Skip to content

Commit

Permalink
Check cert->isRoot to skip extraneous root certificates in certificate
Browse files Browse the repository at this point in the history 
chains.

NSS bug 721288 causes CERT_PKIXVerifyCert to continue extending the
certificate chain after it has reached a root certificate.  Detect that
bug and ignore such extraneous root certificates in certificate chains
when checking for weak signature algorithms.

R=rsleevi@chromium.org
BUG=108514
TEST=a new unit test (to be added) that uses the certificate chain sent
by https://images.etrade.wallst.com/ during SSL handshake.

Review URL: http://codereview.chromium.org/9271060

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119595 0039d316-1c4b-4281-b951-d872f2087c98
  • Loading branch information
wtc@chromium.org committed Jan 28, 2012
1 parent 9bc1a20 commit 73346c9
Show file tree
Hide file tree
Showing 6 changed files with 334 additions and 0 deletions.
24 changes: 24 additions & 0 deletions net/base/x509_certificate_nss.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,8 +192,32 @@ void GetCertChainInfo(CERTCertList* cert_list,
if (i == 0) {
verified_cert = node->cert;
} else {
// Because of an NSS bug, CERT_PKIXVerifyCert may chain a self-signed
// certificate of a root CA to another certificate of the same root CA
// key. Detect that error and ignore the root CA certificate.
// See https://bugzilla.mozilla.org/show_bug.cgi?id=721288.
if (node->cert->isRoot) {
// NOTE: isRoot doesn't mean the certificate is a trust anchor. It
// means the certificate is self-signed. Here we assume isRoot only
// implies the certificate is self-issued.
CERTCertListNode* next_node = CERT_LIST_NEXT(node);
CERTCertificate* next_cert;
if (!CERT_LIST_END(next_node, cert_list)) {
next_cert = next_node->cert;
} else {
next_cert = root_cert;
}
// Test that |node->cert| is actually a self-signed certificate
// whose key is equal to |next_cert|, and not a self-issued
// certificate signed by another key of the same CA.
if (next_cert && SECITEM_ItemsAreEqual(&node->cert->derPublicKey,
&next_cert->derPublicKey)) {
continue;
}
}
verified_chain.push_back(node->cert);
}

SECAlgorithmID& signature = node->cert->signature;
SECOidTag oid_tag = SECOID_FindOIDTag(&signature.algorithm);
switch (oid_tag) {
Expand Down
37 changes: 37 additions & 0 deletions net/base/x509_certificate_unittest.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -708,6 +708,43 @@ TEST(X509CertificateTest, RejectWeakKeys) {
TestRootCerts::GetInstance()->Clear();
}

// Test for bug 108514.
// The certificate will expire on 2012-07-20. The test will still
// pass if error == ERR_CERT_DATE_INVALID. TODO(rsleevi): generate test
// certificates for this unit test. http://crbug.com/111730
TEST(X509CertificateTest, ExtraneousMD5RootCert) {
FilePath certs_dir = GetTestCertsDirectory();

scoped_refptr<X509Certificate> server_cert =
ImportCertFromFile(certs_dir, "images_etrade_wallst_com.pem");
ASSERT_NE(static_cast<X509Certificate*>(NULL), server_cert);

scoped_refptr<X509Certificate> intermediate_cert =
ImportCertFromFile(certs_dir, "globalsign_orgv1_ca.pem");
ASSERT_NE(static_cast<X509Certificate*>(NULL), intermediate_cert);

scoped_refptr<X509Certificate> md5_root_cert =
ImportCertFromFile(certs_dir, "globalsign_root_ca_md5.pem");
ASSERT_NE(static_cast<X509Certificate*>(NULL), md5_root_cert);

X509Certificate::OSCertHandles intermediates;
intermediates.push_back(intermediate_cert->os_cert_handle());
intermediates.push_back(md5_root_cert->os_cert_handle());
scoped_refptr<X509Certificate> cert_chain =
X509Certificate::CreateFromHandle(server_cert->os_cert_handle(),
intermediates);

CertVerifyResult verify_result;
int flags = 0;
int error = cert_chain->Verify("images.etrade.wallst.com", flags, NULL,
&verify_result);
if (error != OK)
EXPECT_EQ(ERR_CERT_DATE_INVALID, error);

EXPECT_FALSE(verify_result.has_md5);
EXPECT_FALSE(verify_result.has_md5_ca);
}

// Test for bug 94673.
TEST(X509CertificateTest, GoogleDigiNotarTest) {
FilePath certs_dir = GetTestCertsDirectory();
Expand Down
4 changes: 4 additions & 0 deletions net/data/ssl/certificates/README
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,3 +88,7 @@ unit tests.
net/data/ssl/scripts/generate-weak-test-chains.sh and used in the
RejectWeakKeys test in net/base/x509_certificate_unittest.cc.

