Skip to content

Commit

Permalink
cRLIssuer MUST NOT be present (#814)
Browse files Browse the repository at this point in the history 
* cRLIssuer MUST NOT be present lint

* Also cover Reason

---------

Co-authored-by: Christopher Henderson <[email protected]>
  • Loading branch information
@XolphinMartijn @christopher-henderson
XolphinMartijn and christopher-henderson authored Mar 24, 2024
1 parent 990a074 commit 38cfd72
Show file tree
Hide file tree
Showing 5 changed files with 379 additions and 0 deletions.
79 changes: 79 additions & 0 deletions v3/lints/cabf_br/lint_crlissuer_must_not_be_present_in_cdp.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
/*
* ZLint Copyright 2024 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/

package cabf_br

import (
"github.com/zmap/zcrypto/encoding/asn1"
"github.com/zmap/zcrypto/x509"
"github.com/zmap/zcrypto/x509/pkix"
"github.com/zmap/zlint/v3/lint"
"github.com/zmap/zlint/v3/util"
)

func init() {
lint.RegisterCertificateLint(&lint.CertificateLint{
LintMetadata: lint.LintMetadata{
Name: "e_crlissuer_must_not_be_present_in_cdp",
Description: "crlIssuer and/or Reason field MUST NOT be present in the CDP extension.",
Citation: "BR Section 7.1.2.11.2",
Source: lint.CABFBaselineRequirements,
EffectiveDate: util.SC62EffectiveDate,
},
Lint: NewCrlissuerMustNotBePresentInCdp,
})
}

type CrlissuerMustNotBePresentInCdp struct{}

func NewCrlissuerMustNotBePresentInCdp() lint.LintInterface {
return &CrlissuerMustNotBePresentInCdp{}
}

func (l *CrlissuerMustNotBePresentInCdp) CheckApplies(c *x509.Certificate) bool {
return c.CRLDistributionPoints != nil
}

func (l *CrlissuerMustNotBePresentInCdp) Execute(c *x509.Certificate) *lint.LintResult {

for _, ext := range c.Extensions {
if ext.Id.Equal(util.CrlDistOID) {
var cdp []distributionPoint
_, err := asn1.Unmarshal(ext.Value, &cdp)
if err != nil {
return &lint.LintResult{Status: lint.Fatal}
}
for _, dp := range cdp {
if (len(dp.CRLIssuer.Bytes) > 0) || (len(dp.Reason.Bytes) > 0) {
return &lint.LintResult{Status: lint.Error}
}

}

}
}

return &lint.LintResult{Status: lint.Pass}
}

type distributionPoint struct {
DistributionPoint distributionPointName `asn1:"optional,tag:0"`
Reason asn1.BitString `asn1:"optional,tag:1"`
CRLIssuer asn1.RawValue `asn1:"optional,tag:2"`
}

type distributionPointName struct {
FullName asn1.RawValue `asn1:"optional,tag:0"`
RelativeName pkix.RDNSequence `asn1:"optional,tag:1"`
}
49 changes: 49 additions & 0 deletions v3/lints/cabf_br/lint_crlissuer_must_not_be_present_in_cdp_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
/*
* ZLint Copyright 2024 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/

package cabf_br

import (
"testing"

"github.com/zmap/zlint/v3/lint"
"github.com/zmap/zlint/v3/test"
)

func TestCrlissuerMustNotBePresentInCdp(t *testing.T) {
inputPath := "crlIssuerMustNotBePresent_error.pem"
expected := lint.Error
out := test.TestLint("e_crlissuer_must_not_be_present_in_cdp", inputPath)
if out.Status != expected {
t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status)
}
}

func TestCrlissuerMustNotBePresentInCdpPass(t *testing.T) {
inputPath := "crlIssuerMustNotBePresent_pass.pem"
expected := lint.Pass
out := test.TestLint("e_crlissuer_must_not_be_present_in_cdp", inputPath)
if out.Status != expected {
t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status)
}
}

