CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-#
-# Certificate "AC Raiz Certicamara S.A."
-#
-# Issuer: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO
-# Serial Number:07:7e:52:93:7b:e0:15:e3:57:f0:69:8c:cb:ec:0c
-# Subject: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO
-# Not Valid Before: Mon Nov 27 20:46:29 2006
-# Not Valid After : Tue Apr 02 21:42:02 2030
-# Fingerprint (MD5): 93:2A:3E:F6:FD:23:69:0D:71:20:D4:2B:47:99:2B:A6
-# Fingerprint (SHA1): CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A."
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061
-\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144
-\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145
-\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147
-\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155
-\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004
-\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164
-\151\143\303\241\155\141\162\141\040\123\056\101\056
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061
-\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144
-\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145
-\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147
-\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155
-\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004
-\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164
-\151\143\303\241\155\141\162\141\040\123\056\101\056
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\017\007\176\122\223\173\340\025\343\127\360\151\214\313\354
-\014
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\006\146\060\202\004\116\240\003\002\001\002\002\017\007
-\176\122\223\173\340\025\343\127\360\151\214\313\354\014\060\015
-\006\011\052\206\110\206\367\015\001\001\005\005\000\060\173\061
-\013\060\011\006\003\125\004\006\023\002\103\117\061\107\060\105
-\006\003\125\004\012\014\076\123\157\143\151\145\144\141\144\040
-\103\141\155\145\162\141\154\040\144\145\040\103\145\162\164\151
-\146\151\143\141\143\151\303\263\156\040\104\151\147\151\164\141
-\154\040\055\040\103\145\162\164\151\143\303\241\155\141\162\141
-\040\123\056\101\056\061\043\060\041\006\003\125\004\003\014\032
-\101\103\040\122\141\303\255\172\040\103\145\162\164\151\143\303
-\241\155\141\162\141\040\123\056\101\056\060\036\027\015\060\066
-\061\061\062\067\062\060\064\066\062\071\132\027\015\063\060\060
-\064\060\062\062\061\064\062\060\062\132\060\173\061\013\060\011
-\006\003\125\004\006\023\002\103\117\061\107\060\105\006\003\125
-\004\012\014\076\123\157\143\151\145\144\141\144\040\103\141\155
-\145\162\141\154\040\144\145\040\103\145\162\164\151\146\151\143
-\141\143\151\303\263\156\040\104\151\147\151\164\141\154\040\055
-\040\103\145\162\164\151\143\303\241\155\141\162\141\040\123\056
-\101\056\061\043\060\041\006\003\125\004\003\014\032\101\103\040
-\122\141\303\255\172\040\103\145\162\164\151\143\303\241\155\141
-\162\141\040\123\056\101\056\060\202\002\042\060\015\006\011\052
-\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060
-\202\002\012\002\202\002\001\000\253\153\211\243\123\314\110\043
-\010\373\303\317\121\226\010\056\270\010\172\155\074\220\027\206
-\251\351\355\056\023\064\107\262\320\160\334\311\074\320\215\312
-\356\113\027\253\320\205\260\247\043\004\313\250\242\374\345\165
-\333\100\312\142\211\217\120\236\001\075\046\133\030\204\034\313
-\174\067\267\175\354\323\177\163\031\260\152\262\330\210\212\055
-\105\164\250\367\263\270\300\324\332\315\042\211\164\115\132\025
-\071\163\030\164\117\265\353\231\247\301\036\210\264\302\223\220
-\143\227\363\247\247\022\262\011\042\007\063\331\221\315\016\234
-\037\016\040\307\356\273\063\215\217\302\322\130\247\137\375\145
-\067\342\210\302\330\217\206\165\136\371\055\247\207\063\362\170
-\067\057\213\274\035\206\067\071\261\224\362\330\274\112\234\203
-\030\132\006\374\363\324\324\272\214\025\011\045\360\371\266\215
-\004\176\027\022\063\153\127\110\114\117\333\046\036\353\314\220
-\347\213\371\150\174\160\017\243\052\320\072\070\337\067\227\342
-\133\336\200\141\323\200\330\221\203\102\132\114\004\211\150\021
-\074\254\137\150\200\101\314\140\102\316\015\132\052\014\017\233
-\060\300\246\360\206\333\253\111\327\227\155\110\213\371\003\300
-\122\147\233\022\367\302\362\056\230\145\102\331\326\232\343\320
-\031\061\014\255\207\325\127\002\172\060\350\206\046\373\217\043
-\212\124\207\344\277\074\356\353\303\165\110\137\036\071\157\201
-\142\154\305\055\304\027\124\031\267\067\215\234\067\221\310\366
-\013\325\352\143\157\203\254\070\302\363\077\336\232\373\341\043
-\141\360\310\046\313\066\310\241\363\060\217\244\243\242\241\335
-\123\263\336\360\232\062\037\203\221\171\060\301\251\037\123\233
-\123\242\025\123\077\335\235\263\020\073\110\175\211\017\374\355
-\003\365\373\045\144\165\016\027\031\015\217\000\026\147\171\172
-\100\374\055\131\007\331\220\372\232\255\075\334\200\212\346\134
-\065\242\147\114\021\153\261\370\200\144\000\055\157\042\141\305
-\254\113\046\345\132\020\202\233\244\203\173\064\367\236\211\221
-\040\227\216\267\102\307\146\303\320\351\244\326\365\040\215\304
-\303\225\254\104\012\235\133\163\074\046\075\057\112\276\247\311
-\247\020\036\373\237\120\151\363\002\003\001\000\001\243\201\346
-\060\201\343\060\017\006\003\125\035\023\001\001\377\004\005\060
-\003\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004
-\003\002\001\006\060\035\006\003\125\035\016\004\026\004\024\321
-\011\320\351\327\316\171\164\124\371\072\060\263\364\155\054\003
-\003\033\150\060\201\240\006\003\125\035\040\004\201\230\060\201
-\225\060\201\222\006\004\125\035\040\000\060\201\211\060\053\006
-\010\053\006\001\005\005\007\002\001\026\037\150\164\164\160\072
-\057\057\167\167\167\056\143\145\162\164\151\143\141\155\141\162
-\141\056\143\157\155\057\144\160\143\057\060\132\006\010\053\006
-\001\005\005\007\002\002\060\116\032\114\114\151\155\151\164\141
-\143\151\157\156\145\163\040\144\145\040\147\141\162\141\156\164
-\355\141\163\040\144\145\040\145\163\164\145\040\143\145\162\164
-\151\146\151\143\141\144\157\040\163\145\040\160\165\145\144\145
-\156\040\145\156\143\157\156\164\162\141\162\040\145\156\040\154
-\141\040\104\120\103\056\060\015\006\011\052\206\110\206\367\015
-\001\001\005\005\000\003\202\002\001\000\134\224\265\270\105\221
-\115\216\141\037\003\050\017\123\174\346\244\131\251\263\212\172
-\305\260\377\010\174\054\243\161\034\041\023\147\241\225\022\100
-\065\203\203\217\164\333\063\134\360\111\166\012\201\122\335\111
-\324\232\062\063\357\233\247\313\165\345\172\313\227\022\220\134
-\272\173\305\233\337\273\071\043\310\377\230\316\012\115\042\001
-\110\007\176\212\300\325\040\102\224\104\357\277\167\242\211\147
-\110\033\100\003\005\241\211\354\317\142\343\075\045\166\146\277
-\046\267\273\042\276\157\377\071\127\164\272\172\311\001\225\301
-\225\121\350\253\054\370\261\206\040\351\077\313\065\133\322\027
-\351\052\376\203\023\027\100\356\210\142\145\133\325\073\140\351
-\173\074\270\311\325\177\066\002\045\252\150\302\061\025\267\060
-\145\353\177\035\110\171\261\317\071\342\102\200\026\323\365\223
-\043\374\114\227\311\132\067\154\174\042\330\112\315\322\216\066
-\203\071\221\220\020\310\361\311\065\176\077\270\323\201\306\040
-\144\032\266\120\302\041\244\170\334\320\057\073\144\223\164\360
-\226\220\361\357\373\011\132\064\100\226\360\066\022\301\243\164
-\214\223\176\101\336\167\213\354\206\331\322\017\077\055\321\314
-\100\242\211\146\110\036\040\263\234\043\131\163\251\104\163\274
-\044\171\220\126\067\263\306\051\176\243\017\361\051\071\357\176
-\134\050\062\160\065\254\332\270\310\165\146\374\233\114\071\107
-\216\033\157\233\115\002\124\042\063\357\141\272\236\051\204\357
-\116\113\063\107\166\227\152\313\176\137\375\025\246\236\102\103
-\133\146\132\212\210\015\367\026\271\077\121\145\053\146\152\213
-\321\070\122\242\326\106\021\372\374\232\034\164\236\217\227\013
-\002\117\144\306\365\150\323\113\055\377\244\067\036\213\077\277
-\104\276\141\106\241\204\075\010\047\114\201\040\167\211\010\352
-\147\100\136\154\010\121\137\064\132\214\226\150\315\327\367\211
-\302\034\323\062\000\257\122\313\323\140\133\052\072\107\176\153
-\060\063\241\142\051\177\112\271\341\055\347\024\043\016\016\030
-\107\341\171\374\025\125\320\261\374\045\161\143\165\063\034\043
-\053\257\134\331\355\107\167\140\016\073\017\036\322\300\334\144
-\005\211\374\170\326\134\054\046\103\251
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for Certificate "AC Raiz Certicamara S.A."
-# Issuer: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO
-# Serial Number:07:7e:52:93:7b:e0:15:e3:57:f0:69:8c:cb:ec:0c
-# Subject: CN=AC Ra..z Certic..mara S.A.,O=Sociedad Cameral de Certificaci..n Digital - Certic..mara S.A.,C=CO
-# Not Valid Before: Mon Nov 27 20:46:29 2006
-# Not Valid After : Tue Apr 02 21:42:02 2030
-# Fingerprint (MD5): 93:2A:3E:F6:FD:23:69:0D:71:20:D4:2B:47:99:2B:A6
-# Fingerprint (SHA1): CB:A1:C5:F8:B0:E3:5E:B8:B9:45:12:D3:F9:34:A2:E9:06:10:D3:36
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A."
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\313\241\305\370\260\343\136\270\271\105\022\323\371\064\242\351
-\006\020\323\066
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\223\052\076\366\375\043\151\015\161\040\324\053\107\231\053\246
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\173\061\013\060\011\006\003\125\004\006\023\002\103\117\061
-\107\060\105\006\003\125\004\012\014\076\123\157\143\151\145\144
-\141\144\040\103\141\155\145\162\141\154\040\144\145\040\103\145
-\162\164\151\146\151\143\141\143\151\303\263\156\040\104\151\147
-\151\164\141\154\040\055\040\103\145\162\164\151\143\303\241\155
-\141\162\141\040\123\056\101\056\061\043\060\041\006\003\125\004
-\003\014\032\101\103\040\122\141\303\255\172\040\103\145\162\164
-\151\143\303\241\155\141\162\141\040\123\056\101\056
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\017\007\176\122\223\173\340\025\343\127\360\151\214\313\354
-\014
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
#
# Certificate "Deutsche Telekom Root CA 2"
#
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-#
-# Certificate "Certplus Root CA G1"
-#
-# Issuer: CN=Certplus Root CA G1,O=Certplus,C=FR
-# Serial Number:11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11
-# Subject: CN=Certplus Root CA G1,O=Certplus,C=FR
-# Not Valid Before: Mon May 26 00:00:00 2014
-# Not Valid After : Fri Jan 15 00:00:00 2038
-# Fingerprint (SHA-256): 15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E
-# Fingerprint (SHA1): 22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Certplus Root CA G1"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
-\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
-\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
-\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
-\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\022\021\040\125\203\344\055\076\124\126\205\055\203\067\267
-\054\334\106\021
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\153\060\202\003\123\240\003\002\001\002\002\022\021
-\040\125\203\344\055\076\124\126\205\055\203\067\267\054\334\106
-\021\060\015\006\011\052\206\110\206\367\015\001\001\015\005\000
-\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
-\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
-\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061
-\060\036\027\015\061\064\060\065\062\066\060\060\060\060\060\060
-\132\027\015\063\070\060\061\061\065\060\060\060\060\060\060\132
-\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
-\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
-\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061
-\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
-\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
-\000\332\120\207\266\332\270\251\076\235\144\372\126\063\232\126
-\075\026\345\003\225\262\064\034\232\155\142\005\324\330\217\347
-\211\144\237\272\333\144\213\144\346\171\052\141\315\257\217\132
-\211\221\145\271\130\374\264\003\137\221\077\055\020\025\340\176
-\317\274\374\177\103\147\250\255\136\066\043\330\230\263\115\363
-\103\236\071\174\052\374\354\210\325\210\356\160\275\205\026\055
-\352\113\211\074\243\161\102\376\034\375\323\034\055\020\270\206
-\124\352\103\270\333\306\207\332\250\256\200\045\317\172\046\035
-\252\221\260\110\157\256\265\336\236\330\327\372\000\375\306\217
-\320\121\273\142\175\244\261\214\262\377\040\021\272\065\143\005
-\206\107\140\103\063\220\366\107\242\003\117\226\115\235\117\301
-\352\352\234\242\376\064\056\336\267\312\033\166\244\267\255\237
-\351\250\324\170\077\170\376\362\070\011\066\035\322\026\002\310
-\354\052\150\257\365\216\224\357\055\023\172\036\102\112\035\025
-\061\256\014\004\127\374\141\163\363\061\126\206\061\200\240\304
-\021\156\060\166\343\224\360\137\004\304\254\207\162\211\230\305
-\235\314\127\010\232\364\014\374\175\172\005\072\372\107\200\071
-\266\317\204\023\167\157\047\352\377\226\147\027\010\155\351\015
-\326\043\120\060\260\025\164\023\076\345\057\377\016\315\304\013
-\112\135\360\330\000\063\111\146\353\241\030\174\131\056\075\050
-\271\141\161\313\265\245\272\270\352\334\342\160\157\010\152\334
-\207\147\064\357\337\060\162\335\363\311\077\043\377\065\341\276
-\041\051\040\060\201\344\031\245\040\351\045\312\163\061\164\051
-\276\342\102\325\363\262\046\146\307\150\375\031\263\347\040\223
-\231\350\135\340\136\207\347\106\350\045\234\012\051\044\324\315
-\130\206\122\100\044\262\173\017\230\022\040\044\366\220\154\107
-\310\015\273\030\040\056\331\375\374\213\362\051\352\207\164\225
-\340\102\120\170\204\004\101\141\260\364\041\043\217\055\313\050
-\041\362\152\154\364\032\246\305\024\264\067\145\117\225\375\200
-\310\370\162\345\045\153\304\140\261\173\155\216\112\212\163\316
-\131\373\160\172\163\006\023\331\323\164\067\044\101\012\021\157
-\227\334\347\344\176\241\275\025\362\272\207\017\075\150\212\026
-\007\002\003\001\000\001\243\143\060\141\060\016\006\003\125\035
-\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035
-\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125
-\035\016\004\026\004\024\250\301\300\233\221\250\103\025\174\135
-\006\047\264\052\121\330\227\013\201\261\060\037\006\003\125\035
-\043\004\030\060\026\200\024\250\301\300\233\221\250\103\025\174
-\135\006\047\264\052\121\330\227\013\201\261\060\015\006\011\052
-\206\110\206\367\015\001\001\015\005\000\003\202\002\001\000\234
-\126\157\001\176\321\275\114\365\212\306\360\046\037\344\340\070
-\030\314\062\303\051\073\235\101\051\064\141\306\327\360\000\241
-\353\244\162\217\224\027\274\023\054\165\264\127\356\012\174\011
-\172\334\325\312\241\320\064\023\370\167\253\237\345\376\330\036
-\164\212\205\007\217\177\314\171\172\312\226\315\315\375\117\373
-\375\043\015\220\365\364\136\323\306\141\175\236\021\340\002\356
-\011\004\331\007\335\246\212\267\014\203\044\273\203\120\222\376
-\140\165\021\076\330\235\260\212\172\265\340\235\233\313\220\122
-\113\260\223\052\324\076\026\063\345\236\306\145\025\076\144\073
-\004\077\333\014\217\137\134\035\151\037\257\363\351\041\214\363
-\357\227\366\232\267\031\266\204\164\234\243\124\265\160\116\143
-\330\127\135\123\041\233\100\222\103\372\326\167\125\063\117\144
-\325\373\320\054\152\216\155\045\246\357\205\350\002\304\123\076
-\271\236\207\274\314\065\032\336\241\351\212\143\207\145\036\021
-\052\333\143\167\227\024\276\232\024\231\021\262\300\356\260\117
-\370\024\041\062\103\117\237\253\242\313\250\017\252\073\006\125
-\306\022\051\127\010\324\067\327\207\047\255\111\131\247\221\253
-\104\172\136\215\160\333\227\316\110\120\261\163\223\366\360\203
-\140\371\315\361\341\061\375\133\174\161\041\143\024\024\252\257
-\305\336\223\176\150\261\354\042\242\252\220\165\236\265\103\162
-\352\144\243\204\113\375\014\250\046\153\161\227\356\126\143\146
-\350\102\124\371\307\035\337\320\217\133\337\310\060\157\210\376
-\015\304\063\034\123\250\243\375\110\020\362\344\012\116\341\025
-\127\374\156\144\060\302\125\021\334\352\251\315\112\124\254\051
-\143\104\317\112\100\240\326\150\131\033\063\371\357\072\213\333
-\040\222\334\102\204\277\001\253\207\300\325\040\202\333\306\271
-\203\205\102\134\017\103\073\152\111\065\325\230\364\025\277\372
-\141\201\014\011\040\030\322\320\027\014\313\110\000\120\351\166
-\202\214\144\327\072\240\007\125\314\036\061\300\357\072\264\145
-\373\343\277\102\153\236\017\250\275\153\230\334\330\333\313\213
-\244\335\327\131\364\156\335\376\252\303\221\320\056\102\007\300
-\014\115\123\315\044\261\114\133\036\121\364\337\351\222\372
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "Certplus Root CA G1"
-# Issuer: CN=Certplus Root CA G1,O=Certplus,C=FR
-# Serial Number:11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11
-# Subject: CN=Certplus Root CA G1,O=Certplus,C=FR
-# Not Valid Before: Mon May 26 00:00:00 2014
-# Not Valid After : Fri Jan 15 00:00:00 2038
-# Fingerprint (SHA-256): 15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E
-# Fingerprint (SHA1): 22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Certplus Root CA G1"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\042\375\320\267\375\242\116\015\254\111\054\240\254\246\173\152
-\037\343\367\146
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\177\011\234\367\331\271\134\151\151\126\325\067\076\024\015\102
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
-\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
-\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\022\021\040\125\203\344\055\076\124\126\205\055\203\067\267
-\054\334\106\021
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "Certplus Root CA G2"
-#
-# Issuer: CN=Certplus Root CA G2,O=Certplus,C=FR
-# Serial Number:11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55
-# Subject: CN=Certplus Root CA G2,O=Certplus,C=FR
-# Not Valid Before: Mon May 26 00:00:00 2014
-# Not Valid After : Fri Jan 15 00:00:00 2038
-# Fingerprint (SHA-256): 6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17
-# Fingerprint (SHA1): 4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Certplus Root CA G2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
-\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
-\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
-\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
-\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\022\021\040\331\221\316\256\243\350\305\347\377\351\002\257
-\317\163\274\125
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\002\034\060\202\001\242\240\003\002\001\002\002\022\021
-\040\331\221\316\256\243\350\305\347\377\351\002\257\317\163\274
-\125\060\012\006\010\052\206\110\316\075\004\003\003\060\076\061
-\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060\017
-\006\003\125\004\012\014\010\103\145\162\164\160\154\165\163\061
-\034\060\032\006\003\125\004\003\014\023\103\145\162\164\160\154
-\165\163\040\122\157\157\164\040\103\101\040\107\062\060\036\027
-\015\061\064\060\065\062\066\060\060\060\060\060\060\132\027\015
-\063\070\060\061\061\065\060\060\060\060\060\060\132\060\076\061
-\013\060\011\006\003\125\004\006\023\002\106\122\061\021\060\017
-\006\003\125\004\012\014\010\103\145\162\164\160\154\165\163\061
-\034\060\032\006\003\125\004\003\014\023\103\145\162\164\160\154
-\165\163\040\122\157\157\164\040\103\101\040\107\062\060\166\060
-\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000
-\042\003\142\000\004\315\017\133\126\202\337\360\105\032\326\255
-\367\171\360\035\311\254\226\326\236\116\234\037\264\102\021\312
-\206\277\155\373\205\243\305\345\031\134\327\356\246\077\151\147
-\330\170\342\246\311\304\333\055\171\056\347\213\215\002\157\061
-\042\115\006\343\140\162\105\235\016\102\167\236\316\317\345\177
-\205\233\030\344\374\314\056\162\323\026\223\116\312\231\143\134
-\241\005\052\154\006\243\143\060\141\060\016\006\003\125\035\017
-\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023
-\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035
-\016\004\026\004\024\332\203\143\002\171\216\332\114\306\074\043
-\024\330\217\303\040\253\050\140\131\060\037\006\003\125\035\043
-\004\030\060\026\200\024\332\203\143\002\171\216\332\114\306\074
-\043\024\330\217\303\040\253\050\140\131\060\012\006\010\052\206
-\110\316\075\004\003\003\003\150\000\060\145\002\060\160\376\260
-\013\331\367\203\227\354\363\125\035\324\334\263\006\016\376\063
-\230\235\213\071\220\153\224\041\355\266\327\135\326\114\327\041
-\247\347\277\041\017\053\315\367\052\334\205\007\235\002\061\000
-\206\024\026\345\334\260\145\302\300\216\024\237\277\044\026\150
-\345\274\371\171\151\334\255\105\053\367\266\061\163\314\006\245
-\123\223\221\032\223\256\160\152\147\272\327\236\345\141\032\137
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "Certplus Root CA G2"
-# Issuer: CN=Certplus Root CA G2,O=Certplus,C=FR
-# Serial Number:11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55
-# Subject: CN=Certplus Root CA G2,O=Certplus,C=FR
-# Not Valid Before: Mon May 26 00:00:00 2014
-# Not Valid After : Fri Jan 15 00:00:00 2038
-# Fingerprint (SHA-256): 6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17
-# Fingerprint (SHA1): 4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Certplus Root CA G2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\117\145\216\037\351\006\330\050\002\351\124\107\101\311\124\045
-\135\151\314\032
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\247\356\304\170\055\033\356\055\271\051\316\326\247\226\062\061
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\076\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\021\060\017\006\003\125\004\012\014\010\103\145\162\164\160\154
-\165\163\061\034\060\032\006\003\125\004\003\014\023\103\145\162
-\164\160\154\165\163\040\122\157\157\164\040\103\101\040\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\022\021\040\331\221\316\256\243\350\305\347\377\351\002\257
-\317\163\274\125
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "OpenTrust Root CA G1"
-#
-# Issuer: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR
-# Serial Number:11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67
-# Subject: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR
-# Not Valid Before: Mon May 26 08:45:50 2014
-# Not Valid After : Fri Jan 15 00:00:00 2038
-# Fingerprint (SHA-256): 56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4
-# Fingerprint (SHA1): 79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "OpenTrust Root CA G1"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
-\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
-\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
-\107\061
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
-\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
-\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
-\107\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\022\021\040\263\220\125\071\175\177\066\155\144\302\247\237
-\153\143\216\147
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\157\060\202\003\127\240\003\002\001\002\002\022\021
-\040\263\220\125\071\175\177\066\155\144\302\247\237\153\143\216
-\147\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000
-\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
-\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
-\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
-\107\061\060\036\027\015\061\064\060\065\062\066\060\070\064\065
-\065\060\132\027\015\063\070\060\061\061\065\060\060\060\060\060
-\060\132\060\100\061\013\060\011\006\003\125\004\006\023\002\106
-\122\061\022\060\020\006\003\125\004\012\014\011\117\160\145\156
-\124\162\165\163\164\061\035\060\033\006\003\125\004\003\014\024
-\117\160\145\156\124\162\165\163\164\040\122\157\157\164\040\103
-\101\040\107\061\060\202\002\042\060\015\006\011\052\206\110\206
-\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
-\002\202\002\001\000\370\171\106\332\226\305\060\136\212\161\003
-\055\160\244\273\260\305\010\334\315\346\065\300\200\244\021\055
-\335\346\207\256\135\075\221\322\207\154\067\267\332\142\236\233
-\302\044\327\217\361\333\246\246\337\106\157\121\246\161\313\076
-\033\061\147\142\367\021\133\064\047\325\171\116\214\233\130\275
-\042\020\015\134\047\014\335\060\345\250\323\135\041\070\164\027
-\376\343\037\266\117\073\153\055\333\175\140\037\214\175\114\005
-\302\353\001\026\025\230\024\216\321\220\167\042\077\354\302\071
-\270\171\072\360\111\044\342\225\221\334\141\064\222\214\124\164
-\357\261\175\214\001\342\070\175\301\137\152\137\044\262\216\142
-\027\255\171\040\255\253\035\267\340\264\226\110\117\146\103\020
-\006\026\044\003\341\340\234\216\306\106\117\216\032\231\341\217
