summaryrefslogtreecommitdiff
path: root/libnm-util
diff options
context:
space:
mode:
authorDan Williams <dcbw@redhat.com>2009-10-02 13:26:40 -0700
committerDan Williams <dcbw@redhat.com>2009-10-28 12:17:30 -0700
commit32bcb0049cc1fe03382b25ee2d0255c9d89ed12f (patch)
treefdacf09beedfc330a5b31db5f8b087e6a22c983b /libnm-util
parent86eb8b831184a84e76caf7eacbc6aed856091196 (diff)
libnm-util: fix NSS padding checking and add testcase
Diffstat (limited to 'libnm-util')
-rw-r--r--libnm-util/crypto_nss.c69
-rw-r--r--libnm-util/tests/Makefile.am11
-rw-r--r--libnm-util/tests/certs/test2-cert.p12bin0 -> 4136 bytes
-rw-r--r--libnm-util/tests/certs/test2_ca_cert.pem27
-rw-r--r--libnm-util/tests/certs/test2_key_and_cert.pem119
5 files changed, 209 insertions, 17 deletions
diff --git a/libnm-util/crypto_nss.c b/libnm-util/crypto_nss.c
index 8cbdd9f525..be2884c3a9 100644
--- a/libnm-util/crypto_nss.c
+++ b/libnm-util/crypto_nss.c
@@ -18,7 +18,7 @@
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA.
*
- * (C) Copyright 2007 - 2008 Red Hat, Inc.
+ * (C) Copyright 2007 - 2009 Red Hat, Inc.
*/
#include "config.h"
@@ -147,8 +147,7 @@ crypto_decrypt (const char *cipher,
GError **error)
{
char *output = NULL;
- int tmp1_len = 0;
- unsigned int tmp2_len = 0;
+ int decrypted_len = 0;
CK_MECHANISM_TYPE cipher_mech;
PK11SlotInfo *slot = NULL;
SECItem key_item;
@@ -157,13 +156,16 @@ crypto_decrypt (const char *cipher,
PK11Context *ctx = NULL;
SECStatus s;
gboolean success = FALSE;
- gsize len;
+ unsigned int pad_len = 0, extra = 0;
+ guint32 i, real_iv_len = 0;
- if (!strcmp (cipher, CIPHER_DES_EDE3_CBC))
+ if (!strcmp (cipher, CIPHER_DES_EDE3_CBC)) {
cipher_mech = CKM_DES3_CBC_PAD;
- else if (!strcmp (cipher, CIPHER_DES_CBC))
+ real_iv_len = 8;
+ } else if (!strcmp (cipher, CIPHER_DES_CBC)) {
cipher_mech = CKM_DES_CBC_PAD;
- else {
+ real_iv_len = 8;
+ } else {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_UNKNOWN_CIPHER,
_("Private key cipher '%s' was unknown."),
@@ -171,7 +173,15 @@ crypto_decrypt (const char *cipher,
return NULL;
}
- output = g_malloc0 (data->len + 1);
+ if (iv_len < real_iv_len) {
+ g_set_error (error, NM_CRYPTO_ERROR,
+ NM_CRYPTO_ERR_RAW_IV_INVALID,
+ _("Invalid IV length (must be at least %d)."),
+ real_iv_len);
+ return NULL;
+ }
+
+ output = g_malloc0 (data->len);
