4yH^i$3Ot?|+NM}dbZc9; zIYK-C(^hxhTjobHPsEoUX)B0dY#qb9BQDm^^4QP*L(6*_zMZ;eWT`VB_5l&6Ob)=E`pbO+cKX)wN=*;CT- zruDGTk!!#n&uysVdc8C#A1LSd!VtC~L=tEw6^CVctnJEIr? D8cAPp literal 0 HcmV?d00001 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl3.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl3.der new file mode 100644 index 0000000000000000000000000000000000000000..98ed0fafbe19dcdaac3a8947bc12339690600d03 GIT binary patch literal 899 zcmXqLVy-u6VoYaZWHjJqQkWIjK4do_Wc7hO!3I zAW?1}k>J$i(xS|gN(I-v^vt}})S}G1bVGii?LcW}9=4Ly;u2>^ab81HLjyxILkklV zBa0{q*9gWn@G($fVr96ucHeuDjDfkap^<^9k%>{10gnL}&>&e+7G^F+W|*pva8<@e zrpAV-su&k!8l)Tef^^9+GX7_AHgH^EzreOlCZnXJz)D{~Bfq#rFSQ~u7w8%Nk@uek)>VoN9q~J1|7CN^q@~V*lQZ{BF+FMV zX4^lfSqh&lXLTg~*%|nEpNepVNb7kEv+{?M7XHFZ9$YjDYB9-N%x77z_gjHcId!+S z?~pv)b4TTo zP7=co;Un@r4|EzY`7HL@&hqxo-3L1k|I$)QTr%P3W))i-GY8+lDX(wE9a;9W^YW{2 zU8+0T?&jS1T_W*Qko God*Ejzg9*7 literal 0 HcmV?d00001 diff --git a/SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl4.der b/SecurityTests/clxutils/certcrl/testSubjects/distPointName/crl4.der new file mode 100644 index 0000000000000000000000000000000000000000..7d3c551cf28a7c51bfa6e0c9b829f77c6e3c4fde GIT binary patch literal 853 zcmXqLVh%KDVzgvpWHjJqQkWIjK4do_Wc7hO!3I zAW?1}k>J$i(xS|gN(I-v^vt}})S}G1bVGii?LcW}9=4Ly;u2>^ab81HLjyxILkm+g zL-QyI*9gWn@G($fVr96ucHeuDjDfkap^<^9k%>{10gnL}&>&e+7G^F+W|*pva8<@e zrpAV-su&ko8(131gLKI-GX7@~H4t7PxDeez24WxuA}st&yh0`jD2f(p%uP&;3?iz@ ztLJT8TD#t1_8~q_ogaY<+V0-<`~F*QztPH1)hV%YD_{9K%-+B3q(a)sK*{JCpClS5 z{?cdIwlIDvtG!i5fYv+zSC_baZR;M#vp<|;Bdd1V@<;djeY}?!hR0OikQEBKxy4)8 zSo7gs(J)5dm{Z2u%o%py*PBZvfx0nCf zm|b64EMX!Mc!_g=_7B-ZqR%=$1fF*I7C))!^OS!R3QBnbS$86(ChI&snLWAwlYOUOSI^evf%OaTS2#U;EMU0u z<=MEax9#W6|LjxXCLi;vXpdQ8+r%5kOa=C=U8A_Q^;Y8dd#3gNzi#lKQEZ$QB*FKo Uxi+%*vayO*lC #include #include +#include +#include #include "trusted_cert_utils.h" /* @@ -81,6 +83,9 @@ verify_cert(int argc, char * const *argv) CFDataRef cfActionData = NULL; SecTrustResultType resultType; OSStatus ocrtn; + struct tm time; + CFGregorianDate gregorianDate; + CFDateRef dateRef = NULL; if(argc < 2) { return 2; /* @@@ Return 2 triggers usage message. */ @@ -88,7 +93,7 @@ verify_cert(int argc, char * const *argv) /* permit network cert fetch unless explicitly turned off with '-L' */ actionFlags |= CSSM_TP_ACTION_FETCH_CERT_FROM_NET; optind = 1; - while ((arg = getopt(argc, argv, "c:r:p:k:e:s:Llnq")) != -1) { + while ((arg = getopt(argc, argv, "c:r:p:k:e:s:d:Llnq")) != -1) { switch (arg) { case 'c': /* this can be specified multiple times */ @@ -150,6 +155,27 @@ verify_cert(int argc, char * const *argv) case 'q': quiet = true; break; + case 'd': + memset(&time, 0, sizeof(struct tm)); + if (strptime(optarg, "%Y-%m-%d-%H:%M:%S", &time) == NULL) { + if (strptime(optarg, "%Y-%m-%d", &time) == NULL) { + fprintf(stderr, "Date processing error\n"); + ourRtn = 2; + goto errOut; + } + } + + gregorianDate.second = time.tm_sec; + gregorianDate.minute = time.tm_min; + gregorianDate.hour = time.tm_hour; + gregorianDate.day = time.tm_mday; + gregorianDate.month = time.tm_mon + 1; + gregorianDate.year = time.tm_year + 1900; + + if (dateRef == NULL) { + dateRef = CFDateCreate(NULL, CFGregorianDateGetAbsoluteTime(gregorianDate, NULL)); + } + break; default: ourRtn = 2; goto errOut; @@ -266,6 +292,14 @@ verify_cert(int argc, char * const *argv) goto errOut; } } + if(dateRef != NULL) { + ortn = SecTrustSetVerifyDate(trustRef, dateRef); + if(ortn) { + cssmPerror("SecTrustSetVerifyDate", ortn); + ourRtn = 1; + goto errOut; + } + } /* GO */ ortn = SecTrustEvaluate(trustRef, &resultType); diff --git a/libsecurity_smime/lib/cmsasn1.c