-\271\216\063\154\151\336\130\255\240\016\247\144\124\021\151\104
-\146\117\114\022\247\216\054\175\304\324\133\305\000\064\060\301
-\331\231\376\062\316\007\204\264\116\315\012\377\066\115\142\361
-\247\143\127\344\333\152\247\256\277\053\271\311\346\262\047\211
-\345\176\232\034\115\150\306\301\030\336\063\053\121\106\113\034
-\216\367\075\014\371\212\064\024\304\373\063\065\043\361\314\361
-\052\307\245\273\260\242\316\376\123\153\115\101\033\146\050\262
-\226\372\247\256\012\116\271\071\063\104\234\164\301\223\034\370
-\340\236\044\045\103\361\233\043\202\252\337\054\040\260\334\066
-\116\003\263\174\002\324\346\173\032\252\207\023\277\076\241\164
-\273\233\016\341\300\223\237\327\244\146\312\273\033\073\343\060
-\364\063\131\212\007\162\003\125\347\163\152\003\061\156\157\226
-\033\343\242\237\257\222\307\355\365\102\267\045\114\073\023\004
-\317\034\226\257\034\042\243\320\253\005\262\114\022\043\122\334
-\375\031\133\047\234\036\073\172\375\102\043\333\043\200\023\360
-\274\121\025\124\224\246\167\076\320\164\121\275\121\024\010\071
-\067\313\037\064\251\060\235\122\204\056\125\220\261\272\337\125
-\000\013\330\126\055\261\111\111\162\200\251\142\327\300\366\030
-\021\004\125\315\164\173\317\141\160\171\364\173\054\134\134\222
-\374\345\270\132\253\114\223\225\241\047\356\245\276\317\161\043
-\102\272\233\166\055\002\003\001\000\001\243\143\060\141\060\016
-\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017
-\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
-\035\006\003\125\035\016\004\026\004\024\227\106\041\127\041\065
-\332\066\125\307\363\361\067\160\345\010\366\223\051\266\060\037
-\006\003\125\035\043\004\030\060\026\200\024\227\106\041\127\041
-\065\332\066\125\307\363\361\067\160\345\010\366\223\051\266\060
-\015\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202
-\002\001\000\035\335\002\140\174\340\065\247\346\230\173\352\104
-\316\147\100\117\362\223\156\146\324\071\211\046\254\323\115\004
-\074\273\207\041\077\067\364\161\045\332\113\272\253\226\202\201
-\221\266\355\331\261\244\145\227\342\157\144\131\244\226\356\140
-\312\037\043\373\105\272\377\217\044\360\312\251\061\177\171\037
-\200\263\055\062\272\144\147\140\257\271\131\315\337\232\111\323
-\250\202\261\371\230\224\212\314\340\273\340\004\033\231\140\261
-\106\145\334\010\242\262\106\236\104\210\352\223\176\127\026\322
-\025\162\137\056\113\253\324\235\143\270\343\110\345\376\204\056
-\130\012\237\103\035\376\267\030\222\206\103\113\016\234\062\206
-\054\140\365\351\110\352\225\355\160\051\361\325\057\375\065\264
-\127\317\333\205\110\231\271\302\157\154\217\315\170\225\254\144
-\050\375\126\260\303\157\303\276\131\122\341\137\204\217\200\362
-\364\015\066\255\166\263\243\265\341\144\166\072\130\334\175\117
-\136\126\154\345\125\131\127\245\337\361\212\146\060\214\324\122
-\142\070\167\264\276\050\327\312\066\304\233\005\360\370\025\333
-\333\361\357\064\235\035\170\112\210\126\147\156\140\377\217\310
-\213\341\216\275\102\251\063\012\131\102\022\022\052\372\261\235
-\103\216\005\233\231\332\142\255\127\066\263\035\266\015\171\055
-\226\270\353\362\014\113\014\245\224\306\060\247\046\031\055\355
-\114\006\120\060\361\375\130\075\271\113\027\137\031\264\152\204
-\124\264\070\117\071\242\015\226\150\303\050\224\375\355\055\037
-\112\153\103\226\056\220\001\020\373\070\246\201\013\320\277\165
-\323\324\271\316\361\077\157\016\034\036\067\161\345\030\207\165
-\031\077\120\271\136\244\105\064\255\260\312\346\345\023\166\017
-\061\024\251\216\055\224\326\325\205\115\163\025\117\113\362\262
-\076\355\154\275\375\016\235\146\163\260\075\264\367\277\250\340
-\021\244\304\256\165\011\112\143\000\110\040\246\306\235\013\011
-\212\264\340\346\316\076\307\076\046\070\351\053\336\246\010\111
-\003\004\220\212\351\217\277\350\266\264\052\243\043\215\034\034
-\262\071\222\250\217\002\134\100\071\165\324\163\101\002\167\336
-\315\340\103\207\326\344\272\112\303\154\022\177\376\052\346\043
-\326\214\161
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "OpenTrust Root CA G1"
-# Issuer: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR
-# Serial Number:11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67
-# Subject: CN=OpenTrust Root CA G1,O=OpenTrust,C=FR
-# Not Valid Before: Mon May 26 08:45:50 2014
-# Not Valid After : Fri Jan 15 00:00:00 2038
-# Fingerprint (SHA-256): 56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4
-# Fingerprint (SHA1): 79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "OpenTrust Root CA G1"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\171\221\350\064\367\342\356\335\010\225\001\122\351\125\055\024
-\351\130\325\176
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\166\000\314\201\051\315\125\136\210\152\172\056\367\115\071\332
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
-\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
-\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
-\107\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\022\021\040\263\220\125\071\175\177\066\155\144\302\247\237
-\153\143\216\147
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "OpenTrust Root CA G2"
-#
-# Issuer: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR
-# Serial Number:11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11
-# Subject: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR
-# Not Valid Before: Mon May 26 00:00:00 2014
-# Not Valid After : Fri Jan 15 00:00:00 2038
-# Fingerprint (SHA-256): 27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2
-# Fingerprint (SHA1): 79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "OpenTrust Root CA G2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
-\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
-\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
-\107\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
-\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
-\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
-\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\022\021\040\241\151\033\277\275\271\275\122\226\217\043\350
-\110\277\046\021
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\157\060\202\003\127\240\003\002\001\002\002\022\021
-\040\241\151\033\277\275\271\275\122\226\217\043\350\110\277\046
-\021\060\015\006\011\052\206\110\206\367\015\001\001\015\005\000
-\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
-\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
-\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
-\107\062\060\036\027\015\061\064\060\065\062\066\060\060\060\060
-\060\060\132\027\015\063\070\060\061\061\065\060\060\060\060\060
-\060\132\060\100\061\013\060\011\006\003\125\004\006\023\002\106
-\122\061\022\060\020\006\003\125\004\012\014\011\117\160\145\156
-\124\162\165\163\164\061\035\060\033\006\003\125\004\003\014\024
-\117\160\145\156\124\162\165\163\164\040\122\157\157\164\040\103
-\101\040\107\062\060\202\002\042\060\015\006\011\052\206\110\206
-\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
-\002\202\002\001\000\314\266\127\245\063\224\020\201\062\123\337
-\141\176\017\166\071\317\134\302\123\165\035\111\172\226\070\335
-\242\163\152\361\157\336\136\242\132\271\161\041\276\066\331\241
-\374\274\356\154\250\174\064\032\161\032\350\032\330\137\016\104
-\006\355\247\340\363\322\141\013\340\062\242\226\321\070\360\302
-\332\001\027\374\344\254\117\350\356\211\036\164\253\117\277\036
-\011\266\066\152\126\363\341\356\226\211\146\044\006\344\315\102
-\072\112\335\340\232\260\304\202\105\263\376\311\253\134\174\076
-\311\353\027\057\014\175\156\256\245\217\310\254\045\012\157\372
-\325\105\230\322\065\011\366\003\103\224\376\331\277\040\225\171
-\200\230\212\331\211\065\273\121\033\244\067\175\374\231\073\253
-\377\277\254\015\217\103\261\231\173\026\020\176\035\157\107\304
-\025\217\004\226\010\006\102\004\370\204\326\035\274\221\246\102
-\276\111\325\152\210\077\274\055\121\321\236\215\340\122\314\127
-\335\065\065\130\333\264\217\044\210\344\213\337\334\153\124\322
-\201\053\262\316\222\113\034\037\106\372\035\330\222\313\166\147
-\265\011\231\011\345\254\027\024\125\160\306\074\240\126\012\003
-\263\334\142\031\337\310\265\060\177\365\074\046\165\021\275\327
-\033\263\207\236\007\257\145\161\345\240\317\032\247\011\020\035
-\223\211\146\133\350\074\142\062\265\265\072\156\351\205\001\213
-\236\103\214\147\163\050\131\133\353\343\334\054\314\245\046\162
-\142\022\264\346\234\203\104\366\121\244\342\300\172\044\127\312
-\016\245\077\072\265\073\213\345\166\356\160\346\222\336\026\134
-\050\133\227\031\047\222\376\172\222\124\316\223\071\012\026\207
-\274\143\263\365\261\223\134\340\156\267\320\352\371\142\062\210
-\104\373\277\047\050\266\060\225\135\022\050\271\225\276\217\123
-\030\345\242\030\026\342\126\244\262\054\020\365\035\067\246\370
-\267\366\320\131\134\211\367\302\325\265\224\164\321\325\376\033
-\266\360\346\326\036\173\322\074\313\250\343\365\030\363\041\037
-\156\357\115\150\006\173\055\135\156\103\211\246\300\371\240\277
-\202\036\317\123\177\264\353\054\333\135\366\152\175\100\044\005
-\162\211\070\001\223\313\161\302\071\135\006\021\366\157\170\370
-\067\015\071\204\047\002\003\001\000\001\243\143\060\141\060\016
-\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017
-\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
-\035\006\003\125\035\016\004\026\004\024\152\071\372\102\042\367
-\346\211\000\115\136\175\063\203\313\270\156\167\206\257\060\037
-\006\003\125\035\043\004\030\060\026\200\024\152\071\372\102\042
-\367\346\211\000\115\136\175\063\203\313\270\156\167\206\257\060
-\015\006\011\052\206\110\206\367\015\001\001\015\005\000\003\202
-\002\001\000\230\313\253\100\074\345\063\002\227\177\055\207\246
-\217\324\136\112\257\270\036\347\273\161\373\200\144\045\251\263
-\032\076\150\135\047\046\247\272\052\341\360\127\203\012\144\117
-\036\042\164\033\351\220\137\360\254\317\377\117\150\172\070\244
-\020\154\015\261\307\244\167\200\030\266\242\050\104\166\247\064
-\235\161\204\057\312\131\322\107\210\231\101\042\311\060\230\141
-\156\075\250\250\005\155\321\037\300\121\104\126\177\047\065\002
-\335\136\230\012\102\353\060\277\215\241\233\121\252\073\352\223
-\106\144\305\000\171\336\041\153\366\127\240\206\327\006\162\354
-\160\106\113\213\163\335\240\041\165\076\334\035\300\217\323\117
-\163\034\205\331\376\177\142\310\225\157\266\323\173\214\272\123
-\302\157\233\104\114\171\320\035\160\263\327\237\002\364\262\007
-\260\307\345\370\255\043\016\246\126\311\051\022\167\110\331\057
-\106\375\073\360\374\164\160\222\245\216\070\010\037\144\060\266
-\267\113\373\066\254\020\216\240\122\063\143\235\003\065\126\305
-\151\275\306\043\132\047\224\366\244\022\370\055\063\074\241\126
-\245\137\326\031\351\355\174\010\275\167\315\047\144\314\224\332
-\116\106\120\207\340\371\301\123\200\036\273\255\373\107\122\213
-\033\375\242\371\336\016\042\267\075\063\131\154\324\336\365\225
-\006\062\015\121\031\101\134\076\117\006\367\271\053\200\047\366
-\243\252\172\174\006\341\103\303\023\071\142\032\066\275\340\050
-\056\224\002\344\051\056\140\125\256\100\075\260\164\222\136\360
-\040\144\226\077\137\105\135\210\265\212\332\002\240\133\105\124
-\336\070\075\011\300\250\112\145\106\026\374\252\277\124\116\115
-\133\276\070\103\267\050\312\213\063\252\032\045\272\045\134\051
-\057\133\112\156\214\352\055\234\052\366\005\166\340\167\227\200
-\210\335\147\023\157\035\150\044\213\117\267\164\201\345\364\140
-\237\172\125\327\076\067\332\026\153\076\167\254\256\030\160\225
-\010\171\051\003\212\376\301\073\263\077\032\017\244\073\136\037
-\130\241\225\311\253\057\163\112\320\055\156\232\131\017\125\030
-\170\055\074\121\246\227\213\346\273\262\160\252\114\021\336\377
-\174\053\067\324\172\321\167\064\217\347\371\102\367\074\201\014
-\113\122\012
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "OpenTrust Root CA G2"
-# Issuer: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR
-# Serial Number:11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11
-# Subject: CN=OpenTrust Root CA G2,O=OpenTrust,C=FR
-# Not Valid Before: Mon May 26 00:00:00 2014
-# Not Valid After : Fri Jan 15 00:00:00 2038
-# Fingerprint (SHA-256): 27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2
-# Fingerprint (SHA1): 79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "OpenTrust Root CA G2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\171\137\210\140\305\253\174\075\222\346\313\364\215\341\105\315
-\021\357\140\013
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\127\044\266\131\044\153\256\310\376\034\014\040\362\300\116\353
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
-\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
-\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
-\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\022\021\040\241\151\033\277\275\271\275\122\226\217\043\350
-\110\277\046\021
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
-# Certificate "OpenTrust Root CA G3"
-#
-# Issuer: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR
-# Serial Number:11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f
-# Subject: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR
-# Not Valid Before: Mon May 26 00:00:00 2014
-# Not Valid After : Fri Jan 15 00:00:00 2038
-# Fingerprint (SHA-256): B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92
-# Fingerprint (SHA1): 6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "OpenTrust Root CA G3"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
-\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
-\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
-\107\063
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
-\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
-\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
-\107\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203
-\033\064\140\077
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\002\041\060\202\001\246\240\003\002\001\002\002\022\021
-\040\346\370\114\374\044\260\276\005\100\254\332\203\033\064\140
-\077\060\012\006\010\052\206\110\316\075\004\003\003\060\100\061
-\013\060\011\006\003\125\004\006\023\002\106\122\061\022\060\020
-\006\003\125\004\012\014\011\117\160\145\156\124\162\165\163\164
-\061\035\060\033\006\003\125\004\003\014\024\117\160\145\156\124
-\162\165\163\164\040\122\157\157\164\040\103\101\040\107\063\060
-\036\027\015\061\064\060\065\062\066\060\060\060\060\060\060\132
-\027\015\063\070\060\061\061\065\060\060\060\060\060\060\132\060
-\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061\022
-\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162\165
-\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160\145
-\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040\107
-\063\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005
-\053\201\004\000\042\003\142\000\004\112\356\130\256\115\312\146
-\336\006\072\243\021\374\340\030\360\156\034\272\055\060\014\211
-\331\326\356\233\163\203\251\043\025\214\057\131\212\132\335\024
-\352\235\131\053\103\267\006\354\062\266\272\356\101\265\255\135
-\241\205\314\352\035\024\146\243\147\176\106\342\224\363\347\266
-\126\241\025\131\241\117\067\227\271\042\036\275\021\353\364\262
-\037\136\303\024\232\345\331\227\231\243\143\060\141\060\016\006
-\003\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006
-\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035
-\006\003\125\035\016\004\026\004\024\107\167\303\024\213\142\071
-\014\311\157\341\120\115\320\020\130\334\225\210\155\060\037\006
-\003\125\035\043\004\030\060\026\200\024\107\167\303\024\213\142
-\071\014\311\157\341\120\115\320\020\130\334\225\210\155\060\012
-\006\010\052\206\110\316\075\004\003\003\003\151\000\060\146\002
-\061\000\217\250\334\235\272\014\004\027\372\025\351\075\057\051
-\001\227\277\201\026\063\100\223\154\374\371\355\200\160\157\252
-\217\333\204\302\213\365\065\312\006\334\144\157\150\026\341\217
-\221\271\002\061\000\330\113\245\313\302\320\010\154\351\030\373
-\132\335\115\137\044\013\260\000\041\045\357\217\247\004\046\161
-\342\174\151\345\135\232\370\101\037\073\071\223\223\235\125\352
-\315\215\361\373\301
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-
-# Trust for "OpenTrust Root CA G3"
-# Issuer: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR
-# Serial Number:11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f
-# Subject: CN=OpenTrust Root CA G3,O=OpenTrust,C=FR
-# Not Valid Before: Mon May 26 00:00:00 2014
-# Not Valid After : Fri Jan 15 00:00:00 2038
-# Fingerprint (SHA-256): B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92
-# Fingerprint (SHA1): 6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "OpenTrust Root CA G3"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\156\046\144\363\126\277\064\125\277\321\223\077\174\001\336\330
-\023\332\212\246
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\041\067\264\027\026\222\173\147\106\160\251\226\327\250\023\044
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\100\061\013\060\011\006\003\125\004\006\023\002\106\122\061
-\022\060\020\006\003\125\004\012\014\011\117\160\145\156\124\162
-\165\163\164\061\035\060\033\006\003\125\004\003\014\024\117\160
-\145\156\124\162\165\163\164\040\122\157\157\164\040\103\101\040
-\107\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203
-\033\064\140\077
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
#
# Certificate "ISRG Root X1"
#
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GTS Root R1"
+#
+# Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US
+# Serial Number:6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1
+# Subject: CN=GTS Root R1,O=Google Trust Services LLC,C=US
+# Not Valid Before: Wed Jun 22 00:00:00 2016
+# Not Valid After : Sun Jun 22 00:00:00 2036
+# Fingerprint (SHA-256): 2A:57:54:71:E3:13:40:BC:21:58:1C:BD:2C:F1:3E:15:84:63:20:3E:CE:94:BC:F9:D3:CC:19:6B:F0:9A:54:72
+# Fingerprint (SHA1): E1:C9:50:E6:EF:22:F8:4C:56:45:72:8B:92:20:60:D7:D5:A7:A3:E8
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GTS Root R1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145
+\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040
+\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124
+\123\040\122\157\157\164\040\122\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145
+\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040
+\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124
+\123\040\122\157\157\164\040\122\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\156\107\251\305\113\107\014\015\354\063\320\211\271\034
+\364\341
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\156
+\107\251\305\113\107\014\015\354\063\320\211\271\034\364\341\060
+\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\107
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\042\060
+\040\006\003\125\004\012\023\031\107\157\157\147\154\145\040\124
+\162\165\163\164\040\123\145\162\166\151\143\145\163\040\114\114
+\103\061\024\060\022\006\003\125\004\003\023\013\107\124\123\040
+\122\157\157\164\040\122\061\060\036\027\015\061\066\060\066\062
+\062\060\060\060\060\060\060\132\027\015\063\066\060\066\062\062
+\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125
+\004\006\023\002\125\123\061\042\060\040\006\003\125\004\012\023
+\031\107\157\157\147\154\145\040\124\162\165\163\164\040\123\145
+\162\166\151\143\145\163\040\114\114\103\061\024\060\022\006\003
+\125\004\003\023\013\107\124\123\040\122\157\157\164\040\122\061
+\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
+\000\266\021\002\213\036\343\241\167\233\073\334\277\224\076\267
+\225\247\100\074\241\375\202\371\175\062\006\202\161\366\366\214
+\177\373\350\333\274\152\056\227\227\243\214\113\371\053\366\261
+\371\316\204\035\261\371\305\227\336\357\271\362\243\351\274\022
+\211\136\247\252\122\253\370\043\047\313\244\261\234\143\333\327
+\231\176\360\012\136\353\150\246\364\306\132\107\015\115\020\063
+\343\116\261\023\243\310\030\154\113\354\374\011\220\337\235\144
+\051\045\043\007\241\264\322\075\056\140\340\317\322\011\207\273
+\315\110\360\115\302\302\172\210\212\273\272\317\131\031\326\257
+\217\260\007\260\236\061\361\202\301\300\337\056\246\155\154\031
+\016\265\330\176\046\032\105\003\075\260\171\244\224\050\255\017
+\177\046\345\250\010\376\226\350\074\150\224\123\356\203\072\210
+\053\025\226\011\262\340\172\214\056\165\326\234\353\247\126\144
+\217\226\117\150\256\075\227\302\204\217\300\274\100\300\013\134
+\275\366\207\263\065\154\254\030\120\177\204\340\114\315\222\323
+\040\351\063\274\122\231\257\062\265\051\263\045\052\264\110\371
+\162\341\312\144\367\346\202\020\215\350\235\302\212\210\372\070
+\146\212\374\143\371\001\371\170\375\173\134\167\372\166\207\372
+\354\337\261\016\171\225\127\264\275\046\357\326\001\321\353\026
+\012\273\216\013\265\305\305\212\125\253\323\254\352\221\113\051
+\314\031\244\062\045\116\052\361\145\104\320\002\316\252\316\111
+\264\352\237\174\203\260\100\173\347\103\253\247\154\243\217\175
+\211\201\372\114\245\377\325\216\303\316\113\340\265\330\263\216
+\105\317\166\300\355\100\053\375\123\017\260\247\325\073\015\261
+\212\242\003\336\061\255\314\167\352\157\173\076\326\337\221\042
+\022\346\276\372\330\062\374\020\143\024\121\162\336\135\326\026
+\223\275\051\150\063\357\072\146\354\007\212\046\337\023\327\127
+\145\170\047\336\136\111\024\000\242\000\177\232\250\041\266\251
+\261\225\260\245\271\015\026\021\332\307\154\110\074\100\340\176
+\015\132\315\126\074\321\227\005\271\313\113\355\071\113\234\304
+\077\322\125\023\156\044\260\326\161\372\364\301\272\314\355\033
+\365\376\201\101\330\000\230\075\072\310\256\172\230\067\030\005
+\225\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125
+\035\016\004\026\004\024\344\257\053\046\161\032\053\110\047\205
+\057\122\146\054\357\360\211\023\161\076\060\015\006\011\052\206
+\110\206\367\015\001\001\014\005\000\003\202\002\001\000\070\226
+\012\356\075\264\226\036\137\357\235\234\013\063\237\053\340\312
+\375\322\216\012\037\101\164\245\174\252\204\324\345\362\036\346
+\067\122\062\234\013\321\141\035\277\050\301\266\104\051\065\165
+\167\230\262\174\331\275\164\254\212\150\343\251\061\011\051\001
+\140\163\343\107\174\123\250\220\112\047\357\113\327\237\223\347
+\202\066\316\232\150\014\202\347\317\324\020\026\157\137\016\231
+\134\366\037\161\175\357\357\173\057\176\352\066\326\227\160\013
+\025\356\327\134\126\152\063\245\343\111\070\014\270\175\373\215
+\205\244\261\131\136\364\152\341\335\241\366\144\104\256\346\121
+\203\041\146\306\021\076\363\316\107\356\234\050\037\045\332\377
+\254\146\225\335\065\017\134\357\040\054\142\375\221\272\251\314
+\374\132\234\223\201\203\051\227\112\174\132\162\264\071\320\267
+\167\313\171\375\151\072\222\067\355\156\070\145\106\176\351\140
+\275\171\210\227\137\070\022\364\356\257\133\202\310\206\325\341
+\231\155\214\004\362\166\272\111\366\156\351\155\036\137\240\357
+\047\202\166\100\370\246\323\130\134\017\054\102\332\102\306\173
+\210\064\307\301\330\105\233\301\076\305\141\035\331\143\120\111
+\366\064\205\152\340\030\305\156\107\253\101\102\051\233\366\140
+\015\322\061\323\143\230\043\223\132\000\201\110\264\357\315\212
+\315\311\317\231\356\331\236\252\066\341\150\113\161\111\024\066
+\050\072\075\035\316\232\217\045\346\200\161\141\053\265\173\314
+\371\045\026\201\341\061\137\241\243\176\026\244\234\026\152\227
+\030\275\166\162\245\013\236\035\066\346\057\241\057\276\160\221
+\017\250\346\332\370\304\222\100\154\045\176\173\263\011\334\262
+\027\255\200\104\360\150\245\217\224\165\377\164\132\350\250\002
+\174\014\011\342\251\113\013\240\205\013\142\271\357\241\061\222
+\373\357\366\121\004\211\154\350\251\164\241\273\027\263\265\375
+\111\017\174\074\354\203\030\040\103\116\325\223\272\264\064\261
+\037\026\066\037\014\346\144\071\026\114\334\340\376\035\310\251
+\142\075\100\352\312\305\064\002\264\256\211\210\063\065\334\054
+\023\163\330\047\361\320\162\356\165\073\042\336\230\150\146\133
+\361\306\143\107\125\034\272\245\010\121\165\246\110\045
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "GTS Root R1"
+# Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US
+# Serial Number:6e:47:a9:c5:4b:47:0c:0d:ec:33:d0:89:b9:1c:f4:e1
+# Subject: CN=GTS Root R1,O=Google Trust Services LLC,C=US
+# Not Valid Before: Wed Jun 22 00:00:00 2016
+# Not Valid After : Sun Jun 22 00:00:00 2036
+# Fingerprint (SHA-256): 2A:57:54:71:E3:13:40:BC:21:58:1C:BD:2C:F1:3E:15:84:63:20:3E:CE:94:BC:F9:D3:CC:19:6B:F0:9A:54:72
+# Fingerprint (SHA1): E1:C9:50:E6:EF:22:F8:4C:56:45:72:8B:92:20:60:D7:D5:A7:A3:E8
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GTS Root R1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\341\311\120\346\357\042\370\114\126\105\162\213\222\040\140\327
