Skip to content

Commit

Permalink
feat(x509.store): add store:check_revocation and add flag to skip che…
Browse files Browse the repository at this point in the history
…ck CRL for store:add (#1)
  • Loading branch information
catbro666 authored and fffonion committed Jun 20, 2023
1 parent aa6ad47 commit 1a5a4c8
Show file tree
Hide file tree
Showing 16 changed files with 789 additions and 3 deletions.
26 changes: 25 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -248,6 +248,7 @@ Table of Contents
+ [store:set_depth](#storeset_depth)
+ [store:set_flags](#storeset_flags)
+ [store:verify](#storeverify)
+ [store:check_revocation](#storecheck_revocation)
* [resty.openssl.x509.revoked](#restyopensslx509revoked)
+ [revoked.new](#revokednew)
+ [revoked.istype](#revokedistype)
Expand Down Expand Up @@ -3813,12 +3814,16 @@ to explictly select provider to fetch algorithms.

### store:add

**syntax**: *ok, err = store:add(x509_or_crl)*
**syntax**: *ok, err = store:add(x509_or_crl, skip_set_crl_check_flags?)*

Adds a X.509 or a CRL object into store.
The argument must be a [resty.openssl.x509](#restyopensslx509) instance or a
[resty.openssl.x509.crl](#restyopensslx509crl) instance.

By default, adding a CRL object will automatically set the flag to store
`X509_V_FLAG_CRL_CHECK`. Setting the second optional argument to `true` will
skip settting the flags.

[Back to TOC](#table-of-contents)

### store:load_file
Expand Down Expand Up @@ -3947,6 +3952,25 @@ for all available flags.

[Back to TOC](#table-of-contents)

### store:check_revocation

**syntax**: *ok, err = store:check_revocation(verified_chain, properties?)*

Only does the revocation check. The first argument `verified_chain` must be a
[resty.openssl.x509.chain](#restyopensslx509chain) instance which could be returned from
`store_ctx:verify` or be built by yourself. Note the first cert needs to be the end entity
certificate you want to check and the second cert needs to be its issuer.

Staring from OpenSSL 3.0, this function accepts an optional `properties` parameter
to explictly select provider to fetch algorithms.

Returns `true` when the certificate isn't revoked,
otherwise returns `nil` and error explaining the reason.

Note this function is supported from OpenSSL 1.1.0 and not supported in BoringSSL.

[Back to TOC](#table-of-contents)

## resty.openssl.x509.revoked

Module to interact with X509_REVOKED.
Expand Down
21 changes: 21 additions & 0 deletions lib/resty/openssl/include/x509_vfy.lua
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ require "resty.openssl.include.stack"
local OPENSSL_10 = require("resty.openssl.version").OPENSSL_10
local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
local BORINGSSL = require("resty.openssl.version").BORINGSSL
local BORINGSSL_110 = require("resty.openssl.version").BORINGSSL_110

ffi.cdef [[
Expand Down Expand Up @@ -38,6 +39,11 @@ ffi.cdef [[

void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);

int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);

// STACK_OF(X509_CRL)
void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, OPENSSL_STACK *sk);

int X509_PURPOSE_get_by_sname(char *sname);
X509_PURPOSE *X509_PURPOSE_get0(int idx);
int X509_PURPOSE_get_id(const X509_PURPOSE *xp);
Expand Down Expand Up @@ -80,10 +86,25 @@ elseif OPENSSL_11_OR_LATER then
ffi.cdef [[
// STACK_OF(X509)
OPENSSL_STACK *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
// STACK_OF(X509)
void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, OPENSSL_STACK *sk);
]];
_M.X509_STORE_CTX_get0_chain = C.X509_STORE_CTX_get0_chain
end