if (!output) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_OUT_OF_MEMORY,
@@ -198,7 +208,7 @@ crypto_decrypt (const char *cipher,
}
key_item.data = (unsigned char *) iv;
- key_item.len = iv_len;
+ key_item.len = real_iv_len;
sec_param = PK11_ParamFromIV (cipher_mech, &key_item);
if (!sec_param) {
g_set_error (error, NM_CRYPTO_ERROR,
@@ -217,7 +227,7 @@ crypto_decrypt (const char *cipher,
s = PK11_CipherOp (ctx,
(unsigned char *) output,
- &tmp1_len,
+ &decrypted_len,
data->len,
data->data,
data->len);
@@ -229,10 +239,17 @@ crypto_decrypt (const char *cipher,
goto out;
}
+ if (decrypted_len > data->len) {
+ g_set_error (error, NM_CRYPTO_ERROR,
+ NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
+ _("Failed to decrypt the private key: decrypted data too large."));
+ goto out;
+ }
+
s = PK11_DigestFinal (ctx,
- (unsigned char *) (output + tmp1_len),
- &tmp2_len,
- data->len - tmp1_len);
+ (unsigned char *) (output + decrypted_len),
+ &extra,
+ data->len - decrypted_len);
if (s != SECSuccess) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
@@ -240,12 +257,30 @@ crypto_decrypt (const char *cipher,
PORT_GetError ());
goto out;
}
- len = tmp1_len + tmp2_len;
- if (len > data->len)
+ decrypted_len += extra;
+ pad_len = data->len - decrypted_len;
+
+ /* Check if the padding at the end of the decrypted data is valid */
+ if (pad_len == 0 || pad_len > real_iv_len) {
+ g_set_error (error, NM_CRYPTO_ERROR,
+ NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
+ _("Failed to decrypt the private key: unexpected padding length."));
goto out;
+ }
+
+ /* Validate tail padding; last byte is the padding size, and all pad bytes
+ * should contain the padding size.
+ */
+ for (i = pad_len; i > 0; i--) {
+ if (output[data->len - i] != pad_len) {
+ g_set_error (error, NM_CRYPTO_ERROR,
+ NM_CRYPTO_ERR_CIPHER_DECRYPT_FAILED,
+ _("Failed to decrypt the private key."));
+ goto out;
+ }
+ }
- *out_len = len;
- output[*out_len] = '\0';
+ *out_len = decrypted_len;
success = TRUE;
out:
diff --git a/libnm-util/tests/Makefile.am b/libnm-util/tests/Makefile.am
index 1cf19cbc46..b8046036d4 100644
--- a/libnm-util/tests/Makefile.am
+++ b/libnm-util/tests/Makefile.am
@@ -33,6 +33,8 @@ if WITH_TESTS
check-local: test-settings-defaults test-crypto
$(abs_builddir)/test-settings-defaults
+