+\325\247\243\350
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\202\032\357\324\322\112\362\237\342\075\227\006\024\160\162\205
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145
+\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040
+\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124
+\123\040\122\157\157\164\040\122\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\156\107\251\305\113\107\014\015\354\063\320\211\271\034
+\364\341
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GTS Root R2"
+#
+# Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US
+# Serial Number:6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f
+# Subject: CN=GTS Root R2,O=Google Trust Services LLC,C=US
+# Not Valid Before: Wed Jun 22 00:00:00 2016
+# Not Valid After : Sun Jun 22 00:00:00 2036
+# Fingerprint (SHA-256): C4:5D:7B:B0:8E:6D:67:E6:2E:42:35:11:0B:56:4E:5F:78:FD:92:EF:05:8C:84:0A:EA:4E:64:55:D7:58:5C:60
+# Fingerprint (SHA1): D2:73:96:2A:2A:5E:39:9F:73:3F:E1:C7:1E:64:3F:03:38:34:FC:4D
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GTS Root R2"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145
+\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040
+\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124
+\123\040\122\157\157\164\040\122\062
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145
+\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040
+\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124
+\123\040\122\157\157\164\040\122\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\156\107\251\306\132\263\347\040\305\060\232\077\150\122
+\362\157
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\156
+\107\251\306\132\263\347\040\305\060\232\077\150\122\362\157\060
+\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\107
+\061\013\060\011\006\003\125\004\006\023\002\125\123\061\042\060
+\040\006\003\125\004\012\023\031\107\157\157\147\154\145\040\124
+\162\165\163\164\040\123\145\162\166\151\143\145\163\040\114\114
+\103\061\024\060\022\006\003\125\004\003\023\013\107\124\123\040
+\122\157\157\164\040\122\062\060\036\027\015\061\066\060\066\062
+\062\060\060\060\060\060\060\132\027\015\063\066\060\066\062\062
+\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125
+\004\006\023\002\125\123\061\042\060\040\006\003\125\004\012\023
+\031\107\157\157\147\154\145\040\124\162\165\163\164\040\123\145
+\162\166\151\143\145\163\040\114\114\103\061\024\060\022\006\003
+\125\004\003\023\013\107\124\123\040\122\157\157\164\040\122\062
+\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
+\000\316\336\375\246\373\354\354\024\064\074\007\006\132\154\131
+\367\031\065\335\367\301\235\125\252\323\315\073\244\223\162\357
+\012\372\155\235\366\360\205\200\133\241\110\122\237\071\305\267
+\356\050\254\357\313\166\150\024\271\337\255\001\154\231\037\304
+\042\035\237\376\162\167\340\054\133\257\344\004\277\117\162\240
+\032\064\230\350\071\150\354\225\045\173\166\241\346\151\271\205
+\031\275\211\214\376\255\355\066\352\163\274\377\203\342\313\175
+\301\322\316\112\263\215\005\236\213\111\223\337\301\133\320\156
+\136\360\056\060\056\202\374\372\274\264\027\012\110\345\210\233
+\305\233\153\336\260\312\264\003\360\332\364\220\270\145\144\367
+\134\114\255\350\176\146\136\231\327\270\302\076\310\320\023\235
+\255\356\344\105\173\211\125\367\212\037\142\122\204\022\263\302
+\100\227\343\212\037\107\221\246\164\132\322\370\261\143\050\020
+\270\263\011\270\126\167\100\242\046\230\171\306\376\337\045\356
+\076\345\240\177\324\141\017\121\113\074\077\214\332\341\160\164
+\330\302\150\241\371\301\014\351\241\342\177\273\125\074\166\006
+\356\152\116\314\222\210\060\115\232\275\117\013\110\232\204\265
+\230\243\325\373\163\301\127\141\335\050\126\165\023\256\207\216
+\347\014\121\011\020\165\210\114\274\215\371\173\074\324\042\110
+\037\052\334\353\153\273\104\261\313\063\161\062\106\257\255\112
+\361\214\350\164\072\254\347\032\042\163\200\322\060\367\045\102
+\307\042\073\073\022\255\226\056\306\303\166\007\252\040\267\065
+\111\127\351\222\111\350\166\026\162\061\147\053\226\176\212\243
+\307\224\126\042\277\152\113\176\001\041\262\043\062\337\344\232
+\104\155\131\133\135\365\000\240\034\233\306\170\227\215\220\377
+\233\310\252\264\257\021\121\071\136\331\373\147\255\325\133\021
+\235\062\232\033\275\325\272\133\245\311\313\045\151\123\125\047
+\134\340\312\066\313\210\141\373\036\267\320\313\356\026\373\323
+\246\114\336\222\245\324\342\337\365\006\124\336\056\235\113\264
+\223\060\252\201\316\335\032\334\121\163\015\117\160\351\345\266
+\026\041\031\171\262\346\211\013\165\144\312\325\253\274\011\301
+\030\241\377\324\124\241\205\074\375\024\044\003\262\207\323\244
+\267\002\003\001\000\001\243\102\060\100\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125
+\035\016\004\026\004\024\273\377\312\216\043\237\117\231\312\333
+\342\150\246\245\025\047\027\036\331\016\060\015\006\011\052\206
+\110\206\367\015\001\001\014\005\000\003\202\002\001\000\266\151
+\360\246\167\376\236\356\013\201\255\341\300\251\307\371\065\035
+\100\202\253\346\004\264\337\313\367\035\017\203\360\176\023\115
+\215\214\356\343\063\042\303\071\374\100\337\156\101\113\102\123
+\276\026\210\361\322\070\136\304\150\231\034\230\122\223\214\347
+\150\355\033\152\163\172\005\100\115\177\145\073\326\130\361\316
+\203\107\140\343\377\227\251\234\140\167\030\125\265\176\010\223
+\317\320\366\074\147\003\025\141\011\371\201\171\365\354\123\244
+\237\311\217\001\213\163\304\167\166\334\203\242\365\014\111\032
+\250\166\336\222\233\144\370\263\054\305\047\323\007\300\010\200
+\244\230\222\343\001\226\002\252\002\356\217\073\305\321\155\012
+\063\060\163\170\271\117\124\026\277\013\007\241\244\134\346\313
+\311\134\204\217\017\340\025\167\054\176\046\176\332\304\113\333
+\247\026\167\007\260\315\165\350\162\102\326\225\204\235\206\203
+\362\344\220\315\011\107\324\213\003\160\332\132\306\003\102\364
+\355\067\242\360\033\120\124\113\016\330\204\336\031\050\231\201
+\107\256\011\033\077\110\321\303\157\342\260\140\027\365\356\043
+\002\245\332\000\133\155\220\253\356\242\351\033\073\351\307\104
+\047\105\216\153\237\365\244\204\274\167\371\153\227\254\076\121
+\105\242\021\246\314\205\356\012\150\362\076\120\070\172\044\142
+\036\027\040\067\155\152\115\267\011\233\311\374\244\130\365\266
+\373\234\116\030\273\225\002\347\241\255\233\007\356\066\153\044
+\322\071\206\301\223\203\120\322\201\106\250\137\142\127\054\273
+\154\144\210\010\156\357\023\124\137\335\055\304\147\143\323\317
+\211\067\277\235\040\364\373\172\203\233\240\036\201\000\120\302
+\344\014\042\131\122\020\355\103\126\207\000\370\024\122\247\035
+\213\223\214\242\115\106\177\047\306\161\233\044\336\344\332\206
+\213\015\176\153\040\301\300\236\341\145\330\152\243\246\350\205
+\213\072\007\010\034\272\365\217\125\232\030\165\176\345\354\201
+\146\321\041\163\241\065\104\013\200\075\133\234\136\157\052\027
+\226\321\203\043\210\146\155\346\206\342\160\062\057\122\042\347
+\310\347\177\304\054\140\135\057\303\257\236\105\005\303\204\002
+\267\375\054\010\122\117\202\335\243\360\324\206\011\002
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "GTS Root R2"
+# Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US
+# Serial Number:6e:47:a9:c6:5a:b3:e7:20:c5:30:9a:3f:68:52:f2:6f
+# Subject: CN=GTS Root R2,O=Google Trust Services LLC,C=US
+# Not Valid Before: Wed Jun 22 00:00:00 2016
+# Not Valid After : Sun Jun 22 00:00:00 2036
+# Fingerprint (SHA-256): C4:5D:7B:B0:8E:6D:67:E6:2E:42:35:11:0B:56:4E:5F:78:FD:92:EF:05:8C:84:0A:EA:4E:64:55:D7:58:5C:60
+# Fingerprint (SHA1): D2:73:96:2A:2A:5E:39:9F:73:3F:E1:C7:1E:64:3F:03:38:34:FC:4D
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GTS Root R2"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\322\163\226\052\052\136\071\237\163\077\341\307\036\144\077\003
+\070\064\374\115
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\104\355\232\016\244\011\073\000\362\256\114\243\306\141\260\213
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145
+\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040
+\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124
+\123\040\122\157\157\164\040\122\062
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\156\107\251\306\132\263\347\040\305\060\232\077\150\122
+\362\157
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GTS Root R3"
+#
+# Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US
+# Serial Number:6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d
+# Subject: CN=GTS Root R3,O=Google Trust Services LLC,C=US
+# Not Valid Before: Wed Jun 22 00:00:00 2016
+# Not Valid After : Sun Jun 22 00:00:00 2036
+# Fingerprint (SHA-256): 15:D5:B8:77:46:19:EA:7D:54:CE:1C:A6:D0:B0:C4:03:E0:37:A9:17:F1:31:E8:A0:4E:1E:6B:7A:71:BA:BC:E5
+# Fingerprint (SHA1): 30:D4:24:6F:07:FF:DB:91:89:8A:0B:E9:49:66:11:EB:8C:5E:46:E5
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GTS Root R3"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145
+\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040
+\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124
+\123\040\122\157\157\164\040\122\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145
+\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040
+\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124
+\123\040\122\157\157\164\040\122\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\156\107\251\307\154\251\163\044\100\211\017\003\125\335
+\215\035
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\014\060\202\001\221\240\003\002\001\002\002\020\156
+\107\251\307\154\251\163\044\100\211\017\003\125\335\215\035\060
+\012\006\010\052\206\110\316\075\004\003\003\060\107\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\042\060\040\006\003
+\125\004\012\023\031\107\157\157\147\154\145\040\124\162\165\163
+\164\040\123\145\162\166\151\143\145\163\040\114\114\103\061\024
+\060\022\006\003\125\004\003\023\013\107\124\123\040\122\157\157
+\164\040\122\063\060\036\027\015\061\066\060\066\062\062\060\060
+\060\060\060\060\132\027\015\063\066\060\066\062\062\060\060\060
+\060\060\060\132\060\107\061\013\060\011\006\003\125\004\006\023
+\002\125\123\061\042\060\040\006\003\125\004\012\023\031\107\157
+\157\147\154\145\040\124\162\165\163\164\040\123\145\162\166\151
+\143\145\163\040\114\114\103\061\024\060\022\006\003\125\004\003
+\023\013\107\124\123\040\122\157\157\164\040\122\063\060\166\060
+\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000
+\042\003\142\000\004\037\117\063\207\063\051\212\241\204\336\313
+\307\041\130\101\211\352\126\235\053\113\205\306\035\114\047\274
+\177\046\121\162\157\342\237\326\243\312\314\105\024\106\213\255
+\357\176\206\214\354\261\176\057\377\251\161\235\030\204\105\004
+\101\125\156\053\352\046\177\273\220\001\343\113\031\272\344\124
+\226\105\011\261\325\154\221\104\255\204\023\216\232\214\015\200
+\014\062\366\340\047\243\102\060\100\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035
+\016\004\026\004\024\301\361\046\272\240\055\256\205\201\317\323
+\361\052\022\275\270\012\147\375\274\060\012\006\010\052\206\110
+\316\075\004\003\003\003\151\000\060\146\002\061\000\200\133\244
+\174\043\300\225\245\054\334\276\211\157\043\271\243\335\145\000
+\122\136\221\254\310\235\162\164\202\123\013\175\251\100\275\150
+\140\305\341\270\124\073\301\066\027\045\330\301\275\002\061\000
+\236\065\222\164\205\045\121\365\044\354\144\122\044\120\245\037
+\333\350\313\311\166\354\354\202\156\365\205\030\123\350\270\343
+\232\051\252\226\323\203\043\311\244\173\141\263\314\002\350\135
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "GTS Root R3"
+# Issuer: CN=GTS Root R3,O=Google Trust Services LLC,C=US
+# Serial Number:6e:47:a9:c7:6c:a9:73:24:40:89:0f:03:55:dd:8d:1d
+# Subject: CN=GTS Root R3,O=Google Trust Services LLC,C=US
+# Not Valid Before: Wed Jun 22 00:00:00 2016
+# Not Valid After : Sun Jun 22 00:00:00 2036
+# Fingerprint (SHA-256): 15:D5:B8:77:46:19:EA:7D:54:CE:1C:A6:D0:B0:C4:03:E0:37:A9:17:F1:31:E8:A0:4E:1E:6B:7A:71:BA:BC:E5
+# Fingerprint (SHA1): 30:D4:24:6F:07:FF:DB:91:89:8A:0B:E9:49:66:11:EB:8C:5E:46:E5
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GTS Root R3"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\060\324\044\157\007\377\333\221\211\212\013\351\111\146\021\353
+\214\136\106\345
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\032\171\133\153\004\122\234\135\307\164\063\033\045\232\371\045
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145
+\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040
+\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124
+\123\040\122\157\157\164\040\122\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\156\107\251\307\154\251\163\044\100\211\017\003\125\335
+\215\035
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "GTS Root R4"
+#
+# Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US
+# Serial Number:6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99
+# Subject: CN=GTS Root R4,O=Google Trust Services LLC,C=US
+# Not Valid Before: Wed Jun 22 00:00:00 2016
+# Not Valid After : Sun Jun 22 00:00:00 2036
+# Fingerprint (SHA-256): 71:CC:A5:39:1F:9E:79:4B:04:80:25:30:B3:63:E1:21:DA:8A:30:43:BB:26:66:2F:EA:4D:CA:7F:C9:51:A4:BD
+# Fingerprint (SHA1): 2A:1D:60:27:D9:4A:B1:0A:1C:4D:91:5C:CD:33:A0:CB:3E:2D:54:CB
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GTS Root R4"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145
+\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040
+\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124
+\123\040\122\157\157\164\040\122\064
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145
+\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040
+\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124
+\123\040\122\157\157\164\040\122\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\156\107\251\310\213\224\266\350\273\073\052\330\242\262
+\301\231
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\012\060\202\001\221\240\003\002\001\002\002\020\156
+\107\251\310\213\224\266\350\273\073\052\330\242\262\301\231\060
+\012\006\010\052\206\110\316\075\004\003\003\060\107\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\042\060\040\006\003
+\125\004\012\023\031\107\157\157\147\154\145\040\124\162\165\163
+\164\040\123\145\162\166\151\143\145\163\040\114\114\103\061\024
+\060\022\006\003\125\004\003\023\013\107\124\123\040\122\157\157
+\164\040\122\064\060\036\027\015\061\066\060\066\062\062\060\060
+\060\060\060\060\132\027\015\063\066\060\066\062\062\060\060\060
+\060\060\060\132\060\107\061\013\060\011\006\003\125\004\006\023
+\002\125\123\061\042\060\040\006\003\125\004\012\023\031\107\157
+\157\147\154\145\040\124\162\165\163\164\040\123\145\162\166\151
+\143\145\163\040\114\114\103\061\024\060\022\006\003\125\004\003
+\023\013\107\124\123\040\122\157\157\164\040\122\064\060\166\060
+\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000
+\042\003\142\000\004\363\164\163\247\150\213\140\256\103\270\065
+\305\201\060\173\113\111\235\373\301\141\316\346\336\106\275\153
+\325\141\030\065\256\100\335\163\367\211\221\060\132\353\074\356
+\205\174\242\100\166\073\251\306\270\107\330\052\347\222\221\152
+\163\351\261\162\071\237\051\237\242\230\323\137\136\130\206\145
+\017\241\204\145\006\321\334\213\311\307\163\310\214\152\057\345
+\304\253\321\035\212\243\102\060\100\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\006\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035
+\016\004\026\004\024\200\114\326\353\164\377\111\066\243\325\330
+\374\265\076\305\152\360\224\035\214\060\012\006\010\052\206\110
+\316\075\004\003\003\003\147\000\060\144\002\060\152\120\122\164
+\010\304\160\334\236\120\164\041\350\215\172\041\303\117\226\156
+\025\321\042\065\141\055\372\010\067\356\031\155\255\333\262\314
+\175\007\064\365\140\031\054\265\064\331\157\040\002\060\003\161
+\261\272\243\140\013\206\355\232\010\152\225\150\237\342\263\341
+\223\144\174\136\223\246\337\171\055\215\205\343\224\317\043\135
+\161\314\362\260\115\326\376\231\310\224\251\165\242\343
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "GTS Root R4"
+# Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US
+# Serial Number:6e:47:a9:c8:8b:94:b6:e8:bb:3b:2a:d8:a2:b2:c1:99
+# Subject: CN=GTS Root R4,O=Google Trust Services LLC,C=US
+# Not Valid Before: Wed Jun 22 00:00:00 2016
+# Not Valid After : Sun Jun 22 00:00:00 2036
+# Fingerprint (SHA-256): 71:CC:A5:39:1F:9E:79:4B:04:80:25:30:B3:63:E1:21:DA:8A:30:43:BB:26:66:2F:EA:4D:CA:7F:C9:51:A4:BD
+# Fingerprint (SHA1): 2A:1D:60:27:D9:4A:B1:0A:1C:4D:91:5C:CD:33:A0:CB:3E:2D:54:CB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "GTS Root R4"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\052\035\140\047\331\112\261\012\034\115\221\134\315\063\240\313
+\076\055\124\313
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\135\266\152\304\140\027\044\152\032\231\250\113\356\136\264\046
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\042\060\040\006\003\125\004\012\023\031\107\157\157\147\154\145
+\040\124\162\165\163\164\040\123\145\162\166\151\143\145\163\040
+\114\114\103\061\024\060\022\006\003\125\004\003\023\013\107\124
+\123\040\122\157\157\164\040\122\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\156\107\251\310\213\224\266\350\273\073\052\330\242\262
+\301\231
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "UCA Global G2 Root"
+#
+# Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN
+# Serial Number:5d:df:b1:da:5a:a3:ed:5d:be:5a:65:20:65:03:90:ef
+# Subject: CN=UCA Global G2 Root,O=UniTrust,C=CN
+# Not Valid Before: Fri Mar 11 00:00:00 2016
+# Not Valid After : Mon Dec 31 00:00:00 2040
+# Fingerprint (SHA-256): 9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C
+# Fingerprint (SHA1): 28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "UCA Global G2 Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165
+\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101
+\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165
+\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101
+\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\135\337\261\332\132\243\355\135\276\132\145\040\145\003
+\220\357
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\106\060\202\003\056\240\003\002\001\002\002\020\135
+\337\261\332\132\243\355\135\276\132\145\040\145\003\220\357\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\075
+\061\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060
+\017\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164
+\061\033\060\031\006\003\125\004\003\014\022\125\103\101\040\107
+\154\157\142\141\154\040\107\062\040\122\157\157\164\060\036\027
+\015\061\066\060\063\061\061\060\060\060\060\060\060\132\027\015
+\064\060\061\062\063\061\060\060\060\060\060\060\132\060\075\061
+\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060\017
+\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164\061
+\033\060\031\006\003\125\004\003\014\022\125\103\101\040\107\154
+\157\142\141\154\040\107\062\040\122\157\157\164\060\202\002\042
+\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
+\202\002\017\000\060\202\002\012\002\202\002\001\000\305\346\053
+\157\174\357\046\005\047\243\201\044\332\157\313\001\371\231\232
+\251\062\302\042\207\141\101\221\073\313\303\150\033\006\305\114
+\251\053\301\147\027\042\035\053\355\371\051\211\223\242\170\275
+\222\153\240\243\015\242\176\312\223\263\246\321\214\065\325\165
+\371\027\366\317\105\305\345\172\354\167\223\240\217\043\256\016
+\032\003\177\276\324\320\355\056\173\253\106\043\133\377\054\346
+\124\172\224\300\052\025\360\311\215\260\172\073\044\341\327\150
+\342\061\074\006\063\106\266\124\021\246\245\057\042\124\052\130
+\015\001\002\361\372\025\121\147\154\300\372\327\266\033\177\321
+\126\210\057\032\072\215\073\273\202\021\340\107\000\320\122\207
+\253\373\206\176\017\044\153\100\235\064\147\274\215\307\055\206
+\157\171\076\216\251\074\027\113\177\260\231\343\260\161\140\334
+\013\365\144\303\316\103\274\155\161\271\322\336\047\133\212\350
+\330\306\256\341\131\175\317\050\055\065\270\225\126\032\361\262
+\130\113\267\022\067\310\174\263\355\113\200\341\215\372\062\043
+\266\157\267\110\225\010\261\104\116\205\214\072\002\124\040\057
+\337\277\127\117\073\072\220\041\327\301\046\065\124\040\354\307
+\077\107\354\357\132\277\113\172\301\255\073\027\120\134\142\330
+\017\113\112\334\053\372\156\274\163\222\315\354\307\120\350\101
+\226\327\251\176\155\330\351\035\217\212\265\271\130\222\272\112
+\222\053\014\126\375\200\353\010\360\136\051\156\033\034\014\257
+\217\223\211\255\333\275\243\236\041\312\211\031\354\337\265\303
+\032\353\026\376\170\066\114\326\156\320\076\027\034\220\027\153
+\046\272\373\172\057\277\021\034\030\016\055\163\003\217\240\345
+\065\240\132\342\114\165\035\161\341\071\070\123\170\100\314\203
+\223\327\012\236\235\133\217\212\344\345\340\110\344\110\262\107
+\315\116\052\165\052\173\362\042\366\311\276\011\221\226\127\172
+\210\210\254\356\160\254\371\334\051\343\014\034\073\022\116\104
+\326\247\116\260\046\310\363\331\032\227\221\150\352\357\215\106
+\006\322\126\105\130\232\074\014\017\203\270\005\045\303\071\317
+\073\244\064\211\267\171\022\057\107\305\347\251\227\151\374\246
+\167\147\265\337\173\361\172\145\025\344\141\126\145\002\003\001
+\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
+\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026
+\004\024\201\304\214\314\365\344\060\377\245\014\010\137\214\025
+\147\041\164\001\337\337\060\015\006\011\052\206\110\206\367\015
+\001\001\013\005\000\003\202\002\001\000\023\145\042\365\216\053
+\255\104\344\313\377\271\150\346\303\200\110\075\004\173\372\043
+\057\172\355\066\332\262\316\155\366\346\236\345\137\130\217\313
+\067\062\241\310\145\266\256\070\075\065\033\076\274\073\266\004
+\320\274\371\111\365\233\367\205\305\066\266\313\274\370\310\071
+\325\344\137\007\275\025\124\227\164\312\312\355\117\272\272\144
+\166\237\201\270\204\105\111\114\215\157\242\353\261\314\321\303
+\224\332\104\302\346\342\352\030\350\242\037\047\005\272\327\345
+\326\251\315\335\357\166\230\215\000\016\315\033\372\003\267\216
+\200\130\016\047\077\122\373\224\242\312\136\145\311\326\204\332
+\271\065\161\363\046\300\117\167\346\201\047\322\167\073\232\024
+\157\171\364\366\320\341\323\224\272\320\127\121\275\047\005\015
+\301\375\310\022\060\356\157\215\021\053\010\235\324\324\277\200
+\105\024\232\210\104\332\060\352\264\247\343\356\357\133\202\325
+\076\326\255\170\222\333\134\074\363\330\255\372\270\153\177\304
+\066\050\266\002\025\212\124\054\234\260\027\163\216\320\067\243
+\024\074\230\225\000\014\051\005\133\236\111\111\261\137\307\343
+\313\317\047\145\216\065\027\267\127\310\060\331\101\133\271\024
+\266\350\302\017\224\061\247\224\230\314\152\353\265\341\047\365
+\020\250\001\350\216\022\142\350\210\314\265\177\106\227\300\233
+\020\146\070\032\066\106\137\042\150\075\337\311\306\023\047\253
+\123\006\254\242\074\206\006\145\157\261\176\261\051\104\232\243
+\272\111\151\050\151\217\327\345\137\255\004\206\144\157\032\240
+\014\305\010\142\316\200\243\320\363\354\150\336\276\063\307\027
+\133\177\200\304\114\114\261\246\204\212\303\073\270\011\315\024
+\201\272\030\343\124\127\066\376\333\057\174\107\241\072\063\310
+\371\130\073\104\117\261\312\002\211\004\226\050\150\305\113\270
+\046\211\273\326\063\057\120\325\376\232\211\272\030\062\222\124
+\306\133\340\235\371\136\345\015\042\233\366\332\342\310\041\262
+\142\041\252\206\100\262\056\144\323\137\310\343\176\021\147\105
+\037\005\376\343\242\357\263\250\263\363\175\217\370\014\037\042
+\037\055\160\264\270\001\064\166\060\000\345\043\170\247\126\327
+\120\037\212\373\006\365\302\031\360\320
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "UCA Global G2 Root"
+# Issuer: CN=UCA Global G2 Root,O=UniTrust,C=CN
+# Serial Number:5d:df:b1:da:5a:a3:ed:5d:be:5a:65:20:65:03:90:ef
+# Subject: CN=UCA Global G2 Root,O=UniTrust,C=CN
+# Not Valid Before: Fri Mar 11 00:00:00 2016
+# Not Valid After : Mon Dec 31 00:00:00 2040
+# Fingerprint (SHA-256): 9B:EA:11:C9:76:FE:01:47:64:C1:BE:56:A6:F9:14:B5:A5:60:31:7A:BD:99:88:39:33:82:E5:16:1A:A0:49:3C
+# Fingerprint (SHA1): 28:F9:78:16:19:7A:FF:18:25:18:AA:44:FE:C1:A0:CE:5C:B6:4C:8A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "UCA Global G2 Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\050\371\170\026\031\172\377\030\045\030\252\104\376\301\240\316
+\134\266\114\212
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\200\376\360\304\112\360\134\142\062\237\034\272\170\251\120\370