b/libsecurity_smime/lib/cmsasn1.c index e21637e7..ce94ef6d 100644 --- a/libsecurity_smime/lib/cmsasn1.c +++ b/libsecurity_smime/lib/cmsasn1.c @@ -61,7 +61,7 @@ SEC_ASN1_MKSUB(kSecAsn1SetOfAnyTemplate) /* forward declaration */ static const SecAsn1Template * -nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest); +nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest); static const SecAsn1TemplateChooserPtr nss_cms_chooser = nss_cms_choose_content_template; @@ -559,7 +559,7 @@ nss_cms_get_kea_template(SecCmsKEATemplateSelector whichTemplate) * */ static const SecAsn1Template * -nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest) +nss_cms_choose_content_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest) { const SecAsn1Template *theTemplate; SecCmsContentInfoRef cinfo; diff --git a/libsecurity_smime/lib/cmsattr.c b/libsecurity_smime/lib/cmsattr.c index a9a933a1..90b927e5 100644 --- a/libsecurity_smime/lib/cmsattr.c +++ b/libsecurity_smime/lib/cmsattr.c @@ -205,7 +205,7 @@ SecCmsAttributeCompareValue(SecCmsAttribute *attr, SecAsn1Item * av) * helper function for dynamic template determination of the attribute value */ static const SecAsn1Template * -cms_attr_choose_attr_value_template(void *src_or_dest, Boolean encoding, const char *buf, void *dest) +cms_attr_choose_attr_value_template(void *src_or_dest, Boolean encoding, const char *buf, size_t len, void *dest) { const SecAsn1Template *theTemplate; SecCmsAttribute *attribute; diff --git a/libsecurity_smime/lib/cmsdecode.c b/libsecurity_smime/lib/cmsdecode.c index 891827f2..da49df65 100644 --- a/libsecurity_smime/lib/cmsdecode.c +++ b/libsecurity_smime/lib/cmsdecode.c @@ -283,7 +283,7 @@ nss_cms_before_data(SecCmsDecoderRef p7dcx) goto loser; /* start the child decoder */ - childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer, template, NULL); + childp7dcx->dcx = SEC_ASN1DecoderStart(poolp, childp7dcx->content.pointer, template, NULL, 0); if (childp7dcx->dcx == NULL) goto loser; @@ -610,7 +610,7 @@ SecCmsDecoderCreate(SecCmsContentCallback cb, void *cb_arg, goto loser; } - p7dcx->dcx = SEC_ASN1DecoderStart(cmsg->poolp, cmsg, SecCmsMessageTemplate, NULL); + p7dcx->dcx = SEC_ASN1DecoderStart(cmsg->poolp, cmsg, SecCmsMessageTemplate, NULL, 0); if (p7dcx->dcx == NULL) { PORT_Free (p7dcx); SecCmsMessageDestroy(cmsg); diff --git a/securityd/securityd.xcodeproj/project.pbxproj b/securityd/securityd.xcodeproj/project.pbxproj index e969bdbc..d2cb04e3 100644 --- a/securityd/securityd.xcodeproj/project.pbxproj +++ b/securityd/securityd.xcodeproj/project.pbxproj @@ -59,6 +59,7 @@ 18B965DC147319E5005A4D2E /* libsecurityd_server.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18B965DB147319E5005A4D2E /* libsecurityd_server.a */; }; 18B965DD147319F6005A4D2E /* PCSC.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C276AAD60663E7A400B57276 /* PCSC.framework */; }; 18CE013F17147A46008C042F /* libsecuritydservice_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 18CE013E17147A46008C042F /* libsecuritydservice_client.a */; }; + 44AF7EE01BB445BA005E9265 /* libDiagnosticMessagesClient.dylib in Frameworks */ = {isa = PBXBuildFile; fileRef = 44AF7EDF1BB445BA005E9265 /* libDiagnosticMessagesClient.dylib */; settings = {ASSET_TAGS = (); }; }; 4E0BB2B40F79590300BBFEFA /* ccaudit_extensions.h in Headers */ = {isa = PBXBuildFile; fileRef = 4E0BB2B20F79590300BBFEFA /* ccaudit_extensions.h */; }; 4E0BB2B50F79590300BBFEFA /* ccaudit_extensions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4E0BB2B30F79590300BBFEFA /* ccaudit_extensions.cpp */; }; 53002F001818A7C300900564 /* libsecurity_codesigning.