From 202f88e13c11fef11994c8f38456f36b3beec714 Mon Sep 17 00:00:00 2001 From: Vladimir Sitnikov Date: Thu, 13 Feb 2020 01:19:51 +0300 Subject: [PATCH] test: add makefile for creating test certificates --- certdir/Makefile | 69 ++++++++++++++++++++++++++++++++++++++ certdir/README.md | 35 +++---------------- certdir/badclient.crt | 38 ++++++++++++--------- certdir/badclient.key | 41 +++++++++++++--------- certdir/badclient.p12 | Bin 0 -> 2694 bytes certdir/badclient.pk8 | Bin 677 -> 1261 bytes certdir/badroot.crt | 46 ++++++++++++++++--------- certdir/badroot.key | 54 +++++++++++++++++++++++++++++ certdir/badroot.srl | 1 + certdir/goodclient.crt | 38 ++++++++++++--------- certdir/goodclient.key | 41 +++++++++++++--------- certdir/goodclient.p12 | Bin 1806 -> 2694 bytes certdir/goodclient.pk8 | Bin 677 -> 1261 bytes certdir/goodroot.crt | 46 ++++++++++++++++--------- certdir/server/root.crt | 46 ++++++++++++++++--------- certdir/server/root.key | 54 +++++++++++++++++++++++++++++ certdir/server/root.srl | 1 + certdir/server/server.crt | 38 ++++++++++++--------- certdir/server/server.key | 38 ++++++++++++++------- 19 files changed, 414 insertions(+), 172 deletions(-) create mode 100644 certdir/Makefile create mode 100644 certdir/badclient.p12 create mode 100644 certdir/badroot.key create mode 100644 certdir/badroot.srl create mode 100644 certdir/server/root.key create mode 100644 certdir/server/root.srl diff --git a/certdir/Makefile b/certdir/Makefile new file mode 100644 index 0000000000..004adee9c3 --- /dev/null +++ b/certdir/Makefile @@ -0,0 +1,69 @@ +ROOT_CA_PASSWORD=ssl_ca_pwd +PK8_PASSWORD=sslpwd +P12_PASSWORD=sslpwd +SERVER_CRT_DIR=server/ + +all : $(SERVER_CRT_DIR)root.key $(SERVER_CRT_DIR)root.crt $(SERVER_CRT_DIR)server.crt goodroot.crt goodclient badclient + +goodclient: goodclient.crt goodclient.pk8 goodclient.p12 + +badclient: badclient.crt badclient.pk8 badclient.p12 + +.PHONY: clean +clean: + @echo Removing certificate files + @rm -f *.crt *.key *.csr *.srl *.p12 *.pk8 + @rm -rf $(SERVER_CRT_DIR)*.crt $(SERVER_CRT_DIR)*.key $(SERVER_CRT_DIR)*.csr $(SERVER_CRT_DIR)*.srl $(SERVER_CRT_DIR)*.p12 $(SERVER_CRT_DIR)*.pk8 + @echo + +%.pk8 : %.key + @echo Exporting key $@ + openssl pkcs8 -topk8 -in $< -out $@ -outform DER -v1 PBE-MD5-DES -passout pass:$(PK8_PASSWORD) + +%.p12 : %.crt + @echo Exporting certificate $@ + openssl pkcs12 -export -in $< -inkey $*.key -out $@ -name user -CAfile $(SERVER_CRT_DIR)root.crt -caname local -passout pass:$(P12_PASSWORD) + +%root.key : + @echo Generating CA key $@ + mkdir -p $(*D) + openssl genrsa -aes256 -passout pass:$(ROOT_CA_PASSWORD) -out $@ 4096 + @echo + +goodroot.crt : $(SERVER_CRT_DIR) + cp $(SERVER_CRT_DIR)root.crt goodroot.crt + +%root.crt : %root.key + @echo Creating root certificate $@ + openssl req -x509 -new -nodes -key $< -passin pass:$(ROOT_CA_PASSWORD) -sha256 -days 1024 -out $@ -subj "/C=US/ST=CA/O=PgJdbc test/CN=root certificate" + @echo + + +$(SERVER_CRT_DIR)server.crt : $(SERVER_CRT_DIR)root.key $(SERVER_CRT_DIR)root.crt + $(eval $@_CERT_FILE := $(SERVER_CRT_DIR)server) + @echo Creating good client certificate $@ + openssl genrsa -out $($@_CERT_FILE).key 2048 + openssl req -new -sha256 -key $($@_CERT_FILE).key -passin pass:$(ROOT_CA_PASSWORD) -subj "/C=US/ST=CA/O=PgJdbc tests/CN=localhost" -out $($@_CERT_FILE).csr + openssl x509 -req -in $($@_CERT_FILE).csr -CA $(SERVER_CRT_DIR)root.crt -CAkey $(SERVER_CRT_DIR)root.key -passin pass:$(ROOT_CA_PASSWORD) -CAcreateserial -out $($@_CERT_FILE).crt -days 500 -sha256 + @rm $($@_CERT_FILE).csr + @echo + +goodclient.crt goodclient.key : $(SERVER_CRT_DIR)root.key $(SERVER_CRT_DIR)root.crt + $(eval $@_CERT_FILE := goodclient) + @echo Creating good client certificate $@ + openssl genrsa -out $($@_CERT_FILE).key 2048 + # CN=test has to match user name + openssl req -new -sha256 -key $($@_CERT_FILE).key -subj "/C=US/ST=CA/O=PgJdbc tests/CN=test" -out $($@_CERT_FILE).csr + openssl x509 -req -in $($@_CERT_FILE).csr -CA $(SERVER_CRT_DIR)root.crt -CAkey $(SERVER_CRT_DIR)root.key -passin pass:$(ROOT_CA_PASSWORD) -CAcreateserial -out $($@_CERT_FILE).crt -days 500 -sha256 + @rm $($@_CERT_FILE).csr + @echo + +badclient.crt badclient.key : badroot.key badroot.crt + $(eval $@_CERT_FILE := badclient) + @echo Creating bad client certificate $@ + openssl genrsa -out $($@_CERT_FILE).key 2048 + # CN=test has to match user name + openssl req -new -sha256 -key $($@_CERT_FILE).key -subj "/C=US/ST=CA/O=PgJdbc tests/CN=test" -out $($@_CERT_FILE).csr + openssl x509 -req -in $($@_CERT_FILE).csr -CA badroot.crt -CAkey badroot.key -passin pass:$(ROOT_CA_PASSWORD) -CAcreateserial -out $($@_CERT_FILE).crt -days 500 -sha256 + @rm $($@_CERT_FILE).csr + @echo diff --git a/certdir/README.md b/certdir/README.md index 34dcbc4733..5127f09249 100644 --- a/certdir/README.md +++ b/certdir/README.md @@ -22,35 +22,8 @@ In order to configure PostgreSQL for SSL tests, the following changes should be * Uncomment enable_ssl_tests=true in ssltests.properties * The username for connecting to postgres as specified in build.local.properties tests has to be "test". -This directory contains example certificates generated by the following -commands: +The certificates are generated with Makefile. -openssl