-- these two apis are supported from 1.1.0 but not supported by boringssl
if not BORINGSSL then
if OPENSSL_11_OR_LATER then
ffi.cdef [[
typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(const X509_STORE_CTX *ctx);
// STACK_OF(X509)
void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, OPENSSL_STACK *sk);
]];
end
end

if OPENSSL_3X then
ffi.cdef [[
X509_STORE_CTX *X509_STORE_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
Expand Down
52 changes: 50 additions & 2 deletions lib/resty/openssl/x509/store.lua
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,15 @@ local crl_lib = require "resty.openssl.x509.crl"
local ctx_lib = require "resty.openssl.ctx"
local format_all_error = require("resty.openssl.err").format_all_error
local format_error = require("resty.openssl.err").format_error
local OPENSSL_11_OR_LATER = require("resty.openssl.version").OPENSSL_11_OR_LATER
local OPENSSL_3X = require("resty.openssl.version").OPENSSL_3X
local BORINGSSL = require("resty.openssl.version").BORINGSSL

local _M = {}
local mt = { __index = _M }

_M.verify_flags = x509_vfy_macro.verify_flags
local flag_crl_check = _M.verify_flags.X509_V_FLAG_CRL_CHECK

local x509_store_ptr_ct = ffi.typeof('X509_STORE*')

Expand Down Expand Up @@ -47,7 +50,7 @@ function _M:use_default(properties)
return true
end

function _M:add(item)
function _M:add(item, skip_set_flags)
local dup
local err
if x509_lib.istype(item) then
Expand Down Expand Up @@ -75,7 +78,7 @@ function _M:add(item)
-- enables CRL checking for the certificate chain leaf certificate.
-- An error occurs if a suitable CRL cannot be found.
-- Note: this does not check for certificates in the chain.
if C.X509_STORE_set_flags(self.ctx, 0x4) ~= 1 then
if not skip_set_flags and C.X509_STORE_set_flags(self.ctx, 0x4) ~= 1 then
return false, format_error("x509.store:add: X509_STORE_set_flags")
end
-- decrease the dup ctx ref count immediately to make leak test happy
Expand Down Expand Up @@ -228,4 +231,49 @@ function _M:verify(x509, chain, return_chain, properties, verify_method, flags)

end

function _M:check_revocation(verified_chain, properties)
if BORINGSSL then
return nil, "x509.store:check_revocation: this API is not supported in BoringSSL"
end

if not OPENSSL_11_OR_LATER then
return nil, "x509.store:check_revocation: this API is supported from OpenSSL 1.1.0"
end

if not verified_chain or not chain_lib.istype(verified_chain) then
return nil, "x509.store:check_revocation: expect a x509.chain instance at #1"
end

local ctx
if OPENSSL_3X then
ctx = C.X509_STORE_CTX_new_ex(ctx_lib.get_libctx(), properties)
else
ctx = C.X509_STORE_CTX_new()
end
if ctx == nil then
return nil, "x509.store:check_revocation: X509_STORE_CTX_new() failed"
end

ffi_gc(ctx, C.X509_STORE_CTX_free)

if C.X509_STORE_CTX_init(ctx, self.ctx, nil, nil) ~= 1 then
return nil, format_error("x509.store:check_revocation: X509_STORE_CTX_init")
end

C.X509_STORE_CTX_set0_verified_chain(ctx, verified_chain.ctx)

-- enables CRL checking for the certificate chain leaf certificate.
-- An error occurs if a suitable CRL cannot be found.
C.X509_STORE_CTX_set_flags(ctx, flag_crl_check)

local check_revocation = C.X509_STORE_CTX_get_check_revocation(ctx)
local code = check_revocation(ctx)
if code == 1 then -- succeess
return true, nil
else
local vfy_code = C.X509_STORE_CTX_get_error(ctx)
return nil, ffi_str(C.X509_verify_cert_error_string(vfy_code))
end
end