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1865FFD0147516CF00FD79DF /* libsecurity_codesigning.a */; }; @@ -254,6 +255,7 @@ 407ACD060AE5B57700A9DA90 /* credential.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = credential.h; sourceTree = ""; }; 407ACD070AE5B57700A9DA90 /* credential.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = credential.cpp; sourceTree = ""; }; 43D720FA1A23F1490091236D /* agentclient.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = agentclient.h; sourceTree = ""; }; + 44AF7EDF1BB445BA005E9265 /* libDiagnosticMessagesClient.dylib */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.dylib"; name = libDiagnosticMessagesClient.dylib; path = /usr/lib/libDiagnosticMessagesClient.dylib; sourceTree = ""; }; 4C9264980534866F004B0E72 /* acl_keychain.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acl_keychain.cpp; sourceTree = ""; }; 4C9264990534866F004B0E72 /* acl_keychain.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = acl_keychain.h; sourceTree = ""; }; 4C92649A0534866F004B0E72 /* acls.cpp */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.cpp.cpp; path = acls.cpp; sourceTree = ""; }; @@ -360,6 +362,7 @@ isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + 44AF7EE01BB445BA005E9265 /* libDiagnosticMessagesClient.dylib in Frameworks */, 53002F001818A7C300900564 /* libsecurity_codesigning.a in Frameworks */, 18CE013F17147A46008C042F /* libsecuritydservice_client.a in Frameworks */, 1865FFEB1475208B00FD79DF /* libsqlite3.dylib in Frameworks */, @@ -457,6 +460,7 @@ 18B967B514731B78005A4D2E /* libobjc.dylib */, 18B967B314731B69005A4D2E /* libauto.dylib */, 18B967B114731B55005A4D2E /* libsqlite3.dylib */, + 44AF7EDF1BB445BA005E9265 /* libDiagnosticMessagesClient.dylib */, 18B965DB147319E5005A4D2E /* libsecurityd_server.a */, 18B965D9147319C8005A4D2E /* libsecurity_cdsa_client.a */, 18B965D41473197B005A4D2E /* libsecurity_cdsa_utilities.a */, diff --git a/securityd/securityd_service/securityd_service.xcodeproj/project.pbxproj b/securityd/securityd_service/securityd_service.xcodeproj/project.pbxproj index 4d0e1f23..23b132b6 100644 --- a/securityd/securityd_service/securityd_service.xcodeproj/project.pbxproj +++ b/securityd/securityd_service/securityd_service.xcodeproj/project.pbxproj @@ -22,6 +22,8 @@ 18F4809D174976DA009724DB /* KeyStoreEvents.c in Sources */ = {isa = PBXBuildFile; fileRef = 18F4809C174976D2009724DB /* KeyStoreEvents.c */; }; 18F4809E1749774F009724DB /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 189D4648166C11A6001D8533 /* IOKit.framework */; }; 18F480A217498ADD009724DB /* AppleKeyStoreEvents.h in Headers */ = {isa = PBXBuildFile; fileRef = 18F4809F17498963009724DB /* AppleKeyStoreEvents.h */; settings = {ATTRIBUTES = (Public, ); }; }; + 220C5DBA1BD189EC000946A0 /* libsecuritydservice_client.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1843240E1714797D00196B52 /* libsecuritydservice_client.a */; }; + 220C5DC91BD19874000946A0 /* securityd_service_client.h in Headers */ = {isa = PBXBuildFile; fileRef = 18CD2B731714D4B300633846 /* securityd_service_client.h */; settings = {ATTRIBUTES = (Public, ); }; }; 80C312B6169BA50700DA5DC6 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 189D4643166BFDCE001D8533 /* Security.framework */; }; /* End PBXBuildFile section */ @@ -97,6 +99,7 @@ 18F4809217497521009724DB /* KeyStore-Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = "KeyStore-Info.plist"; sourceTree = ""; }; 18F4809C174976D2009724DB /* KeyStoreEvents.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = KeyStoreEvents.c; sourceTree = ""; }; 18F4809F17498963009724DB /* AppleKeyStoreEvents.