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\075\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165
+\163\164\061\033\060\031\006\003\125\004\003\014\022\125\103\101
+\040\107\154\157\142\141\154\040\107\062\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\135\337\261\332\132\243\355\135\276\132\145\040\145\003
+\220\357
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "UCA Extended Validation Root"
+#
+# Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN
+# Serial Number:4f:d2:2b:8f:f5:64:c8:33:9e:4f:34:58:66:23:70:60
+# Subject: CN=UCA Extended Validation Root,O=UniTrust,C=CN
+# Not Valid Before: Fri Mar 13 00:00:00 2015
+# Not Valid After : Fri Dec 31 00:00:00 2038
+# Fingerprint (SHA-256): D4:3A:F9:B3:54:73:75:5C:96:84:FC:06:D7:D8:CB:70:EE:5C:28:E7:73:FB:29:4E:B4:1E:E7:17:22:92:4D:24
+# Fingerprint (SHA1): A3:A1:B0:6F:24:61:23:4A:E3:36:A5:C2:37:FC:A6:FF:DD:F0:D7:3A
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "UCA Extended Validation Root"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165
+\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101
+\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141
+\164\151\157\156\040\122\157\157\164
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165
+\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101
+\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141
+\164\151\157\156\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\117\322\053\217\365\144\310\063\236\117\064\130\146\043
+\160\140
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\132\060\202\003\102\240\003\002\001\002\002\020\117
+\322\053\217\365\144\310\063\236\117\064\130\146\043\160\140\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\107
+\061\013\060\011\006\003\125\004\006\023\002\103\116\061\021\060
+\017\006\003\125\004\012\014\010\125\156\151\124\162\165\163\164
+\061\045\060\043\006\003\125\004\003\014\034\125\103\101\040\105
+\170\164\145\156\144\145\144\040\126\141\154\151\144\141\164\151
+\157\156\040\122\157\157\164\060\036\027\015\061\065\060\063\061
+\063\060\060\060\060\060\060\132\027\015\063\070\061\062\063\061
+\060\060\060\060\060\060\132\060\107\061\013\060\011\006\003\125
+\004\006\023\002\103\116\061\021\060\017\006\003\125\004\012\014
+\010\125\156\151\124\162\165\163\164\061\045\060\043\006\003\125
+\004\003\014\034\125\103\101\040\105\170\164\145\156\144\145\144
+\040\126\141\154\151\144\141\164\151\157\156\040\122\157\157\164
+\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
+\000\251\011\007\050\023\002\260\231\340\144\252\036\103\026\172
+\163\261\221\240\165\076\250\372\343\070\000\172\354\211\152\040
+\017\213\305\260\233\063\003\132\206\306\130\206\325\301\205\273
+\117\306\234\100\115\312\276\356\151\226\270\255\201\060\232\174
+\222\005\353\005\053\232\110\320\270\166\076\226\310\040\273\322
+\260\361\217\330\254\105\106\377\252\147\140\264\167\176\152\037
+\074\032\122\172\004\075\007\074\205\015\204\320\037\166\012\367
+\152\024\337\162\343\064\174\127\116\126\001\076\171\361\252\051
+\073\154\372\370\217\155\115\310\065\337\256\353\334\044\356\171
+\105\247\205\266\005\210\336\210\135\045\174\227\144\147\011\331
+\277\132\025\005\206\363\011\036\354\130\062\063\021\363\167\144
+\260\166\037\344\020\065\027\033\362\016\261\154\244\052\243\163
+\374\011\037\036\062\031\123\021\347\331\263\054\056\166\056\241
+\243\336\176\152\210\011\350\362\007\212\370\262\315\020\347\342
+\163\100\223\273\010\321\077\341\374\013\224\263\045\357\174\246
+\327\321\257\237\377\226\232\365\221\173\230\013\167\324\176\350
+\007\322\142\265\225\071\343\363\361\155\017\016\145\204\212\143
+\124\305\200\266\340\236\113\175\107\046\247\001\010\135\321\210
+\236\327\303\062\104\372\202\112\012\150\124\177\070\123\003\314
+\244\000\063\144\121\131\013\243\202\221\172\136\354\026\302\363
+\052\346\142\332\052\333\131\142\020\045\112\052\201\013\107\007
+\103\006\160\207\322\372\223\021\051\172\110\115\353\224\307\160
+\115\257\147\325\121\261\200\040\001\001\264\172\010\246\220\177
+\116\340\357\007\101\207\257\152\245\136\213\373\317\120\262\232
+\124\257\303\211\272\130\055\365\060\230\261\066\162\071\176\111
+\004\375\051\247\114\171\344\005\127\333\224\271\026\123\215\106
+\263\035\225\141\127\126\177\257\360\026\133\141\130\157\066\120
+\021\013\330\254\053\225\026\032\016\037\010\315\066\064\145\020
+\142\146\325\200\137\024\040\137\055\014\240\170\012\150\326\054
+\327\351\157\053\322\112\005\223\374\236\157\153\147\377\210\361
+\116\245\151\112\122\067\005\352\306\026\215\322\304\231\321\202
+\053\073\272\065\165\367\121\121\130\363\310\007\335\344\264\003
+\177\002\003\001\000\001\243\102\060\100\060\035\006\003\125\035
+\016\004\026\004\024\331\164\072\344\060\075\015\367\022\334\176
+\132\005\237\036\064\232\367\341\024\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\206\060\015\006\011\052\206
+\110\206\367\015\001\001\013\005\000\003\202\002\001\000\066\215
+\227\314\102\025\144\051\067\233\046\054\326\373\256\025\151\054
+\153\032\032\367\137\266\371\007\114\131\352\363\311\310\271\256
+\314\272\056\172\334\300\365\260\055\300\073\257\237\160\005\021
+\152\237\045\117\001\051\160\343\345\014\341\352\132\174\334\111
+\273\301\036\052\201\365\026\113\162\221\310\242\061\271\252\332
+\374\235\037\363\135\100\002\023\374\116\034\006\312\263\024\220
+\124\027\031\022\032\361\037\327\014\151\132\366\161\170\364\224
+\175\221\013\216\354\220\124\216\274\157\241\114\253\374\164\144
+\375\161\232\370\101\007\241\315\221\344\074\232\340\233\062\071
+\163\253\052\325\151\310\170\221\046\061\175\342\307\060\361\374
+\024\170\167\022\016\023\364\335\026\224\277\113\147\173\160\123
+\205\312\260\273\363\070\115\054\220\071\300\015\302\135\153\351
+\342\345\325\210\215\326\054\277\253\033\276\265\050\207\022\027
+\164\156\374\175\374\217\320\207\046\260\033\373\271\154\253\342
+\236\075\025\301\073\056\147\002\130\221\237\357\370\102\037\054
+\267\150\365\165\255\317\265\366\377\021\175\302\360\044\245\255
+\323\372\240\074\251\372\135\334\245\240\357\104\244\276\326\350
+\345\344\023\226\027\173\006\076\062\355\307\267\102\274\166\243
+\330\145\070\053\070\065\121\041\016\016\157\056\064\023\100\341
+\053\147\014\155\112\101\060\030\043\132\062\125\231\311\027\340
+\074\336\366\354\171\255\053\130\031\242\255\054\042\032\225\216
+\276\226\220\135\102\127\304\371\024\003\065\053\034\055\121\127
+\010\247\072\336\077\344\310\264\003\163\302\301\046\200\273\013
+\102\037\255\015\257\046\162\332\314\276\263\243\203\130\015\202
+\305\037\106\121\343\234\030\314\215\233\215\354\111\353\165\120
+\325\214\050\131\312\164\064\332\214\013\041\253\036\352\033\345
+\307\375\025\076\300\027\252\373\043\156\046\106\313\372\371\261
+\162\153\151\317\042\204\013\142\017\254\331\031\000\224\242\166
+\074\324\055\232\355\004\236\055\006\142\020\067\122\034\205\162
+\033\047\345\314\306\061\354\067\354\143\131\233\013\035\166\314
+\176\062\232\210\225\010\066\122\273\336\166\137\166\111\111\255
+\177\275\145\040\262\311\301\053\166\030\166\237\126\261
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "UCA Extended Validation Root"
+# Issuer: CN=UCA Extended Validation Root,O=UniTrust,C=CN
+# Serial Number:4f:d2:2b:8f:f5:64:c8:33:9e:4f:34:58:66:23:70:60
+# Subject: CN=UCA Extended Validation Root,O=UniTrust,C=CN
+# Not Valid Before: Fri Mar 13 00:00:00 2015
+# Not Valid After : Fri Dec 31 00:00:00 2038
+# Fingerprint (SHA-256): D4:3A:F9:B3:54:73:75:5C:96:84:FC:06:D7:D8:CB:70:EE:5C:28:E7:73:FB:29:4E:B4:1E:E7:17:22:92:4D:24
+# Fingerprint (SHA1): A3:A1:B0:6F:24:61:23:4A:E3:36:A5:C2:37:FC:A6:FF:DD:F0:D7:3A
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "UCA Extended Validation Root"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\243\241\260\157\044\141\043\112\343\066\245\302\067\374\246\377
+\335\360\327\072
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\241\363\137\103\306\064\233\332\277\214\176\005\123\255\226\342
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\107\061\013\060\011\006\003\125\004\006\023\002\103\116\061
+\021\060\017\006\003\125\004\012\014\010\125\156\151\124\162\165
+\163\164\061\045\060\043\006\003\125\004\003\014\034\125\103\101
+\040\105\170\164\145\156\144\145\144\040\126\141\154\151\144\141
+\164\151\157\156\040\122\157\157\164
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\117\322\053\217\365\144\310\063\236\117\064\130\146\043
+\160\140
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Certigna Root CA"
+#
+# Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR
+# Serial Number:00:ca:e9:1b:89:f1:55:03:0d:a3:e6:41:6d:c4:e3:a6:e1
+# Subject: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR
+# Not Valid Before: Tue Oct 01 08:32:27 2013
+# Not Valid After : Sat Oct 01 08:32:27 2033
+# Fingerprint (SHA-256): D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68
+# Fingerprint (SHA1): 2D:0D:52:14:FF:9E:AD:99:24:01:74:20:47:6E:6C:85:27:27:F5:43
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certigna Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157
+\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060
+\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063
+\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164
+\151\147\156\141\040\122\157\157\164\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157
+\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060
+\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063
+\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164
+\151\147\156\141\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\312\351\033\211\361\125\003\015\243\346\101\155\304
+\343\246\341
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\006\133\060\202\004\103\240\003\002\001\002\002\021\000
+\312\351\033\211\361\125\003\015\243\346\101\155\304\343\246\341
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061\022
+\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157\164
+\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060\060
+\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063\066
+\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164\151
+\147\156\141\040\122\157\157\164\040\103\101\060\036\027\015\061
+\063\061\060\060\061\060\070\063\062\062\067\132\027\015\063\063
+\061\060\060\061\060\070\063\062\062\067\132\060\132\061\013\060
+\011\006\003\125\004\006\023\002\106\122\061\022\060\020\006\003
+\125\004\012\014\011\104\150\151\155\171\157\164\151\163\061\034
+\060\032\006\003\125\004\013\014\023\060\060\060\062\040\064\070
+\061\064\066\063\060\070\061\060\060\060\063\066\061\031\060\027
+\006\003\125\004\003\014\020\103\145\162\164\151\147\156\141\040
+\122\157\157\164\040\103\101\060\202\002\042\060\015\006\011\052
+\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000\060
+\202\002\012\002\202\002\001\000\315\030\071\145\032\131\261\352
+\144\026\016\214\224\044\225\174\203\323\305\071\046\334\014\357
+\026\127\215\327\330\254\243\102\177\202\312\355\315\133\333\016
+\267\055\355\105\010\027\262\331\263\313\326\027\122\162\050\333
+\216\116\236\212\266\013\371\236\204\232\115\166\336\042\051\134
+\322\263\322\006\076\060\071\251\164\243\222\126\034\241\157\114
+\012\040\155\237\043\172\264\306\332\054\344\035\054\334\263\050
+\320\023\362\114\116\002\111\241\124\100\236\346\345\005\240\055
+\204\310\377\230\154\320\353\212\032\204\010\036\267\150\043\356
+\043\325\160\316\155\121\151\020\356\241\172\302\321\042\061\302
+\202\205\322\362\125\166\120\174\045\172\311\204\134\013\254\335
+\102\116\053\347\202\242\044\211\313\220\262\320\356\043\272\146
+\114\273\142\244\371\123\132\144\173\174\230\372\243\110\236\017
+\225\256\247\030\364\152\354\056\003\105\257\360\164\370\052\315
+\172\135\321\276\104\046\062\051\361\361\365\154\314\176\002\041
+\013\237\157\244\077\276\235\123\342\317\175\251\054\174\130\032
+\227\341\075\067\067\030\146\050\322\100\305\121\212\214\303\055
+\316\123\210\044\130\144\060\026\305\252\340\326\012\246\100\337
+\170\366\365\004\174\151\023\204\274\321\321\247\006\317\001\367
+\150\300\250\127\273\072\141\255\004\214\223\343\255\374\360\333
+\104\155\131\334\111\131\256\254\232\231\066\060\101\173\166\063
+\042\207\243\302\222\206\156\371\160\356\256\207\207\225\033\304
+\172\275\061\363\324\322\345\231\377\276\110\354\165\365\170\026
+\035\246\160\301\177\074\033\241\222\373\317\310\074\326\305\223
+\012\217\365\125\072\166\225\316\131\230\212\011\225\167\062\232
+\203\272\054\004\072\227\275\324\057\276\327\154\233\242\312\175
+\155\046\311\125\325\317\303\171\122\010\011\231\007\044\055\144
+\045\153\246\041\151\233\152\335\164\115\153\227\172\101\275\253
+\027\371\220\027\110\217\066\371\055\325\305\333\356\252\205\105
+\101\372\315\072\105\261\150\346\066\114\233\220\127\354\043\271
+\207\010\302\304\011\361\227\206\052\050\115\342\164\300\332\304
+\214\333\337\342\241\027\131\316\044\131\164\061\332\177\375\060
+\155\331\334\341\152\341\374\137\002\003\001\000\001\243\202\001
+\032\060\202\001\026\060\017\006\003\125\035\023\001\001\377\004
+\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377
+\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004
+\024\030\207\126\340\156\167\356\044\065\074\116\163\232\037\326
+\341\342\171\176\053\060\037\006\003\125\035\043\004\030\060\026
+\200\024\030\207\126\340\156\167\356\044\065\074\116\163\232\037
+\326\341\342\171\176\053\060\104\006\003\125\035\040\004\075\060
+\073\060\071\006\004\125\035\040\000\060\061\060\057\006\010\053
+\006\001\005\005\007\002\001\026\043\150\164\164\160\163\072\057
+\057\167\167\167\167\056\143\145\162\164\151\147\156\141\056\146
+\162\057\141\165\164\157\162\151\164\145\163\057\060\155\006\003
+\125\035\037\004\146\060\144\060\057\240\055\240\053\206\051\150
+\164\164\160\072\057\057\143\162\154\056\143\145\162\164\151\147
+\156\141\056\146\162\057\143\145\162\164\151\147\156\141\162\157
+\157\164\143\141\056\143\162\154\060\061\240\057\240\055\206\053
+\150\164\164\160\072\057\057\143\162\154\056\144\150\151\155\171
+\157\164\151\163\056\143\157\155\057\143\145\162\164\151\147\156
+\141\162\157\157\164\143\141\056\143\162\154\060\015\006\011\052
+\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\224
+\270\236\117\360\343\225\010\042\347\315\150\101\367\034\125\325
+\174\000\342\055\072\211\135\150\070\057\121\042\013\112\215\313
+\351\273\135\076\273\134\075\261\050\376\344\123\125\023\317\241
+\220\033\002\035\137\146\106\011\063\050\341\015\044\227\160\323
+\020\037\352\144\127\226\273\135\332\347\304\214\117\114\144\106
+\035\134\207\343\131\336\102\321\233\250\176\246\211\335\217\034
+\311\060\202\355\073\234\315\300\351\031\340\152\330\002\165\067
+\253\367\064\050\050\221\362\004\012\117\065\343\140\046\001\372
+\320\021\214\371\021\152\356\257\075\303\120\323\217\137\063\171
+\074\206\250\163\105\220\214\040\266\162\163\027\043\276\007\145
+\345\170\222\015\272\001\300\353\214\034\146\277\254\206\167\001
+\224\015\234\346\351\071\215\037\246\121\214\231\014\071\167\341
+\264\233\372\034\147\127\157\152\152\216\251\053\114\127\171\172
+\127\042\317\315\137\143\106\215\134\131\072\206\370\062\107\142
+\243\147\015\030\221\334\373\246\153\365\110\141\163\043\131\216
+\002\247\274\104\352\364\111\235\361\124\130\371\140\257\332\030
+\244\057\050\105\334\172\240\210\206\135\363\073\347\377\051\065
+\200\374\144\103\224\346\343\034\157\276\255\016\052\143\231\053
+\311\176\205\366\161\350\006\003\225\376\336\217\110\034\132\324
+\222\350\053\356\347\061\333\272\004\152\207\230\347\305\137\357
+\175\247\042\367\001\330\115\371\211\320\016\232\005\131\244\236
+\230\331\157\053\312\160\276\144\302\125\243\364\351\257\303\222
+\051\334\210\026\044\231\074\215\046\230\266\133\267\314\316\267
+\067\007\375\046\331\230\205\044\377\131\043\003\232\355\235\235
+\250\344\136\070\316\327\122\015\157\322\077\155\261\005\153\111
+\316\212\221\106\163\364\366\057\360\250\163\167\016\145\254\241
+\215\146\122\151\176\113\150\014\307\036\067\047\203\245\214\307
+\002\344\024\315\111\001\260\163\263\375\306\220\072\157\322\154
+\355\073\356\354\221\276\242\103\135\213\000\112\146\045\104\160
+\336\100\017\370\174\025\367\242\316\074\327\136\023\214\201\027
+\030\027\321\275\361\167\020\072\324\145\071\301\047\254\127\054
+\045\124\377\242\332\117\212\141\071\136\256\075\112\214\275
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+
+# Trust for "Certigna Root CA"
+# Issuer: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR
+# Serial Number:00:ca:e9:1b:89:f1:55:03:0d:a3:e6:41:6d:c4:e3:a6:e1
+# Subject: CN=Certigna Root CA,OU=0002 48146308100036,O=Dhimyotis,C=FR
+# Not Valid Before: Tue Oct 01 08:32:27 2013
+# Not Valid After : Sat Oct 01 08:32:27 2033
+# Fingerprint (SHA-256): D4:8D:3D:23:EE:DB:50:A4:59:E5:51:97:60:1C:27:77:4B:9D:7B:18:C9:4D:5A:05:95:11:A1:02:50:B9:31:68
+# Fingerprint (SHA1): 2D:0D:52:14:FF:9E:AD:99:24:01:74:20:47:6E:6C:85:27:27:F5:43
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Certigna Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\055\015\122\024\377\236\255\231\044\001\164\040\107\156\154\205
+\047\047\365\103
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\016\134\060\142\047\353\133\274\327\256\142\272\351\325\337\167
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\132\061\013\060\011\006\003\125\004\006\023\002\106\122\061
+\022\060\020\006\003\125\004\012\014\011\104\150\151\155\171\157
+\164\151\163\061\034\060\032\006\003\125\004\013\014\023\060\060
+\060\062\040\064\070\061\064\066\063\060\070\061\060\060\060\063
+\066\061\031\060\027\006\003\125\004\003\014\020\103\145\162\164
+\151\147\156\141\040\122\157\157\164\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\312\351\033\211\361\125\003\015\243\346\101\155\304
+\343\246\341
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
net.ipv4.conf.all.log_martians = 1
kernel.printk = 1 4 1 7
-vm.swappiness=1
vm.mmap_min_addr = 4096
vm.min_free_kbytes = 8192
# Avoid kernel memory address exposures via dmesg.
kernel.dmesg_restrict = 1
+
+# Minimal preemption granularity for CPU-bound tasks:
+# (default: 1 msec# (1 + ilog(ncpus)), units: nanoseconds)
+kernel.sched_min_granularity_ns = 10000000
+
+# If a workload mostly uses anonymous memory and it hits this limit, the entire
+# working set is buffered for I/O, and any more write buffering would require
+# swapping, so it's time to throttle writes until I/O can catch up. Workloads
+# that mostly use file mappings may be able to use even higher values.
+#
+# The generator of dirty data starts writeback at this percentage (system default
+# is 20%)
+vm.dirty_ratio = 10
+
+# Start background writeback (via writeback threads) at this percentage (system
+# default is 10%)
+vm.dirty_background_ratio = 3
+
+# The swappiness parameter controls the tendency of the kernel to move
+# processes out of physical memory and onto the swap disk.
+# 0 tells the kernel to avoid swapping processes out of physical memory
+# for as long as possible
+# 100 tells the kernel to aggressively swap processes out of physical memory
+# and move them to swap cache
+vm.swappiness = 1
+
+# The total time the scheduler will consider a migrated process
+# "cache hot" and thus less likely to be re-migrated
+# (system default is 500000, i.e. 0.5 ms)
+kernel.sched_migration_cost_ns = 5000000
+
+# Increase kernel buffer size maximums
+net.ipv4.tcp_rmem = 4096 87380 16777216
+net.ipv4.tcp_wmem = 4096 16384 16777216
+net.ipv4.udp_mem = 3145728 4194304 16777216
+
+# Approximate time in us to busy loop waiting for packets on the device queue
+net.core.busy_read=50
+net.core.busy_poll=50
+
+# Enable TCP fast-open
+net.ipv4.tcp_fastopen = 3
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm64 4.14.81-ipfire Kernel Configuration
+# Linux/arm64 4.14.94-ipfire Kernel Configuration
#
CONFIG_ARM64=y
CONFIG_64BIT=y
#
# ACPI INT340X thermal drivers
#
+
+#
+# Broadcom thermal drivers
+#
+CONFIG_BCM2835_THERMAL=y
CONFIG_GENERIC_ADC_THERMAL=m
CONFIG_WATCHDOG=y
CONFIG_WATCHDOG_CORE=y
# CONFIG_CIFS_WEAK_PW_HASH is not set
# CONFIG_CIFS_UPCALL is not set
CONFIG_CIFS_XATTR=y
-CONFIG_CIFS_POSIX=y
CONFIG_CIFS_ACL=y
# CONFIG_CIFS_DEBUG is not set
CONFIG_CIFS_DFS_UPCALL=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 4.14.81-ipfire-kirkwood Kernel Configuration
+# Linux/arm 4.14.94-ipfire-kirkwood Kernel Configuration
#
CONFIG_ARM=y
CONFIG_ARM_HAS_SG_CHAIN=y
# CONFIG_CIFS_WEAK_PW_HASH is not set
# CONFIG_CIFS_UPCALL is not set
CONFIG_CIFS_XATTR=y
-CONFIG_CIFS_POSIX=y
CONFIG_CIFS_ACL=y
# CONFIG_CIFS_DEBUG is not set
CONFIG_CIFS_DFS_UPCALL=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/arm 4.14.81-ipfire-multi Kernel Configuration
+# Linux/arm 4.14.94-ipfire-multi Kernel Configuration
#
CONFIG_ARM=y
CONFIG_ARM_HAS_SG_CHAIN=y
# CONFIG_CIFS_WEAK_PW_HASH is not set
# CONFIG_CIFS_UPCALL is not set
CONFIG_CIFS_XATTR=y
-CONFIG_CIFS_POSIX=y
CONFIG_CIFS_ACL=y
# CONFIG_CIFS_DEBUG is not set
CONFIG_CIFS_DFS_UPCALL=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.81-ipfire-pae Kernel Configuration
+# Linux/x86 4.14.94-ipfire-pae Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
# CONFIG_CIFS_WEAK_PW_HASH is not set
# CONFIG_CIFS_UPCALL is not set
CONFIG_CIFS_XATTR=y
-CONFIG_CIFS_POSIX=y
CONFIG_CIFS_ACL=y
# CONFIG_CIFS_DEBUG is not set
CONFIG_CIFS_DFS_UPCALL=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.81-ipfire-pae Kernel Configuration
+# Linux/x86 4.14.94-ipfire-pae Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
# CONFIG_CIFS_WEAK_PW_HASH is not set
# CONFIG_CIFS_UPCALL is not set
CONFIG_CIFS_XATTR=y
-CONFIG_CIFS_POSIX=y
CONFIG_CIFS_ACL=y
# CONFIG_CIFS_DEBUG is not set
CONFIG_CIFS_DFS_UPCALL=y
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.81-ipfire Kernel Configuration
+# Linux/x86 4.14.94-ipfire Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
CONFIG_SWIOTLB=y
CONFIG_IOMMU_HELPER=y
# CONFIG_MAXSMP is not set
-CONFIG_NR_CPUS=32
+CONFIG_NR_CPUS=64
CONFIG_SCHED_SMT=y
CONFIG_SCHED_MC=y
CONFIG_SCHED_MC_PRIO=y
# CONFIG_CIFS_WEAK_PW_HASH is not set
# CONFIG_CIFS_UPCALL is not set
CONFIG_CIFS_XATTR=y
-CONFIG_CIFS_POSIX=y
CONFIG_CIFS_ACL=y
# CONFIG_CIFS_DEBUG is not set
CONFIG_CIFS_DFS_UPCALL=y
#etc/ssh/ssh_host_ecdsa_key.pub
#etc/ssh/ssh_host_ed25519_key
#etc/ssh/ssh_host_ed25519_key.pub
-#etc/ssh/ssh_host_key
-#etc/ssh/ssh_host_key.pub
#etc/ssh/ssh_host_rsa_key
#etc/ssh/ssh_host_rsa_key.pub
etc/ssh/sshd_config
usr/sbin/sshd
#usr/share/man/man1/scp.1
#usr/share/man/man1/sftp.1
-#usr/share/man/man1/slogin.1
#usr/share/man/man1/ssh-add.1
#usr/share/man/man1/ssh-agent.1
#usr/share/man/man1/ssh-keygen.1
#usr/share/zoneinfo/America/Eirunepe
#usr/share/zoneinfo/America/El_Salvador
#usr/share/zoneinfo/America/Ensenada
-#usr/share/zoneinfo/America/Fortaleza
#usr/share/zoneinfo/America/Fort_Nelson
#usr/share/zoneinfo/America/Fort_Wayne
+#usr/share/zoneinfo/America/Fortaleza
#usr/share/zoneinfo/America/Glace_Bay
#usr/share/zoneinfo/America/Godthab
#usr/share/zoneinfo/America/Goose_Bay
#usr/share/zoneinfo/America/Indiana/Knox
#usr/share/zoneinfo/America/Indiana/Marengo
#usr/share/zoneinfo/America/Indiana/Petersburg
-#usr/share/zoneinfo/America/Indianapolis
#usr/share/zoneinfo/America/Indiana/Tell_City
#usr/share/zoneinfo/America/Indiana/Vevay
#usr/share/zoneinfo/America/Indiana/Vincennes
#usr/share/zoneinfo/America/Indiana/Winamac
+#usr/share/zoneinfo/America/Indianapolis
#usr/share/zoneinfo/America/Inuvik
#usr/share/zoneinfo/America/Iqaluit
#usr/share/zoneinfo/America/Jamaica
#usr/share/zoneinfo/America/Paramaribo
#usr/share/zoneinfo/America/Phoenix
#usr/share/zoneinfo/America/Port-au-Prince
-#usr/share/zoneinfo/America/Porto_Acre
#usr/share/zoneinfo/America/Port_of_Spain
+#usr/share/zoneinfo/America/Porto_Acre
#usr/share/zoneinfo/America/Porto_Velho
#usr/share/zoneinfo/America/Puerto_Rico
#usr/share/zoneinfo/America/Punta_Arenas
#usr/share/zoneinfo/Asia/Pontianak
#usr/share/zoneinfo/Asia/Pyongyang
#usr/share/zoneinfo/Asia/Qatar
+#usr/share/zoneinfo/Asia/Qostanay
#usr/share/zoneinfo/Asia/Qyzylorda
#usr/share/zoneinfo/Asia/Rangoon
#usr/share/zoneinfo/Asia/Riyadh
#usr/share/zoneinfo/Atlantic/Madeira
#usr/share/zoneinfo/Atlantic/Reykjavik
#usr/share/zoneinfo/Atlantic/South_Georgia
-#usr/share/zoneinfo/Atlantic/Stanley
#usr/share/zoneinfo/Atlantic/St_Helena
+#usr/share/zoneinfo/Atlantic/Stanley
#usr/share/zoneinfo/Australia
#usr/share/zoneinfo/Australia/ACT
#usr/share/zoneinfo/Australia/Adelaide
#usr/share/zoneinfo/Australia/Lindeman
#usr/share/zoneinfo/Australia/Lord_Howe
#usr/share/zoneinfo/Australia/Melbourne
-#usr/share/zoneinfo/Australia/North
#usr/share/zoneinfo/Australia/NSW
+#usr/share/zoneinfo/Australia/North
#usr/share/zoneinfo/Australia/Perth