return _M
18 changes: 18 additions & 0 deletions t/fixtures/crl/crl.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN X509 CRL-----
MIIC2jCBwwIBATANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQIDAJDQTENMAsGA1UE
CgwES29uZzENMAsGA1UECwwES29uZzEbMBkGA1UEAwwSd3d3LnN1YmNhLmtvbmcu
Y29tFw0yMzA2MDYwNzI3MDBaFw0zMzA2MDMwNzI3MDBaMBUwEwICIAEXDTIzMDYw
NjA3MjcwMFqgMDAuMB8GA1UdIwQYMBaAFC8MH19JRurEt8xm/9IGkZIvDBurMAsG
A1UdFAQEAgIgADANBgkqhkiG9w0BAQsFAAOCAgEAGX+Tvt+BDU6YUSVc7/bi7OBA
KPEQvl/SXu06n3JmjyCRIWUPkB/QruqNHPpxImpvDzoqp/ScfKjB7jNaVqppdkcr
yrCN11U26WPgtW6auHsWPOqVm94625+vecL9U+8R5WvjN2Hn8Kkn7EXefwskYleo
tGDHeQMRuR3EHzaHu6Bbqn/UfYuTEEC2ZMg/LwGYaG8MBCg79ayAzsBeR4VPSszK
CnKHa1CVgfggWQnNcIvkbBFpUAd6OWm6w+YUSA9hxAaEFqYlrOA4UHf/APE7Rnw3
xokDissm9yqfVVi0fiVe/HXt6RE5FOayOgjKOfAAj10TogTC9bK0Q05t8Ud1OpEY
7YtFHtlBYuHWrmqm0FZBYwhxaFzDRcCRe45HuS6wCmMwb1Btr354kEOj/nSuq2Wq
e248ZrTPNf/IXOGthB7FsL+bTOtrHl4l+tniZb+0i3FeeYUHoX+IRhPzWGHXYK9D
PDn1QsggNvkXIMpdut8ifDwPXYFoXf5ZW8IAuC7G3zYrwsPFoQALheK4yyqHVaYb
WMzuHmeVpxLxVv7zoJtpGPr8X2c2Yn25QtcGpqxcXxesL5g2+pJ2Uu3D7niVp3tM
bqP3Nj88eJk1mFVOdRWwSICmp6ReJwTtAYacU5vTUjPdQNOOtht29YmbwyoemMvJ
w9wdUeL9yrb5a98bNtI=
-----END X509 CRL-----
66 changes: 66 additions & 0 deletions t/fixtures/crl/gen_certs.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
#!/bin/bash
#
# run this script in t/fixtures/crl
#
# root ca
mkdir -p rootca/newcerts
touch rootca/index.txt
echo 1000 > rootca/serial

# root ca key
openssl genrsa -out rootca.key.pem 4096
chmod 400 rootca.key.pem

# root ca cert
openssl req -config rootca.cnf -key rootca.key.pem \
-new -x509 -days 3650 -sha256 -extensions v3_ca \
-out rootca.cert.pem \
-subj "/C=US/ST=CA/L=SF/O=Kong/OU=Kong/CN=www.rootca.kong.com"


# sub ca
mkdir -p subca/newcerts
touch subca/index.txt
echo 2000 > subca/serial
echo 2000 > subca/crlnumber

# sub ca key
openssl genrsa -out subca.key.pem 4096
chmod 400 subca.key.pem

# sub ca csr
openssl req -config subca.cnf -new -sha256 \
-key subca.key.pem -out subca.csr.pem \
-subj "/C=US/ST=CA/L=SF/O=Kong/OU=Kong/CN=www.subca.kong.com"

# sub ca cert
echo -e "y\ny\n" | openssl ca -config rootca.cnf -extensions v3_sub_ca \
-days 3650 -notext -md sha256 \
-in subca.csr.pem -out subca.cert.pem

# ca chain
#cat ca/sub/subca.cert.pem ca/root/root.cert.pem > chain.pem

# leaf certs
for name in valid revoked
do
openssl genrsa -out $name.key.pem 2048
chmod 400 $name.key.pem

openssl req -config subca.cnf -key subca.key.pem \
-new -sha256 -out $name.csr.pem \
-subj "/C=US/ST=CA/L=SF/O=Kong/OU=Kong/CN=www.$name.kong.com"

echo -e "y\ny\n" | openssl ca -config subca.cnf -extensions usr_cert \
-days 3650 -notext -md sha256 \
-in $name.csr.pem -out $name.cert.pem
done