+# Cert with 8 bytes of tail padding
$(abs_builddir)/test-crypto \
$(top_srcdir)/libnm-util/tests/certs/test_ca_cert.pem \
$(top_srcdir)/libnm-util/tests/certs/test_key_and_cert.pem \
@@ -41,5 +43,14 @@ check-local: test-settings-defaults test-crypto
$(top_srcdir)/libnm-util/tests/certs/test-cert.p12 \
"test"
+# Cert with only 6 bytes of tail padding
+ $(abs_builddir)/test-crypto \
+ $(top_srcdir)/libnm-util/tests/certs/test2_ca_cert.pem \
+ $(top_srcdir)/libnm-util/tests/certs/test2_key_and_cert.pem \
+ $(top_srcdir)/libnm-util/tests/certs/test2_key_and_cert.pem \
+ "12345testing" \
+ $(top_srcdir)/libnm-util/tests/certs/test2-cert.p12 \
+ "12345testing"
+
endif
diff --git a/libnm-util/tests/certs/test2-cert.p12 b/libnm-util/tests/certs/test2-cert.p12
new file mode 100644
index 0000000000..9d5732b0a9
--- /dev/null
+++ b/libnm-util/tests/certs/test2-cert.p12
Binary files differ
diff --git a/libnm-util/tests/certs/test2_ca_cert.pem b/libnm-util/tests/certs/test2_ca_cert.pem
new file mode 100644
index 0000000000..9a487ca4b4
--- /dev/null
+++ b/libnm-util/tests/certs/test2_ca_cert.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEpDCCA4ygAwIBAgIJANDnVhixAO1GMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
+VQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czERMA8GA1UEBxMIV2VzdGZv
+cmQxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xFDASBgNVBAsTC0VuZ2luZWVyaW5n
+MRAwDgYDVQQDEwdlYXB0ZXN0MRgwFgYJKoZIhvcNAQkBFglpdEBpdC5jb20wHhcN
+MDcxMTA5MTU0ODI1WhcNMTcxMTA2MTU0ODI1WjCBkjELMAkGA1UEBhMCVVMxFjAU
+BgNVBAgTDU1hc3NhY2h1c2V0dHMxETAPBgNVBAcTCFdlc3Rmb3JkMRYwFAYDVQQK
+Ew1SZWQgSGF0LCBJbmMuMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEQMA4GA1UEAxMH
+ZWFwdGVzdDEYMBYGCSqGSIb3DQEJARYJaXRAaXQuY29tMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAz9zRLSiQyQangDgEliEP8xSpnPJS7GjXzrkZS3sk
+gZLuVuwoFeZRq3Hsrq/wGd/vM0KUFNmEaMc+47jnuv0UHQcQ45ZACO7s4/Aflhzj
+lkmud/z06hVknIzjXmvS6q2ttCviHsXnfokl+wAxuUhsd+le0xjP9H1jXny4YBuS
+jP+yGUz7PL4w1sFFghKIPrlB7m4GkFbQRqvH7FSJg86GWopPwJvNvIzhOZiO1a1D
+CAAL4Ru3jxtNFxqWT87C/qUEe/2Qb7jtNyqFcKfwZyZh4u1bo0c8bjErlUZERbWz
+zM3hTFypuw+i2v+0h3A8/Xb0hTjcHkUoJgfSdbsOLC5TOwIDAQABo4H6MIH3MB0G
+A1UdDgQWBBR+UOaH4e8nrEuMcEXJl7UN5r/wDTCBxwYDVR0jBIG/MIG8gBR+UOaH
+4e8nrEuMcEXJl7UN5r/wDaGBmKSBlTCBkjELMAkGA1UEBhMCVVMxFjAUBgNVBAgT