#usr/share/zoneinfo/Australia/Queensland
#usr/share/zoneinfo/Australia/South
#usr/share/zoneinfo/Brazil/DeNoronha
#usr/share/zoneinfo/Brazil/East
#usr/share/zoneinfo/Brazil/West
+#usr/share/zoneinfo/CET
+#usr/share/zoneinfo/CST6CDT
#usr/share/zoneinfo/Canada
#usr/share/zoneinfo/Canada/Atlantic
#usr/share/zoneinfo/Canada/Central
#usr/share/zoneinfo/Canada/Eastern
-#usr/share/zoneinfo/Canada/East-Saskatchewan
#usr/share/zoneinfo/Canada/Mountain
#usr/share/zoneinfo/Canada/Newfoundland
#usr/share/zoneinfo/Canada/Pacific
#usr/share/zoneinfo/Canada/Saskatchewan
#usr/share/zoneinfo/Canada/Yukon
-#usr/share/zoneinfo/CET
#usr/share/zoneinfo/Chile
#usr/share/zoneinfo/Chile/Continental
#usr/share/zoneinfo/Chile/EasterIsland
-#usr/share/zoneinfo/CST6CDT
#usr/share/zoneinfo/Cuba
#usr/share/zoneinfo/EET
-#usr/share/zoneinfo/Egypt
-#usr/share/zoneinfo/Eire
#usr/share/zoneinfo/EST
#usr/share/zoneinfo/EST5EDT
+#usr/share/zoneinfo/Egypt
+#usr/share/zoneinfo/Eire
#usr/share/zoneinfo/Etc
#usr/share/zoneinfo/Etc/GMT
-#usr/share/zoneinfo/Etc/GMT0
-#usr/share/zoneinfo/Etc/GMT-0
#usr/share/zoneinfo/Etc/GMT+0
-#usr/share/zoneinfo/Etc/GMT-1
#usr/share/zoneinfo/Etc/GMT+1
-#usr/share/zoneinfo/Etc/GMT-10
#usr/share/zoneinfo/Etc/GMT+10
-#usr/share/zoneinfo/Etc/GMT-11
#usr/share/zoneinfo/Etc/GMT+11
-#usr/share/zoneinfo/Etc/GMT-12
#usr/share/zoneinfo/Etc/GMT+12
+#usr/share/zoneinfo/Etc/GMT+2
+#usr/share/zoneinfo/Etc/GMT+3
+#usr/share/zoneinfo/Etc/GMT+4
+#usr/share/zoneinfo/Etc/GMT+5
+#usr/share/zoneinfo/Etc/GMT+6
+#usr/share/zoneinfo/Etc/GMT+7
+#usr/share/zoneinfo/Etc/GMT+8
+#usr/share/zoneinfo/Etc/GMT+9
+#usr/share/zoneinfo/Etc/GMT-0
+#usr/share/zoneinfo/Etc/GMT-1
+#usr/share/zoneinfo/Etc/GMT-10
+#usr/share/zoneinfo/Etc/GMT-11
+#usr/share/zoneinfo/Etc/GMT-12
#usr/share/zoneinfo/Etc/GMT-13
#usr/share/zoneinfo/Etc/GMT-14
#usr/share/zoneinfo/Etc/GMT-2
-#usr/share/zoneinfo/Etc/GMT+2
#usr/share/zoneinfo/Etc/GMT-3
-#usr/share/zoneinfo/Etc/GMT+3
#usr/share/zoneinfo/Etc/GMT-4
-#usr/share/zoneinfo/Etc/GMT+4
#usr/share/zoneinfo/Etc/GMT-5
-#usr/share/zoneinfo/Etc/GMT+5
#usr/share/zoneinfo/Etc/GMT-6
-#usr/share/zoneinfo/Etc/GMT+6
#usr/share/zoneinfo/Etc/GMT-7
-#usr/share/zoneinfo/Etc/GMT+7
#usr/share/zoneinfo/Etc/GMT-8
-#usr/share/zoneinfo/Etc/GMT+8
#usr/share/zoneinfo/Etc/GMT-9
-#usr/share/zoneinfo/Etc/GMT+9
+#usr/share/zoneinfo/Etc/GMT0
#usr/share/zoneinfo/Etc/Greenwich
#usr/share/zoneinfo/Etc/UCT
-#usr/share/zoneinfo/Etc/Universal
#usr/share/zoneinfo/Etc/UTC
+#usr/share/zoneinfo/Etc/Universal
#usr/share/zoneinfo/Etc/Zulu
#usr/share/zoneinfo/Europe
#usr/share/zoneinfo/Europe/Amsterdam
#usr/share/zoneinfo/GB
#usr/share/zoneinfo/GB-Eire
#usr/share/zoneinfo/GMT
-#usr/share/zoneinfo/GMT0
-#usr/share/zoneinfo/GMT-0
#usr/share/zoneinfo/GMT+0
+#usr/share/zoneinfo/GMT-0
+#usr/share/zoneinfo/GMT0
#usr/share/zoneinfo/Greenwich
-#usr/share/zoneinfo/Hongkong
#usr/share/zoneinfo/HST
+#usr/share/zoneinfo/Hongkong
#usr/share/zoneinfo/Iceland
#usr/share/zoneinfo/Indian
#usr/share/zoneinfo/Indian/Antananarivo
#usr/share/zoneinfo/Indian/Mayotte
#usr/share/zoneinfo/Indian/Reunion
#usr/share/zoneinfo/Iran
-#usr/share/zoneinfo/iso3166.tab
#usr/share/zoneinfo/Israel
#usr/share/zoneinfo/Jamaica
#usr/share/zoneinfo/Japan
#usr/share/zoneinfo/Kwajalein
#usr/share/zoneinfo/Libya
#usr/share/zoneinfo/MET
+#usr/share/zoneinfo/MST
+#usr/share/zoneinfo/MST7MDT
#usr/share/zoneinfo/Mexico
#usr/share/zoneinfo/Mexico/BajaNorte
#usr/share/zoneinfo/Mexico/BajaSur
#usr/share/zoneinfo/Mexico/General
-#usr/share/zoneinfo/MST
-#usr/share/zoneinfo/MST7MDT
-#usr/share/zoneinfo/Navajo
#usr/share/zoneinfo/NZ
#usr/share/zoneinfo/NZ-CHAT
+#usr/share/zoneinfo/Navajo
+#usr/share/zoneinfo/PRC
+#usr/share/zoneinfo/PST8PDT
#usr/share/zoneinfo/Pacific
#usr/share/zoneinfo/Pacific/Apia
#usr/share/zoneinfo/Pacific/Auckland
#usr/share/zoneinfo/Pacific/Yap
#usr/share/zoneinfo/Poland
#usr/share/zoneinfo/Portugal
+#usr/share/zoneinfo/ROC
+#usr/share/zoneinfo/ROK
+#usr/share/zoneinfo/Singapore
+#usr/share/zoneinfo/Turkey
+#usr/share/zoneinfo/UCT
+#usr/share/zoneinfo/US
+#usr/share/zoneinfo/US/Alaska
+#usr/share/zoneinfo/US/Aleutian
+#usr/share/zoneinfo/US/Arizona
+#usr/share/zoneinfo/US/Central
+#usr/share/zoneinfo/US/East-Indiana
+#usr/share/zoneinfo/US/Eastern
+#usr/share/zoneinfo/US/Hawaii
+#usr/share/zoneinfo/US/Indiana-Starke
+#usr/share/zoneinfo/US/Michigan
+#usr/share/zoneinfo/US/Mountain
+#usr/share/zoneinfo/US/Pacific
+#usr/share/zoneinfo/US/Pacific-New
+#usr/share/zoneinfo/US/Samoa
+#usr/share/zoneinfo/UTC
+#usr/share/zoneinfo/Universal
+#usr/share/zoneinfo/W-SU
+#usr/share/zoneinfo/WET
+#usr/share/zoneinfo/Zulu
+#usr/share/zoneinfo/iso3166.tab
#usr/share/zoneinfo/posix
#usr/share/zoneinfo/posix/Africa
#usr/share/zoneinfo/posix/Africa/Abidjan
#usr/share/zoneinfo/posix/America/Eirunepe
#usr/share/zoneinfo/posix/America/El_Salvador
#usr/share/zoneinfo/posix/America/Ensenada
-#usr/share/zoneinfo/posix/America/Fortaleza
#usr/share/zoneinfo/posix/America/Fort_Nelson
#usr/share/zoneinfo/posix/America/Fort_Wayne
+#usr/share/zoneinfo/posix/America/Fortaleza
#usr/share/zoneinfo/posix/America/Glace_Bay
#usr/share/zoneinfo/posix/America/Godthab
#usr/share/zoneinfo/posix/America/Goose_Bay
#usr/share/zoneinfo/posix/America/Indiana/Knox
#usr/share/zoneinfo/posix/America/Indiana/Marengo
#usr/share/zoneinfo/posix/America/Indiana/Petersburg
-#usr/share/zoneinfo/posix/America/Indianapolis
#usr/share/zoneinfo/posix/America/Indiana/Tell_City
#usr/share/zoneinfo/posix/America/Indiana/Vevay
#usr/share/zoneinfo/posix/America/Indiana/Vincennes
#usr/share/zoneinfo/posix/America/Indiana/Winamac
+#usr/share/zoneinfo/posix/America/Indianapolis
#usr/share/zoneinfo/posix/America/Inuvik
#usr/share/zoneinfo/posix/America/Iqaluit
#usr/share/zoneinfo/posix/America/Jamaica
#usr/share/zoneinfo/posix/America/Paramaribo
#usr/share/zoneinfo/posix/America/Phoenix
#usr/share/zoneinfo/posix/America/Port-au-Prince
-#usr/share/zoneinfo/posix/America/Porto_Acre
#usr/share/zoneinfo/posix/America/Port_of_Spain
+#usr/share/zoneinfo/posix/America/Porto_Acre
#usr/share/zoneinfo/posix/America/Porto_Velho
#usr/share/zoneinfo/posix/America/Puerto_Rico
#usr/share/zoneinfo/posix/America/Punta_Arenas
#usr/share/zoneinfo/posix/Asia/Pontianak
#usr/share/zoneinfo/posix/Asia/Pyongyang
#usr/share/zoneinfo/posix/Asia/Qatar
+#usr/share/zoneinfo/posix/Asia/Qostanay
#usr/share/zoneinfo/posix/Asia/Qyzylorda
#usr/share/zoneinfo/posix/Asia/Rangoon
#usr/share/zoneinfo/posix/Asia/Riyadh
#usr/share/zoneinfo/posix/Atlantic/Madeira
#usr/share/zoneinfo/posix/Atlantic/Reykjavik
#usr/share/zoneinfo/posix/Atlantic/South_Georgia
-#usr/share/zoneinfo/posix/Atlantic/Stanley
#usr/share/zoneinfo/posix/Atlantic/St_Helena
+#usr/share/zoneinfo/posix/Atlantic/Stanley
#usr/share/zoneinfo/posix/Australia
#usr/share/zoneinfo/posix/Australia/ACT
#usr/share/zoneinfo/posix/Australia/Adelaide
#usr/share/zoneinfo/posix/Australia/Lindeman
#usr/share/zoneinfo/posix/Australia/Lord_Howe
#usr/share/zoneinfo/posix/Australia/Melbourne
-#usr/share/zoneinfo/posix/Australia/North
#usr/share/zoneinfo/posix/Australia/NSW
+#usr/share/zoneinfo/posix/Australia/North
#usr/share/zoneinfo/posix/Australia/Perth
#usr/share/zoneinfo/posix/Australia/Queensland
#usr/share/zoneinfo/posix/Australia/South
#usr/share/zoneinfo/posix/Brazil/DeNoronha
#usr/share/zoneinfo/posix/Brazil/East
#usr/share/zoneinfo/posix/Brazil/West
+#usr/share/zoneinfo/posix/CET
+#usr/share/zoneinfo/posix/CST6CDT
#usr/share/zoneinfo/posix/Canada
#usr/share/zoneinfo/posix/Canada/Atlantic
#usr/share/zoneinfo/posix/Canada/Central
#usr/share/zoneinfo/posix/Canada/Eastern
-#usr/share/zoneinfo/posix/Canada/East-Saskatchewan
#usr/share/zoneinfo/posix/Canada/Mountain
#usr/share/zoneinfo/posix/Canada/Newfoundland
#usr/share/zoneinfo/posix/Canada/Pacific
#usr/share/zoneinfo/posix/Canada/Saskatchewan
#usr/share/zoneinfo/posix/Canada/Yukon
-#usr/share/zoneinfo/posix/CET
#usr/share/zoneinfo/posix/Chile
#usr/share/zoneinfo/posix/Chile/Continental
#usr/share/zoneinfo/posix/Chile/EasterIsland
-#usr/share/zoneinfo/posix/CST6CDT
#usr/share/zoneinfo/posix/Cuba
#usr/share/zoneinfo/posix/EET
-#usr/share/zoneinfo/posix/Egypt
-#usr/share/zoneinfo/posix/Eire
#usr/share/zoneinfo/posix/EST
#usr/share/zoneinfo/posix/EST5EDT
+#usr/share/zoneinfo/posix/Egypt
+#usr/share/zoneinfo/posix/Eire
#usr/share/zoneinfo/posix/Etc
#usr/share/zoneinfo/posix/Etc/GMT
-#usr/share/zoneinfo/posix/Etc/GMT0
-#usr/share/zoneinfo/posix/Etc/GMT-0
#usr/share/zoneinfo/posix/Etc/GMT+0
-#usr/share/zoneinfo/posix/Etc/GMT-1
#usr/share/zoneinfo/posix/Etc/GMT+1
-#usr/share/zoneinfo/posix/Etc/GMT-10
#usr/share/zoneinfo/posix/Etc/GMT+10
-#usr/share/zoneinfo/posix/Etc/GMT-11
#usr/share/zoneinfo/posix/Etc/GMT+11
-#usr/share/zoneinfo/posix/Etc/GMT-12
#usr/share/zoneinfo/posix/Etc/GMT+12
+#usr/share/zoneinfo/posix/Etc/GMT+2
+#usr/share/zoneinfo/posix/Etc/GMT+3
+#usr/share/zoneinfo/posix/Etc/GMT+4
+#usr/share/zoneinfo/posix/Etc/GMT+5
+#usr/share/zoneinfo/posix/Etc/GMT+6
+#usr/share/zoneinfo/posix/Etc/GMT+7
+#usr/share/zoneinfo/posix/Etc/GMT+8
+#usr/share/zoneinfo/posix/Etc/GMT+9
+#usr/share/zoneinfo/posix/Etc/GMT-0
+#usr/share/zoneinfo/posix/Etc/GMT-1
+#usr/share/zoneinfo/posix/Etc/GMT-10
+#usr/share/zoneinfo/posix/Etc/GMT-11
+#usr/share/zoneinfo/posix/Etc/GMT-12
#usr/share/zoneinfo/posix/Etc/GMT-13
#usr/share/zoneinfo/posix/Etc/GMT-14
#usr/share/zoneinfo/posix/Etc/GMT-2
-#usr/share/zoneinfo/posix/Etc/GMT+2
#usr/share/zoneinfo/posix/Etc/GMT-3
-#usr/share/zoneinfo/posix/Etc/GMT+3
#usr/share/zoneinfo/posix/Etc/GMT-4
-#usr/share/zoneinfo/posix/Etc/GMT+4
#usr/share/zoneinfo/posix/Etc/GMT-5
-#usr/share/zoneinfo/posix/Etc/GMT+5
#usr/share/zoneinfo/posix/Etc/GMT-6
-#usr/share/zoneinfo/posix/Etc/GMT+6
#usr/share/zoneinfo/posix/Etc/GMT-7
-#usr/share/zoneinfo/posix/Etc/GMT+7
#usr/share/zoneinfo/posix/Etc/GMT-8
-#usr/share/zoneinfo/posix/Etc/GMT+8
#usr/share/zoneinfo/posix/Etc/GMT-9
-#usr/share/zoneinfo/posix/Etc/GMT+9
+#usr/share/zoneinfo/posix/Etc/GMT0
#usr/share/zoneinfo/posix/Etc/Greenwich
#usr/share/zoneinfo/posix/Etc/UCT
-#usr/share/zoneinfo/posix/Etc/Universal
#usr/share/zoneinfo/posix/Etc/UTC
+#usr/share/zoneinfo/posix/Etc/Universal
#usr/share/zoneinfo/posix/Etc/Zulu
#usr/share/zoneinfo/posix/Europe
#usr/share/zoneinfo/posix/Europe/Amsterdam
#usr/share/zoneinfo/posix/GB
#usr/share/zoneinfo/posix/GB-Eire
#usr/share/zoneinfo/posix/GMT
-#usr/share/zoneinfo/posix/GMT0
-#usr/share/zoneinfo/posix/GMT-0
#usr/share/zoneinfo/posix/GMT+0
+#usr/share/zoneinfo/posix/GMT-0
+#usr/share/zoneinfo/posix/GMT0
#usr/share/zoneinfo/posix/Greenwich
-#usr/share/zoneinfo/posix/Hongkong
#usr/share/zoneinfo/posix/HST
+#usr/share/zoneinfo/posix/Hongkong
#usr/share/zoneinfo/posix/Iceland
#usr/share/zoneinfo/posix/Indian
#usr/share/zoneinfo/posix/Indian/Antananarivo
#usr/share/zoneinfo/posix/Kwajalein
#usr/share/zoneinfo/posix/Libya
#usr/share/zoneinfo/posix/MET
+#usr/share/zoneinfo/posix/MST
+#usr/share/zoneinfo/posix/MST7MDT
#usr/share/zoneinfo/posix/Mexico
#usr/share/zoneinfo/posix/Mexico/BajaNorte
#usr/share/zoneinfo/posix/Mexico/BajaSur
#usr/share/zoneinfo/posix/Mexico/General
-#usr/share/zoneinfo/posix/MST
-#usr/share/zoneinfo/posix/MST7MDT
-#usr/share/zoneinfo/posix/Navajo
#usr/share/zoneinfo/posix/NZ
#usr/share/zoneinfo/posix/NZ-CHAT
+#usr/share/zoneinfo/posix/Navajo
+#usr/share/zoneinfo/posix/PRC
+#usr/share/zoneinfo/posix/PST8PDT
#usr/share/zoneinfo/posix/Pacific
#usr/share/zoneinfo/posix/Pacific/Apia
#usr/share/zoneinfo/posix/Pacific/Auckland
#usr/share/zoneinfo/posix/Pacific/Yap
#usr/share/zoneinfo/posix/Poland
#usr/share/zoneinfo/posix/Portugal
-#usr/share/zoneinfo/posix/PRC
-#usr/share/zoneinfo/posix/PST8PDT
#usr/share/zoneinfo/posix/ROC
#usr/share/zoneinfo/posix/ROK
-#usr/share/zoneinfo/posixrules
#usr/share/zoneinfo/posix/Singapore
#usr/share/zoneinfo/posix/Turkey
#usr/share/zoneinfo/posix/UCT
-#usr/share/zoneinfo/posix/Universal
#usr/share/zoneinfo/posix/US
#usr/share/zoneinfo/posix/US/Alaska
#usr/share/zoneinfo/posix/US/Aleutian
#usr/share/zoneinfo/posix/US/Arizona
#usr/share/zoneinfo/posix/US/Central
-#usr/share/zoneinfo/posix/US/Eastern
#usr/share/zoneinfo/posix/US/East-Indiana
+#usr/share/zoneinfo/posix/US/Eastern
#usr/share/zoneinfo/posix/US/Hawaii
#usr/share/zoneinfo/posix/US/Indiana-Starke
#usr/share/zoneinfo/posix/US/Michigan
#usr/share/zoneinfo/posix/US/Pacific-New
#usr/share/zoneinfo/posix/US/Samoa
#usr/share/zoneinfo/posix/UTC
-#usr/share/zoneinfo/posix/WET
+#usr/share/zoneinfo/posix/Universal
#usr/share/zoneinfo/posix/W-SU
+#usr/share/zoneinfo/posix/WET
#usr/share/zoneinfo/posix/Zulu
-#usr/share/zoneinfo/PRC
-#usr/share/zoneinfo/PST8PDT
+#usr/share/zoneinfo/posixrules
#usr/share/zoneinfo/right
#usr/share/zoneinfo/right/Africa
#usr/share/zoneinfo/right/Africa/Abidjan
#usr/share/zoneinfo/right/America/Eirunepe
#usr/share/zoneinfo/right/America/El_Salvador
#usr/share/zoneinfo/right/America/Ensenada
-#usr/share/zoneinfo/right/America/Fortaleza
#usr/share/zoneinfo/right/America/Fort_Nelson
#usr/share/zoneinfo/right/America/Fort_Wayne
+#usr/share/zoneinfo/right/America/Fortaleza
#usr/share/zoneinfo/right/America/Glace_Bay
#usr/share/zoneinfo/right/America/Godthab
#usr/share/zoneinfo/right/America/Goose_Bay
#usr/share/zoneinfo/right/America/Indiana/Knox
#usr/share/zoneinfo/right/America/Indiana/Marengo
#usr/share/zoneinfo/right/America/Indiana/Petersburg
-#usr/share/zoneinfo/right/America/Indianapolis
#usr/share/zoneinfo/right/America/Indiana/Tell_City
#usr/share/zoneinfo/right/America/Indiana/Vevay
#usr/share/zoneinfo/right/America/Indiana/Vincennes
#usr/share/zoneinfo/right/America/Indiana/Winamac
+#usr/share/zoneinfo/right/America/Indianapolis
#usr/share/zoneinfo/right/America/Inuvik
#usr/share/zoneinfo/right/America/Iqaluit
#usr/share/zoneinfo/right/America/Jamaica
#usr/share/zoneinfo/right/America/Paramaribo
#usr/share/zoneinfo/right/America/Phoenix
#usr/share/zoneinfo/right/America/Port-au-Prince
-#usr/share/zoneinfo/right/America/Porto_Acre
#usr/share/zoneinfo/right/America/Port_of_Spain
+#usr/share/zoneinfo/right/America/Porto_Acre
#usr/share/zoneinfo/right/America/Porto_Velho
#usr/share/zoneinfo/right/America/Puerto_Rico
#usr/share/zoneinfo/right/America/Punta_Arenas
#usr/share/zoneinfo/right/Asia/Pontianak
#usr/share/zoneinfo/right/Asia/Pyongyang
#usr/share/zoneinfo/right/Asia/Qatar
+#usr/share/zoneinfo/right/Asia/Qostanay
#usr/share/zoneinfo/right/Asia/Qyzylorda
#usr/share/zoneinfo/right/Asia/Rangoon
#usr/share/zoneinfo/right/Asia/Riyadh
#usr/share/zoneinfo/right/Atlantic/Madeira
#usr/share/zoneinfo/right/Atlantic/Reykjavik
#usr/share/zoneinfo/right/Atlantic/South_Georgia
-#usr/share/zoneinfo/right/Atlantic/Stanley
#usr/share/zoneinfo/right/Atlantic/St_Helena
+#usr/share/zoneinfo/right/Atlantic/Stanley
#usr/share/zoneinfo/right/Australia
#usr/share/zoneinfo/right/Australia/ACT
#usr/share/zoneinfo/right/Australia/Adelaide
#usr/share/zoneinfo/right/Australia/Lindeman
#usr/share/zoneinfo/right/Australia/Lord_Howe
#usr/share/zoneinfo/right/Australia/Melbourne
-#usr/share/zoneinfo/right/Australia/North
#usr/share/zoneinfo/right/Australia/NSW
+#usr/share/zoneinfo/right/Australia/North
#usr/share/zoneinfo/right/Australia/Perth
#usr/share/zoneinfo/right/Australia/Queensland
#usr/share/zoneinfo/right/Australia/South
#usr/share/zoneinfo/right/Brazil/DeNoronha
#usr/share/zoneinfo/right/Brazil/East
#usr/share/zoneinfo/right/Brazil/West
+#usr/share/zoneinfo/right/CET
+#usr/share/zoneinfo/right/CST6CDT
#usr/share/zoneinfo/right/Canada
#usr/share/zoneinfo/right/Canada/Atlantic
#usr/share/zoneinfo/right/Canada/Central
#usr/share/zoneinfo/right/Canada/Eastern
-#usr/share/zoneinfo/right/Canada/East-Saskatchewan
#usr/share/zoneinfo/right/Canada/Mountain
#usr/share/zoneinfo/right/Canada/Newfoundland
#usr/share/zoneinfo/right/Canada/Pacific
#usr/share/zoneinfo/right/Canada/Saskatchewan
#usr/share/zoneinfo/right/Canada/Yukon
-#usr/share/zoneinfo/right/CET
#usr/share/zoneinfo/right/Chile
#usr/share/zoneinfo/right/Chile/Continental
#usr/share/zoneinfo/right/Chile/EasterIsland
-#usr/share/zoneinfo/right/CST6CDT
#usr/share/zoneinfo/right/Cuba
#usr/share/zoneinfo/right/EET
-#usr/share/zoneinfo/right/Egypt
-#usr/share/zoneinfo/right/Eire
#usr/share/zoneinfo/right/EST
#usr/share/zoneinfo/right/EST5EDT
+#usr/share/zoneinfo/right/Egypt
+#usr/share/zoneinfo/right/Eire
#usr/share/zoneinfo/right/Etc
#usr/share/zoneinfo/right/Etc/GMT
-#usr/share/zoneinfo/right/Etc/GMT0
-#usr/share/zoneinfo/right/Etc/GMT-0
#usr/share/zoneinfo/right/Etc/GMT+0
-#usr/share/zoneinfo/right/Etc/GMT-1
#usr/share/zoneinfo/right/Etc/GMT+1
-#usr/share/zoneinfo/right/Etc/GMT-10
#usr/share/zoneinfo/right/Etc/GMT+10
-#usr/share/zoneinfo/right/Etc/GMT-11
#usr/share/zoneinfo/right/Etc/GMT+11
-#usr/share/zoneinfo/right/Etc/GMT-12
#usr/share/zoneinfo/right/Etc/GMT+12
+#usr/share/zoneinfo/right/Etc/GMT+2
+#usr/share/zoneinfo/right/Etc/GMT+3
+#usr/share/zoneinfo/right/Etc/GMT+4
+#usr/share/zoneinfo/right/Etc/GMT+5
+#usr/share/zoneinfo/right/Etc/GMT+6
+#usr/share/zoneinfo/right/Etc/GMT+7
+#usr/share/zoneinfo/right/Etc/GMT+8
+#usr/share/zoneinfo/right/Etc/GMT+9
+#usr/share/zoneinfo/right/Etc/GMT-0
+#usr/share/zoneinfo/right/Etc/GMT-1
+#usr/share/zoneinfo/right/Etc/GMT-10
+#usr/share/zoneinfo/right/Etc/GMT-11
+#usr/share/zoneinfo/right/Etc/GMT-12
#usr/share/zoneinfo/right/Etc/GMT-13
#usr/share/zoneinfo/right/Etc/GMT-14
#usr/share/zoneinfo/right/Etc/GMT-2
-#usr/share/zoneinfo/right/Etc/GMT+2
#usr/share/zoneinfo/right/Etc/GMT-3
-#usr/share/zoneinfo/right/Etc/GMT+3
#usr/share/zoneinfo/right/Etc/GMT-4
-#usr/share/zoneinfo/right/Etc/GMT+4
#usr/share/zoneinfo/right/Etc/GMT-5
-#usr/share/zoneinfo/right/Etc/GMT+5
#usr/share/zoneinfo/right/Etc/GMT-6
-#usr/share/zoneinfo/right/Etc/GMT+6
#usr/share/zoneinfo/right/Etc/GMT-7
-#usr/share/zoneinfo/right/Etc/GMT+7
#usr/share/zoneinfo/right/Etc/GMT-8
-#usr/share/zoneinfo/right/Etc/GMT+8
#usr/share/zoneinfo/right/Etc/GMT-9
-#usr/share/zoneinfo/right/Etc/GMT+9
+#usr/share/zoneinfo/right/Etc/GMT0
#usr/share/zoneinfo/right/Etc/Greenwich
#usr/share/zoneinfo/right/Etc/UCT
-#usr/share/zoneinfo/right/Etc/Universal
#usr/share/zoneinfo/right/Etc/UTC
+#usr/share/zoneinfo/right/Etc/Universal
#usr/share/zoneinfo/right/Etc/Zulu
#usr/share/zoneinfo/right/Europe
#usr/share/zoneinfo/right/Europe/Amsterdam
#usr/share/zoneinfo/right/GB
#usr/share/zoneinfo/right/GB-Eire
#usr/share/zoneinfo/right/GMT
-#usr/share/zoneinfo/right/GMT0
-#usr/share/zoneinfo/right/GMT-0
#usr/share/zoneinfo/right/GMT+0
+#usr/share/zoneinfo/right/GMT-0
+#usr/share/zoneinfo/right/GMT0
#usr/share/zoneinfo/right/Greenwich
-#usr/share/zoneinfo/right/Hongkong
#usr/share/zoneinfo/right/HST
+#usr/share/zoneinfo/right/Hongkong
#usr/share/zoneinfo/right/Iceland
#usr/share/zoneinfo/right/Indian
#usr/share/zoneinfo/right/Indian/Antananarivo
#usr/share/zoneinfo/right/Kwajalein
#usr/share/zoneinfo/right/Libya
#usr/share/zoneinfo/right/MET
+#usr/share/zoneinfo/right/MST
+#usr/share/zoneinfo/right/MST7MDT
#usr/share/zoneinfo/right/Mexico
#usr/share/zoneinfo/right/Mexico/BajaNorte
#usr/share/zoneinfo/right/Mexico/BajaSur
#usr/share/zoneinfo/right/Mexico/General
-#usr/share/zoneinfo/right/MST
-#usr/share/zoneinfo/right/MST7MDT
-#usr/share/zoneinfo/right/Navajo
#usr/share/zoneinfo/right/NZ
#usr/share/zoneinfo/right/NZ-CHAT
+#usr/share/zoneinfo/right/Navajo
+#usr/share/zoneinfo/right/PRC
+#usr/share/zoneinfo/right/PST8PDT
#usr/share/zoneinfo/right/Pacific
#usr/share/zoneinfo/right/Pacific/Apia
#usr/share/zoneinfo/right/Pacific/Auckland
#usr/share/zoneinfo/right/Pacific/Yap
#usr/share/zoneinfo/right/Poland
#usr/share/zoneinfo/right/Portugal
-#usr/share/zoneinfo/right/PRC
-#usr/share/zoneinfo/right/PST8PDT
#usr/share/zoneinfo/right/ROC
#usr/share/zoneinfo/right/ROK
#usr/share/zoneinfo/right/Singapore
#usr/share/zoneinfo/right/Turkey
#usr/share/zoneinfo/right/UCT
-#usr/share/zoneinfo/right/Universal
#usr/share/zoneinfo/right/US
#usr/share/zoneinfo/right/US/Alaska
#usr/share/zoneinfo/right/US/Aleutian
#usr/share/zoneinfo/right/US/Arizona
#usr/share/zoneinfo/right/US/Central
-#usr/share/zoneinfo/right/US/Eastern
#usr/share/zoneinfo/right/US/East-Indiana
+#usr/share/zoneinfo/right/US/Eastern
#usr/share/zoneinfo/right/US/Hawaii
#usr/share/zoneinfo/right/US/Indiana-Starke
#usr/share/zoneinfo/right/US/Michigan
#usr/share/zoneinfo/right/US/Pacific-New
#usr/share/zoneinfo/right/US/Samoa
#usr/share/zoneinfo/right/UTC
-#usr/share/zoneinfo/right/WET
+#usr/share/zoneinfo/right/Universal
#usr/share/zoneinfo/right/W-SU
+#usr/share/zoneinfo/right/WET
#usr/share/zoneinfo/right/Zulu
-#usr/share/zoneinfo/ROC
-#usr/share/zoneinfo/ROK
-#usr/share/zoneinfo/Singapore
-#usr/share/zoneinfo/Turkey
-#usr/share/zoneinfo/UCT
-#usr/share/zoneinfo/Universal
-#usr/share/zoneinfo/US
-#usr/share/zoneinfo/US/Alaska
-#usr/share/zoneinfo/US/Aleutian
-#usr/share/zoneinfo/US/Arizona
-#usr/share/zoneinfo/US/Central
-#usr/share/zoneinfo/US/Eastern
-#usr/share/zoneinfo/US/East-Indiana
-#usr/share/zoneinfo/US/Hawaii
-#usr/share/zoneinfo/US/Indiana-Starke
-#usr/share/zoneinfo/US/Michigan
-#usr/share/zoneinfo/US/Mountain
-#usr/share/zoneinfo/US/Pacific
-#usr/share/zoneinfo/US/Pacific-New
-#usr/share/zoneinfo/US/Samoa
-#usr/share/zoneinfo/UTC
-#usr/share/zoneinfo/WET
-#usr/share/zoneinfo/W-SU
#usr/share/zoneinfo/zone.tab
-#usr/share/zoneinfo/Zulu
--- /dev/null
+../../../common/ca-certificates
\ No newline at end of file
srv/web/ipfire/cgi-bin/credits.cgi
var/ipfire/langs
etc/sysctl.conf
+srv/web/ipfire/cgi-bin/proxy.cgi
+usr/local/bin/xt_geoip_update
--- /dev/null
+../../../common/openssh
\ No newline at end of file
--- /dev/null
+../../../common/strongswan
\ No newline at end of file
--- /dev/null
+../../../common/tzdata
\ No newline at end of file
sysctl -p
# Start services
+if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
+ /etc/init.d/ipsec restart
+fi
+/etc/init.d/sshd restart
# Finish
/etc/init.d/fireinfo start
$proxysettings{'VISIBLE_HOSTNAME'} = '';
$proxysettings{'ADMIN_MAIL_ADDRESS'} = '';
$proxysettings{'ADMIN_PASSWORD'} = '';
-$proxysettings{'ERR_LANGUAGE'} = 'German';
+$proxysettings{'ERR_LANGUAGE'} = 'en';
$proxysettings{'ERR_DESIGN'} = 'ipfire';
$proxysettings{'SUPPRESS_VERSION'} = 'off';
$proxysettings{'FORWARD_VIA'} = 'off';
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 20181027
+VER = 20190123
THISAPP = ca-certificates
DIR_APP = $(DIR_SRC)/$(THISAPP)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 4.14.86
-ARM_PATCHES = 4.14.86-ipfire0
+VER = 4.14.95
+ARM_PATCHES = 4.14.95-ipfire0
THISAPP = linux-$(VER)
DL_FILE = linux-$(VER).tar.xz
CFLAGS =
CXXFLAGS =
-PAK_VER = 80
+PAK_VER = 81
DEPS = ""
HEADERS_ARCH = $(BUILD_PLATFORM)
$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
arm-multi-patches-$(ARM_PATCHES).patch.xz = $(URL_IPFIRE)/arm-multi-patches-$(ARM_PATCHES).patch.xz
-$(DL_FILE)_MD5 = 9ffeff88ca630a6e0ef0257b0a05b8c4
-arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 36b8a9adb8915cbccd18069e2f5af159
+$(DL_FILE)_MD5 = 581f25286b695c77c7fc20711f2d3c89
+arm-multi-patches-$(ARM_PATCHES).patch.xz_MD5 = 1b7d72e71b8923d39eb2fede46c66d0c
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 7.8p1
+VER = 7.9p1
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = ce1d090fa6239fd38eb989d5e983b074
+$(DL_FILE)_MD5 = c6af50b7a474d04726a5aa747a5dce8f
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssh-7.8p1-openssl-1.1.0-1.patch
cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure
cd $(DIR_APP) && ./configure \
--prefix=/usr \
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 3.3.1
+VER = 3.3.2
THISAPP = postfix-$(VER)
DL_FILE = $(THISAPP).tar.gz
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = postfix
-PAK_VER = 16
+PAK_VER = 17
DEPS = ""
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4381c6492f415e4a69cf5099d4acea76
+$(DL_FILE)_MD5 = 4e6ed7056576e0c54cfce6040a0bb0ad
install : $(TARGET)
include Config
-VER = 5.7.1
+VER = 5.7.2
THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 86b7e9321cde075cf382268fd282e0b0
+$(DL_FILE)_MD5 = 618de96dc2a506f82a162a5abf9263d4
install : $(TARGET)
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2019 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
include Config
-VER = 2018g
+VER = 2018i
TZDATA_VER = $(VER)
TZCODE_VER = $(VER)
tzdata$(TZDATA_VER).tar.gz = $(DL_FROM)/tzdata$(TZDATA_VER).tar.gz
tzcode$(TZCODE_VER).tar.gz = $(DL_FROM)/tzcode$(TZCODE_VER).tar.gz
-tzdata$(TZDATA_VER).tar.gz_MD5 = e71cb1f9d8d53c43904d79d7aeeedc1b
-tzcode$(TZCODE_VER).tar.gz_MD5 = b48f0282b80bb7dbe16e35626f446ae9
+tzdata$(TZDATA_VER).tar.gz_MD5 = b3f0a1a789480a036e58466cd0702477
+tzcode$(TZCODE_VER).tar.gz_MD5 = 6a6d98be8fa2fa3485e25343e79188b4
install : $(TARGET)
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/xtables-addons-3.2-fix-database-generation.patch