# revoke cert
openssl ca -config subca.cnf -revoke revoked.cert.pem

# generate crl file
openssl ca -config subca.cnf -gencrl -out crl.pem -crldays 3650

# remove unused files
rm -rf rootca subca *.csr.pem
36 changes: 36 additions & 0 deletions t/fixtures/crl/revoked.cert.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
-----BEGIN CERTIFICATE-----
MIIGUzCCBDugAwIBAgICIAEwDQYJKoZIhvcNAQELBQAwSDELMAkGA1UECAwCQ0Ex
DTALBgNVBAoMBEtvbmcxDTALBgNVBAsMBEtvbmcxGzAZBgNVBAMMEnd3dy5zdWJj
YS5rb25nLmNvbTAeFw0yMzA2MDYwNzI3MDBaFw0zMzA2MDMwNzI3MDBaMGQxCzAJ
BgNVBAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDTALBgNVBAoMBEtv
bmcxDTALBgNVBAsMBEtvbmcxHTAbBgNVBAMMFHd3dy5yZXZva2VkLmtvbmcuY29t
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzE3ishAB+ODlQRlnbYTu
vYkKBMJ+UqCCNIrAUxu6IMJWuK8hxt+KSP0RgB7LNpE/FshUuZP16dZq8A5Hah2u
/r7yXEv6kmNUfAQAm3NSFT8WBgjcs3m4TTqstLhPL3sRnVECkUGEq5PHfQxR3Du/
FqwYiGH6oOZXusFZzuHx0R/+GKkfkq9qomwIpZzMSIGblfS00CpWAvBYclTeJmfy
nDKiDcirvG5su55lwqsqkn2Agm8y7OqQsCcaUFvnMHqxeVzk3bqXjWldfo7dviZH
NW17XO5ruUJLseRZE3bCMBePQjQpY6il7K8Cq9gJ0dt3TbR9WSVNS+EUuCB3c9rt
UT+qlBrNWCmMz3ZLfXDYjqiHy6jokT8K4Bo2pjoiZ7IlUZQ637xb7TOH5uIcOYsG
R6Av843lt0Tv1grgaWbR/kNSOIGREO0SQakw6khpVasTNGqSoBLyFb6+Szw7EAcZ
PCBh9ZOz+xXdBcGlCsmEnAwG9BSFBG4ygUdO3OyvZeSGD9BwNZFzqAi/dKJJW5Xn
1GHJQUejrrn1GiDl+NaIkprm2SXTOZ622riDb4zYmNXwkC+9pJzV14IN9XZS8MWd
ydUeMraa2K5AD5hKHwyPjCLoLvvPk/V50iMOWLIVk+RCk/mBj++gthSgqQexyknE
cCTBWS2hiyBimMm8wtJOH/ECAwEAAaOCASkwggElMAkGA1UdEwQCMAAwEQYJYIZI
AYb4QgEBBAQDAgWgMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBD
bGllbnQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFC8MH19JRurEt8xm/9IGkZIvDBur
MB8GA1UdIwQYMBaAFC8MH19JRurEt8xm/9IGkZIvDBurMA4GA1UdDwEB/wQEAwIF
4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwMgYIKwYBBQUHAQEEJjAk
MCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcHNlcnZlcjoyNTYwMC0GA1UdHwQmMCQw
IqAgoB6GHGh0dHA6Ly9vY3Nwc2VydmVyOjgwL2NybC5wZW0wDQYJKoZIhvcNAQEL
BQADggIBALCjaiw5E2MSjCOWHbaJpIeTmspFLceWcFn+Vsee6IDsGfLc4X4bo2lc
rTxJKjcaKHCaKBhlGYTGcAOn9aQksFxqPOnCarWhWBu7d/rtwpmS8Az6LLl6kPiq
hwNR9ZXEUZubZrigbAEKOvulpCdGzS2K5r+jsyduVfUYNLgK0QQibv5gP77WLEAM
UeJFXzvhYOdyd2gCegllfLdkIlt+D/4ZnMmyVYpkAPbYPTh7E1+iM0nzXrpJ68Tg