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AppleKeyStoreEvents.h; sourceTree = ""; }; + 220C5DCA1BD1A1B8000946A0 /* securitydservicectrl.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.xml; path = securitydservicectrl.entitlements; sourceTree = ""; }; /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ @@ -125,6 +128,7 @@ files = ( 80C312B6169BA50700DA5DC6 /* Security.framework in Frameworks */, 189D4668166C19CF001D8533 /* CoreFoundation.framework in Frameworks */, + 220C5DBA1BD189EC000946A0 /* libsecuritydservice_client.a in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -192,6 +196,7 @@ isa = PBXGroup; children = ( 189D465D166C15C1001D8533 /* main.c */, + 220C5DCA1BD1A1B8000946A0 /* securitydservicectrl.entitlements */, ); path = securitydservicectrl; sourceTree = ""; @@ -230,6 +235,7 @@ isa = PBXHeadersBuildPhase; buildActionMask = 2147483647; files = ( + 220C5DC91BD19874000946A0 /* securityd_service_client.h in Headers */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -421,6 +427,7 @@ "$(inherited)", ); GCC_WARN_UNDECLARED_SELECTOR = YES; + INSTALL_PATH = /usr/local/lib; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; @@ -439,6 +446,7 @@ EXECUTABLE_PREFIX = lib; GCC_C_LANGUAGE_STANDARD = gnu99; GCC_WARN_UNDECLARED_SELECTOR = YES; + INSTALL_PATH = /usr/local/lib; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; @@ -473,6 +481,7 @@ GCC_WARN_UNINITIALIZED_AUTOS = YES; GCC_WARN_UNUSED_VARIABLE = YES; ONLY_ACTIVE_ARCH = YES; + SDKROOT = macosx.internal; }; name = Debug; }; @@ -501,6 +510,7 @@ GCC_WARN_ABOUT_RETURN_TYPE = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES; GCC_WARN_UNUSED_VARIABLE = YES; + SDKROOT = macosx.internal; }; name = Release; }; @@ -525,6 +535,7 @@ 189D4662166C15C1001D8533 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { + CODE_SIGN_ENTITLEMENTS = securitydservicectrl/securitydservicectrl.entitlements; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Debug; @@ -532,6 +543,7 @@ 189D4663166C15C1001D8533 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { + CODE_SIGN_ENTITLEMENTS = securitydservicectrl/securitydservicectrl.entitlements; PRODUCT_NAME = "$(TARGET_NAME)"; }; name = Release; diff --git a/securityd/securityd_service/securityd_service/main.c b/securityd/securityd_service/securityd_service/main.c index bd8e7fbe..0f848dc0 100644 --- a/securityd/securityd_service/securityd_service/main.c +++ b/securityd/securityd_service/securityd_service/main.c @@ -33,6 +33,8 @@ #define LOG(...) #endif +static bool check_signature(xpc_connection_t connection); + static pid_t get_caller_pid(audit_token_t * token) { pid_t pid = 0; @@ -461,6 +463,37 @@ service_kb_load(service_context_t * context) return rc; } +static int +service_kb_unload(service_context_t *context) +{ + __block int rc = KB_GeneralError; + + dispatch_sync(_kb_service_get_dispatch_queue(), ^{ + keybag_handle_t session_handle = bad_keybag_handle; + + rc = aks_get_system(context->s_uid, &session_handle); + if (rc == kIOReturnNotFound) { + // No session bag, nothing to do + rc = KB_Success; + return; + } else if (rc != kIOReturnSuccess) { + syslog(LOG_ERR, "error locating session keybag for uid (%i) in session (%i)", context->s_uid, context->s_id); + rc = KB_BagError; + return; + } + + rc = aks_unload_bag(session_handle); + if (rc != kAKSReturnSuccess) { + syslog(LOG_ERR, "error unloading keybag for uid (%i) in session (%i)", context->s_uid, context->s_id); + rc = KB_BagError; + } else { + syslog(LOG_ERR, "successfully unloaded keybag (%ld) for uid (%i) in session (%i)", (long)session_handle, context->s_uid, context->s_id); + } + }); + + return rc; +} + static int service_kb_save(service_context_t * context) { @@ -847,6 +880,8 @@ static char * sel_to_char(uint64_t sel) return "kb_is_locked"; case SERVICE_KB_RESET: return "kb_reset"; + case SERVICE_KB_UNLOAD: + return "kb_unload"; default: return "unknown"; } @@ -889,20 +924,50 @@ void service_peer_event_handler(xpc_connection_t connection, xpc_object_t event) const uint8_t * secret = NULL, * new_secret = NULL; size_t secret_len = 0, new_secret_len = 0, data_len = 0; service_context_t * context = NULL; + bool free_context = false; const void * data; xpc_object_t reply = xpc_dictionary_create_reply(event); - - data = xpc_dictionary_get_data(event, SERVICE_XPC_CONTEXT, &data_len); - require(data, done); - require(data_len == sizeof(service_context_t), done); - context = (service_context_t*)data; request = xpc_dictionary_get_uint64(event, SERVICE_XPC_REQUEST); + // For SERVICE_KB_UNLOAD only, allow non-securityd, non-root but + // entitled callers. + if (request == SERVICE_KB_UNLOAD) { + if (!peer_has_entitlement(connection, "com.apple.private.securityd.keybag-unload")) { + xpc_connection_cancel(connection); + return; + } + } else { + if (xpc_connection_get_euid(connection) != 0) { + xpc_connection_cancel(connection); + return; + } + + if (!check_signature(connection)) { + xpc_connection_cancel(connection); + return; + } + } + + data = xpc_dictionary_get_data(event, SERVICE_XPC_CONTEXT, &data_len); + require_action(data || request == SERVICE_KB_UNLOAD, done, rc = KB_GeneralError); + if (data) { + require(data_len == sizeof(service_context_t), done); + context = (service_context_t*)data; + } else { + audit_token_t audit_token = { 0 }; + xpc_connection_get_audit_token(connection, &audit_token); + context = calloc(1, sizeof(service_context_t)); + context->s_id = xpc_connection_get_asid(connection); + context->s_uid = xpc_connection_get_euid(connection); + context->procToken = audit_token; + free_context = true; + } + require_action(context->s_id != AU_DEFAUDITSID, done, rc = KB_InvalidSession); require_action(context->s_uid != AU_DEFAUDITID, done, rc = KB_InvalidSession); // we only want to work in actual user sessions. - + switch (request) { case SERVICE_KB_CREATE: // if (kb_service_has_entitlement(peer, "com.apple.keystore.device")) { @@ -913,6 +978,9 @@ void service_peer_event_handler(xpc_connection_t connection, xpc_object_t event) case SERVICE_KB_LOAD: rc = service_kb_load(context); break; + case SERVICE_KB_UNLOAD: + rc = service_kb_unload(context); + break; case SERVICE_KB_SAVE: rc = service_kb_save(context); break; @@ -965,6 +1033,9 @@ void service_peer_event_handler(xpc_connection_t connection, xpc_object_t event) xpc_dictionary_set_int64(reply, SERVICE_XPC_RC, rc); xpc_connection_send_message(connection, reply); xpc_release(reply); + if (free_context) { + free(context); + } } } @@ -1059,17 +1130,6 @@ int main(int argc, const char * argv[]) xpc_connection_set_event_handler(listener, ^(xpc_object_t peer) { // It is safe to cast 'peer' to xpc_connection_t assuming // we have a correct configuration in our launchd.plist. - - if (xpc_connection_get_euid(peer) != 0) { - xpc_connection_cancel(peer); - return; - } - - if (!check_signature(peer)) { - xpc_connection_cancel(peer); - return; - } - xpc_connection_set_event_handler(peer, ^(xpc_object_t event) { vproc_transaction_t transaction = vproc_transaction_begin(NULL); service_peer_event_handler(peer, event); diff --git a/securityd/securityd_service/securityd_service/securityd_service.h