func TestCrlissuerMustNotBePresentInCdpNa(t *testing.T) {
inputPath := "crlIssuerMustNotBePresent_NA.pem"
expected := lint.NA
out := test.TestLint("e_crlissuer_must_not_be_present_in_cdp", inputPath)
if out.Status != expected {
t.Errorf("%s: expected %s, got %s", inputPath, expected, out.Status)
}
}
80 changes: 80 additions & 0 deletions v3/testdata/crlIssuerMustNotBePresent_NA.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1710164777 (0x65ef0b29)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=example.com
Validity
Not Before: Mar 11 13:46:17 2024 GMT
Not After : Mar 11 13:46:17 2025 GMT
Subject: CN=example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b1:b2:ba:bf:6f:31:ab:5a:bc:d7:5c:c7:8c:ff:
c8:d8:8e:ee:67:f0:64:ab:e0:95:49:27:a7:1e:0d:
3e:83:69:86:6a:02:6e:96:2a:54:93:a3:8e:b9:85:
0f:2e:01:9c:d7:22:a7:bc:f8:55:67:01:58:6b:5d:
e0:49:84:86:97:ee:74:45:37:c6:c6:5f:34:bc:fc:
a2:cc:16:71:35:26:52:ab:c5:93:4e:54:9c:b7:4d:
f0:5e:39:cf:a1:a9:b9:e8:ec:00:01:1f:69:cd:71:
2e:34:9a:1b:70:40:f1:11:55:04:fa:3e:29:5e:24:
25:33:b6:4b:4e:20:13:d4:19:8e:64:53:d7:0c:f8:
15:bb:ac:03:04:da:76:be:66:e9:c6:18:0b:40:5b:
02:33:c4:c5:ab:6f:e4:e2:45:76:60:95:91:f4:e0:
8b:3a:67:e9:1d:0f:c2:9b:64:5f:83:db:75:8f:50:
8a:d7:ab:d5:f9:aa:43:08:95:b1:36:ce:4f:e1:a9:
b1:89:13:63:0a:a4:bd:2b:3e:34:cf:17:be:b1:77:
6f:bd:6b:fe:ea:1a:5b:88:50:82:24:3c:d2:fb:e3:
ed:3b:8f:c1:d0:24:01:fd:54:0c:6f:a6:3e:65:42:
78:4a:0d:c9:e1:0d:bc:72:ca:6f:65:90:9e:fe:ac:
d4:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:example.com
X509v3 Authority Key Identifier:
55:1B:B4:56:7E:7E:1B:0F:B4:61:29:33:6F:99:E8:C8:A2:B4:77:F4
X509v3 Subject Key Identifier:
55:1B:B4:56:7E:7E:1B:0F:B4:61:29:33:6F:99:E8:C8:A2:B4:77:F4
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
a4:dc:3f:11:b7:06:86:ce:7b:54:84:f7:65:7c:05:5b:bb:2c:
f8:e1:2d:fc:5c:73:a6:6a:bb:e2:70:20:7f:c6:96:c3:d8:36:
d6:4a:1b:bd:b7:97:a3:b0:6e:94:0e:b4:28:aa:ec:e8:35:ce:
3a:e7:33:1b:4b:a9:21:ea:53:ca:e9:c5:5b:3e:f1:92:20:e5:
a2:ca:2b:85:1e:e9:db:4a:04:fb:59:76:bd:7e:ea:45:98:dd:
10:c1:e3:fc:e4:4d:9f:85:f8:5d:6c:96:6f:72:6b:87:37:ba:
cc:f4:b0:10:92:d2:01:b8:ae:18:2a:33:9a:60:ef:4b:03:2d:
28:d9:3b:fd:4b:48:d7:38:e0:09:d5:87:88:c7:45:25:44:ab:
e0:d9:f7:8c:24:d5:b2:81:08:da:5d:a0:64:9e:b1:0c:b3:27:
36:b7:68:64:bd:66:30:a4:fe:10:9c:4c:12:dd:2e:f3:ec:7e:
d3:0a:f7:a0:44:31:f0:71:25:56:52:cc:17:fd:11:94:d1:62:
2d:5b:12:25:8c:86:4e:8c:92:37:cc:29:b3:34:d8:2b:c6:62:
0c:22:05:84:f4:49:ad:d9:cc:e3:99:e8:f8:af:7b:9e:36:db:
01:b8:17:50:fb:00:19:8b:38:02:b7:12:12:46:14:5f:96:69:
5a:07:7d:b3
-----BEGIN CERTIFICATE-----
MIIDKTCCAhGgAwIBAgIEZe8LKTANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtl
eGFtcGxlLmNvbTAeFw0yNDAzMTExMzQ2MTdaFw0yNTAzMTExMzQ2MTdaMBYxFDAS
BgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsbK6v28xq1q811zHjP/I2I7uZ/Bkq+CVSSenHg0+g2mGagJulipUk6OOuYUP
LgGc1yKnvPhVZwFYa13gSYSGl+50RTfGxl80vPyizBZxNSZSq8WTTlSct03wXjnP
oam56OwAAR9pzXEuNJobcEDxEVUE+j4pXiQlM7ZLTiAT1BmOZFPXDPgVu6wDBNp2
vmbpxhgLQFsCM8TFq2/k4kV2YJWR9OCLOmfpHQ/Cm2Rfg9t1j1CK16vV+apDCJWx
Ns5P4amxiRNjCqS9Kz40zxe+sXdvvWv+6hpbiFCCJDzS++PtO4/B0CQB/VQMb6Y+
ZUJ4Sg3J4Q28cspvZZCe/qzUWwIDAQABo38wfTAOBgNVHQ8BAf8EBAMCBaAwFgYD
VR0RBA8wDYILZXhhbXBsZS5jb20wHwYDVR0jBBgwFoAUVRu0Vn5+Gw+0YSkzb5no
yKK0d/QwHQYDVR0OBBYEFFUbtFZ+fhsPtGEpM2+Z6MiitHf0MBMGA1UdJQQMMAoG
CCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQCk3D8RtwaGzntUhPdlfAVbuyz4
4S38XHOmarvicCB/xpbD2DbWShu9t5ejsG6UDrQoquzoNc465zMbS6kh6lPK6cVb
PvGSIOWiyiuFHunbSgT7WXa9fupFmN0QweP85E2fhfhdbJZvcmuHN7rM9LAQktIB
uK4YKjOaYO9LAy0o2Tv9S0jXOOAJ1YeIx0UlRKvg2feMJNWygQjaXaBknrEMsyc2
t2hkvWYwpP4QnEwS3S7z7H7TCvegRDHwcSVWUswX/RGU0WItWxIljIZOjJI3zCmz
NNgrxmIMIgWE9Emt2czjmej4r3ueNtsBuBdQ+wAZizgCtxISRhRflmlaB32z
-----END CERTIFICATE-----
86 changes: 86 additions & 0 deletions v3/testdata/crlIssuerMustNotBePresent_error.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1710164964 (0x65ef0be4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=example.com
Validity
Not Before: Mar 11 13:49:24 2024 GMT
Not After : Mar 11 13:49:24 2025 GMT
Subject: CN=example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ee:46:ac:c4:de:6d:24:57:69:3d:fb:2b:3b:fa:
8a:b3:48:62:ac:6f:4d:7b:74:e7:98:87:01:cd:b0:
30:64:a0:d3:8a:8d:c3:50:13:98:d2:78:12:20:f2:
bb:ed:7f:b9:c9:a2:35:7a:9f:d2:a9:92:9b:3b:e7:
4f:48:10:8f:62:7d:0f:c1:c6:ce:92:8f:3b:1e:d8:
a7:b9:26:8c:0c:f8:11:c5:52:51:33:6d:c2:45:f8:
32:e0:e5:b9:f7:bb:69:68:ae:94:92:97:9e:cf:d6:
0b:5b:44:a7:b8:52:ad:6a:94:25:a5:03:86:e6:1b:
0e:69:47:c2:b7:bc:b5:35:da:87:13:12:48:c1:7f:
5e:27:62:14:70:12:6f:9d:20:6e:8d:5c:7c:13:0c:
df:d9:07:56:ac:ee:dd:64:34:08:c0:29:b2:e4:50:
ac:e7:56:03:17:1d:e8:87:b2:49:cb:da:f1:38:fd:
f6:77:69:de:11:fc:c2:c0:a2:15:9d:22:cb:7e:73:
43:c5:c5:fe:ba:ef:f0:ab:db:7d:02:30:09:c5:57:
48:25:06:99:f1:5f:25:c4:14:29:90:5d:18:0e:63:
c5:69:95:47:75:da:42:7a:98:09:11:44:83:6c:17:
64:d5:4a:07:49:5b:2a:3f:d2:65:e7:f5:f5:98:43:
2d:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:example.com
X509v3 CRL Distribution Points:
Full Name:
URI:http://example.com/valid.crl CRL Issuer:
DirName:CN = example.com CRL
X509v3 Authority Key Identifier:
1A:F7:81:52:5D:45:97:62:87:CA:0B:11:4C:FA:02:70:6F:4F:23:61
X509v3 Subject Key Identifier:
1A:F7:81:52:5D:45:97:62:87:CA:0B:11:4C:FA:02:70:6F:4F:23:61
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
06:d6:d6:45:58:b5:08:62:6d:fd:f4:9e:d8:ee:02:41:ba:82:
63:37:1f:1c:6f:4e:24:fb:ec:b6:b3:a1:41:3d:c9:06:7d:f8:
18:38:ab:04:e7:27:21:25:ee:30:5d:6a:7a:20:70:11:fe:74:
bc:85:6a:7b:64:d8:ff:89:f4:87:eb:6d:46:ac:6a:21:6f:dc:
96:95:4d:fa:6b:79:1a:c8:3e:2f:16:dd:4e:40:fa:ef:d8:53:
1e:64:3a:13:f3:b7:4a:66:bb:d7:90:01:f7:11:8a:03:a2:e4:
b6:eb:a4:25:1c:8b:03:4a:91:8d:0a:02:f0:35:05:0d:35:70:
44:0d:b4:af:6f:19:35:57:83:9c:8a:7b:79:49:1a:1d:ea:25:
91:f7:9b:52:09:21:96:01:75:f8:e5:c0:40:d1:b2:37:68:17:
a3:63:ed:02:af:a3:e7:a3:e7:94:1d:dc:e6:62:8a:71:f5:2c:
6c:f2:79:99:25:4b:f1:21:1e:66:f8:1d:17:f0:96:c7:47:0a:
01:25:f9:37:1a:49:16:91:83:69:6d:51:5f:a3:74:80:a7:e8:
4d:f5:5b:c1:b7:31:89:4d:17:ea:1e:31:3a:49:5a:38:3c:4b:
3b:0e:90:d9:64:ee:ff:37:d5:ad:11:6f:01:93:49:5e:70:6e:
7e:0e:05:17
-----BEGIN CERTIFICATE-----
MIIDejCCAmKgAwIBAgIEZe8L5DANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtl
eGFtcGxlLmNvbTAeFw0yNDAzMTExMzQ5MjRaFw0yNTAzMTExMzQ5MjRaMBYxFDAS
BgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7kasxN5tJFdpPfsrO/qKs0hirG9Ne3TnmIcBzbAwZKDTio3DUBOY0ngSIPK7
7X+5yaI1ep/SqZKbO+dPSBCPYn0PwcbOko87HtinuSaMDPgRxVJRM23CRfgy4OW5
97tpaK6Ukpeez9YLW0SnuFKtapQlpQOG5hsOaUfCt7y1NdqHExJIwX9eJ2IUcBJv
nSBujVx8Ewzf2QdWrO7dZDQIwCmy5FCs51YDFx3oh7JJy9rxOP32d2neEfzCwKIV
nSLLfnNDxcX+uu/wq9t9AjAJxVdIJQaZ8V8lxBQpkF0YDmPFaZVHddpCepgJEUSD