- images_etrade_wallst_com.pem
- globalsign_orgv1_ca.pem
- globalsign_root_ca_md5.pem : A certificate chain for the regression test
of http://crbug.com/108514
97 changes: 97 additions & 0 deletions net/data/ssl/certificates/globalsign_orgv1_ca.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:00:00:00:00:01:11:df:e8:6c:66
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
Validity
Not Before: Apr 11 12:00:00 2007 GMT
Not After : Jan 27 11:00:00 2014 GMT
Subject: OU=Organization Validation CA, O=GlobalSign, CN=GlobalSign Organization Validation CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a1:2f:c4:bc:ce:87:03:e9:67:c1:89:c8:e5:93:
fc:7d:b4:ad:9e:f6:63:4e:6a:e8:9c:2c:73:89:a2:
01:f4:8f:21:f8:fd:25:9d:58:16:6d:86:f6:ee:49:
57:75:7e:75:ea:22:11:7e:3d:fb:c7:42:41:dc:fc:
c5:0c:91:55:80:7b:eb:64:33:1d:9b:f9:ca:38:e9:
ab:c6:25:43:51:25:40:f4:e4:7e:18:55:6a:a9:8f:
10:3a:40:1e:d6:57:83:ef:7f:2f:34:2f:2d:d2:f6:
53:c2:19:0d:b7:ed:c9:81:f5:46:2c:b4:23:42:5e:
9d:13:03:75:ec:ea:6a:fc:57:7c:c9:36:97:3b:98:
dc:13:13:ec:ec:41:fa:5d:34:ea:b9:93:e7:10:16:
65:cc:9c:92:fd:f5:c5:9d:3e:4a:b9:09:fc:e4:5f:
1e:69:5f:4d:f4:56:72:44:b1:1d:23:03:c8:36:f6:
65:88:c8:bf:39:16:45:8e:1e:26:6c:51:16:c5:2a:
00:38:c5:a4:13:69:95:7d:ab:01:3b:a8:c4:14:b4:
80:da:ac:1a:44:20:d5:fe:a9:06:7b:14:27:af:e0:
30:21:dd:90:f4:a9:d5:23:19:2e:1e:03:e6:c1:df:
95:29:e4:c1:94:43:dd:3e:90:aa:cb:4b:c9:be:8a:
d3:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Subject Key Identifier:
7D:6D:2A:EC:66:AB:A7:51:36:AB:02:69:F1:70:8F:C4:59:0B:9A:1F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.4146.1.20
CPS: http://www.globalsign.net/repository/

X509v3 CRL Distribution Points:
URI:http://crl.globalsign.net/root.crl

Netscape Cert Type:
SSL CA
X509v3 Extended Key Usage:
Microsoft Server Gated Crypto, Netscape Server Gated Crypto
X509v3 Authority Key Identifier:
keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B