b/securityd/securityd_service/securityd_service/securityd_service.h index 0b6634ea..b2eac5c7 100644 --- a/securityd/securityd_service/securityd_service/securityd_service.h +++ b/securityd/securityd_service/securityd_service/securityd_service.h @@ -27,6 +27,7 @@ enum { SERVICE_KB_IS_LOCKED, SERVICE_KB_RESET, SERVICE_STASH_LOAD_KEY, + SERVICE_KB_UNLOAD, }; #endif diff --git a/securityd/securityd_service/securityd_service/securityd_service_client.c b/securityd/securityd_service/securityd_service/securityd_service_client.c index b5e83a85..851586db 100644 --- a/securityd/securityd_service/securityd_service/securityd_service_client.c +++ b/securityd/securityd_service/securityd_service/securityd_service_client.c @@ -45,14 +45,14 @@ _service_send_msg(service_context_t *context, xpc_object_t message, xpc_object_t int rc = KB_GeneralError; xpc_object_t reply = NULL; xpc_connection_t conn = NULL; - - require(context, done); + require(message, done); conn = _service_get_connection(); require(conn, done); - - xpc_dictionary_set_data(message, SERVICE_XPC_CONTEXT, context, sizeof(service_context_t)); - + + if (context) { + xpc_dictionary_set_data(message, SERVICE_XPC_CONTEXT, context, sizeof(service_context_t)); + } reply = xpc_connection_send_message_with_reply_sync(conn, message); require(reply, done); require(xpc_get_type(reply) != XPC_TYPE_ERROR, done); @@ -106,6 +106,12 @@ service_client_kb_load(service_context_t *context) return _service_client_send_secret(context, SERVICE_KB_LOAD, NULL, 0, NULL, 0); } +int +service_client_kb_unload(service_context_t *context) +{ + return _service_client_send_secret(context, SERVICE_KB_UNLOAD, NULL, 0, NULL, 0); +} + int service_client_kb_save(service_context_t *context) { diff --git a/securityd/securityd_service/securityd_service/securityd_service_client.h b/securityd/securityd_service/securityd_service/securityd_service_client.h index fff45d0d..393f6a4d 100644 --- a/securityd/securityd_service/securityd_service/securityd_service_client.h +++ b/securityd/securityd_service/securityd_service/securityd_service_client.h @@ -29,6 +29,7 @@ typedef struct { int service_client_kb_create(service_context_t *context, const void * secret, int secret_len); int service_client_kb_load(service_context_t *context); +int service_client_kb_unload(service_context_t *context); int service_client_kb_save(service_context_t *context); int service_client_kb_unlock(service_context_t *context, const void * secret, int secret_len); int service_client_kb_lock(service_context_t *context); diff --git a/securityd/securityd_service/securitydservicectrl/main.c b/securityd/securityd_service/securitydservicectrl/main.c index f8c3752c..f31d2cff 100644 --- a/securityd/securityd_service/securitydservicectrl/main.c +++ b/securityd/securityd_service/securitydservicectrl/main.c @@ -7,6 +7,7 @@ // #include "securityd_service.h" +#include "securityd_service_client.h" #include #include @@ -44,7 +45,7 @@ int main(int argc, const char * argv[]) xpc_connection_resume(connection); if (argc != 2) { - printf("Usage: securityservicectrl < get | set | stash | login | loginstash >\n"); + printf("Usage: securityservicectrl < get | set | stash | login | loginstash | unload >\n"); return 1; } @@ -71,7 +72,10 @@ int main(int argc, const char * argv[]) status = SecKeychainStash(); printf("Returned: %i\n", status); return status ? 