bBdk1UoHSVsqP9Jl5/X1mEMtOwIDAQABo4HPMIHMMA4GA1UdDwEB/wQEAwIFoDAW
BgNVHREEDzANggtleGFtcGxlLmNvbTBNBgNVHR8ERjBEMEKgIKAehhxodHRwOi8v
ZXhhbXBsZS5jb20vdmFsaWQuY3Jsoh6kHDAaMRgwFgYDVQQDDA9leGFtcGxlLmNv
bSBDUkwwHwYDVR0jBBgwFoAUGveBUl1Fl2KHygsRTPoCcG9PI2EwHQYDVR0OBBYE
FBr3gVJdRZdih8oLEUz6AnBvTyNhMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG
SIb3DQEBCwUAA4IBAQAG1tZFWLUIYm399J7Y7gJBuoJjNx8cb04k++y2s6FBPckG
ffgYOKsE5ychJe4wXWp6IHAR/nS8hWp7ZNj/ifSH621GrGohb9yWlU36a3kayD4v
Ft1OQPrv2FMeZDoT87dKZrvXkAH3EYoDouS266QlHIsDSpGNCgLwNQUNNXBEDbSv
bxk1V4Ocint5SRod6iWR95tSCSGWAXX45cBA0bI3aBejY+0Cr6Pno+eUHdzmYopx
9Sxs8nmZJUvxIR5m+B0X8JbHRwoBJfk3GkkWkYNpbVFfo3SAp+hN9VvBtzGJTRfq
HjE6SVo4PEs7DpDZZO7/N9WtEW8Bk0lecG5+DgUX
-----END CERTIFICATE-----
85 changes: 85 additions & 0 deletions v3/testdata/crlIssuerMustNotBePresent_pass.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1710164847 (0x65ef0b6f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=example.com
Validity
Not Before: Mar 11 13:47:27 2024 GMT
Not After : Mar 11 13:47:27 2025 GMT
Subject: CN=example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:8b:bf:a6:f9:8d:c3:ee:53:9e:fa:39:b0:11:9e:
a5:dc:1f:81:3d:78:40:33:2a:02:a6:0b:31:60:0c:
55:60:0e:24:5a:ee:ad:cc:a4:78:43:a6:5d:6c:34:
23:97:05:e1:d6:96:22:e9:a4:2a:e2:e1:cf:e6:8e:
cb:b3:e0:f3:23:01:df:87:59:6a:a4:dc:28:84:76:
45:c5:4d:77:dc:b0:95:cf:bd:03:f9:a5:7f:0f:83:
02:06:19:f6:85:2d:aa:51:63:63:fc:52:a2:f9:ab:
53:be:5f:d0:65:67:4d:7f:51:f4:8c:ee:17:90:78:
20:d3:a2:0c:97:fa:e4:14:2f:58:7d:af:a2:91:1b:
04:d4:67:1f:72:bd:c5:7b:bd:10:c4:2a:18:8b:71:
59:09:2d:0f:04:89:f2:93:74:89:98:84:4c:5a:c5:
a0:16:5c:3a:f3:a7:bf:a4:3a:3d:d7:aa:aa:83:39:
f5:2d:de:5f:6c:80:ac:1c:37:de:d4:44:ed:23:8f:
a2:cc:3a:27:ba:fa:89:45:0a:9e:46:38:e2:65:34:
53:46:27:55:93:4e:69:ae:0a:ed:cb:c5:25:49:32:
9f:08:c0:b6:a4:d0:a1:0f:11:78:68:11:4f:7d:5c:
e9:a1:11:0b:58:ec:ad:4e:c9:e3:80:20:ae:a7:f8:
36:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:example.com
X509v3 CRL Distribution Points:
Full Name:
URI:http://example.com/validcrl.crl
X509v3 Authority Key Identifier:
ED:39:16:91:2E:01:B4:17:F3:33:62:53:D9:20:C4:63:25:C4:02:7D
X509v3 Subject Key Identifier:
ED:39:16:91:2E:01:B4:17:F3:33:62:53:D9:20:C4:63:25:C4:02:7D