+
# Only build the specified modules.
cp -avf $(DIR_SRC)/config/xtables-addons/mconfig \
$(DIR_APP)/mconfig
+++ /dev/null
-diff -aurp old/auth-pam.c new/auth-pam.c
---- old/auth-pam.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/auth-pam.c 2018-08-23 21:31:53.324592767 -0700
-@@ -128,6 +128,10 @@ extern u_int utmp_len;
- typedef pthread_t sp_pthread_t;
- #else
- typedef pid_t sp_pthread_t;
-+# define pthread_create(a, b, c, d) _ssh_compat_pthread_create(a, b, c, d)
-+# define pthread_exit(a) _ssh_compat_pthread_exit(a)
-+# define pthread_cancel(a) _ssh_compat_pthread_cancel(a)
-+# define pthread_join(a, b) _ssh_compat_pthread_join(a, b)
- #endif
-
- struct pam_ctxt {
-diff -aurp old/cipher.c new/cipher.c
---- old/cipher.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/cipher.c 2018-08-23 21:31:53.327926112 -0700
-@@ -299,7 +299,10 @@ cipher_init(struct sshcipher_ctx **ccp,
- goto out;
- }
- }
-- if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) {
-+ /* in OpenSSL 1.1.0, EVP_CipherInit clears all previous setups;
-+ use EVP_CipherInit_ex for augmenting */
-+ if (EVP_CipherInit_ex(cc->evp, NULL, NULL, (u_char *)key, NULL, -1) == 0)
-+ {
- ret = SSH_ERR_LIBCRYPTO_ERROR;
- goto out;
- }
-@@ -485,7 +488,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c
- len, iv))
- return SSH_ERR_LIBCRYPTO_ERROR;
- } else
-- memcpy(iv, cc->evp->iv, len);
-+ memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len);
- #endif
- return 0;
- }
-@@ -519,14 +522,19 @@ cipher_set_keyiv(struct sshcipher_ctx *c
- EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
- return SSH_ERR_LIBCRYPTO_ERROR;
- } else
-- memcpy(cc->evp->iv, iv, evplen);
-+ memcpy(EVP_CIPHER_CTX_iv(cc->evp), iv, evplen);
- #endif
- return 0;
- }
-
- #ifdef WITH_OPENSSL
--#define EVP_X_STATE(evp) (evp)->cipher_data
--#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size
-+# if OPENSSL_VERSION_NUMBER >= 0x10100000UL
-+#define EVP_X_STATE(evp) EVP_CIPHER_CTX_get_cipher_data(evp)
-+#define EVP_X_STATE_LEN(evp) EVP_CIPHER_impl_ctx_size(EVP_CIPHER_CTX_cipher(evp))
-+# else
-+#define EVP_X_STATE(evp) (evp).cipher_data
-+#define EVP_X_STATE_LEN(evp) (evp).cipher->ctx_size
-+# endif
- #endif
-
- int
-diff -aurp old/cipher.h new/cipher.h
---- old/cipher.h 2018-08-22 22:41:42.000000000 -0700
-+++ new/cipher.h 2018-08-23 21:31:53.327926112 -0700
-@@ -46,7 +46,18 @@
- #define CIPHER_DECRYPT 0
-
- struct sshcipher;
-+#if 0
-+struct sshcipher_ctx {
-+ int plaintext;
-+ int encrypt;
-+ EVP_CIPHER_CTX *evp;
-+ struct chachapoly_ctx cp_ctx; /* XXX union with evp? */
-+ struct aesctr_ctx ac_ctx; /* XXX union with evp? */
-+ const struct sshcipher *cipher;
-+};
-+#else
- struct sshcipher_ctx;
-+#endif
-
- const struct sshcipher *cipher_by_name(const char *);
- const char *cipher_warning_message(const struct sshcipher_ctx *);
-diff -aurp old/configure new/configure
---- old/configure 2018-08-23 00:09:30.000000000 -0700
-+++ new/configure 2018-08-23 21:31:53.331259457 -0700
-@@ -13032,7 +13032,6 @@ if ac_fn_c_try_run "$LINENO"; then :
- 100*) ;; # 1.0.x
- 200*) ;; # LibreSSL
- *)
-- as_fn_error $? "OpenSSL >= 1.1.0 is not yet supported (have \"$ssl_library_ver\")" "$LINENO" 5
- ;;
- esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5
-diff -aurp old/dh.c new/dh.c
---- old/dh.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/dh.c 2018-08-23 21:39:18.863765579 -0700
-@@ -216,14 +216,15 @@ choose_dh(int min, int wantbits, int max
- /* diffie-hellman-groupN-sha1 */
-
- int
--dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
-+dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub)
- {
- int i;
- int n = BN_num_bits(dh_pub);
- int bits_set = 0;
- BIGNUM *tmp;
-+ const BIGNUM *p;
-
-- if (dh_pub->neg) {
-+ if (BN_is_negative(dh_pub)) {
- logit("invalid public DH value: negative");
- return 0;
- }
-@@ -236,7 +237,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
- error("%s: BN_new failed", __func__);
- return 0;
- }
-- if (!BN_sub(tmp, dh->p, BN_value_one()) ||
-+ DH_get0_pqg(dh, &p, NULL, NULL);
-+ if (!BN_sub(tmp, p, BN_value_one()) ||
- BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
- BN_clear_free(tmp);
- logit("invalid public DH value: >= p-1");
-@@ -247,14 +249,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
- for (i = 0; i <= n; i++)
- if (BN_is_bit_set(dh_pub, i))
- bits_set++;
-- debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
-+ debug2("bits set: %d/%d", bits_set, BN_num_bits(p));
-
- /*
- * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial
- */
- if (bits_set < 4) {
- logit("invalid public DH value (%d/%d)",
-- bits_set, BN_num_bits(dh->p));
-+ bits_set, BN_num_bits(p));
- return 0;
- }
- return 1;
-@@ -264,9 +266,13 @@ int
- dh_gen_key(DH *dh, int need)
- {
- int pbits;
-+ const BIGNUM *p, *pub_key;
-+ BIGNUM *priv_key;
-
-- if (need < 0 || dh->p == NULL ||
-- (pbits = BN_num_bits(dh->p)) <= 0 ||
-+ DH_get0_pqg(dh, &p, NULL, NULL);
-+
-+ if (need < 0 || p == NULL ||
-+ (pbits = BN_num_bits(p)) <= 0 ||
- need > INT_MAX / 2 || 2 * need > pbits)
- return SSH_ERR_INVALID_ARGUMENT;
- if (need < 256)
-@@ -275,11 +281,13 @@ dh_gen_key(DH *dh, int need)
- * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
- * so double requested need here.
- */
-- dh->length = MINIMUM(need * 2, pbits - 1);
-- if (DH_generate_key(dh) == 0 ||
-- !dh_pub_is_valid(dh, dh->pub_key)) {
-- BN_clear_free(dh->priv_key);
-- dh->priv_key = NULL;
-+ DH_set_length(dh, MIN(need * 2, pbits - 1));
-+ if (DH_generate_key(dh) == 0) {
-+ return SSH_ERR_LIBCRYPTO_ERROR;
-+ }
-+ DH_get0_key(dh, &pub_key, &priv_key);
-+ if (!dh_pub_is_valid(dh, pub_key)) {
-+ BN_clear(priv_key);
- return SSH_ERR_LIBCRYPTO_ERROR;
- }
- return 0;
-@@ -288,16 +296,27 @@ dh_gen_key(DH *dh, int need)
- DH *
- dh_new_group_asc(const char *gen, const char *modulus)
- {
-- DH *dh;
-+ DH *dh = NULL;
-+ BIGNUM *p=NULL, *g=NULL;
-
-- if ((dh = DH_new()) == NULL)
-- return NULL;
-- if (BN_hex2bn(&dh->p, modulus) == 0 ||
-- BN_hex2bn(&dh->g, gen) == 0) {
-- DH_free(dh);
-- return NULL;
-+ if ((dh = DH_new()) == NULL ||
-+ (p = BN_new()) == NULL ||
-+ (g = BN_new()) == NULL)
-+ goto null;
-+ if (BN_hex2bn(&p, modulus) == 0 ||
-+ BN_hex2bn(&g, gen) == 0) {
-+ goto null;
- }
-+ if (DH_set0_pqg(dh, p, NULL, g) == 0) {
-+ goto null;
-+ }
-+ p = g = NULL;
- return (dh);
-+null:
-+ BN_free(p);
-+ BN_free(g);
-+ DH_free(dh);
-+ return NULL;
- }
-
- /*
-@@ -312,8 +331,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu
-
- if ((dh = DH_new()) == NULL)
- return NULL;
-- dh->p = modulus;
-- dh->g = gen;
-+ if (DH_set0_pqg(dh, modulus, NULL, gen) == 0)
-+ return NULL;
-
- return (dh);
- }
-diff -aurp old/dh.h new/dh.h
---- old/dh.h 2018-08-22 22:41:42.000000000 -0700
-+++ new/dh.h 2018-08-23 21:31:53.331259457 -0700
-@@ -42,7 +42,7 @@ DH *dh_new_group18(void);
- DH *dh_new_group_fallback(int);
-
- int dh_gen_key(DH *, int);
--int dh_pub_is_valid(DH *, BIGNUM *);
-+int dh_pub_is_valid(const DH *, const BIGNUM *);
-
- u_int dh_estimate(int);
-
-diff -aurp old/digest-openssl.c new/digest-openssl.c
---- old/digest-openssl.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/digest-openssl.c 2018-08-23 21:31:53.331259457 -0700
-@@ -43,7 +43,7 @@
-
- struct ssh_digest_ctx {
- int alg;
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx;
- };
-
- struct ssh_digest {
-@@ -106,20 +106,21 @@ ssh_digest_bytes(int alg)
- size_t
- ssh_digest_blocksize(struct ssh_digest_ctx *ctx)
- {
-- return EVP_MD_CTX_block_size(&ctx->mdctx);
-+ return EVP_MD_CTX_block_size(ctx->mdctx);
- }
-
- struct ssh_digest_ctx *
- ssh_digest_start(int alg)
- {
- const struct ssh_digest *digest = ssh_digest_by_alg(alg);
-- struct ssh_digest_ctx *ret;
-+ struct ssh_digest_ctx *ret = NULL;
-
- if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL))
- return NULL;
- ret->alg = alg;
-- EVP_MD_CTX_init(&ret->mdctx);
-- if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) {
-+ if ((ret->mdctx = EVP_MD_CTX_new()) == NULL ||
-+ EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) {
-+ EVP_MD_CTX_free(ret->mdctx);
- free(ret);
- return NULL;
- }
-@@ -132,7 +133,7 @@ ssh_digest_copy_state(struct ssh_digest_
- if (from->alg != to->alg)
- return SSH_ERR_INVALID_ARGUMENT;
- /* we have bcopy-style order while openssl has memcpy-style */
-- if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx))
-+ if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx))
- return SSH_ERR_LIBCRYPTO_ERROR;
- return 0;
- }
-@@ -140,7 +141,7 @@ ssh_digest_copy_state(struct ssh_digest_
- int
- ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
- {
-- if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1)
-+ if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1)
- return SSH_ERR_LIBCRYPTO_ERROR;
- return 0;
- }
-@@ -161,7 +162,7 @@ ssh_digest_final(struct ssh_digest_ctx *
- return SSH_ERR_INVALID_ARGUMENT;
- if (dlen < digest->digest_len) /* No truncation allowed */
- return SSH_ERR_INVALID_ARGUMENT;
-- if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1)
-+ if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1)
- return SSH_ERR_LIBCRYPTO_ERROR;
- if (l != digest->digest_len) /* sanity */
- return SSH_ERR_INTERNAL_ERROR;
-@@ -172,7 +173,7 @@ void
- ssh_digest_free(struct ssh_digest_ctx *ctx)
- {
- if (ctx != NULL) {
-- EVP_MD_CTX_cleanup(&ctx->mdctx);
-+ EVP_MD_CTX_free(ctx->mdctx);
- explicit_bzero(ctx, sizeof(*ctx));
- free(ctx);
- }
-diff -aurp old/kexdhc.c new/kexdhc.c
---- old/kexdhc.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/kexdhc.c 2018-08-23 21:31:53.331259457 -0700
-@@ -81,11 +81,16 @@ kexdh_client(struct ssh *ssh)
- goto out;
- }
- debug("sending SSH2_MSG_KEXDH_INIT");
-- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 ||
-- (r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 ||
-- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||
-+ {
-+ const BIGNUM *pub_key;
-+ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
-+ goto out;
-+ DH_get0_key(kex->dh, &pub_key, NULL);
-+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 ||
-+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
- (r = sshpkt_send(ssh)) != 0)
- goto out;
-+ }
- #ifdef DEBUG_KEXDH
- DHparams_print_fp(stderr, kex->dh);
- fprintf(stderr, "pub= ");
-@@ -169,6 +174,9 @@ input_kex_dh(int type, u_int32_t seq, st
-
- /* calc and verify H */
- hashlen = sizeof(hash);
-+ {
-+ const BIGNUM *pub_key;
-+ DH_get0_key(kex->dh, &pub_key, NULL);
- if ((r = kex_dh_hash(
- kex->hash_alg,
- kex->client_version_string,
-@@ -176,11 +184,13 @@ input_kex_dh(int type, u_int32_t seq, st
- sshbuf_ptr(kex->my), sshbuf_len(kex->my),
- sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
- server_host_key_blob, sbloblen,
-- kex->dh->pub_key,
-+ pub_key,
- dh_server_pub,
- shared_secret,
-- hash, &hashlen)) != 0)
-+ hash, &hashlen)) != 0) {
- goto out;
-+ }
-+ }
-
- if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
- kex->hostkey_alg, ssh->compat)) != 0)
-diff -aurp old/kexdhs.c new/kexdhs.c
---- old/kexdhs.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/kexdhs.c 2018-08-23 21:36:50.600564263 -0700
-@@ -163,6 +163,9 @@ input_kex_dh_init(int type, u_int32_t se
- goto out;
- /* calc H */
- hashlen = sizeof(hash);
-+ {
-+ const BIGNUM *pub_key;
-+ DH_get0_key(kex->dh, &pub_key, NULL);
- if ((r = kex_dh_hash(
- kex->hash_alg,
- kex->client_version_string,
-@@ -171,10 +174,12 @@ input_kex_dh_init(int type, u_int32_t se
- sshbuf_ptr(kex->my), sshbuf_len(kex->my),
- server_host_key_blob, sbloblen,
- dh_client_pub,
-- kex->dh->pub_key,
-+ pub_key,
- shared_secret,
-- hash, &hashlen)) != 0)
-+ hash, &hashlen)) != 0) {
- goto out;
-+ }
-+ }
-
- /* save session id := H */
- if (kex->session_id == NULL) {
-@@ -195,12 +200,16 @@ input_kex_dh_init(int type, u_int32_t se
- /* destroy_sensitive_data(); */
-
- /* send server hostkey, DH pubkey 'f' and signed H */
-+ {
-+ const BIGNUM *pub_key;
-+ DH_get0_key(kex->dh, &pub_key, NULL);
- if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 ||
- (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
-- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */
-+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */
- (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
- (r = sshpkt_send(ssh)) != 0)
- goto out;
-+ }
-
- if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
- r = kex_send_newkeys(ssh);
-diff -aurp old/kexgexc.c new/kexgexc.c
---- old/kexgexc.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/kexgexc.c 2018-08-23 21:31:53.331259457 -0700
-@@ -118,11 +118,17 @@ input_kex_dh_gex_group(int type, u_int32
- p = g = NULL; /* belong to kex->dh now */
-
- /* generate and send 'e', client DH public key */
-- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 ||
-- (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 ||
-- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||
-- (r = sshpkt_send(ssh)) != 0)
-+ {
-+ const BIGNUM *pub_key;
-+ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
-+ goto out;
-+ DH_get0_key(kex->dh, &pub_key, NULL);
-+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 ||
-+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
-+ (r = sshpkt_send(ssh)) != 0) {
- goto out;
-+ }
-+ }
- debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
- #ifdef DEBUG_KEXDH
- DHparams_print_fp(stderr, kex->dh);
-@@ -212,6 +218,10 @@ input_kex_dh_gex_reply(int type, u_int32
-
- /* calc and verify H */
- hashlen = sizeof(hash);
-+ {
-+ const BIGNUM *p, *g, *pub_key;
-+ DH_get0_pqg(kex->dh, &p, NULL, &g);
-+ DH_get0_key(kex->dh, &pub_key, NULL);
- if ((r = kexgex_hash(
- kex->hash_alg,
- kex->client_version_string,
-@@ -220,12 +230,14 @@ input_kex_dh_gex_reply(int type, u_int32
- sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
- server_host_key_blob, sbloblen,
- kex->min, kex->nbits, kex->max,
-- kex->dh->p, kex->dh->g,
-- kex->dh->pub_key,
-+ p, g,
-+ pub_key,
- dh_server_pub,
- shared_secret,
-- hash, &hashlen)) != 0)
-+ hash, &hashlen)) != 0) {
- goto out;
-+ }
-+ }
-
- if ((r = sshkey_verify(server_host_key, signature, slen, hash,
- hashlen, kex->hostkey_alg, ssh->compat)) != 0)
-diff -aurp old/kexgexs.c new/kexgexs.c
---- old/kexgexs.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/kexgexs.c 2018-08-23 21:36:11.493972372 -0700
-@@ -101,11 +101,16 @@ input_kex_dh_gex_request(int type, u_int
- goto out;
- }
- debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
-+ {
-+ const BIGNUM *p, *g;
-+ DH_get0_pqg(kex->dh, &p, NULL, &g);
- if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 ||
-- (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 ||
-- (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 ||
-- (r = sshpkt_send(ssh)) != 0)
-+ (r = sshpkt_put_bignum2(ssh, p)) != 0 ||
-+ (r = sshpkt_put_bignum2(ssh, g)) != 0 ||
-+ (r = sshpkt_send(ssh)) != 0) {
- goto out;
-+ }
-+ }
-
- /* Compute our exchange value in parallel with the client */
- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
-@@ -191,6 +196,10 @@ input_kex_dh_gex_init(int type, u_int32_
- goto out;
- /* calc H */
- hashlen = sizeof(hash);
-+ {
-+ const BIGNUM *p, *g, *pub_key;
-+ DH_get0_pqg(kex->dh, &p, NULL, &g);
-+ DH_get0_key(kex->dh, &pub_key, NULL);
- if ((r = kexgex_hash(
- kex->hash_alg,
- kex->client_version_string,
-@@ -199,12 +208,14 @@ input_kex_dh_gex_init(int type, u_int32_
- sshbuf_ptr(kex->my), sshbuf_len(kex->my),
- server_host_key_blob, sbloblen,
- kex->min, kex->nbits, kex->max,
-- kex->dh->p, kex->dh->g,
-+ p, g,
- dh_client_pub,
-- kex->dh->pub_key,
-+ pub_key,
- shared_secret,
-- hash, &hashlen)) != 0)
-+ hash, &hashlen)) != 0) {
- goto out;
-+ }
-+ }
-
- /* save session id := H */
- if (kex->session_id == NULL) {
-@@ -225,12 +236,16 @@ input_kex_dh_gex_init(int type, u_int32_
- /* destroy_sensitive_data(); */
-
- /* send server hostkey, DH pubkey 'f' and signed H */
-+ {
-+ const BIGNUM *pub_key;
-+ DH_get0_key(kex->dh, &pub_key, NULL);
- if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 ||
- (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
-- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */
-+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */
- (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
- (r = sshpkt_send(ssh)) != 0)
- goto out;
-+ }
-
- if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
- r = kex_send_newkeys(ssh);
-diff -aurp old/monitor.c new/monitor.c
---- old/monitor.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/monitor.c 2018-08-23 21:34:14.594343260 -0700
-@@ -589,10 +589,12 @@ mm_answer_moduli(int sock, struct sshbuf
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
- return (0);
- } else {
-+ const BIGNUM *p, *g;
-+ DH_get0_pqg(dh, &p, NULL, &g);
- /* Send first bignum */
- if ((r = sshbuf_put_u8(m, 1)) != 0 ||
-- (r = sshbuf_put_bignum2(m, dh->p)) != 0 ||
-- (r = sshbuf_put_bignum2(m, dh->g)) != 0)
-+ (r = sshbuf_put_bignum2(m, p)) != 0 ||
-+ (r = sshbuf_put_bignum2(m, g)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
-
- DH_free(dh);
-diff -aurp old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c
---- old/openbsd-compat/openssl-compat.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/openbsd-compat/openssl-compat.c 2018-08-23 21:31:53.334592801 -0700
-@@ -75,7 +75,6 @@ ssh_OpenSSL_add_all_algorithms(void)
- /* Enable use of crypto hardware */
- ENGINE_load_builtin_engines();
- ENGINE_register_all_complete();
-- OPENSSL_config(NULL);
- }
- #endif
-
-diff -aurp old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c
---- old/regress/unittests/sshkey/test_file.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/regress/unittests/sshkey/test_file.c 2018-08-23 21:31:53.334592801 -0700
-@@ -60,9 +60,14 @@ sshkey_file_tests(void)
- a = load_bignum("rsa_1.param.n");
- b = load_bignum("rsa_1.param.p");
- c = load_bignum("rsa_1.param.q");
-- ASSERT_BIGNUM_EQ(k1->rsa->n, a);
-- ASSERT_BIGNUM_EQ(k1->rsa->p, b);
-- ASSERT_BIGNUM_EQ(k1->rsa->q, c);
-+ {
-+ const BIGNUM *n, *p, *q;
-+ RSA_get0_key(k1->rsa, &n, NULL, NULL);
-+ RSA_get0_factors(k1->rsa, &p, &q);
-+ ASSERT_BIGNUM_EQ(n, a);
-+ ASSERT_BIGNUM_EQ(p, b);
-+ ASSERT_BIGNUM_EQ(q, c);
-+ }
- BN_free(a);
- BN_free(b);
- BN_free(c);
-@@ -151,9 +156,14 @@ sshkey_file_tests(void)
- a = load_bignum("dsa_1.param.g");
- b = load_bignum("dsa_1.param.priv");
- c = load_bignum("dsa_1.param.pub");
-- ASSERT_BIGNUM_EQ(k1->dsa->g, a);
-- ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b);
-- ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c);
-+ {
-+ const BIGNUM *g, *priv_key, *pub_key;
-+ DSA_get0_pqg(k1->dsa, NULL, NULL, &g);
-+ DSA_get0_key(k1->dsa, &pub_key, &priv_key);
-+ ASSERT_BIGNUM_EQ(g, a);
-+ ASSERT_BIGNUM_EQ(priv_key, b);
-+ ASSERT_BIGNUM_EQ(pub_key, c);
-+ }
- BN_free(a);
- BN_free(b);
- BN_free(c);
-diff -aurp old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c
---- old/regress/unittests/sshkey/test_sshkey.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/regress/unittests/sshkey/test_sshkey.c 2018-08-23 21:31:53.334592801 -0700
-@@ -197,9 +197,14 @@ sshkey_tests(void)
- k1 = sshkey_new(KEY_RSA);
- ASSERT_PTR_NE(k1, NULL);
- ASSERT_PTR_NE(k1->rsa, NULL);
-- ASSERT_PTR_NE(k1->rsa->n, NULL);
-- ASSERT_PTR_NE(k1->rsa->e, NULL);
-- ASSERT_PTR_EQ(k1->rsa->p, NULL);