+DU1hc3NhY2h1c2V0dHMxETAPBgNVBAcTCFdlc3Rmb3JkMRYwFAYDVQQKEw1SZWQg
+SGF0LCBJbmMuMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEQMA4GA1UEAxMHZWFwdGVz
+dDEYMBYGCSqGSIb3DQEJARYJaXRAaXQuY29tggkA0OdWGLEA7UYwDAYDVR0TBAUw
+AwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAmE2jqUymfxN2Vv7bPafoK/EpZwGPxu+z
+phRFsgUgWVzidc/GtOxN81LduJ+ow8MEbQIabo4JV/MdKzuPuhAHToAQdeb0LIWa
+p59vTIZiVhUt0cMAbQwKcTnfmDnXw9wytvtKgeAXJq0Jd6F+uNXTiR1btlYLZqmF
+oSu54cHQlXpUT9z0BnQ8eXd7m0TwfzGQkTHQI7xBa87lZDAkJaTlhv7fR5vPmJYY
+0LiXii71ce+4hxdlp7hQfwQ2sb8FPY3RlVboTRD0CvGaWypWhdSZnS790dBXgZOs
+NCge6NGuHzW5LtiZE9ppuv8qJysVcIFdAqt8dkx58ksOqFcARCerXw==
+-----END CERTIFICATE-----
diff --git a/libnm-util/tests/certs/test2_key_and_cert.pem b/libnm-util/tests/certs/test2_key_and_cert.pem
new file mode 100644
index 0000000000..a668596eef
--- /dev/null
+++ b/libnm-util/tests/certs/test2_key_and_cert.pem
@@ -0,0 +1,119 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5FA2D6D6242C26D0
+
+dyNdbh115sczbUEhiaGYJ6fazyvJss5thPFEmkP6aftYlvXY6vPtc++xFCCktiSd
+qFVEyi6oDyV4iGPmX7pCJ0e+pSI6uFNXKFtxh5/+/wXZcOEMCvfu7w2IrvYF2LHY
+qJDljcISSRxeINuYO7TETD5fLLRKj2X9vwwkwVN02b2N5jsrm6Bt//WbatqSB3ln
+FHyQhVKkvdl9Hr1XNmEfgGfZSxxDoPu1DjhtZ5ja2LZj64C2CXdI0oq2wcAVvQNn
+rZeeg9sinQJkz9rwsNaWqlYw4X+YD2JRSwZuvwkWRydYMwgb1XS/jCxtuFF8NXWP
+RBAOAZZUy7onzohsJHVVa05wCKQ4klo+PEfI3vn7BeuHyciCc0eFqGRvz8eFDybH
+ZdPbU/3vGp+mOB7gd27TptttTCQQy9uM5CIyovNSYsAIw1Z583Ea4q8eXgzkgD6D
+isCqkGXMfPbNXU3myQGDnQwWRi2CqX+rXM8PJUhdewLAlmHRz/aYSuql2BRixJKx
+eASzmFBYdAjrvafda5D+xTyJwXEwdq/HlqMK9cY28ZbNrzA2Kor2X23EKC1+VG8k
+B67OsfUhW27j4u6aV5JdLf87OtF3mHFRR+Lzs7i7LYvJ8ACE+jiIi7PboZjK5Oiv
+JqTK0BwDaeNYjkd6jiJh8It/ReMbLk65J3eldOklN0VMPYiqcQnHvSPC2DD1YAy+
+Rv/JVj6TvzvgEAj+hgH6MAAF6u3ARj6+10DlvhUubkOC5RztLKReu8B+427TuuDb
+T03gFpHD6X9IqSiq/QfYFyHFojCVSrv6wDZOcHc1s71kpJ8R14YIVe+DrrZN/0D4
+M631jdNg3JARMZXcXTHrghGIdPmOtrsRyTTRZuGoVup/DW9MRzOzCTMSNCX8T+eq
+13HMSNQEO9lMwy0sYeO5c7sjHY4K1ubZuVE1mvXq4JLz3YxXJIvgp8TUvqDnAsK+
+Fv63bDoTg5Tq63XvnaKc7Lawneyg5ZAMzPN3nM0/1EZcn/2ICI5c4Yepc5t63EI5
+KytuXx86Mcx234enj3uMeuM22POQ1SnKOef6dFzK/CE8J8eUEY/aDhX4eBl/s3nd
+U4+aaFKYz3HTazePayt2SC6rP/KKMmS14q59bOQA1DiWxCvmA2ypRyP87fV5DstH
+I53RD5xp1P38iaO8U/divD0W2dkv748s9DQqYrHPtWALT9esxNU07CgB8Zt070si
+7pzjQ8FDCZ8ygDmwWGNSBz1nA90Cpd6gAFDrep7HAtDE4qgNfokycpaJZkXBei/U
+tC4tWYRbqDEsEbeBHvQRJzzqWzk9e/P4fQoelM3aryKzKLG5z7KvywVifKMLECQ+