X509v3 Extended Key Usage:
TLS Web Server Authentication
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
20:47:3f:fc:c2:68:8a:f7:de:a2:35:1b:4e:be:c6:e0:23:05:
91:2e:cd:b1:fb:7b:08:cc:d8:00:ad:a9:9e:73:6f:5d:a9:d1:
5e:d6:ca:af:d6:47:7b:a2:0f:66:e0:9e:ab:39:75:cc:ac:67:
3c:07:ea:c1:e9:be:b4:76:28:c1:66:33:1d:34:f3:af:0c:45:
5a:06:84:8d:22:ab:a4:a2:27:9e:61:e3:51:a0:df:fd:0b:1f:
9d:5b:81:f6:2c:c3:a0:cd:7f:77:20:d8:8d:73:f5:5b:10:bf:
ed:f4:81:ba:7b:8b:9b:51:bc:7d:ec:09:ef:83:04:cd:d6:a4:
3e:49:dc:e6:f4:76:01:5e:69:76:c5:1e:a6:29:b4:96:90:56:
66:25:6d:0d:81:ff:c2:2e:54:87:30:7e:d8:f8:a3:b8:01:a3:
4d:d1:38:7c:45:ac:78:22:25:5d:89:cf:b2:c8:b8:f2:d0:db:
60:26:3f:41:79:67:27:d1:43:14:e0:b7:0c:11:92:8d:4d:60:
13:f8:65:63:14:93:4a:75:bf:70:cd:da:51:d4:b4:46:ff:3c:
14:54:7a:45:11:ba:09:d9:35:67:13:f5:6b:08:ca:67:b0:8b:
73:98:da:49:ca:ea:ae:2c:ec:3a:1a:5a:68:90:35:97:67:96:
27:4f:c5:cc
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIEZe8LbzANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtl
eGFtcGxlLmNvbTAeFw0yNDAzMTExMzQ3MjdaFw0yNTAzMTExMzQ3MjdaMBYxFDAS
BgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAi7+m+Y3D7lOe+jmwEZ6l3B+BPXhAMyoCpgsxYAxVYA4kWu6tzKR4Q6ZdbDQj
lwXh1pYi6aQq4uHP5o7Ls+DzIwHfh1lqpNwohHZFxU133LCVz70D+aV/D4MCBhn2
hS2qUWNj/FKi+atTvl/QZWdNf1H0jO4XkHgg06IMl/rkFC9Yfa+ikRsE1Gcfcr3F
e70QxCoYi3FZCS0PBInyk3SJmIRMWsWgFlw686e/pDo916qqgzn1Ld5fbICsHDfe
1ETtI4+izDonuvqJRQqeRjjiZTRTRidVk05prgrty8UlSTKfCMC2pNChDxF4aBFP
fVzpoRELWOytTsnjgCCup/g2wwIDAQABo4GyMIGvMA4GA1UdDwEB/wQEAwIFoDAW
BgNVHREEDzANggtleGFtcGxlLmNvbTAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8v
ZXhhbXBsZS5jb20vdmFsaWRjcmwuY3JsMB8GA1UdIwQYMBaAFO05FpEuAbQX8zNi
U9kgxGMlxAJ9MB0GA1UdDgQWBBTtORaRLgG0F/MzYlPZIMRjJcQCfTATBgNVHSUE
DDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAQEAIEc//MJoivfeojUbTr7G
4CMFkS7Nsft7CMzYAK2pnnNvXanRXtbKr9ZHe6IPZuCeqzl1zKxnPAfqwem+tHYo
wWYzHTTzrwxFWgaEjSKrpKInnmHjUaDf/QsfnVuB9izDoM1/dyDYjXP1WxC/7fSB
unuLm1G8fewJ74MEzdakPknc5vR2AV5pdsUepim0lpBWZiVtDYH/wi5UhzB+2Pij
uAGjTdE4fEWseCIlXYnPssi48tDbYCY/QXlnJ9FDFOC3DBGSjU1gE/hlYxSTSnW/
cM3aUdS0Rv88FFR6RRG6Cdk1ZxP1awjKZ7CLc5jaScrqrizsOhpaaJA1l2eWJ0/F
zA==
-----END CERTIFICATE-----

0 comments on commit 38cfd72

Please sign in to comment.