-+ {
-+ const BIGNUM *n, *e, *p;
-+ RSA_get0_key(k1->rsa, &n, &e, NULL);
-+ RSA_get0_factors(k1->rsa, &p, NULL);
-+ ASSERT_PTR_NE(n, NULL);
-+ ASSERT_PTR_NE(e, NULL);
-+ ASSERT_PTR_EQ(p, NULL);
-+ }
- sshkey_free(k1);
- TEST_DONE();
-
-@@ -207,8 +212,13 @@ sshkey_tests(void)
- k1 = sshkey_new(KEY_DSA);
- ASSERT_PTR_NE(k1, NULL);
- ASSERT_PTR_NE(k1->dsa, NULL);
-- ASSERT_PTR_NE(k1->dsa->g, NULL);
-- ASSERT_PTR_EQ(k1->dsa->priv_key, NULL);
-+ {
-+ const BIGNUM *g, *priv_key;
-+ DSA_get0_pqg(k1->dsa, NULL, NULL, &g);
-+ DSA_get0_key(k1->dsa, NULL, &priv_key);
-+ ASSERT_PTR_NE(g, NULL);
-+ ASSERT_PTR_EQ(priv_key, NULL);
-+ }
- sshkey_free(k1);
- TEST_DONE();
-
-@@ -234,9 +244,14 @@ sshkey_tests(void)
- k1 = sshkey_new_private(KEY_RSA);
- ASSERT_PTR_NE(k1, NULL);
- ASSERT_PTR_NE(k1->rsa, NULL);
-- ASSERT_PTR_NE(k1->rsa->n, NULL);
-- ASSERT_PTR_NE(k1->rsa->e, NULL);
-- ASSERT_PTR_NE(k1->rsa->p, NULL);
-+ {
-+ const BIGNUM *n, *e, *p;
-+ RSA_get0_key(k1->rsa, &n, &e, NULL);
-+ RSA_get0_factors(k1->rsa, &p, NULL);
-+ ASSERT_PTR_NE(n, NULL);
-+ ASSERT_PTR_NE(e, NULL);
-+ ASSERT_PTR_NE(p, NULL);
-+ }
- ASSERT_INT_EQ(sshkey_add_private(k1), 0);
- sshkey_free(k1);
- TEST_DONE();
-@@ -245,8 +260,13 @@ sshkey_tests(void)
- k1 = sshkey_new_private(KEY_DSA);
- ASSERT_PTR_NE(k1, NULL);
- ASSERT_PTR_NE(k1->dsa, NULL);
-- ASSERT_PTR_NE(k1->dsa->g, NULL);
-- ASSERT_PTR_NE(k1->dsa->priv_key, NULL);
-+ {
-+ const BIGNUM *g, *priv_key;
-+ DSA_get0_pqg(k1->dsa, NULL, NULL, &g);
-+ DSA_get0_key(k1->dsa, NULL, &priv_key);
-+ ASSERT_PTR_NE(g, NULL);
-+ ASSERT_PTR_NE(priv_key, NULL);
-+ }
- ASSERT_INT_EQ(sshkey_add_private(k1), 0);
- sshkey_free(k1);
- TEST_DONE();
-@@ -285,18 +305,28 @@ sshkey_tests(void)
- ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0);
- ASSERT_PTR_NE(kr, NULL);
- ASSERT_PTR_NE(kr->rsa, NULL);
-- ASSERT_PTR_NE(kr->rsa->n, NULL);
-- ASSERT_PTR_NE(kr->rsa->e, NULL);
-- ASSERT_PTR_NE(kr->rsa->p, NULL);
-- ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 1024);
-+ {
-+ const BIGNUM *n, *e, *p;
-+ RSA_get0_key(kr->rsa, &n, &e, NULL);
-+ RSA_get0_factors(kr->rsa, &p, NULL);
-+ ASSERT_PTR_NE(n, NULL);
-+ ASSERT_PTR_NE(e, NULL);
-+ ASSERT_PTR_NE(p, NULL);
-+ ASSERT_INT_EQ(BN_num_bits(n), 1024);
-+ }
- TEST_DONE();
-
- TEST_START("generate KEY_DSA");
- ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);
- ASSERT_PTR_NE(kd, NULL);
- ASSERT_PTR_NE(kd->dsa, NULL);
-- ASSERT_PTR_NE(kd->dsa->g, NULL);
-- ASSERT_PTR_NE(kd->dsa->priv_key, NULL);
-+ {
-+ const BIGNUM *g, *priv_key;
-+ DSA_get0_pqg(kd->dsa, NULL, NULL, &g);
-+ DSA_get0_key(kd->dsa, NULL, &priv_key);
-+ ASSERT_PTR_NE(g, NULL);
-+ ASSERT_PTR_NE(priv_key, NULL);
-+ }
- TEST_DONE();
-
- #ifdef OPENSSL_HAS_ECC
-@@ -323,9 +353,14 @@ sshkey_tests(void)
- ASSERT_PTR_NE(kr, k1);
- ASSERT_INT_EQ(k1->type, KEY_RSA);
- ASSERT_PTR_NE(k1->rsa, NULL);
-- ASSERT_PTR_NE(k1->rsa->n, NULL);
-- ASSERT_PTR_NE(k1->rsa->e, NULL);
-- ASSERT_PTR_EQ(k1->rsa->p, NULL);
-+ {
-+ const BIGNUM *n, *e, *p;
-+ RSA_get0_key(k1->rsa, &n, &e, NULL);
-+ RSA_get0_factors(k1->rsa, &p, NULL);
-+ ASSERT_PTR_NE(n, NULL);
-+ ASSERT_PTR_NE(e, NULL);
-+ ASSERT_PTR_EQ(p, NULL);
-+ }
- TEST_DONE();
-
- TEST_START("equal KEY_RSA/demoted KEY_RSA");
-@@ -339,8 +374,13 @@ sshkey_tests(void)
- ASSERT_PTR_NE(kd, k1);
- ASSERT_INT_EQ(k1->type, KEY_DSA);
- ASSERT_PTR_NE(k1->dsa, NULL);
-- ASSERT_PTR_NE(k1->dsa->g, NULL);
-- ASSERT_PTR_EQ(k1->dsa->priv_key, NULL);
-+ {
-+ const BIGNUM *g, *priv_key;
-+ DSA_get0_pqg(k1->dsa, NULL, NULL, &g);
-+ DSA_get0_key(k1->dsa, NULL, &priv_key);
-+ ASSERT_PTR_NE(g, NULL);
-+ ASSERT_PTR_EQ(priv_key, NULL);
-+ }
- TEST_DONE();
-
- TEST_START("equal KEY_DSA/demoted KEY_DSA");
-diff -aurp old/ssh-dss.c new/ssh-dss.c
---- old/ssh-dss.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/ssh-dss.c 2018-08-23 21:31:53.334592801 -0700
-@@ -53,6 +53,7 @@ ssh_dss_sign(const struct sshkey *key, u
- DSA_SIG *sig = NULL;
- u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
- size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
-+ const BIGNUM *r, *s;
- struct sshbuf *b = NULL;
- int ret = SSH_ERR_INVALID_ARGUMENT;
-
-@@ -76,15 +77,16 @@ ssh_dss_sign(const struct sshkey *key, u
- goto out;
- }
-
-- rlen = BN_num_bytes(sig->r);
-- slen = BN_num_bytes(sig->s);
-+ DSA_SIG_get0(sig, &r, &s);
-+ rlen = BN_num_bytes(r);
-+ slen = BN_num_bytes(s);
- if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
- ret = SSH_ERR_INTERNAL_ERROR;
- goto out;
- }
- explicit_bzero(sigblob, SIGBLOB_LEN);
-- BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
-- BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
-+ BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
-+ BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen);
-
- if ((b = sshbuf_new()) == NULL) {
- ret = SSH_ERR_ALLOC_FAIL;
-@@ -154,17 +156,26 @@ ssh_dss_verify(const struct sshkey *key,
- }
-
- /* parse signature */
-+ {
-+ BIGNUM *r=NULL, *s=NULL;
- if ((sig = DSA_SIG_new()) == NULL ||
-- (sig->r = BN_new()) == NULL ||
-- (sig->s = BN_new()) == NULL) {
-+ (r = BN_new()) == NULL ||
-+ (s = BN_new()) == NULL) {
- ret = SSH_ERR_ALLOC_FAIL;
-+ BN_free(r);
-+ BN_free(s);
- goto out;
- }
-- if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
-- (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) {
-+ if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) ||
-+ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL)) {
- ret = SSH_ERR_LIBCRYPTO_ERROR;
-+ BN_free(r);
-+ BN_free(s);
- goto out;
- }
-+ DSA_SIG_set0(sig, r, s);
-+ r = s = NULL;
-+ }
-
- /* sha1 the data */
- if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
-diff -aurp old/ssh-ecdsa.c new/ssh-ecdsa.c
---- old/ssh-ecdsa.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/ssh-ecdsa.c 2018-08-23 21:31:53.334592801 -0700
-@@ -80,9 +80,14 @@ ssh_ecdsa_sign(const struct sshkey *key,
- ret = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
-- if ((ret = sshbuf_put_bignum2(bb, sig->r)) != 0 ||
-- (ret = sshbuf_put_bignum2(bb, sig->s)) != 0)
-+ {
-+ const BIGNUM *r, *s;
-+ ECDSA_SIG_get0(sig, &r, &s);
-+ if ((ret = sshbuf_put_bignum2(bb, r)) != 0 ||
-+ (ret = sshbuf_put_bignum2(bb, s)) != 0) {
- goto out;
-+ }
-+ }
- if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 ||
- (ret = sshbuf_put_stringb(b, bb)) != 0)
- goto out;
-@@ -150,11 +155,27 @@ ssh_ecdsa_verify(const struct sshkey *ke
- ret = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
-- if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 ||
-- sshbuf_get_bignum2(sigbuf, sig->s) != 0) {
-+ {
-+ BIGNUM *r=NULL, *s=NULL;
-+ if ((r = BN_new()) == NULL ||
-+ (s = BN_new()) == NULL) {
-+ ret = SSH_ERR_ALLOC_FAIL;
-+ goto out_rs;
-+ }
-+ if (sshbuf_get_bignum2(sigbuf, r) != 0 ||
-+ sshbuf_get_bignum2(sigbuf, s) != 0) {
- ret = SSH_ERR_INVALID_FORMAT;
-+ goto out_rs;
-+ }
-+ if (ECDSA_SIG_set0(sig, r, s) == 0) {
-+ ret = SSH_ERR_LIBCRYPTO_ERROR;
-+out_rs:
-+ BN_free(r);
-+ BN_free(s);
- goto out;
- }
-+ r = s = NULL;
-+ }
- if (sshbuf_len(sigbuf) != 0) {
- ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
- goto out;
-diff -aurp old/ssh-keygen.c new/ssh-keygen.c
---- old/ssh-keygen.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/ssh-keygen.c 2018-08-23 21:31:53.334592801 -0700
-@@ -494,11 +494,33 @@ do_convert_private_ssh2_from_blob(u_char
-
- switch (key->type) {
- case KEY_DSA:
-- buffer_get_bignum_bits(b, key->dsa->p);
-- buffer_get_bignum_bits(b, key->dsa->g);
-- buffer_get_bignum_bits(b, key->dsa->q);
-- buffer_get_bignum_bits(b, key->dsa->pub_key);
-- buffer_get_bignum_bits(b, key->dsa->priv_key);
-+ {
-+ BIGNUM *p=NULL, *g=NULL, *q=NULL, *pub_key=NULL, *priv_key=NULL;
-+ if ((p=BN_new()) == NULL ||
-+ (g=BN_new()) == NULL ||
-+ (q=BN_new()) == NULL ||
-+ (pub_key=BN_new()) == NULL ||
-+ (priv_key=BN_new()) == NULL) {
-+ BN_free(p);
-+ BN_free(g);
-+ BN_free(q);
-+ BN_free(pub_key);
-+ BN_free(priv_key);
-+ return NULL;
-+ }
-+ buffer_get_bignum_bits(b, p);
-+ buffer_get_bignum_bits(b, g);
-+ buffer_get_bignum_bits(b, q);
-+ buffer_get_bignum_bits(b, pub_key);
-+ buffer_get_bignum_bits(b, priv_key);
-+ if (DSA_set0_pqg(key->dsa, p, q, g) == 0 ||
-+ DSA_set0_key(key->dsa, pub_key, priv_key) == 0) {
-+ fatal("failed to set DSA key");
-+ BN_free(p); BN_free(g); BN_free(q);
-+ BN_free(pub_key); BN_free(priv_key);
-+ return NULL;
-+ }
-+ }
- break;
- case KEY_RSA:
- if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
-@@ -515,16 +537,52 @@ do_convert_private_ssh2_from_blob(u_char
- e += e3;
- debug("e %lx", e);
- }
-- if (!BN_set_word(key->rsa->e, e)) {
-+ {
-+ BIGNUM *rsa_e = NULL;
-+ BIGNUM *d=NULL, *n=NULL, *iqmp=NULL, *q=NULL, *p=NULL;
-+ BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy input to set in RSA_set0_crt_params */
-+ rsa_e = BN_new();
-+ if (!rsa_e || !BN_set_word(rsa_e, e)) {
-+ if (rsa_e) BN_free(rsa_e);
- sshbuf_free(b);
- sshkey_free(key);
- return NULL;
- }
-- buffer_get_bignum_bits(b, key->rsa->d);
-- buffer_get_bignum_bits(b, key->rsa->n);
-- buffer_get_bignum_bits(b, key->rsa->iqmp);
-- buffer_get_bignum_bits(b, key->rsa->q);
-- buffer_get_bignum_bits(b, key->rsa->p);
-+ if ((d=BN_new()) == NULL ||
-+ (n=BN_new()) == NULL ||
-+ (iqmp=BN_new()) == NULL ||
-+ (q=BN_new()) == NULL ||
-+ (p=BN_new()) == NULL ||
-+ (dmp1=BN_new()) == NULL ||
-+ (dmq1=BN_new()) == NULL) {
-+ BN_free(d); BN_free(n); BN_free(iqmp);
-+ BN_free(q); BN_free(p);
-+ BN_free(dmp1); BN_free(dmq1);
-+ return NULL;
-+ }
-+ BN_clear(dmp1); BN_clear(dmq1);
-+ buffer_get_bignum_bits(b, d);
-+ buffer_get_bignum_bits(b, n);
-+ buffer_get_bignum_bits(b, iqmp);
-+ buffer_get_bignum_bits(b, q);
-+ buffer_get_bignum_bits(b, p);
-+ if (RSA_set0_key(key->rsa, n, rsa_e, d) == 0)
-+ goto null;
-+ n = d = NULL;
-+ if (RSA_set0_factors(key->rsa, p, q) == 0)
-+ goto null;
-+ p = q = NULL;
-+ /* dmp1, dmq1 should not be NULL for initial set0 */
-+ if (RSA_set0_crt_params(key->rsa, dmp1, dmq1, iqmp) == 0) {
-+ null:
-+ fatal("Failed to set RSA parameters");
-+ BN_free(d); BN_free(n); BN_free(iqmp);
-+ BN_free(q); BN_free(p);
-+ BN_free(dmp1); BN_free(dmq1);
-+ return NULL;
-+ }
-+ dmp1 = dmq1 = iqmp = NULL;
-+ }
- if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
- fatal("generate RSA parameters failed: %s", ssh_err(r));
- break;
-@@ -634,7 +692,7 @@ do_convert_from_pkcs8(struct sshkey **k,
- identity_file);
- }
- fclose(fp);
-- switch (EVP_PKEY_type(pubkey->type)) {
-+ switch (EVP_PKEY_type(EVP_PKEY_id(pubkey))) {
- case EVP_PKEY_RSA:
- if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
- fatal("sshkey_new failed");
-@@ -658,7 +716,7 @@ do_convert_from_pkcs8(struct sshkey **k,
- #endif
- default:
- fatal("%s: unsupported pubkey type %d", __func__,
-- EVP_PKEY_type(pubkey->type));
-+ EVP_PKEY_type(EVP_PKEY_id(pubkey)));
- }
- EVP_PKEY_free(pubkey);
- return;
-diff -aurp old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c
---- old/ssh-pkcs11-client.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/ssh-pkcs11-client.c 2018-08-23 21:31:53.334592801 -0700
-@@ -156,12 +156,13 @@ pkcs11_rsa_private_encrypt(int flen, con
- static int
- wrap_key(RSA *rsa)
- {
-- static RSA_METHOD helper_rsa;
-+ static RSA_METHOD *helper_rsa;
-
-- memcpy(&helper_rsa, RSA_get_default_method(), sizeof(helper_rsa));
-- helper_rsa.name = "ssh-pkcs11-helper";
-- helper_rsa.rsa_priv_enc = pkcs11_rsa_private_encrypt;
-- RSA_set_method(rsa, &helper_rsa);
-+ if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
-+ return (-1); /* XXX but caller isn't checking */
-+ RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper");
-+ RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt);
-+ RSA_set_method(rsa, helper_rsa);
- return (0);
- }
-
-diff -aurp old/ssh-pkcs11.c new/ssh-pkcs11.c
---- old/ssh-pkcs11.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/ssh-pkcs11.c 2018-08-23 21:31:53.334592801 -0700
-@@ -67,7 +67,7 @@ struct pkcs11_key {
- struct pkcs11_provider *provider;
- CK_ULONG slotidx;
- int (*orig_finish)(RSA *rsa);
-- RSA_METHOD rsa_method;
-+ RSA_METHOD *rsa_method;
- char *keyid;
- int keyid_len;
- };
-@@ -326,13 +326,15 @@ pkcs11_rsa_wrap(struct pkcs11_provider *
- k11->keyid = xmalloc(k11->keyid_len);
- memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
- }
-- k11->orig_finish = def->finish;
-- memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method));
-- k11->rsa_method.name = "pkcs11";
-- k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt;
-- k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt;
-- k11->rsa_method.finish = pkcs11_rsa_finish;
-- RSA_set_method(rsa, &k11->rsa_method);
-+ k11->orig_finish = RSA_meth_get_finish(def);
-+
-+ if ((k11->rsa_method = RSA_meth_new("pkcs11", RSA_meth_get_flags(def))) == NULL)
-+ return -1;
-+ RSA_meth_set_priv_enc(k11->rsa_method, pkcs11_rsa_private_encrypt);
-+ RSA_meth_set_priv_dec(k11->rsa_method, pkcs11_rsa_private_decrypt);
-+ RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish);
-+
-+ RSA_set_method(rsa, k11->rsa_method);
- RSA_set_app_data(rsa, k11);
- return (0);
- }
-@@ -512,10 +514,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
- if ((rsa = RSA_new()) == NULL) {
- error("RSA_new failed");
- } else {
-- rsa->n = BN_bin2bn(attribs[1].pValue,
-- attribs[1].ulValueLen, NULL);
-- rsa->e = BN_bin2bn(attribs[2].pValue,
-- attribs[2].ulValueLen, NULL);
-+ BIGNUM *n=NULL, *e=NULL;
-+ n = BN_new();
-+ e = BN_new();
-+ if (n == NULL || e == NULL)
-+ error("BN_new alloc failed");
-+ if (BN_bin2bn(attribs[1].pValue,
-+ attribs[1].ulValueLen, n) == NULL ||
-+ BN_bin2bn(attribs[2].pValue,
-+ attribs[2].ulValueLen, e) == NULL)
-+ error("BN_bin2bn failed");
-+ if (RSA_set0_key(rsa, n, e, NULL) == 0)
-+ error("RSA_set0_key failed");
-+ n = e = NULL;
- }
- } else {
- cp = attribs[2].pValue;
-@@ -525,16 +536,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
- == NULL) {
- error("d2i_X509 failed");
- } else if ((evp = X509_get_pubkey(x509)) == NULL ||
-- evp->type != EVP_PKEY_RSA ||
-- evp->pkey.rsa == NULL) {
-+ EVP_PKEY_id(evp) != EVP_PKEY_RSA ||
-+ EVP_PKEY_get0_RSA(evp) == NULL) {
- debug("X509_get_pubkey failed or no rsa");
-- } else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa))
-+ } else if ((rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(evp)))
- == NULL) {
- error("RSAPublicKey_dup");
- }
- X509_free(x509);
- }
-- if (rsa && rsa->n && rsa->e &&
-+ {
-+ const BIGNUM *n, *e;
-+ RSA_get0_key(rsa, &n, &e, NULL);
-+ if (rsa && n && e &&
- pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
- if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
- fatal("sshkey_new failed");
-@@ -554,6 +568,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
- } else if (rsa) {
- RSA_free(rsa);
- }
-+ }
- for (i = 0; i < 3; i++)
- free(attribs[i].pValue);
- }
-diff -aurp old/ssh-rsa.c new/ssh-rsa.c
---- old/ssh-rsa.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/ssh-rsa.c 2018-08-23 21:31:53.334592801 -0700
-@@ -108,7 +108,6 @@ ssh_rsa_generate_additional_parameters(s
- {
- BIGNUM *aux = NULL;
- BN_CTX *ctx = NULL;
-- BIGNUM d;
- int r;
-
- if (key == NULL || key->rsa == NULL ||
-@@ -123,16 +122,27 @@ ssh_rsa_generate_additional_parameters(s
- }
- BN_set_flags(aux, BN_FLG_CONSTTIME);
-
-- BN_init(&d);
-- BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME);
--
-- if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) ||
-- (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) ||
-- (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) ||
-- (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) {
-+ {
-+ const BIGNUM *q, *d, *p;
-+ BIGNUM *dmq1=NULL, *dmp1=NULL;
-+ if ((dmq1 = BN_new()) == NULL ||
-+ (dmp1 = BN_new()) == NULL ) {
-+ r = SSH_ERR_ALLOC_FAIL;
-+ goto out;
-+ }
-+ RSA_get0_key(key->rsa, NULL, NULL, &d);
-+ RSA_get0_factors(key->rsa, &p, &q);
-+ if ((BN_sub(aux, q, BN_value_one()) == 0) ||
-+ (BN_mod(dmq1, d, aux, ctx) == 0) ||
-+ (BN_sub(aux, p, BN_value_one()) == 0) ||
-+ (BN_mod(dmp1, d, aux, ctx) == 0) ||
-+ RSA_set0_crt_params(key->rsa, dmp1, dmq1, NULL) == 0) {
- r = SSH_ERR_LIBCRYPTO_ERROR;
-+ BN_clear_free(dmp1);
-+ BN_clear_free(dmq1);
- goto out;
- }
-+ }
- r = 0;
- out:
- BN_clear_free(aux);
-@@ -163,7 +173,7 @@ ssh_rsa_sign(const struct sshkey *key, u
- if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
- sshkey_type_plain(key->type) != KEY_RSA)
- return SSH_ERR_INVALID_ARGUMENT;
-- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
-+ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
- return SSH_ERR_KEY_LENGTH;
- slen = RSA_size(key->rsa);
- if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
-@@ -235,7 +245,7 @@ ssh_rsa_verify(const struct sshkey *key,
- sshkey_type_plain(key->type) != KEY_RSA ||
- sig == NULL || siglen == 0)
- return SSH_ERR_INVALID_ARGUMENT;
-- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
-+ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE)
- return SSH_ERR_KEY_LENGTH;
-
- if ((b = sshbuf_from(sig, siglen)) == NULL)
-diff -aurp old/sshkey.c new/sshkey.c
---- old/sshkey.c 2018-08-22 22:41:42.000000000 -0700
-+++ new/sshkey.c 2018-08-23 21:31:53.334592801 -0700
-@@ -292,10 +292,18 @@ sshkey_size(const struct sshkey *k)
- #ifdef WITH_OPENSSL
- case KEY_RSA:
- case KEY_RSA_CERT:
-- return BN_num_bits(k->rsa->n);
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000UL
-+ return RSA_bits(k->rsa);
-+#else
-+ return RSA_bits(key->rsa);
-+#endif
- case KEY_DSA:
- case KEY_DSA_CERT:
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000UL
-+ return DSA_bits(k->dsa);
-+#else
- return BN_num_bits(k->dsa->p);
-+#endif
- case KEY_ECDSA:
- case KEY_ECDSA_CERT:
- return sshkey_curve_nid_to_bits(k->ecdsa_nid);
-@@ -500,26 +508,53 @@ sshkey_new(int type)
- #ifdef WITH_OPENSSL
- case KEY_RSA:
- case KEY_RSA_CERT:
-+ {
-+ BIGNUM *n=NULL, *e=NULL; /* just allocate */
- if ((rsa = RSA_new()) == NULL ||
-- (rsa->n = BN_new()) == NULL ||
-- (rsa->e = BN_new()) == NULL) {
-+ (n = BN_new()) == NULL ||
-+ (e = BN_new()) == NULL) {
-+ BN_free(n);
-+ BN_free(e);
- RSA_free(rsa);
- free(k);
- return NULL;
- }
-+ BN_clear(n); BN_clear(e);
-+ if (RSA_set0_key(rsa, n, e, NULL) == 0)
-+ return NULL;
-+ n = e = NULL;
-+ }
- k->rsa = rsa;
- break;
- case KEY_DSA:
- case KEY_DSA_CERT:
-+ {
-+ BIGNUM *p=NULL, *q=NULL, *g=NULL, *pubkey=NULL; /* just allocate */
- if ((dsa = DSA_new()) == NULL ||
-- (dsa->p = BN_new()) == NULL ||
-- (dsa->q = BN_new()) == NULL ||
-- (dsa->g = BN_new()) == NULL ||
-- (dsa->pub_key = BN_new()) == NULL) {
-+ (p = BN_new()) == NULL ||
-+ (q = BN_new()) == NULL ||
-+ (g = BN_new()) == NULL ||
-+ (pubkey = BN_new()) == NULL) {
-+ BN_free(p);
-+ BN_free(q);
-+ BN_free(g);
-+ BN_free(pubkey);
- DSA_free(dsa);
- free(k);
- return NULL;
- }
-+ if (DSA_set0_pqg(dsa, p, q, g) == 0) {
-+ BN_free(p); BN_free(q); BN_free(g);
-+ BN_free(pubkey);
-+ return NULL;
-+ }
-+ p = q = g = NULL;
-+ if (DSA_set0_key(dsa, pubkey, NULL) == 0) {
-+ BN_free(pubkey);
-+ return NULL;
-+ }
-+ pubkey = NULL;
-+ }
- k->dsa = dsa;
- break;
- case KEY_ECDSA:
-@@ -557,6 +592,51 @@ sshkey_add_private(struct sshkey *k)
- #ifdef WITH_OPENSSL
- case KEY_RSA:
- case KEY_RSA_CERT:
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000UL
-+ /* Allocate BIGNUM. This is a mess.