+tIpzoRp06nuTA/O+iLFdkCy3JEWszfvvOwTwtIIV6+3s8TU0k9MmzEe3rGL+QqT/
+Tf+9/dN5LK+LWyc99BfmCOrBuFtQmHyEXkfe6EuFYEwj0B2ZfnLCon6cdRujjK7H
+IJslC1B/cBVqG3KCrbBzjeygKfJ5Ijo72oXZJOCFTLeJefZKGGWJCp9nG9h9Wrcf
+fEN/mj3wBvTa90/PYFj9NuaBtrvMF8Rn9XDeYPq2JGL8YkNdPuO8A+2Yko8wcvST
+-----END RSA PRIVATE KEY-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=Massachusetts, L=Westford, O=Red Hat, Inc., OU=Engineering, CN=eaptest/emailAddress=it@it.com
+ Validity
+ Not Before: Nov 9 15:50:14 2007 GMT
+ Not After : Nov 6 15:50:14 2017 GMT
+ Subject: C=US, ST=Massachusetts, O=Red Hat, Inc., OU=Engineering, CN=client/emailAddress=it@it.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:b0:8f:4f:1c:93:d4:43:e7:87:b7:22:33:55:a8:
+ 35:a1:c4:01:b0:f1:ed:26:23:96:ab:65:c2:c2:54:
+ db:79:22:03:ad:3f:6f:22:e3:63:3f:f4:21:6d:fa:
+ 88:c8:8f:1a:ce:55:49:7c:98:33:6a:67:8a:8d:d9:
+ 34:b0:c3:42:f4:72:a4:45:43:05:72:5d:0c:d3:42:
+ f8:9c:66:3b:b8:f8:77:ea:f6:b6:94:d7:cc:5d:62:
+ 34:2a:14:48:0a:bc:65:94:f5:7a:63:98:6c:88:4c:
+ 25:d8:95:f1:40:3d:00:d2:fb:43:28:fa:02:fb:2c:
+ 80:b3:e1:33:e7:8c:ce:8a:a0:1b:3d:04:4d:bc:a1:
+ b6:a2:42:8b:8e:f3:5b:4a:72:34:7d:8d:ba:d8:46:
+ 22:35:da:5c:f8:dd:fc:6d:9e:59:22:b7:6b:e7:78:
+ 56:54:9f:4c:d1:e2:4a:23:a3:bc:04:ea:46:6b:70:
+ 8a:fb:fe:8a:73:ca:36:d5:f3:e9:17:e3:22:d5:b3:
+ 70:05:e7:f7:37:b7:21:b5:90:53:27:27:ea:36:9b:
+ 00:ff:35:b0:66:3d:dc:a9:2f:95:d2:21:18:98:4f:
+ 28:07:09:70:20:a8:b1:82:aa:a5:df:ae:0f:e3:36:
+ be:68:8c:9e:80:d3:33:d0:f5:84:17:d9:0f:eb:9d:
+ af:0b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 71:AB:BB:91:B7:04:DE:43:35:36:07:8A:35:CA:BE:5C:3E:EB:B1:09
+ X509v3 Authority Key Identifier:
+ keyid:7E:50:E6:87:E1:EF:27:AC:4B:8C:70:45:C9:97:B5:0D:E6:BF:F0:0D
+ DirName:/C=US/ST=Massachusetts/L=Westford/O=Red Hat, Inc./OU=Engineering/CN=eaptest/emailAddress=it@it.com
+ serial:D0:E7:56:18:B1:00:ED:46
+
+ Signature Algorithm: md5WithRSAEncryption
+ ce:43:6d:f7:f8:4a:66:fd:8a:2c:41:a6:e0:03:0e:60:30:d4:
+ 41:01:ba:46:ba:81:97:64:68:83:25:9c:e1:2c:03:8b:2d:ca:
+ 85:cf:bc:fa:ca:22:c4:59:28:23:8f:ff:50:94:60:1c:90:dd:
+ 75:f4:d4:ea:8c:fa:61:61:08:35:4a:8f:aa:a7:e9:3d:76:e9:
+ 08:28:55:01:c4:03:42:c7:ad:58:bb:ee:94:f7:09:b3:9a:9b:
+ 8b:d0:25:95:18:a6:22:d5:2c:fc:b7:bb:91:0c:7c:03:7f:9b:
+ 85:de:b0:e4:95:a8:73:94:27:0a:11:4e:e3:67:ae:2b:cc:e7:
+ 51:29:10:23:57:5c:3e:e7:ea:47:e0:f0:8f:5b:a2:9f:26:cf:
+ 7f:b5:7c:44:b1:7b:83:67:3c:41:ae:c6:66:64:e0:d2:ef:57:
+ a4:5c:1b:94:11:ce:28:e5:91:51:ef:e1:98:b7:3b:9a:cc:f7:
+ b9:85:76:eb:a8:2b:15:4a:cc:1a:a3:42:fa:be:1c:ce:b8:eb:
+ ee:12:d7:2f:e4:a8:cf:eb:2a:8f:78:e8:91:88:fa:c2:98:75:
+ 6a:4c:92:3f:2e:0d:e1:20:39:36:c6:2c:be:67:30:c3:f3:c3:
+ 65:81:ac:e3:3c:19:6a:21:ee:ea:f5:22:66:74:b2:07:53:7c:
+ 9a:0c:24:a6
+-----BEGIN CERTIFICATE-----
+MIIEtDCCA5ygAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCVVMx
+FjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxETAPBgNVBAcTCFdlc3Rmb3JkMRYwFAYD
+VQQKEw1SZWQgSGF0LCBJbmMuMRQwEgYDVQQLEwtFbmdpbmVlcmluZzEQMA4GA1UE
+AxMHZWFwdGVzdDEYMBYGCSqGSIb3DQEJARYJaXRAaXQuY29tMB4XDTA3MTEwOTE1
+NTAxNFoXDTE3MTEwNjE1NTAxNFowfjELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1h
+c3NhY2h1c2V0dHMxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xFDASBgNVBAsTC0Vu
+Z2luZWVyaW5nMQ8wDQYDVQQDEwZjbGllbnQxGDAWBgkqhkiG9w0BCQEWCWl0QGl0
+LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALCPTxyT1EPnh7ci
+M1WoNaHEAbDx7SYjlqtlwsJU23kiA60/byLjYz/0IW36iMiPGs5VSXyYM2pnio3Z
+NLDDQvRypEVDBXJdDNNC+JxmO7j4d+r2tpTXzF1iNCoUSAq8ZZT1emOYbIhMJdiV
+8UA9ANL7Qyj6AvssgLPhM+eMzoqgGz0ETbyhtqJCi47zW0pyNH2NuthGIjXaXPjd
+/G2eWSK3a+d4VlSfTNHiSiOjvATqRmtwivv+inPKNtXz6RfjItWzcAXn9ze3IbWQ
+Uycn6jabAP81sGY93KkvldIhGJhPKAcJcCCosYKqpd+uD+M2vmiMnoDTM9D1hBfZ
+D+udrwsCAwEAAaOCASYwggEiMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w
+ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRxq7uRtwTeQzU2
+B4o1yr5cPuuxCTCBxwYDVR0jBIG/MIG8gBR+UOaH4e8nrEuMcEXJl7UN5r/wDaGB
+mKSBlTCBkjELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxETAP
+BgNVBAcTCFdlc3Rmb3JkMRYwFAYDVQQKEw1SZWQgSGF0LCBJbmMuMRQwEgYDVQQL
+EwtFbmdpbmVlcmluZzEQMA4GA1UEAxMHZWFwdGVzdDEYMBYGCSqGSIb3DQEJARYJ
+aXRAaXQuY29tggkA0OdWGLEA7UYwDQYJKoZIhvcNAQEEBQADggEBAM5Dbff4Smb9
+iixBpuADDmAw1EEBuka6gZdkaIMlnOEsA4styoXPvPrKIsRZKCOP/1CUYByQ3XX0
+1OqM+mFhCDVKj6qn6T126QgoVQHEA0LHrVi77pT3CbOam4vQJZUYpiLVLPy3u5EM
+fAN/m4XesOSVqHOUJwoRTuNnrivM51EpECNXXD7n6kfg8I9bop8mz3+1fESxe4Nn
+PEGuxmZk4NLvV6RcG5QRzijlkVHv4Zi3O5rM97mFduuoKxVKzBqjQvq+HM646+4S
+1y/kqM/rKo946JGI+sKYdWpMkj8uDeEgOTbGLL5nMMPzw2WBrOM8GWoh7ur1ImZ0
+sgdTfJoMJKY=
+-----END CERTIFICATE-----
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-24 01:26:43 +0000