req -x509 -newkey rsa:1024 -days 3650 -keyout goodclient.key -out goodclient.crt -#Common name is test, password is sslpwd - -openssl req -x509 -newkey rsa:1024 -days 3650 -keyout badclient.key -out badclient.crt -#Common name is test, password is sslpwd - -openssl req -x509 -newkey rsa:1024 -days 3650 -nodes -keyout badroot.key -out badroot.crt -#Common name is localhost -rm badroot.key - -openssl pkcs8 -topk8 -in goodclient.key -out goodclient.pk8 -outform DER -v1 PBE-MD5-DES - -openssl pkcs8 -topk8 -in badclient.key -out badclient.pk8 -outform DER -v1 PBE-MD5-DES - -cp goodclient.crt server/root.crt - -cd server - -openssl req -x509 -newkey rsa:1024 -nodes -days 3650 -keyout server.key -out server.crt - -cp server.crt ../goodroot.crt - -#Common name is localhost, no password - -#PKCS12 - -Create the goodclient.p12 file with - -openssl pkcs12 -export -in goodclient.crt -inkey goodclient.key -out goodclient.p12 -name local -CAfile client_ca.crt -caname local +* To remove all certificates: `make clean` +* To generate certificatess: `make all` +* To update a single certificate: remove the file, and execute `make all` diff --git a/certdir/badclient.crt b/certdir/badclient.crt index 4f37a71e51..53bc3e5621 100644 --- a/certdir/badclient.crt +++ b/certdir/badclient.crt @@ -1,18 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIC3jCCAkegAwIBAgIJAIHg5fMq+z8aMA0GCSqGSIb3DQEBBQUAMFQxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBHRlc3QwHhcNMTExMTEwMjE0MjI3WhcN -MjExMTA3MjE0MjI3WjBUMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0 -ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQDEwR0 -ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbMINU6XwQ/0OSQ4xYRp0o -gYzzsaaGgZjBZEpRMCZkB+TPUD/yxDpyfcknsvsBQPQ0bqLLS9yqf5iS26jHGd4U -/nInOy5rjIKEbJMUgkbNWiuVl5q1K+GFuTEpjpdLI9NH5X+jL1CxH/h8+j8Mr2iX -s4C2gIFu6povShJiIwBNBQIDAQABo4G3MIG0MB0GA1UdDgQWBBQ6L/fB+7uwDN9q -T5Do9X4GIbJnxDCBhAYDVR0jBH0we4AUOi/3wfu7sAzfak+Q6PV+BiGyZ8ShWKRW -MFQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJ -bnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDTALBgNVBAMTBHRlc3SCCQCB4OXzKvs/ -GjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKq2Q+aE5eC04gW58pAt -pobnL/2L0JHCeLPsv0k/1vjulzjBuphbwaibZtiYWZSDKWL8Dvsg+khq7rEIY0W6 -xXGw5y2scRlCukQvseIxbHUoyOCAWJnoqr7d8MyxP2GlpqSDXHk9wEywZ/6f89oN -yudtXjoYuW8157tmvrX3D1yd +MIIEEjCCAfoCFBrHU9NbhHp2sM0sVwcQtK0+b/TVMA0GCSqGSIb3DQEBCwUAMEsx +CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UECgwLUGdKZGJjIHRlc3Qx +GTAXBgNVBAMMEHJvb3QgY2VydGlmaWNhdGUwHhcNMjAwMjEyMjIxNTM4WhcNMjEw +NjI2MjIxNTM4WjBAMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFTATBgNVBAoM +DFBnSmRiYyB0ZXN0czENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBANRuNLHPeanP1kCMqoFR6ovvtD5Z9XCj8ZQHNWI7Xfs9JBd4 +KeF+hYlQ9oECI4I8By1lxx1YhEtpfu8pokekc+TBPnxLlmZDGbLJ0ZTmw+MRZ56f +Frnzre1yCB8BiZRxdW9iqHuWntGfnKNdOVWP5JYa2y/2HetB3LQFql5CtRffOcVP +4nrIZVmvNr+xh0o2DIcoAuLm80Bg1aDMbiJWP9C/4kJp7+SFCcGbOa8GftL8jcj5 +nbTGtjCDmViAF3TozfOJahaO2AQtD9mBXIECrd0ce3reO6aviTF08t/m1O2Qwdvd +xAvNQgr6bWa0uCxHMmhzpxj+0m22aco5dJ/h610CAwEAATANBgkqhkiG9w0BAQsF +AAOCAgEAIH6tchU76zbdl0C9enJUBa08rMmzdJ73aUm1n8wSE9M4gQSfiN5JNJsa +9/pdpYzKcJYigSiRcmZR1ltZptu+tPuf8f6XW5ayamCifuKoxi+Z5sLLzD8J604y +nujotuAq81OoS3ujPB+RyNgrWHfphFJsDTeJPFbyhzUUwrhiiGOx9RGhffYfZmkr +3XdXJqQBak89aJaSLWJ2fyAMSc/ec4DgwAVr5mZ3F/ISiChgZ5oTGoooNZkI67yA +Tkh0iN+9Vo6j/gtD2zgL40I/nQP8kRw/9gNRd+ljTts38r3AfDtXsl1H6kN9MYFf +X761UI/aZgGa9GGgnh0+YK1Dd3BXZDtoV3r8Gl2iL0Mg+3syrYGVHwMFJ9ggEB9s +QUhcKR07NxMWUmM0vF4Mp2zMZD1lRc5L+5TgeVYjSoADj1UWAeyJCVJWG/iv3i7h +SRe/Je4c2fTw99zs4HZY6QQVF+D5iVBM+kCm5DPNCVHQb4oHejeCBMmgac+YpQ6s +IgFCBmW0RaW51eqWHsy+/BnEZAZwgw7mU3Y2oWHFE5JJ2Qto2EXDcYfefLQyzGtS +Bd1TMQybJ59VkGpsVc2Im/pJmA5w/8dxjwlewHuQGY/mf9xGe4bVQMY8lT2lCEra ++QZ4DjFH8SaeULU7QLxHJZ+xrAs0IvpSr9XC0Kcl+Oo5GY65NWw= -----END CERTIFICATE----- diff --git a/certdir/badclient.key b/certdir/badclient.key index efc9b6c013..53639934b5 100644 --- a/certdir/badclient.key +++ b/certdir/badclient.key @@ -1,18 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,95718EE22B89E019 - -78LEg7uq4krPR3C1sQVCiQsPIXroyoDzPHBFmI+ipEJq7obFACK9KROfUAaMlca8 -ZR1UhtQHCPK4TOG1qKjn8lxeKGLZA25Lcilw6QvZCfNyBa6JUp3cdwzUSv7/qE/Y -d/wlVAq71JbOmYsbEwunZlq+DO1AaL91N/2ANgSSC85uR0dye0iZ1C0OZzawMXkd -wXRrXb8c8RCH2gQ6V4aMartTZ/DQznA59+NEUYln5IMP4joRM0TTpcuv6oCq1UUw -o7xEQcwfBB0tKayxkBfgp8Jvrghzw0usSFt4ad9I4DF/V2izojZgYsnT7yGqsop6 -7jmPR9llYhDQIZd0V4NZziiRF2Dt/lyG0iUPZq5vlhLaI59FzMAxVSAJP6DrUHQD -L76TeGpQm2LRqWliDc+3AMTCKv0TP1IPbIWJrnLxnNf/C29adO+VSeQEQ0+tBU+/ -DE2GVsQ/xul+QyCwXiOce0pfERLuGjSu/kRa1ylAlrdH4+6vBD0ewuXXHv0eTSxB -Vi0vde5a9PzPUMUBkg6PS7IDYJmKm04fFPxx3y8GMlzbZYOYjTepkYMbayekybGK -fHVk9Z3lW5yzegaz8iJu/8le6Kn4Ox21FRG45domu1T+8eJuXPoiBUb290SUVuxh -VTQWhCA8ElmVCYfrbSnYL3naeqVL+Oc6by3VVhvgiqUuXQTZvKN7mkUOhiNbpz2H -iGLwlRj6wXEaS0qLb9NQc9H9Vv6ftj7UPa4FkiJjWhUW0WkA5sqtOKMjLzpsIZtR -dFb26NE65tk0lrywQrzMBFM6fk90VrMYyvwukZIJIKRLCBQaG24PLQ== +MIIEpAIBAAKCAQEA1G40sc95qc/WQIyqgVHqi++0Pln1cKPxlAc1Yjtd+z0kF3gp +4X6FiVD2gQIjgjwHLWXHHViES2l+7ymiR6Rz5ME+fEuWZkMZssnRlObD4xFnnp8W +ufOt7XIIHwGJlHF1b2Koe5ae0Z+co105VY/klhrbL/Yd60HctAWqXkK1F985xU/i +eshlWa82v7GHSjYMhygC4ubzQGDVoMxuIlY/0L/iQmnv5IUJwZs5rwZ+0vyNyPmd +tMa2MIOZWIAXdOjN84lqFo7YBC0P2YFcgQKt3Rx7et47pq+JMXTy3+bU7ZDB293E +C81CCvptZrS4LEcyaHOnGP7SbbZpyjl0n+HrXQIDAQABAoIBAQC/Z1UfaVur/9KC +crwmrVJyJ9b130Rg67b9s8kL64Xwm9RrOSAzRza21TZmYzDvZXrqEqxn6pu4/yMa +Bx9rAehSkzPj9o9bMNZ025d1XL/fVo1QxPNLNR7ftUFP/qiiEeDILdK1GK+dHP2b +zKGeUHqcLTKVcmLe2IctxXUOXXiiOiFbiahxBKWv69sCddTCqhCKYpbRwkUaMdRS +kswd7+cx9MvG9FfU0fAwr4ly/hcL/XSkwKC7QgxOZzYheHPoNDp2crK2RDeS+ouW +bNQ6Q+V3ddwdC8YGLyjEhSeKsGc2ep+gSSKPA3/b0zviX53h/r0ovXwlH6GRFzkm +pZtxBahZAoGBAPJig/L3B/dZhg/xNGwOzpATyBq6kIZp0R3e9Ca+5dzHOS+Kp/L7 +FO60CiGLZctS8rv+Iysqk9wJBDoLrfsx+IegY849/xMsD4b7VEfjCapKp9vkBPph +bZ17OBBfswvYVLceoP8jc9Gan7/Je75Q5fV0COC8Xjw4r1IpNJskrvhTAoGBAOBc +8r7RSc3MwS/U0sIUH22WWNXIdAOk6M5gic6Iv6Pb/y1xXElvBvGskdtSN4sy4pCb +ENQ0x+/JGA0FiXztZv+jlEaIE680sOgcQ7vpcyzqmGZ0YijNX1YGEYx68ri58Ts9 +G703VGx/JnTQi84ooeGYPuFeP+o/kVghWXc5G1ePAoGAePBm3ggcVXK5zaKQgYox +zvnP0mZcTnTl/n2MXPjLQIm3It2QR1C4dRIoK+yd8gGFU//OFG++Lv/guAWz3a5l +T2bb5cBRUYOei79DokrKO8ncT39KbJPIWddtdd4KPFLIkkYaFrPdyivYoZ0qvR8o +XnxzIY9bhbjS4a/lq7N2CjkCgYAdJ3bTnNZ+S5D+6iTI21yKHPNGNFn+7zrhNmIx +2Esuu7OY8BYR5L9+P/JkEXbuO5p9N+kj6gfg/LyHVKTc+uxbY6Is2BnWtn4WazXS +AS/aMlHDXnQy4Rz2TKuTGZbYsjDKhdJI8BukTZFttHu2Okluyx3Ao0Ki6ce1MAA0 +IdOPuQKBgQChf/xz0xpgoB17WQO/RNBY2OanjA5rtwYby4T+XjKeSTWtslUIZNTu +J5VZt8dzmNthwoBoyaH/wxA0KoP06qEC5eRN93PtNvW+dDITm5EbanHrCwBUj445 +3sCZFmHgZ1uLQKnyROSwu5UiJfBi9OidiF6rGu14iJOXFQPR0pgDoQ== -----END RSA PRIVATE KEY----- diff --git a/certdir/badclient.p12 b/certdir/badclient.p12 new file mode 100644 index 0000000000000000000000000000000000000000..56b86061ca3938c8fae85a249193e4faaea4b36e GIT binary patch literal 2694 zcmY+^c{CJ^8V2wgW-zjbVn{@?4TJBqWSx-xvo*>fhAc_M$i8GWwrtswY-QgXLWYdB ztl6h*$-WInBW9@R`p&uce)s1+I_0m6ltSpU7i24sSBfLPpNC$PZ5SPBCJ z3*ZqJ6xSu)DG~le?d7|SnCjn7k$`SMltR&;Z`?DV_=lz4W?$s|D687r)t-GR$N9?| zRavU-T?`Aya>V;59ci*LEbg2ZXt!1#%;A9gqtfYhjrk9-fv|1xVPm5>EJO#8)zP~l z`+#HP>&!PUyU)dwX<0o@_0F2%Rk9KyGy6tFH&IBdcUPZ_%r4b_RfQ{hdOF5jy!??( zgbxlk+)&192{v=3vPH$?-IJP?_DxHqqFE%`=0o^Wo}PO_lK>AE%{UVlKmU1;B{@Nb zBA}^zurhTeV8ObV=Zt$qa4MO9BV-w#o770fem?snr>BX;aaU1# z-0mwv=E_%?w()5T)LfIjq_c`vyWR^b^KR5R_QwApmsSEyD;}oz%-L9!*8LjMV^sMp zJYC<%pQxqs89DcRSh$7dP-d@IVvmBecT@c?>a(-&R_LZ}9v`6o#A~O2X8gQ|%T}Ua zq8mN!?%+yGlpvkK2;IX4!3QkuwHV_PlG9*D^0ViJT%kJFEd!?LcJ7BWg5t;U9d6RL zHLvM&<6#H2JlUgQ=hAQY{hiln;$VjZBY|fZ%>7{5OTp$_ikz)BK8}>cIdL)7RdgWF z1XO!`GJ(&{b-W=%9b<`FqA!>^`DJqDiD;&=$&TJ6hE5Uw_%e;k=FE4R+U(Vt8jk-i zJ%@Pg7G!CkmOv?T_R&|}QAV^hEV!@Mbdi^_GPeD^Dv6;JA`#*;hdh!$@}$=1+;bJm zNto+A@=!A~{uk^{r0R&YD%>>Hl!R9VTYNT4{&CB2t+p$#6n3XFfpRgAhYH@sx)XPtklaZ`g_?nv}!qdMerB&Z);PvpmA&W2%YjZhypwqJ! z;UZjWkNmN)ajcn>nk^!_k;%T?sH{BGW11{{_|$D7fnlzVrRV}##{#wc!u{ccNjVIB zT2fWL7oEC=H*gtJ6`POMlf~X|s1MgndfL_B5?Rv+Al3)7eKntO2>D|^I=Pq$JXC@I z_364v*vCq5t9$xj+rr;G2_L$@8-T=+w4_0$kbVFG1u+PdCu7t*9q>-Z4!?