-+ For OpenSSL 1.1.x API these shouldn't be mandatory,
-+ but some regression tests for non-NULL pointer of
-+ the data. */
-+#define new_or_dup(bn, nbn) \
-+ if (bn == NULL) { \
-+ if ((nbn = BN_new()) == NULL) \
-+ return SSH_ERR_ALLOC_FAIL; \
-+ } else { \
-+ /* otherwise use-after-free will occur */ \
-+ if ((nbn = BN_dup(bn)) == NULL) \
-+ return SSH_ERR_ALLOC_FAIL; \
-+ }
-+ {
-+ const BIGNUM *d, *iqmp, *q, *p, *dmq1, *dmp1; /* allocate if NULL */
-+ BIGNUM *nd, *niqmp, *nq, *np, *ndmq1, *ndmp1;
-+
-+ RSA_get0_key(k->rsa, NULL, NULL, &d);
-+ RSA_get0_factors(k->rsa, &p, &q);
-+ RSA_get0_crt_params(k->rsa, &dmp1, &dmq1, &iqmp);
-+
-+ new_or_dup(d, nd);
-+ new_or_dup(iqmp, niqmp);
-+ new_or_dup(q, nq);
-+ new_or_dup(p, np);
-+ new_or_dup(dmq1, ndmq1);
-+ new_or_dup(dmp1, ndmp1);
-+
-+ if (RSA_set0_key(k->rsa, NULL, NULL, nd) == 0)
-+ goto error1;
-+ nd = NULL;
-+ if (RSA_set0_factors(k->rsa, np, nq) == 0)
-+ goto error1;
-+ np = nq = NULL;
-+ if (RSA_set0_crt_params(k->rsa, ndmp1, ndmq1, niqmp) == 0) {
-+error1:
-+ BN_free(nd);
-+ BN_free(np); BN_free(nq);
-+ BN_free(ndmp1); BN_free(ndmq1); BN_free(niqmp);
-+ return SSH_ERR_LIBCRYPTO_ERROR;
-+ }
-+ ndmp1 = ndmq1 = niqmp = NULL;
-+ }
-+#else
- #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
- if (bn_maybe_alloc_failed(k->rsa->d) ||
- bn_maybe_alloc_failed(k->rsa->iqmp) ||
-@@ -565,13 +645,28 @@ sshkey_add_private(struct sshkey *k)
- bn_maybe_alloc_failed(k->rsa->dmq1) ||
- bn_maybe_alloc_failed(k->rsa->dmp1))
- return SSH_ERR_ALLOC_FAIL;
-+#endif
- break;
- case KEY_DSA:
- case KEY_DSA_CERT:
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000UL
-+ {
-+ const BIGNUM *priv_key;
-+ BIGNUM *npriv_key;
-+ DSA_get0_key(k->dsa, NULL, &priv_key);
-+ new_or_dup(priv_key, npriv_key);
-+ if (DSA_set0_key(k->dsa, NULL, npriv_key) == 0) {
-+ BN_free(npriv_key);
-+ return SSH_ERR_LIBCRYPTO_ERROR;
-+ }
-+ }
-+#else
- if (bn_maybe_alloc_failed(k->dsa->priv_key))
- return SSH_ERR_ALLOC_FAIL;
-+#endif
- break;
- #undef bn_maybe_alloc_failed
-+#undef new_or_dup
- case KEY_ECDSA:
- case KEY_ECDSA_CERT:
- /* Cannot do anything until we know the group */
-@@ -695,16 +790,34 @@ sshkey_equal_public(const struct sshkey
- #ifdef WITH_OPENSSL
- case KEY_RSA_CERT:
- case KEY_RSA:
-- return a->rsa != NULL && b->rsa != NULL &&
-- BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
-- BN_cmp(a->rsa->n, b->rsa->n) == 0;
-+ {
-+ const BIGNUM *a_e, *b_e, *a_n, *b_n;
-+ const BIGNUM *a_d, *b_d;
-+ if (a->rsa == NULL) return 0;
-+ if (b->rsa == NULL) return 0;
-+ RSA_get0_key(a->rsa, &a_n, &a_e, &a_d);
-+ RSA_get0_key(b->rsa, &b_n, &b_e, &b_d);
-+ return
-+ BN_cmp(a_e, b_e) == 0 &&
-+ BN_cmp(a_n, b_n) == 0;
-+ }
- case KEY_DSA_CERT:
- case KEY_DSA:
-- return a->dsa != NULL && b->dsa != NULL &&
-- BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
-- BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
-- BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
-- BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
-+ {
-+ const BIGNUM *a_p, *a_q, *a_g, *a_pub_key;
-+ const BIGNUM *b_p, *b_q, *b_g, *b_pub_key;
-+ if (a->dsa == NULL) return 0;
-+ if (b->dsa == NULL) return 0;
-+ DSA_get0_pqg(a->dsa, &a_p, &a_q, &a_g);
-+ DSA_get0_pqg(b->dsa, &b_p, &b_q, &b_g);
-+ DSA_get0_key(a->dsa, &a_pub_key, NULL);
-+ DSA_get0_key(b->dsa, &b_pub_key, NULL);
-+ return
-+ BN_cmp(a_p, b_p) == 0 &&
-+ BN_cmp(a_q, b_q) == 0 &&
-+ BN_cmp(a_g, b_g) == 0 &&
-+ BN_cmp(a_pub_key, b_pub_key) == 0;
-+ }
- # ifdef OPENSSL_HAS_ECC
- case KEY_ECDSA_CERT:
- case KEY_ECDSA:
-@@ -793,12 +906,17 @@ to_blob_buf(const struct sshkey *key, st
- case KEY_DSA:
- if (key->dsa == NULL)
- return SSH_ERR_INVALID_ARGUMENT;
-+ {
-+ const BIGNUM *p, *q, *g, *pub_key;
-+ DSA_get0_pqg(key->dsa, &p, &q, &g);
-+ DSA_get0_key(key->dsa, &pub_key, NULL);
- if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
-- (ret = sshbuf_put_bignum2(b, key->dsa->p)) != 0 ||
-- (ret = sshbuf_put_bignum2(b, key->dsa->q)) != 0 ||
-- (ret = sshbuf_put_bignum2(b, key->dsa->g)) != 0 ||
-- (ret = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0)
-+ (ret = sshbuf_put_bignum2(b, p)) != 0 ||
-+ (ret = sshbuf_put_bignum2(b, q)) != 0 ||
-+ (ret = sshbuf_put_bignum2(b, g)) != 0 ||
-+ (ret = sshbuf_put_bignum2(b, pub_key)) != 0)
- return ret;
-+ }
- break;
- # ifdef OPENSSL_HAS_ECC
- case KEY_ECDSA:
-@@ -814,10 +932,14 @@ to_blob_buf(const struct sshkey *key, st
- case KEY_RSA:
- if (key->rsa == NULL)
- return SSH_ERR_INVALID_ARGUMENT;
-+ {
-+ const BIGNUM *e, *n;
-+ RSA_get0_key(key->rsa, &n, &e, NULL);
- if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
-- (ret = sshbuf_put_bignum2(b, key->rsa->e)) != 0 ||
-- (ret = sshbuf_put_bignum2(b, key->rsa->n)) != 0)
-+ (ret = sshbuf_put_bignum2(b, e)) != 0 ||
-+ (ret = sshbuf_put_bignum2(b, n)) != 0)
- return ret;
-+ }
- break;
- #endif /* WITH_OPENSSL */
- case KEY_ED25519:
-@@ -1758,13 +1880,32 @@ sshkey_from_private(const struct sshkey
- case KEY_DSA_CERT:
- if ((n = sshkey_new(k->type)) == NULL)
- return SSH_ERR_ALLOC_FAIL;
-- if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
-- (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
-- (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
-- (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) {
-+ {
-+ const BIGNUM *p, *q, *g, *pub_key, *priv_key;
-+ BIGNUM *cp=NULL, *cq=NULL, *cg=NULL, *cpub_key=NULL;
-+ DSA_get0_pqg(k->dsa, &p, &q, &g);
-+ DSA_get0_key(k->dsa, &pub_key, &priv_key);
-+ if ((cp = BN_dup(p)) == NULL ||
-+ (cq = BN_dup(q)) == NULL ||
-+ (cg = BN_dup(g)) == NULL ||
-+ (cpub_key = BN_dup(pub_key)) == NULL) {
-+ BN_free(cp); BN_free(cq); BN_free(cg);
-+ BN_free(cpub_key);
- sshkey_free(n);
- return SSH_ERR_ALLOC_FAIL;
- }
-+ if (DSA_set0_pqg(n->dsa, cp, cq, cg) == 0)
-+ goto error1;
-+ cp = cq = cg = NULL;
-+ if (DSA_set0_key(n->dsa, cpub_key, NULL) == 0) {
-+error1:
-+ BN_free(cp); BN_free(cq); BN_free(cg);
-+ BN_free(cpub_key);
-+ sshkey_free(n);
-+ return SSH_ERR_LIBCRYPTO_ERROR;
-+ }
-+ cpub_key = NULL;
-+ }
- break;
- # ifdef OPENSSL_HAS_ECC
- case KEY_ECDSA:
-@@ -1788,11 +1929,23 @@ sshkey_from_private(const struct sshkey
- case KEY_RSA_CERT:
- if ((n = sshkey_new(k->type)) == NULL)
- return SSH_ERR_ALLOC_FAIL;
-- if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
-- (BN_copy(n->rsa->e, k->rsa->e) == NULL)) {
-+ {
-+ const BIGNUM *nn, *e, *d;
-+ BIGNUM *cn=NULL, *ce=NULL;
-+ RSA_get0_key(k->rsa, &nn, &e, &d);
-+ if ((cn = BN_dup(nn)) == NULL ||
-+ (ce = BN_dup(e)) == NULL ) {
-+ BN_free(cn); BN_free(ce);
- sshkey_free(n);
- return SSH_ERR_ALLOC_FAIL;
- }
-+ if (RSA_set0_key(n->rsa, cn, ce, NULL) == 0) {
-+ BN_free(cn); BN_free(ce);
-+ sshkey_free(n);
-+ return SSH_ERR_LIBCRYPTO_ERROR;
-+ }
-+ cn = ce = NULL;
-+ }
- break;
- #endif /* WITH_OPENSSL */
- case KEY_ED25519:
-@@ -2013,12 +2166,27 @@ sshkey_from_blob_internal(struct sshbuf
- ret = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
-- if (sshbuf_get_bignum2(b, key->rsa->e) != 0 ||
-- sshbuf_get_bignum2(b, key->rsa->n) != 0) {
-+ {
-+ BIGNUM *e=NULL, *n=NULL;
-+ if ((e = BN_new()) == NULL ||
-+ (n = BN_new()) == NULL ) {
-+ ret = SSH_ERR_ALLOC_FAIL;
-+ BN_free(e); BN_free(n);
-+ goto out;
-+ }
-+ if (sshbuf_get_bignum2(b, e) != 0 ||
-+ sshbuf_get_bignum2(b, n) != 0) {
- ret = SSH_ERR_INVALID_FORMAT;
-+ BN_free(e); BN_free(n);
- goto out;
- }
-- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
-+ if (RSA_set0_key(key->rsa, n, e, NULL) == 0) {
-+ BN_free(e); BN_free(n);
-+ return SSH_ERR_LIBCRYPTO_ERROR;
-+ }
-+ n = e = NULL;
-+ }
-+ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
- ret = SSH_ERR_KEY_LENGTH;
- goto out;
- }
-@@ -2038,13 +2206,36 @@ sshkey_from_blob_internal(struct sshbuf
- ret = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
-- if (sshbuf_get_bignum2(b, key->dsa->p) != 0 ||
-- sshbuf_get_bignum2(b, key->dsa->q) != 0 ||
-- sshbuf_get_bignum2(b, key->dsa->g) != 0 ||
-- sshbuf_get_bignum2(b, key->dsa->pub_key) != 0) {
-+ {
-+ BIGNUM *p=NULL, *q=NULL, *g=NULL, *pub_key=NULL;
-+ if ((p = BN_new()) == NULL ||
-+ (q = BN_new()) == NULL ||
-+ (g = BN_new()) == NULL ||
-+ (pub_key = BN_new()) == NULL) {
-+ ret = SSH_ERR_ALLOC_FAIL;
-+ goto error1;
-+ }
-+ if (sshbuf_get_bignum2(b, p) != 0 ||
-+ sshbuf_get_bignum2(b, q) != 0 ||
-+ sshbuf_get_bignum2(b, g) != 0 ||
-+ sshbuf_get_bignum2(b, pub_key) != 0) {
- ret = SSH_ERR_INVALID_FORMAT;
-+ goto error1;
-+ }
-+ if (DSA_set0_pqg(key->dsa, p, q, g) == 0) {
-+ ret = SSH_ERR_LIBCRYPTO_ERROR;
-+ goto error1;
-+ }
-+ p = q = g = NULL;
-+ if (DSA_set0_key(key->dsa, pub_key, NULL) == 0) {
-+ ret = SSH_ERR_LIBCRYPTO_ERROR;
-+error1:
-+ BN_free(p); BN_free(q); BN_free(g);
-+ BN_free(pub_key);
- goto out;
- }
-+ pub_key = NULL;
-+ }
- #ifdef DEBUG_PK
- DSA_print_fp(stderr, key->dsa, 8);
- #endif
-@@ -2389,26 +2580,63 @@ sshkey_demote(const struct sshkey *k, st
- goto fail;
- /* FALLTHROUGH */
- case KEY_RSA:
-- if ((pk->rsa = RSA_new()) == NULL ||
-- (pk->rsa->e = BN_dup(k->rsa->e)) == NULL ||
-- (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) {
-+ if ((pk->rsa = RSA_new()) == NULL ){
- ret = SSH_ERR_ALLOC_FAIL;
- goto fail;
- }
-+ {
-+ const BIGNUM *ke, *kn;
-+ BIGNUM *pke=NULL, *pkn=NULL;
-+ RSA_get0_key(k->rsa, &kn, &ke, NULL);
-+ if ((pke = BN_dup(ke)) == NULL ||
-+ (pkn = BN_dup(kn)) == NULL) {
-+ ret = SSH_ERR_ALLOC_FAIL;
-+ BN_free(pke); BN_free(pkn);
-+ goto fail;
-+ }
-+ if (RSA_set0_key(pk->rsa, pkn, pke, NULL) == 0) {
-+ ret = SSH_ERR_LIBCRYPTO_ERROR;
-+ BN_free(pke); BN_free(pkn);
-+ goto fail;
-+ }
-+ pkn = pke = NULL;
-+ }
- break;
- case KEY_DSA_CERT:
- if ((ret = sshkey_cert_copy(k, pk)) != 0)
- goto fail;
- /* FALLTHROUGH */
- case KEY_DSA:
-- if ((pk->dsa = DSA_new()) == NULL ||
-- (pk->dsa->p = BN_dup(k->dsa->p)) == NULL ||
-- (pk->dsa->q = BN_dup(k->dsa->q)) == NULL ||
-- (pk->dsa->g = BN_dup(k->dsa->g)) == NULL ||
-- (pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) {
-+ if ((pk->dsa = DSA_new()) == NULL ) {
- ret = SSH_ERR_ALLOC_FAIL;
- goto fail;
- }
-+ {
-+ const BIGNUM *kp, *kq, *kg, *kpub_key;
-+ BIGNUM *pkp=NULL, *pkq=NULL, *pkg=NULL, *pkpub_key=NULL;
-+ DSA_get0_pqg(k->dsa, &kp, &kq, &kg);
-+ DSA_get0_key(k->dsa, &kpub_key, NULL);
-+ if ((pkp = BN_dup(kp)) == NULL ||
-+ (pkq = BN_dup(kq)) == NULL ||
-+ (pkg = BN_dup(kg)) == NULL ||
-+ (pkpub_key = BN_dup(kpub_key)) == NULL) {
-+ ret = SSH_ERR_ALLOC_FAIL;
-+ goto error1;
-+ }
-+ if (DSA_set0_pqg(pk->dsa, pkp, pkq, pkg) == 0) {
-+ ret = SSH_ERR_LIBCRYPTO_ERROR;
-+ goto error1;
-+ }
-+ pkp = pkq = pkg = NULL;
-+ if (DSA_set0_key(pk->dsa, pkpub_key, NULL) == 0) {
-+ ret = SSH_ERR_LIBCRYPTO_ERROR;
-+error1:
-+ BN_free(pkp); BN_free(pkq); BN_free(pkg);
-+ BN_free(pkpub_key);
-+ goto fail;
-+ }
-+ pkpub_key = NULL;
-+ }
- break;
- case KEY_ECDSA_CERT:
- if ((ret = sshkey_cert_copy(k, pk)) != 0)
-@@ -2558,11 +2786,17 @@ sshkey_certify_custom(struct sshkey *k,
- switch (k->type) {
- #ifdef WITH_OPENSSL
- case KEY_DSA_CERT:
-- if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 ||
-- (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 ||
-- (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 ||
-- (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0)
-+ {
-+ const BIGNUM *p, *q, *g, *pub_key;
-+ DSA_get0_pqg(k->dsa, &p, &q, &g);
-+ DSA_get0_key(k->dsa, &pub_key, NULL);
-+ if ((ret = sshbuf_put_bignum2(cert, p)) != 0 ||
-+ (ret = sshbuf_put_bignum2(cert, q)) != 0 ||
-+ (ret = sshbuf_put_bignum2(cert, g)) != 0 ||
-+ (ret = sshbuf_put_bignum2(cert, pub_key)) != 0) {
- goto out;
-+ }
-+ }
- break;
- # ifdef OPENSSL_HAS_ECC
- case KEY_ECDSA_CERT:
-@@ -2575,9 +2809,15 @@ sshkey_certify_custom(struct sshkey *k,
- break;
- # endif /* OPENSSL_HAS_ECC */
- case KEY_RSA_CERT:
-- if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 ||
-- (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0)
-+ {
-+ const BIGNUM *e, *n;
-+ RSA_get0_key(k->rsa, &n, &e, NULL);
-+ if (n == NULL || e == NULL ||
-+ (ret = sshbuf_put_bignum2(cert, e)) != 0 ||
-+ (ret = sshbuf_put_bignum2(cert, n)) != 0) {
- goto out;
-+ }
-+ }
- break;
- #endif /* WITH_OPENSSL */
- case KEY_ED25519_CERT:
-@@ -2764,42 +3004,67 @@ sshkey_private_serialize_opt(const struc
- switch (key->type) {
- #ifdef WITH_OPENSSL
- case KEY_RSA:
-- if ((r = sshbuf_put_bignum2(b, key->rsa->n)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->rsa->e)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0)
-+ {
-+ const BIGNUM *n, *e, *d, *iqmp, *p, *q;
-+ RSA_get0_key(key->rsa, &n, &e, &d);
-+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp);
-+ RSA_get0_factors(key->rsa, &p, &q);
-+ if ((r = sshbuf_put_bignum2(b, n)) != 0 ||
-+ (r = sshbuf_put_bignum2(b, e)) != 0 ||
-+ (r = sshbuf_put_bignum2(b, d)) != 0 ||
-+ (r = sshbuf_put_bignum2(b, iqmp)) != 0 ||
-+ (r = sshbuf_put_bignum2(b, p)) != 0 ||
-+ (r = sshbuf_put_bignum2(b, q)) != 0) {
- goto out;
-+ }
-+ }
- break;
- case KEY_RSA_CERT:
- if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
- r = SSH_ERR_INVALID_ARGUMENT;
- goto out;
- }
-+ {
-+ const BIGNUM *d, *iqmp, *p, *q;
-+ RSA_get0_key(key->rsa, NULL, NULL, &d);
-+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp);
-+ RSA_get0_factors(key->rsa, &p, &q);
- if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0)
-+ (r = sshbuf_put_bignum2(b, d)) != 0 ||
-+ (r = sshbuf_put_bignum2(b, iqmp)) != 0 ||
-+ (r = sshbuf_put_bignum2(b, p)) != 0 ||
-+ (r = sshbuf_put_bignum2(b, q)) != 0) {
- goto out;
-+ }
-+ }
- break;
- case KEY_DSA:
-- if ((r = sshbuf_put_bignum2(b, key->dsa->p)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->dsa->q)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->dsa->g)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0)
-+ {
-+ const BIGNUM *p, *q, *g, *pub_key, *priv_key;
-+ DSA_get0_pqg(key->dsa, &p, &q, &g);
-+ DSA_get0_key(key->dsa, &pub_key, &priv_key);
-+ if ((r = sshbuf_put_bignum2(b, p)) != 0 ||
-+ (r = sshbuf_put_bignum2(b, q)) != 0 ||
-+ (r = sshbuf_put_bignum2(b, g)) != 0 ||
-+ (r = sshbuf_put_bignum2(b, pub_key)) != 0 ||
-+ (r = sshbuf_put_bignum2(b, priv_key)) != 0) {
- goto out;
-+ }
-+ }
- break;
- case KEY_DSA_CERT:
- if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) {
- r = SSH_ERR_INVALID_ARGUMENT;
- goto out;
- }
-+ {
-+ const BIGNUM *priv_key;
-+ DSA_get0_key(key->dsa, NULL, &priv_key);
- if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
-- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0)
-+ (r = sshbuf_put_bignum2(b, priv_key)) != 0) {
- goto out;
-+ }
-+ }
- break;
- # ifdef OPENSSL_HAS_ECC
- case KEY_ECDSA:
-@@ -2913,18 +3178,61 @@ sshkey_private_deserialize(struct sshbuf
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
-- if ((r = sshbuf_get_bignum2(buf, k->dsa->p)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->dsa->q)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->dsa->g)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->dsa->pub_key)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0)
-+ {
-+ BIGNUM *p=NULL, *q=NULL, *g=NULL, *pub_key=NULL, *priv_key=NULL;
-+ if ((p = BN_new()) == NULL ||
-+ (q = BN_new()) == NULL ||
-+ (g = BN_new()) == NULL ||
-+ (pub_key = BN_new()) == NULL ||
-+ (priv_key = BN_new()) == NULL) {
-+ r = SSH_ERR_ALLOC_FAIL;
-+ goto error1;
-+ }
-+ if (p == NULL || q == NULL || g == NULL ||
-+ pub_key == NULL || priv_key == NULL ||
-+ (r = sshbuf_get_bignum2(buf, p)) != 0 ||
-+ (r = sshbuf_get_bignum2(buf, q)) != 0 ||
-+ (r = sshbuf_get_bignum2(buf, g)) != 0 ||
-+ (r = sshbuf_get_bignum2(buf, pub_key)) != 0 ||
-+ (r = sshbuf_get_bignum2(buf, priv_key)) != 0) {
-+ goto error1;
-+ }
-+ if (DSA_set0_pqg(k->dsa, p, q, g) == 0) {
-+ r = SSH_ERR_LIBCRYPTO_ERROR;
-+ goto error1;
-+ }
-+ p = q = g = NULL;
-+ if (DSA_set0_key(k->dsa, pub_key, priv_key) == 0) {
-+ r = SSH_ERR_LIBCRYPTO_ERROR;
-+error1:
-+ BN_free(p); BN_free(q); BN_free(g);
-+ BN_free(pub_key); BN_free(priv_key);
- goto out;
-+ }
-+ pub_key = priv_key = NULL;
-+ }
- break;
- case KEY_DSA_CERT:
-- if ((r = sshkey_froms(buf, &k)) != 0 ||
-+ {
-+ BIGNUM *priv_key=NULL;
-+ if ((priv_key = BN_new()) == NULL) {
-+ r = SSH_ERR_ALLOC_FAIL;
-+ goto out;
-+ }
-+ if (priv_key == NULL ||
-+ (r = sshkey_froms(buf, &k)) != 0 ||
- (r = sshkey_add_private(k)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0)
-+ (r = sshbuf_get_bignum2(buf, priv_key)) != 0) {
-+ BN_free(priv_key);
-+ goto out;
-+ }
-+ if (DSA_set0_key(k->dsa, NULL, priv_key) == 0) {
-+ r = SSH_ERR_LIBCRYPTO_ERROR;
-+ BN_free(priv_key);
- goto out;
-+ }
-+ priv_key = NULL;
-+ }
- break;
- # ifdef OPENSSL_HAS_ECC
- case KEY_ECDSA:
-@@ -2983,29 +3291,104 @@ sshkey_private_deserialize(struct sshbuf
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
-- if ((r = sshbuf_get_bignum2(buf, k->rsa->n)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->rsa->e)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
-- (r = ssh_rsa_generate_additional_parameters(k)) != 0)
-+ {
-+ BIGNUM *n=NULL, *e=NULL, *d=NULL, *iqmp=NULL, *p=NULL, *q=NULL;
-+ BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy for RSA_set0_crt_params */
-+ if ((n = BN_new()) == NULL ||
-+ (e = BN_new()) == NULL ||
-+ (d = BN_new()) == NULL ||
-+ (iqmp = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL ||
-+ (q = BN_new()) == NULL ||
-+ (dmp1 = BN_new()) == NULL ||
-+ (dmq1 = BN_new()) == NULL) {
-+ r = SSH_ERR_ALLOC_FAIL;
-+ goto error2;
-+ }
-+ BN_clear(dmp1); BN_clear(dmq1);
-+ if ((r = sshbuf_get_bignum2(buf, n)) != 0 ||
-+ (r = sshbuf_get_bignum2(buf, e)) != 0 ||
-+ (r = sshbuf_get_bignum2(buf, d)) != 0 ||
-+ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 ||
-+ (r = sshbuf_get_bignum2(buf, p)) != 0 ||
-+ (r = sshbuf_get_bignum2(buf, q)) != 0) {
-+ goto error2;
-+ }
-+ if (RSA_set0_key(k->rsa, n, e, d) == 0) {
-+ r = SSH_ERR_LIBCRYPTO_ERROR;
-+ goto error2;
-+ }
-+ n = e = d = NULL;
-+ /* dmp1,dmpq1 should be non NULL to set iqmp value */
-+ if (RSA_set0_crt_params(k->rsa, dmp1, dmq1, iqmp) == 0) {
-+ r = SSH_ERR_LIBCRYPTO_ERROR;
-+ goto error2;
-+ }
-+ dmp1 = dmq1 = iqmp = NULL;
-+ if (RSA_set0_factors(k->rsa, p, q) == 0) {
-+ r = SSH_ERR_LIBCRYPTO_ERROR;
-+ error2:
-+ BN_free(n); BN_free(e); BN_free(d);
-+ BN_free(iqmp);
-+ BN_free(p); BN_free(q);
-+ BN_free(dmp1); BN_free(dmq1);
-+ goto out;
-+ }
-+ p = q = NULL;
-+ if ((r = ssh_rsa_generate_additional_parameters(k)) != 0) {
- goto out;
-- if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
-+ }
-+ }
-+ if (RSA_bits(k->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
- r = SSH_ERR_KEY_LENGTH;
- goto out;
- }
- break;
- case KEY_RSA_CERT:
-+ {
-+ BIGNUM *d=NULL, *iqmp=NULL, *p=NULL, *q=NULL;
-+ BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy for RSA_set0_crt_params */
-+ if ((d = BN_new()) == NULL ||
-+ (iqmp = BN_new()) == NULL ||
-+ (p = BN_new()) == NULL ||
-+ (q = BN_new()) == NULL ||
-+ (dmp1 = BN_new()) == NULL ||
-+ (dmq1 = BN_new()) == NULL) {
-+ r = SSH_ERR_ALLOC_FAIL;
-+ goto error3;
-+ }
-+ BN_clear(dmp1); BN_clear(dmq1);
- if ((r = sshkey_froms(buf, &k)) != 0 ||
- (r = sshkey_add_private(k)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
-- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
-- (r = ssh_rsa_generate_additional_parameters(k)) != 0)
-+ (r = sshbuf_get_bignum2(buf, d)) != 0 ||
-+ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 ||
-+ (r = sshbuf_get_bignum2(buf, p)) != 0 ||
-+ (r = sshbuf_get_bignum2(buf, q)) != 0) {
-+ goto error3;
-+ }
-+ if (RSA_set0_key(k->rsa, NULL, NULL, d) == 0) {
-+ r = SSH_ERR_LIBCRYPTO_ERROR;
-+ goto error3;
-+ }
-+ /* dmp1,dmpq1 should be non NULL to set value */
-+ if (RSA_set0_crt_params(k->rsa, dmp1, dmq1, iqmp) == 0) {
-+ r = SSH_ERR_LIBCRYPTO_ERROR;
-+ goto error3;
-+ }
-+ dmp1 = dmq1 = iqmp = NULL;
-+ if (RSA_set0_factors(k->rsa, p, q) == 0) {
-+ r = SSH_ERR_LIBCRYPTO_ERROR;
-+ error3:
-+ BN_free(d); BN_free(iqmp);
-+ BN_free(p); BN_free(q);
-+ BN_free(dmp1); BN_free(dmq1);
- goto out;
-- if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
-+ }
-+ p = q = NULL;
-+ if ((r = ssh_rsa_generate_additional_parameters(k)) != 0)
-+ goto out;
-+ }
-+ if (RSA_bits(k->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
- r = SSH_ERR_KEY_LENGTH;
- goto out;
- }
-@@ -3769,7 +4152,6 @@ translate_libcrypto_error(unsigned long
- switch (pem_reason) {
- case EVP_R_BAD_DECRYPT:
- return SSH_ERR_KEY_WRONG_PASSPHRASE;
-- case EVP_R_BN_DECODE_ERROR:
- case EVP_R_DECODE_ERROR:
- #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
- case EVP_R_PRIVATE_KEY_DECODE_ERROR:
-@@ -3834,7 +4216,7 @@ sshkey_parse_private_pem_fileblob(struct
- r = convert_libcrypto_error();
- goto out;
- }
-- if (pk->type == EVP_PKEY_RSA &&
-+ if (EVP_PKEY_id(pk) == EVP_PKEY_RSA &&
- (type == KEY_UNSPEC || type == KEY_RSA)) {
- if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
-@@ -3849,11 +4231,11 @@ sshkey_parse_private_pem_fileblob(struct
- r = SSH_ERR_LIBCRYPTO_ERROR;
- goto out;
- }
-- if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
-+ if (RSA_bits(prv->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
- r = SSH_ERR_KEY_LENGTH;
- goto out;
- }
-- } else if (pk->type == EVP_PKEY_DSA &&
-+ } else if (EVP_PKEY_id(pk) == EVP_PKEY_DSA &&
- (type == KEY_UNSPEC || type == KEY_DSA)) {
- if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
-@@ -3865,7 +4247,7 @@ sshkey_parse_private_pem_fileblob(struct
- DSA_print_fp(stderr, prv->dsa, 8);
- #endif
- #ifdef OPENSSL_HAS_ECC
-- } else if (pk->type == EVP_PKEY_EC &&
-+ } else if (EVP_PKEY_id(pk) == EVP_PKEY_EC &&
- (type == KEY_UNSPEC || type == KEY_ECDSA)) {
- if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
--- /dev/null
+diff --git a/geoip/xt_geoip_build b/geoip/xt_geoip_build
+index 3b15875..7bc42f3 100755
+--- a/geoip/xt_geoip_build
++++ b/geoip/xt_geoip_build
+@@ -259,7 +259,12 @@ sub writeCountry
+ my ($start, $end) = split('-', $range);
+ $start = inet_pton($family, $start);
+ $end = inet_pton($family, $end);
+- print $fh $start, $end;
++
++ if ($family == AF_INET) {
++ print $fh substr($start, 0, 4), substr($end, 0, 4);
++ } else {
++ print $fh $start, $end;
++ }
+ }
+ close $fh;
+ }
DEST_PATH=/usr/share/xt_geoip
DB_PATH=/var/lib/GeoIP
-DL_URL=http://geolite.maxmind.com/download/geoip/database
+DL_URL=https://geolite.maxmind.com/download/geoip/database
DL_FILE=GeoLite2-Country-CSV.zip
eval $(/usr/local/bin/readhash /var/ipfire/proxy/settings)
# Proxy settings.
# Check if a proxy should be used.
if [[ $UPSTREAM_PROXY ]]; then
- PROXYSETTINGS="-e http_proxy=http://"
+ PROXYSETTINGS="-e https_proxy=http://"
# Check if authentication against the proxy is configured.
if [[ $UPSTREAM_USER && $UPSTREAM_PASSWORD ]]; then
projects / ipfire-2.x.git / commitdiff