1 : 0; - + + } else if (strcmp(argv[1], "unload") == 0) { + return service_client_kb_unload(NULL); + } else { printf("%s not known\n", argv[1]); return 1; diff --git a/securityd/securityd_service/securitydservicectrl/securitydservicectrl.entitlements b/securityd/securityd_service/securitydservicectrl/securitydservicectrl.entitlements new file mode 100644 index 00000000..d3d534f2 --- /dev/null +++ b/securityd/securityd_service/securitydservicectrl/securitydservicectrl.entitlements @@ -0,0 +1,8 @@ + + + + + com.apple.security.keybag-unload + + + diff --git a/securityd/src/kcdatabase.cpp b/securityd/src/kcdatabase.cpp index 770ed8a6..4bae65a5 100644 --- a/securityd/src/kcdatabase.cpp +++ b/securityd/src/kcdatabase.cpp @@ -1518,9 +1518,10 @@ void KeychainDbCommon::activity() void KeychainDbCommon::sleepProcessing() { secdebug("KCdb", "common %s(%p) sleep-lock processing", dbName(), this); - StLock _(*this); - if (mParams.lockOnSleep) + if (mParams.lockOnSleep) { + StLock _(*this); lockDb(); + } } void KeychainDbCommon::lockProcessing() diff --git a/securityd/src/notifications.cpp b/securityd/src/notifications.cpp index 0a82c885..098b4760 100644 --- a/securityd/src/notifications.cpp +++ b/securityd/src/notifications.cpp @@ -194,8 +194,11 @@ void SharedMemoryListener::notifyMe(Notification* notification) { const void* data = notification->data.data(); UInt32 length = notification->data.length(); - WriteMessage (notification->domain, notification->event, data, length); - + /* enforce a maximum size of 16k for notifications */ + if (length > 16384) return; + + WriteMessage (notification->domain, notification->event, data, length); + if (!mActive) { Server::active().setTimer (this, Time::Interval(kServerWait)); diff --git a/securityd/src/token.cpp b/securityd/src/token.cpp index 4dc47dfa..e8c024fa 100644 --- a/securityd/src/token.cpp +++ b/securityd/src/token.cpp @@ -41,6 +41,7 @@ #include #include #include +#include using namespace MDSClient; @@ -435,6 +436,14 @@ void Token::notify(NotificationEvent event) free (data.data()); } +static void mt_log_ctk_tokend(const char *signature, const char *signature2) +{ + msgtracer_log_with_keys("com.apple.ctk.tokend", ASL_LEVEL_NOTICE, + "com.apple.message.signature", signature, + "com.apple.message.signature2", signature2, + "com.apple.message.summarize", "YES", + NULL); +} // // Choose a token daemon for our card. @@ -451,6 +460,8 @@ RefPointer Token::chooseTokend() candidates.update(); //@@@ we could sort by reverse "maxScore" and avoid launching those who won't cut it anyway... + string chosenIdentifier; + set candidateIdentifiers; RefPointer leader; for (CodeRepository::const_iterator it = candidates.begin(); it != candidates.end(); it++) { @@ -465,6 +476,9 @@ RefPointer Token::chooseTokend() RefPointer tokend = new TokenDaemon(candidate, reader().name(), reader().pcscState(), reader().cache); + // add identifier to candidate names set + candidateIdentifiers.insert(tokend->bundleIdentifier()); + if (tokend->state() == ServerChild::dead) // ah well, this one's no good continue; @@ -473,12 +487,24 @@ RefPointer Token::chooseTokend() continue; // we got a contender! - if (!leader || tokend->score() > leader->score()) + if (!leader || tokend->score() > leader->score()) { leader = tokend; // a new front runner, he is... + chosenIdentifier = leader->bundleIdentifier(); + } } catch (...) { secdebug("token", "exception setting up %s (moving on)", candidate->canonicalPath().c_str()); } } + + // concatenate all candidate identifiers (sorted internally inside std::set) + string identifiers; + for (set::const_iterator i = candidateIdentifiers.begin(), e = candidateIdentifiers.end(); i != e; ++i) { + if (i != candidateIdentifiers.begin()) + identifiers.append(";"); + identifiers.append(*i); + } + mt_log_ctk_tokend(identifiers.c_str(), chosenIdentifier.c_str()); + return leader; } -- 2.47.2