*9W zFqa`^ct_-Z)oG7p<|XqewW_jbMQ|x0bHSCww=U*ZGKk2un~$27U4zbQC64<+hbY5Dke8NLP-(W4uTgr@veD10iVJ^8)saNoidrYD zx-my&Z1i{a`43~PK!#KAD5ubo z|4%o@zjecvF~4yo`Jeo)8wd;P>*HRF6gzJ`>^6kqQORLkKDi{Y`}C)aJqNxrJ2mv^ zD1?nFDC4W8wTfZ>RQz?Sk^OO8au!9?;btbe6Q=;}0`w{A{B>=G9H?*Wff^wVL50a- zn1>eIGX@iD32Cf0Z{I!8sXf_;flm}ZSSg*&{rL>SpOGqq$UC?fE9z7>X|^~!x=>Of z=3qU+==3!StFehJAr91(5Fbw`R$h zk7PmLy!0)bLNM2S;$ZWlb;|P|Z&-&MimW%IhjBhUFsHAD|SFGO_kjBk-?Dp9ICA?3&$Lhmn zy!1->_lx;xEVIK)oKbvl3UgxT*F&z`Q;myvA)3uQcG`3sOP_%=aeQ^`%?;|A86jz} z!{`ULS{Dab#~$_IIwc$&UZ?xtQSp;{qvl7O469LkS=&3Jr1)ZKj0Nco6j!Razuv!f z0Zdx#@N@RId?lWk9qmE4gBV$*7r#n54vBd~FyU(p#x`8Y;aDlZdJk@M2NRdG{(-2g zy_S*y4Zh6e#X9G-4Ny^AX!PQ^D;Fitq*yc*fP7tDPI1ENi%htEhvvU;A|zkfHjL<9sA5jF%TlK9gIrM#qL<*8 zdq@U`^U5dVx*Iae0PVB7jZA(oi_b=@#i5wcf`B2<3YjUV6_KXB+k%;FIQq}!^2X6h zeT-F%YDo*Oj#Q}O8@(;i=rjI~z8sWG3+E`ovhwd-B^BqF5~~OYO#2Kj+$v#D zKm$kDXAQeOZ!*K!l5ag0&6@_G>5c~4XOBhHlP>Vwp}Z1D#Eb?fnouiqr=o=@O954j z{RDsMmqGVTw1kf0xpZO$Ht*7JYqz2an;j$F1K8(!coBsEY%~LuYIb|Ll|?}de*V8Y zLU8wLp~hDe6@4FLrMFb)I=fL;Kp=L=ED0s;sC1cC&}Osn56dIo2G z-00%$>IEW5QPdNS7>A`(nZpG}><0Uft&ldw#Ovy@C%#?;mL&b$UL~=n>y?F+x46{9 zuP_F9tO?h5isw^7+|*cF(>XHoXnP^j^O1*r^nHAS{}g;s`QnRk7z$Codn&-pzuMQ8 zNaJLzjp#5{2dj+Bp&~g&4fD$LQG&$Tyzc(Y(_IsW+oWL0UPmNBjr31ss9Q9RRWTss zAlpVZSl7?>mW^;;cJn~=pRGUbddp8o?}j$&%lSB=b9(cPwe>f9H`h~jSU!ksI>pJ# z8Xaf{Xo|#l5uvtfx3hWgUb+9 zt9v1-v4D*~1fxPyc=#VjzGcqjZCoGNQ#U(HP)}^1*;Db*TGz1hT`zy$5DaJC{7Aiz zH_-FOh-8I&16Z@a)d!Y=394+dWXy<}5o7n?jg+=yCB6o}5XgLDM;_B1AVzuzhZ#FyDdRP2#gu zkmFb-0Piz(ac6j~OQ>S?4?qjk99Sj}<(Eqn)5xSz+|LWdNY2cs$_U@FCLuZa$GUvI z?Q<_5NjnO-Pqbedy3fj^=3=l!H+@f)<`JL+I#`+R*net{1l6zRL^;Oa8I;}h4dM0_ zbtOnO>zr@O!=)YvEv+Et^r;PbwlqUqvjEylE8#MTw>CMp!+cAw?Tg>w0xJs@eOvQG zqfT|(yzrm>|6C^Q^Vq~OOtXx}JuR8|>Hl!SaXZ=Is}3+4uT5sY?dsIFHjfM`-yuW!cEOn|NpwQ7*hC+ z_!%L+63#~5WjS`vVKdQXT&m;~1#kJvdR5V47d3Gp+`T~$x9xjHLSc9S_Q=MY0mX6h X!<0Su0KRi=MreEo$=$;NL_vj>MoM-= literal 677 zcmV;W0$Tkrf&!s18wLp~hDe6@4FLrMFb)I=l(uKEg8|C$0s;sC1cCy9|5a;q>3$P) zQY&GV^ki0EU2-&kQbOLqob;s*XEP>KuLiZ<8Z@ks9D<=W-|)dnx`G=4`Bc(e87^2` zNniOF=dTUE$AAqDBzc6(P}7h+5Q?=7L#a}&x6sh!Fm)*dLS0=In$(q4_ihno|6g zYbF)&ztu_l$7uPo&R$R^c>6C)3Uge)BV_n-ZcfA9w7x-%3hgN4_XLsYcRPRdG?G!k zVR(m!%N^dM6=P_w0I)oW+ZprEL>PUjnY%nRE`H3*^ue|^*1oVe8gu(mS^>;*X7|Uk zcvkt>)TUYK`muE;OOAl}gUwS%>M2P~!T<}#MIYL;p%A#5ZqPs$<3yZ(EFKn*UXI5l z3ay@HY?)?AwM^9p3hAO8spSOQxoi=ciDNCl0VZk}qjV5kyAb9>aNQnV8`<_EVn-H* zj4CDGp8w<}z0^g$K*fZskYU6ro#mH2-uHSATREjy5`V9Hi;PFwl*6W>>gZ#t3^&G{ zSkwU@v{v%P zEHd^l7>*SKJPzC1^R!3vxiCDE=+1t4ki-MrCa7H~*+H06Y?=f0tZ4)*zf;Yb7rB$F zR%BxYR3WJ^i-K^3dq|=Bz>r<%(*w-_mz8D(VlIl1vki96LR6zE#Qp(~uZ$kFE}L^K zMgpZlY7#K{8#SFE{`^`}h^@N&xAo(lAd9ckMC zh=Mq`-dy!ya%7)R{^cSkON@)0nA{$?