nwQftjsHOGnNWg1EUt6dAGzrXlPaS5LCX5BDFGIZSIWEi0/qtySbroIwSeFiowca
TwebLnONPe4cQUmga3OJg9tI6y3NRpChUPkpftmXxwQE1UT2GjecQFnSbkFsFhwv
ezJjZ5iOSdpglptxPO7J8HOt32aEX0Y+qR0/QmMYYR3NdVE2aSKjaMl+8R6aIA5a
akpIibDNFdOD2FU8eMCQgd+gIdne8YOpUGWIy8X+grw44DSpU7lIPmHHLQEvFiG+
MrI34iCg9k9pX5D+/PnMMLMuy92VBwHVNlWe+JSVThGEPQOh7N/Bn1S4Mzv1HLUM
kZrM6tTNieaoEUoArmWpwVcyNUgMO9TunNfDTOsDb144j9cK+AFdUFCKwmZyxPsR
gSlWtXlcHLLMFjf5q+4jkkvZ4AVzq8NpovDKMIygjYx+BGOdqIuw
-----END CERTIFICATE-----
27 changes: 27 additions & 0 deletions t/fixtures/crl/revoked.key.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA9Ieaw7RFz9+I8WTKFS8QYzIkduMdh0bYWkDn0M51t74U1YtC
NDXaaFRRe7F/SvvP4vsJXTEJWdz6+RjwAtkZwXLUjjIGsHU+sLdlHGAwpnWz12gU
p+Y+LBNWbkbvmcUV7BfVTzOzbaZi5fNA3AzUUXBvLPOYj8qFpGeU8ZSGEZiS9wAh
yulFPnl8AxYKFqiuTWTIYLa2v/KT395QIcTqcQNpllRmvzQcBX14wTAqrukC3bfA
lS/pGu1XE/utx/PkJAgHaxo3oHbirTp9aPGRce/dgUH4/NopuyEQvcaykLC+V75P
JyUuPP7DD8UgXs8amBVibL4hbjlIQOLAqonBFQIDAQABAoIBAQDxioF1jzzmeQfs
aoKzKiol0gHy7aTdWz2a6UITH91oAnrR9R0QNaHoLGHQrSPwDYzryM0XILj76yx9
ogRyy8CFNciALSouY6HpLT7TKLDlvJ5IyKaesu/22aMmiyth2Swuadxqv8cdKJ3I
RuBqfMG9MDKhVH3+iy43l5moh+1mskEddAIYEMMcb3HW4CQqb7FDi1EIqJcZNxlY
V7o6t0VLUTgiauWTvXisv33Ozga/3vh4PzBvVpSCgn8AE3n+j06pp/wYsuYqeWU4
eHreCN9Qh4NL2A9nN197mK98/JrujB0yuBJ/VCJfUKO5uydkgHzLnGsAYachppMe
heGQkU6BAoGBAP5u6WXDgnhtA4ZyuvRxF+r8FzFDOKNw6E/QH55g8d/z2zQwrcQb
o5BDFLxXeXKlIshy3aphxX8Y1LkFjm9d8+JRJG6ffRbXuKsC+K6CMmaW1vOQ180p
Y/OPp0GLgpxA9fimo+EYhpWbdQlDTZUzfzBp1hu8UkP0VZu4XFSml0fPAoGBAPYJ
FLYo/Oa1Kv0BSgVH2AZPax7Rl0I/7NWG4e1IaT/hawKzlypM3pMvZSana7gcGccr
fGjG8GjliFm2R03H/GldfhXRoO3MCPF9FvWpW5ZRhCU2SSlsrj6SxG1KpCqkG2ft
QSHI3f0H1mZdXXiRh3Z4jkb0c87IrCpMcasSjT3bAoGAY/75MeqV83h8wzGCMqHk
EZGEF/NgZjPwybV1R8y4Ixl3FFrxYDqwnPkQRDlo3Nr0Aa3LWrRUZ3A94n3Bjhlx
yYe0dtmt0vVzeZqQXB2Fa3ZrAozxk4tp4gaaaJNJANozEceEbuoxssjHRZ2y9ymn
GkLuSDZKarSzlKDvgMF8gVcCgYEA3n1NxoEAWp1gd5Uv2+ChQOuWwjLk5xspz9p+
+nXt/7+YZsQDIlSLPmywuyjRZ5e50/vGMHYet61CBWapynPcFWhfedms/v3w5Hir
R5JUaXXj20bhGF3YoGtWyEKkfI8U3YGW0bd0z7nDr6Qkv8BS0NaqSw4Kn+emkUW5
0Osg4NsCgYEAxOhcGIseH8e0K7YSsB8sRSOK01p0wTRpMhQ8GVsf4S4Za292B2Wl
f2ZIFEj9IrTEwp14s2lOeeSpSMHYndWfHOTua0DSaKP6j0Dl2G3VlbZJsprDqRWX
qA0vZ1ZucVFBe3GWtCaO7uQprQbk0NcerqmEdexY2vzGvUNuoQszuRo=
-----END RSA PRIVATE KEY-----