Signature Algorithm: sha1WithRSAEncryption
37:a8:8f:36:79:00:3c:18:e8:1a:c5:f2:7b:22:28:6b:bf:19:
8f:17:9a:ed:a6:c4:d6:a1:d6:63:2d:7b:fb:04:5b:28:da:cc:
f9:b6:ee:02:54:19:de:6c:91:f2:61:0d:fd:7f:28:20:cc:8f:
36:d1:61:87:a0:59:49:aa:07:96:de:f9:b3:2c:f9:b5:ee:15:
29:33:cd:b4:13:9d:c7:90:ce:4d:7c:f2:5a:11:87:7b:fa:d4:
8d:d1:2f:55:99:1a:5f:ef:16:08:b1:3d:d2:3d:1e:cb:b5:f0:
57:97:52:3a:12:63:62:b6:f2:bc:cd:e2:a6:9c:17:ce:28:e0:
c6:0f:5a:ec:bf:70:bd:5a:e7:54:be:f1:cf:c6:3d:9f:5f:7a:
da:b7:2e:65:ea:c2:d3:e9:c7:ba:be:4d:cb:da:33:ae:55:9d:
ae:14:f6:32:08:62:e1:89:e4:34:2a:75:3c:2a:05:a9:2b:50:
38:bb:59:86:a6:84:5a:84:c3:bd:43:ba:9f:1f:15:05:ce:b5:
77:0d:d4:dd:2f:49:c8:fe:58:95:4b:bc:4e:96:13:00:1e:9c:
b8:27:77:71:1d:c4:61:cb:f4:1e:8c:33:b3:00:67:0d:b7:b2:
ac:8c:3d:3a:dc:38:2f:64:2d:00:81:89:35:d8:e2:b9:31:17:
fe:3a:5f:d1
-----BEGIN CERTIFICATE-----
MIIEZzCCA0+gAwIBAgILBAAAAAABEd/obGYwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wNzA0MTExMjAw
MDBaFw0xNDAxMjcxMTAwMDBaMGoxIzAhBgNVBAsTGk9yZ2FuaXphdGlvbiBWYWxp
ZGF0aW9uIENBMRMwEQYDVQQKEwpHbG9iYWxTaWduMS4wLAYDVQQDEyVHbG9iYWxT
aWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAoS/EvM6HA+lnwYnI5ZP8fbStnvZjTmronCxziaIB9I8h
+P0lnVgWbYb27klXdX516iIRfj37x0JB3PzFDJFVgHvrZDMdm/nKOOmrxiVDUSVA
9OR+GFVqqY8QOkAe1leD738vNC8t0vZTwhkNt+3JgfVGLLQjQl6dEwN17Opq/Fd8
yTaXO5jcExPs7EH6XTTquZPnEBZlzJyS/fXFnT5KuQn85F8eaV9N9FZyRLEdIwPI
NvZliMi/ORZFjh4mbFEWxSoAOMWkE2mVfasBO6jEFLSA2qwaRCDV/qkGexQnr+Aw
Id2Q9KnVIxkuHgPmwd+VKeTBlEPdPpCqy0vJvorTOQIDAQABo4IBHzCCARswDgYD
VR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFH1tKuxm
q6dRNqsCafFwj8RZC5ofMEsGA1UdIAREMEIwQAYJKwYBBAGgMgEUMDMwMQYIKwYB
BQUHAgEWJWh0dHA6Ly93d3cuZ2xvYmFsc2lnbi5uZXQvcmVwb3NpdG9yeS8wMwYD
VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWduLm5ldC9yb290LmNy
bDARBglghkgBhvhCAQEEBAMCAgQwIAYDVR0lBBkwFwYKKwYBBAGCNwoDAwYJYIZI
AYb4QgQBMB8GA1UdIwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3
DQEBBQUAA4IBAQA3qI82eQA8GOgaxfJ7IihrvxmPF5rtpsTWodZjLXv7BFso2sz5
tu4CVBnebJHyYQ39fyggzI820WGHoFlJqgeW3vmzLPm17hUpM820E53HkM5NfPJa
EYd7+tSN0S9VmRpf7xYIsT3SPR7LtfBXl1I6EmNitvK8zeKmnBfOKODGD1rsv3C9
WudUvvHPxj2fX3raty5l6sLT6ce6vk3L2jOuVZ2uFPYyCGLhieQ0KnU8KgWpK1A4
u1mGpoRahMO9Q7qfHxUFzrV3DdTdL0nI/liVS7xOlhMAHpy4J3dxHcRhy/QejDOz
AGcNt7KsjD063DgvZC0AgYk12OK5MRf+Ol/R
-----END CERTIFICATE-----
78 changes: 78 additions & 0 deletions net/data/ssl/certificates/globalsign_root_ca_md5.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:00:00:00:00:00:d6:78:b7:94:05
Signature Algorithm: md5WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
Validity
Not Before: Sep 1 12:00:00 1998 GMT
Not After : Jan 28 12:00:00 2014 GMT
Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:
83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0:
63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89:
8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c:
70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50:
15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0:
6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2:
89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7:
54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c:
92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2:
75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9:
c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b:
bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91:
ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51:
63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa:
48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a:
07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93:
90:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
ae:aa:9f:fc:b7:d2:cb:1f:5f:39:29:28:18:9e:34:c9:6c:4f:
6f:1a:f0:64:a2:70:4a:4f:13:86:9b:60:28:9e:e8:81:49:98:
7d:0a:bb:e5:b0:9d:3d:36:db:8f:05:51:ff:09:31:2a:1f:dd:
89:77:9e:0f:2e:6c:95:04:ed:86:cb:b4:00:3f:84:02:4d:80:
6a:2a:2d:78:0b:ae:6f:2b:a2:83:44:83:1f:cd:50:82:4c:24:
af:bd:f7:a5:b4:c8:5a:0f:f4:e7:47:5e:49:8e:37:96:fe:9a:
88:05:3a:d9:c0:db:29:87:e6:19:96:47:a7:3a:a6:8c:8b:3c:
77:fe:46:63:a7:53:da:21:d1:ac:7e:49:a2:4b:e6:c3:67:59:
2f:b3:8a:0e:bb:2c:bd:a9:aa:42:7c:35:c1:d8:7f:d5:a7:31:
3a:4e:63:43:39:af:08:b0:61:34:8c:d3:98:a9:43:34:f6:0f:
87:29:3b:9d:c2:56:58:98:77:c3:f7:1b:ac:f6:9d:f8:3e:aa:
a7:54:45:f0:f5:f9:d5:31:65:fe:6b:58:9c:71:b3:1e:d7:52:
ea:32:17:fc:40:60:1d:c9:79:24:b2:f6:6c:fd:a8:66:0e:82:
dd:98:cb:da:c2:44:4f:2e:a0:7b:f2:f7:6b:2c:76:11:84:46:
8a:78:a3:e3
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU
YHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq7
5bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Q
gkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHR
rH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7
ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2o
Zg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w==
-----END CERTIFICATE-----
94 changes: 94 additions & 0 deletions net/data/ssl/certificates/images_etrade_wallst_com.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:00:00:00:00:01:29:f1:78:64:fa
Signature Algorithm: sha1WithRSAEncryption
Issuer: OU=Organization Validation CA, O=GlobalSign, CN=GlobalSign Organization Validation CA
Validity
Not Before: Jul 20 19:40:43 2010 GMT
Not After : Jul 20 19:40:39 2012 GMT
Subject: C=US, ST=Colorado, L=Boulder, OU=P3, O=Wall Street On Demand, Inc., CN=images.etrade.wallst.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:f4:4d:15:13:29:29:5f:01:56:18:aa:5e:ff:fc:
ab:ca:6d:36:f1:44:05:5c:b1:86:28:f6:ac:b2:54:
fa:93:94:d1:7a:c2:92:e2:8a:67:08:0e:fb:74:9d:
0d:5b:ec:86:a4:dc:2b:75:37:c1:77:18:e4:aa:c7:
9f:a1:76:77:21:ed:ed:5a:d1:07:45:63:35:35:9f:
50:1c:ea:80:75:9f:d8:a6:ff:07:8d:a7:79:b4:89:
f7:24:ec:2b:d6:d2:37:d1:14:07:4a:79:d4:8e:75:
95:08:bc:bb:f3:aa:49:b1:71:c0:e5:d8:6b:2e:9c:
c6:75:d4:cb:1b:05:8e:a8:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:7D:6D:2A:EC:66:AB:A7:51:36:AB:02:69:F1:70:8F:C4:59:0B:9A:1F