&UpXk5ukSd$a-W_s3e(|*Z$^4G63#Xl^aHX zla|P8x)Ii~Le^xp1~2=D3L9o3xF!@aFxz;gW>a)3Z=%{vMos0F$T;;{?2uGby~yUu zjFJ(BWKB0`Yiv`zKBR+d5Es;Y3cMh! z_hwqSg{VTxzZR5Ap0%Zu*XYw-B@d{61~8+paTp73FC*SM+ox!6Kl!6Cju> znuyGMkb95p#63Wb+HE*vv{>`6TcZV(_g~K06>>BpHln`Lna0XTTrAv#Uw2NsHsQv| zse4QOJWY78G1nIJ%g^j@a+XG4;FsCJ1`QX9>zZ2xs^})*mR_r=3HF1x($P_W$!a?( zjs4gupV-*vpKMxsdmYn&fXcJ#+|bF}@z%tf@O_`a2nJY5U3*xJ#9f-Fb(?5l{GICK z*u{srDunC*DGaeuPd?C?Ei6MW5MI{ZVjGbF+cZjZWfIJH2HBYtysuzv#33O~&|-22RTaVv}Dn+_+x0Zd*fSotgfffWNC8-0vRHHpMz9 z6}-`^ZyZ@L1we7XWW`y(opg$DOoVz8jg57!t)}`_{bFcjije9;B1?Fsj2C6P(k^TR zY5IWb8>-!|oKkYF2Rf>Mf_TW_1Eq|E8Nw#>bt^MCz3+~g5Ev+8b~dkfCuv+?Jo6j7 z1oo&J@VS#2-x*gZ26G660VvwRO zsmqKnX|dG2$p8|>BtksnWPaq&)B(jZev5d$H0>a|MEH7s6iu>!Wo(%I9|?SvF%foP znWSr>(b;%Ln?YE)6PpFu`X>4*@Hk?iOyJBY`0I@pM}fnWw~EWCQ4|Snh0M#lMjHVV zD5gGJg8p0j@;G(b*b{FTjFh>R^(^?ff}6)u6dmjsTbU=oQ)z#sp*OIf^e3W;ACU{#;1;>1k(hG z%S)r8LX56BI#w-jod?$OQyevDBF*H!3HdC(SpUZG#mG-52WaaV%V(x_KiowvlQSIj zcvEMbDRo|8|IpalfbwKQV2&SjLKSFHk4kM$Gz3Mz(3hW8Bt3;_c$4g?5wQg>^ouGL`z0tf&Ef&|EX zC4Ob)ip9Bq!D}tgLaCj(5ISb+4TY?Bcb*~)%0f;imV1(Czfap6YgLP~g5}zJqJawY z?yyXJW$;+w%i3eb?28bC%q3=D zp2Y)qMHGXun4sVz>q<80D=d1-S=Yv>U)?NqSQC3%#ao;&*Y~P}{-yy56};#*O?z+uF?u+d{vbQdiOx6|H-( zvlc>NSh1?r1hbM#GOgp2fV2!n>48*-IOQ6pF~(2M!3*}=5sgcnNdpQjgr?D{zjxQ^ff}$xelaQLqrn{TL z=ct+1CVbBdE;l^cHr?xwXSQ(KPLrT|9K}OTcqgQ`??#bW!#ed(zXkKAc`)4@o*?vt zjw+f#h%8!)P!w@&*Qt1_o^0%eRxRH%IE*;n=3K1j6w%=o1T zr^drv?0`)PS8e6KmoCGuNUB%jx+qRxfJpk&pY)5#_xi!Jnz-KQri>Ki^ciMV1s#Mc|3wwmFgeDj|WCJK^fQQ(z3pkd@PApkL6YT94z?wiV^4R6oLMueXq^8t9bmv>4ddM!# zoc--AZ2~yhNQ4)^<1YeV5Y#{~iZvlMJm@{N4*M;>DGy~qWk^|l+e1-*fo#$P@ArD> zH3kjeTdNt!H**9-AOjrZt6s|jS$08rM*T=knF(YHP%CVjYqgIlCeo4std%IpKO$X^ zDl=7Xj@D3`+lVHzO2Si_u|~6tkP6+u;E`HXnjF!&syO#seU zR;uEjtpdocS$)f|BaVMb!HdRid*o6EgTf&MGcHTc*Ny_;> z{i3Ut?sM}lNe{FhM->PBm+QW0$OUc1zWQ?~FZZ(LUh{A2{gaypEJv&8`Xw^IG&&ed zd`Od#14)R9ROm19A*n={PKb(r z%|h%TW9eEVDK`wE3qOgtP!(gNtj4R7+P!-yQ_I+ea}D#*B`QdzWu29s_ad9;?S2sc z$IcoZ4Sq_4aJ*6YP9*%R@x)!uf;!xZo}t2bD9sqx0Y?Xm#nbe2K|7g?6i%&(rN9Dz z!C{>6NC|aD_!ZF**1q+4p9ogeZiMriG=I9~z_i*Q z^nR!9HM{Y;5AM$j2E{D)Fc?s5-yJP62lbGdC8q3;fWg`}7RX^vY7DN3G|8hfGzJuY zY5+X6EK;depZP`YH}&1JMf=@@T&$yiCDB85vZIimzS%&9)LGMuyAWC#=MLH8ChE9` znlXu{vPV{=3|cl$b*18&yJUDbz0Nj_3(^+F!P%%1zjXaI@^8VYjacIxiz7nsY}@%6 z^J#A;H}oq#W`$b>)__2j_y&Qv{0ExFfdZ#oruwKWsO>iG+IRuBV?xnk)K!yzT@om~ zX`aAD30;3C1mZdLCfN};NAcR~i2#5DhAU6g=u0GWVg)!uSL<^IO=v`rEqk5IOsH5o zMVq)%D69t1Kt25J|D@V>q=#r7T?phn`T zhzsAOll*AXiab=f$2ot-HBiA&Z#;y*kYVwruJ>6ix z`;l#VM$}(j;)(qhd`?NQXS1j#j|5WNbqPg`I0^Gl@Md^j6e`+YxKaM67P2(a)`xSV zUH}|274J#%{&hAY7CUEugLM9}D<2N{>}E{?1j<~s!7j(4RL%AQEax&f4yJJz@RxU**Y)#6BS z+pMQ_$vw@+5i`wJJP2GW1pfI_Z`*i7m}Gqx8@n^D8T#0k}HUs5?uuYVnOJv+NzIKRL;0fTO!WbIZeL{25e znwQ@`b**^p2-tytaL(A5q}wRND0&L*_#bL~uOvxlYjVa7Ub{P{QI>l+GlqSN(Dn$t79N zs^(v+Ze1{bqxa+Uqq8ccifapL)*|hflJz@#j6vM*YFRreP-4RBE)yh1GAp;%onfJj z8cB}NnWPMV_9=D!J$w?