33 changes: 33 additions & 0 deletions t/fixtures/crl/rootca.cert.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIFtzCCA5+gAwIBAgIUJWxAqd4rg8B4IoNzVf3VFL0LoKYwDQYJKoZIhvcNAQEL
BQAwYzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjENMAsG
A1UECgwES29uZzENMAsGA1UECwwES29uZzEcMBoGA1UEAwwTd3d3LnJvb3RjYS5r
b25nLmNvbTAeFw0yMzA2MDYwNzI2NTlaFw0zMzA2MDMwNzI2NTlaMGMxCzAJBgNV
BAYTAlVTMQswCQYDVQQIDAJDQTELMAkGA1UEBwwCU0YxDTALBgNVBAoMBEtvbmcx
DTALBgNVBAsMBEtvbmcxHDAaBgNVBAMME3d3dy5yb290Y2Eua29uZy5jb20wggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDiCaoWZZdKx0TuKjPCxl91Z5dL
S2/5YQpB/96SUc+mXClJvDeE9VOlEdIhLM1+yjsWaSbG5GiiY6+jiVql2GNIJ1U1
hr6fR6dWM1J13/Cb1WO/9IGsULn4vwBYnxNOK54wxvKSMfp2lmhf6iNPNy9lxiAd
7L7M2nwF0MSl8aYoIg+ULrGJ/kXy/EF6g+1JDrzlgbBsrJso2VQc7h59sFrijpDv
3iFaJA5UvYd/s2Y4CAzESN06JgOXDaN+eEk53DBcskcK8+9DdNXcKLuKFXfUL25u
als8z0oBfP8aDVBHTZQ2Eh3iSuU3iigpJH6zK8uxQLEqMf43j5XpiG7J485PXPQo
jUAgg/YJJDLnBpkSem/f9mWDZ1WsA+cbPUAogwiUOsmdG2joIobXNdY2LgGkA6Xz
J9ALdz1I5gvl7waw+cHEKPcX1nGnC1loCLyNri4bTxaAKwSJY8jc9fJcowpBiJy4
xOA+0b/2bBY4vdjiRxyq1qADEvsL2/Z4MN+0ecquEYm5LLsmXenCvU7Ecgy3HcZM
AHV8m5oI6WJshxmsZ5SJ8EnFrsjWiYqTPtmn3W3c1Hi6la5R0oDieguXcSUNtDCg
APmnPXlJYcx0osDL3pyioK+4AMUu1yLrX6r7+Gdg9ghXtwpHrUDeVY3/qv1HOJWi
yiT5bztF2gYy2RksjwIDAQABo2MwYTAdBgNVHQ4EFgQUxVbJgvLbara0rOyfJEDc
LupTakYwHwYDVR0jBBgwFoAUxVbJgvLbara0rOyfJEDcLupTakYwDwYDVR0TAQH/
BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAAUNP6BV
tpHi38vQ7g/eombH4Q0pk6dAAQ3yf1Ve7bfPXNhHqwg2Dpeefv7+gBi86Ut4WgqU
elnblSR/QjB8gkh+fT5dUfRq8kqwaZcXlrsB8FdAr0c/GOxeqARzVWiK6pxjrNRU
w+nAUU99Kke54rqrdX0kEQ+CIR69jVGYzqPN00icAj48DrC/Stsih2im7OQtpcmY
GiuTsK9XmRbJMqf+hcHyjQxWMkQ+3v3bz9rB2DPpoBVncF94ZIdTGQnzArc64gat
2AYHpPRn500d5QAoGxjWLHYQdcXJ/Q8mYa7o+YliwyfCX5dA34jTyttLzRiggljF
aqna3MJ1fE4ukj6RInihbxPBxNCH9reKougTYSsTGiqoff4j87K46y7xe/RfmKUw
+/7P/5d3COUda56Csy+gDHPK4WR//rhNpqde5Tz9TSrXYHU0HUHwfDVRc3NNrROr
trVC6sC1VqXvk6zBz6RNDuSC+4Io7Hp51vU/Bg0fcdAFNYLpKrZm+pWrCLR1lGxr
OPQUuvmBX1+XsmRgpMZtYHLTxYf8QuxwqRX6iPgD4Bt90EASo53auDzxh3lL09lB
eEpQRvwLpq+VoF8uj2xAHHQM25D50nWDxTbE/gGXs/hMaKBQend/vfU1Abj86kij
NehSHV5LPjYikoZm1oig/DEFjAPWQpgPVowG
-----END CERTIFICATE-----
Loading

0 comments on commit 1a5a4c8

Please sign in to comment.