Authority Information Access:
CA Issuers - URI:http://secure.globalsign.net/cacert/orgv1.crt

X509v3 CRL Distribution Points:
URI:http://crl.globalsign.net/OrganizationVal1.crl

X509v3 Subject Key Identifier:
62:F0:08:B5:F9:A6:F6:0A:8E:59:38:57:17:C5:79:04:B9:C6:B6:7B
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.4146.1.20
CPS: http://www.globalsign.net/repository/

Netscape Cert Type:
SSL Client, SSL Server
X509v3 Subject Alternative Name:
DNS:images.etrade.wallst.com
Signature Algorithm: sha1WithRSAEncryption
03:0b:00:f3:45:94:bf:1a:e1:87:10:c9:a3:47:9f:af:2b:25:
8c:19:03:1b:45:89:05:1c:3a:d5:ae:06:ac:c4:45:9a:30:90:
ea:85:36:3b:51:b9:c6:ff:65:9f:ce:60:27:44:be:57:56:f5:
9c:ae:03:e2:f8:a2:65:58:76:15:bb:83:3e:d5:56:99:c8:3c:
8f:e0:76:15:9d:a4:4b:10:9d:69:7a:a2:cd:98:1f:a9:41:97:
0c:01:15:c1:dc:69:0c:20:fc:c1:dc:80:51:2e:dc:44:dd:af:
6d:54:11:78:66:67:b3:2e:e1:4a:0c:ce:76:50:4e:4a:5c:64:
9c:05:b2:67:9f:c7:ef:06:58:69:95:32:af:8d:d9:ed:8d:81:
9e:84:15:10:7d:33:69:fe:ff:ec:99:3f:31:c7:5a:06:28:c9:
26:a6:5e:a8:7e:70:6e:30:11:d6:dc:6a:0c:76:fb:3a:cd:5a:
86:a8:57:c9:7b:4b:43:c4:90:d9:20:8c:84:5a:cf:fc:d5:0b:
a7:a0:54:49:f3:a9:55:cb:ec:cb:13:ad:d4:29:91:f8:47:df:
b6:63:87:19:c1:5b:0b:70:46:c7:32:a8:b9:0f:4c:a2:3f:39:
4e:70:c0:f0:42:e5:e3:a1:98:ac:d2:8d:98:89:ac:5e:a1:b9:
df:39:d7:89
-----BEGIN CERTIFICATE-----
MIIEkTCCA3mgAwIBAgILAQAAAAABKfF4ZPowDQYJKoZIhvcNAQEFBQAwajEjMCEG
A1UECxMaT3JnYW5pemF0aW9uIFZhbGlkYXRpb24gQ0ExEzARBgNVBAoTCkdsb2Jh
bFNpZ24xLjAsBgNVBAMTJUdsb2JhbFNpZ24gT3JnYW5pemF0aW9uIFZhbGlkYXRp
b24gQ0EwHhcNMTAwNzIwMTk0MDQzWhcNMTIwNzIwMTk0MDM5WjCBiDELMAkGA1UE
BhMCVVMxETAPBgNVBAgTCENvbG9yYWRvMRAwDgYDVQQHEwdCb3VsZGVyMQswCQYD
VQQLEwJQMzEkMCIGA1UEChMbV2FsbCBTdHJlZXQgT24gRGVtYW5kLCBJbmMuMSEw
HwYDVQQDExhpbWFnZXMuZXRyYWRlLndhbGxzdC5jb20wgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAPRNFRMpKV8BVhiqXv/8q8ptNvFEBVyxhij2rLJU+pOU0XrC
kuKKZwgO+3SdDVvshqTcK3U3wXcY5KrHn6F2dyHt7VrRB0VjNTWfUBzqgHWf2Kb/
B42nebSJ9yTsK9bSN9EUB0p51I51lQi8u/OqSbFxwOXYay6cxnXUyxsFjqjxAgMB
AAGjggGbMIIBlzAfBgNVHSMEGDAWgBR9bSrsZqunUTarAmnxcI/EWQuaHzBJBggr
BgEFBQcBAQQ9MDswOQYIKwYBBQUHMAKGLWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2ln
bi5uZXQvY2FjZXJ0L29yZ3YxLmNydDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8v
Y3JsLmdsb2JhbHNpZ24ubmV0L09yZ2FuaXphdGlvblZhbDEuY3JsMB0GA1UdDgQW
BBRi8Ai1+ab2Co5ZOFcXxXkEuca2ezAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF
oDApBgNVHSUEIjAgBggrBgEFBQcDAQYIKwYBBQUHAwIGCisGAQQBgjcKAwMwSwYD
VR0gBEQwQjBABgkrBgEEAaAyARQwMzAxBggrBgEFBQcCARYlaHR0cDovL3d3dy5n
bG9iYWxzaWduLm5ldC9yZXBvc2l0b3J5LzARBglghkgBhvhCAQEEBAMCBsAwIwYD
VR0RBBwwGoIYaW1hZ2VzLmV0cmFkZS53YWxsc3QuY29tMA0GCSqGSIb3DQEBBQUA
A4IBAQADCwDzRZS/GuGHEMmjR5+vKyWMGQMbRYkFHDrVrgasxEWaMJDqhTY7UbnG
/2WfzmAnRL5XVvWcrgPi+KJlWHYVu4M+1VaZyDyP4HYVnaRLEJ1peqLNmB+pQZcM
ARXB3GkMIPzB3IBRLtxE3a9tVBF4ZmezLuFKDM52UE5KXGScBbJnn8fvBlhplTKv
jdntjYGehBUQfTNp/v/smT8xx1oGKMkmpl6ofnBuMBHW3GoMdvs6zVqGqFfJe0tD
xJDZIIyEWs/81QunoFRJ86lVy+zLE63UKZH4R9+2Y4cZwVsLcEbHMqi5D0yiPzlO
cMDwQuXjoZis0o2YiaxeobnfOdeJ
-----END CERTIFICATE-----

0 comments on commit 73346c9

Please sign in to comment.