`b?Q;5m0cfYH})_p44Gh7fmQ&u{Bs*6{$XFsSago(8k>Ec z#4cP)uxE7+1}S6NGuI}?7Gg`l2?%<0XHfpfUWr&ftrUX>heNXCtcyMgeKTjnaW3W|eeyZLJrUvIw zg*2JjmG`)(GIrl*bjyCFE^_N`7B*ygU%)jXQ@A6H*Uj0Oc`rbe{RdMSu4jEjjLZQv zdWw?1-rp>YQK1k}>e1{c)|*mHY!*195_D(EJ4+)xSs`0z$Y$`b{-h~_qF(z#bY&iu zNQbLRpSi%=(hgWzVRlT>PMT?#_qh#kF=gzh$rG)J$?bJHEmfhAPMny_D{X|PRU@Cw z9`drDp^lYQ*A+mKJr#zfjlwyAuI5I_b_SCZ3M@xnGQw7orXzSvQ+jUBMU_|kJU{?2 zF)$%82?hl#4g&%j1povTSTl3#b|4qYhTq~2IL=5l10C@p1PJ!8B_n;t*+l{Z2mq2> BE))O& diff --git a/certdir/goodclient.pk8 b/certdir/goodclient.pk8 index 50af7714af6ef854ec0435bd1e676ee6c1fe30b1..1772e4cec1d5dd7111313549baf9dc2e0a7fbee3 100644 GIT binary patch literal 1261 zcmV8wLp~hDe6@4FLrMFb)I=hmVR;s*X^p0s;sC1cC&}JF2x6^MnH` z{G!m)FP0P)+a8Q*?=J{kv|^OjfA$N+G5my|}2t60~yC}_wD8P6A2yrlW5$c5cS#?%!mnZ8!t z00{Mbx#d0r9~|o$Bke+OJkXX1C6y9Ch>^vYa3fm|_vxxq(Uq&QQU6dcfj8DXsK!<* z9hihSy-a6X*XFmk>2Gi#Te*+IXF0_)fND$ap!BiT&dp`og*%EnR>pFS$@*xs*bb&2 z4|gY#MDeCLm+Yuw-1_QPRV0~)cL47^dKgI|IZkeyh7Sz>-&6`M2y9OAs5Wm-P_?Qz zopkS~Z^Im)0F1P01gjim@!5;=l7b_Yd^SD&k*Jm>H=K#eK}DPBrcUM9U-ZtdByT3; zM0%|x1A=l5GN{Q%HaC|@`7r8C2nkA^k)}dsiLH3808s$xpv?6q!lSHDx=SB;saHK! z%r_!Gf50k&jT1gHfgbalZIhL;V*cLSgmj`=xTFeEa$7Yf}T7cwi>`kR)iRp%mp>& z92=cAY&rV0rZKxj@ukgg4DcCqXwdgbo_-e&;N=*6 zv8;7mh-kR<+!2z(y!A{V^foAuga1YvH<_k*WSjJb^&cz>Q#Xnu&KFrKwd=$yFxW3tZeo#BBQ&BkW)3T7pB#J|K* z$!8jra?+kl$fg^joc~&N8HxT>OR%s-JOa#5s$utBf+RlsLZ|He*8D6_%vVI|BIt}r`dPocJ8VsBc=e}PkL z27arns-md5PnanMsuERdOhUhi(iy!n&B?C#1ZnHg@Mmatk*UBAkGyNOhfBJ~ham8y zUU5RFRt%)dX-Wd&>$S$0zDBZI>_wrxA3X5Zdg5cFmWa z3M;-=B(=;4s>^xjQj)(quAM-zh4=Z7mP+%XtVfKgOFEq&=B{7w_G1j5rYexSZKRI#AGWQeVO&uH`wiVPT*|5^ zvjYysNO-lK_u{Oq>bGA&EEMlEm~R9*s^?yWleN)v>fFQ)m=)PJB*P`388--3kOA1b XL4fvi`>F@4jO+N9@ETv($}R4HhKOfL literal 677 zcmV;W0$Tkrf&!s18wLp~hDe6@4FLrMFb)I=(V4H1`S~&50s;sC1cCy9vnDdS!$_gZ z_==ZxO;^5Y_<`p5&ejg$XsqPn?<4Dm0bDsH@4a0Hil`ZRO{?<%8~SqY9) zz9L$sVo?)|AI6GA>aaXN>9JbWx{yQBFsmBvnk)`vj8e8A6crY{l|?NHP9}X1N>R_w zRNx-Bnmk}h#i!u9T;D%NNuVVJMN8^6qfdi6BEHsc=UB|wi#wNEV~2!P(6 z%-!6Hw7X*Z9hZSJ!Y=Ai!zHc6{+6g9&3H<&6b!Lk{bAdh>_O0>1rzi9{?6unqo$cg z_tL)CLfqd5jQ?s5hXaq{FEqU_AFaQmWtyP+6)VHHcyFmrZoQc`r%`qn94S{?H3*?{T( z1yEtpEZBx|6H}PM@cB%P4j#0gy3}OF`~;~0f1HHL_5lQ7sYus&KK7Wkkz}7nv2teX zBNOkKx$;F0lh?XxbEB|hG0~rc#pw1w6}hGI&mdUke{vH-^tEOmfDONXLlGy&Dm;JZ zAjCtwEvuqzs^H3mu66#+(sQ2tn1>T(#3E7VUI{5{?6pA0771PG7?DI?G!El3AYHG= za~alU*J=^}wG?I~beFWBnv~xWnAm!NanpUhC`%${Td@!J!dDS1XPqK`H}E4re;NXH z