ADDED maclibs/tls1.6.7/libtls1.6.7.dylib Index: maclibs/tls1.6.7/libtls1.6.7.dylib ================================================================== --- maclibs/tls1.6.7/libtls1.6.7.dylib +++ maclibs/tls1.6.7/libtls1.6.7.dylib cannot compute difference between binary files ADDED maclibs/tls1.6.7/pkgIndex.tcl Index: maclibs/tls1.6.7/pkgIndex.tcl ================================================================== --- maclibs/tls1.6.7/pkgIndex.tcl +++ maclibs/tls1.6.7/pkgIndex.tcl @@ -0,0 +1,1 @@ +package ifneeded tls 1.6.7 "[list source [file join $dir tls.tcl]] ; [list tls::initlib $dir libtls1.6.7.dylib]" ADDED maclibs/tls1.6.7/tls.tcl Index: maclibs/tls1.6.7/tls.tcl ================================================================== --- maclibs/tls1.6.7/tls.tcl +++ maclibs/tls1.6.7/tls.tcl @@ -0,0 +1,269 @@ +# +# Copyright (C) 1997-2000 Matt Newman +# +# $Header: /cvsroot/tls/tls/tls.tcl,v 1.14 2015/07/07 17:16:03 andreas_kupries Exp $ +# +namespace eval tls { + variable logcmd tclLog + variable debug 0 + + # Default flags passed to tls::import + variable defaults {} + + # Maps UID to Server Socket + variable srvmap + variable srvuid 0 + + # Over-ride this if you are using a different socket command + variable socketCmd + if {![info exists socketCmd]} { + set socketCmd [info command ::socket] + } +} + +proc tls::initlib {dir dll} { + # Package index cd's into the package directory for loading. + # Irrelevant to unixoids, but for Windows this enables the OS to find + # the dependent DLL's in the CWD, where they may be. + set cwd [pwd] + catch {cd $dir} + if {[string equal $::tcl_platform(platform) "windows"] && + ![string equal [lindex [file system $dir] 0] "native"]} { + # If it is a wrapped executable running on windows, the openssl + # dlls must be copied out of the virtual filesystem to the disk + # where Windows will find them when resolving the dependency in + # the tls dll. We choose to make them siblings of the executable. + package require starkit + set dst [file nativename [file dirname $starkit::topdir]] + foreach sdll [glob -nocomplain -directory $dir -tails *eay32.dll] { + catch {file delete -force $dst/$sdll} + catch {file copy -force $dir/$sdll $dst/$sdll} + } + } + set res [catch {uplevel #0 [list load [file join [pwd] $dll]]} err] + catch {cd $cwd} + if {$res} { + namespace eval [namespace parent] {namespace delete tls} + return -code $res $err + } + rename tls::initlib {} +} + +# +# Backwards compatibility, also used to set the default +# context options +# +proc tls::init {args} { + variable defaults + + set defaults $args +} +# +# Helper function - behaves exactly as the native socket command. +# +proc tls::socket {args} { + variable socketCmd + variable defaults + set idx [lsearch $args -server] + if {$idx != -1} { + set server 1 + set callback [lindex $args [expr {$idx+1}]] + set args [lreplace $args $idx [expr {$idx+1}]] + + set usage "wrong # args: should be \"tls::socket -server command ?options? port\"" + set options "-cadir, -cafile, -certfile, -cipher, -command, -dhparams, -keyfile, -myaddr, -password, -request, -require, -servername, -ssl2, -ssl3, -tls1, -tls1.1 or -tls1.2" + } else { + set server 0 + + set usage "wrong # args: should be \"tls::socket ?options? host port\"" + set options "-async, -cadir, -cafile, -certfile, -cipher, -command, -dhparams, -keyfile, -myaddr, -myport, -password, -request, -require, -servername, -ssl2, -ssl3, -tls1, -tls1.1 or -tls1.2" + } + set argc [llength $args] + set sopts {} + set iopts [concat [list -server $server] $defaults] ;# Import options + + for {set idx 0} {$idx < $argc} {incr idx} { + set arg [lindex $args $idx] + switch -glob -- $server,$arg { + 0,-async {lappend sopts $arg} + 0,-myport - + *,-type - + *,-myaddr {lappend sopts $arg [lindex $args [incr idx]]} + *,-cadir - + *,-cafile - + *,-certfile - + *,-cipher - + *,-command - + *,-dhparams - + *,-keyfile - + *,-password - + *,-request - + *,-require - + *,-servername - + *,-ssl2 - + *,-ssl3 - + *,-tls1 - + *,-tls1.1 - + *,-tls1.2 {lappend iopts $arg [lindex $args [incr idx]]} + -* {return -code error "bad option \"$arg\": must be one of $options"} + default {break} + } + } + if {$server} { + if {($idx + 1) != $argc} { + return -code error $usage + } + set uid [incr ::tls::srvuid] + + set port [lindex $args [expr {$argc-1}]] + lappend sopts $port + #set sopts [linsert $sopts 0 -server $callback] + set sopts [linsert $sopts 0 -server [list tls::_accept $iopts $callback]] + #set sopts [linsert $sopts 0 -server [list tls::_accept $uid $callback]] + } else { + if {($idx + 2) != $argc} { + return -code error $usage + } + set host [lindex $args [expr {$argc-2}]] + set port [lindex $args [expr {$argc-1}]] + lappend sopts $host $port + } + # + # Create TCP/IP socket + # + set chan [eval $socketCmd $sopts] + if {!$server && [catch { + # + # Push SSL layer onto socket + # + eval [list tls::import] $chan $iopts + } err]} { + set info ${::errorInfo} + catch {close $chan} + return -code error -errorinfo $info $err + } + return $chan +} + +# tls::_accept -- +# +# This is the actual accept that TLS sockets use, which then calls +# the callback registered by tls::socket. +# +# Arguments: +# iopts tls::import opts +# callback server callback to invoke +# chan socket channel to accept/deny +# ipaddr calling IP address +# port calling port +# +# Results: +# Returns an error if the callback throws one. +# +proc tls::_accept { iopts callback chan ipaddr port } { + log 2 [list tls::_accept $iopts $callback $chan $ipaddr $port] + + set chan [eval [list tls::import $chan] $iopts] + + lappend callback $chan $ipaddr $port + if {[catch { + uplevel #0 $callback + } err]} { + log 1 "tls::_accept error: ${::errorInfo}" + close $chan + error $err $::errorInfo $::errorCode + } else { + log 2 "tls::_accept - called \"$callback\" succeeded" + } +} +# +# Sample callback for hooking: - +# +# error +# verify +# info +# +proc tls::callback {option args} { + variable debug + + #log 2 [concat $option $args] + + switch -- $option { + "error" { + foreach {chan msg} $args break + + log 0 "TLS/$chan: error: $msg" + } + "verify" { + # poor man's lassign + foreach {chan depth cert rc err} $args break + + array set c $cert + + if {$rc != "1"} { + log 1 "TLS/$chan: verify/$depth: Bad Cert: $err (rc = $rc)" + } else { + log 2 "TLS/$chan: verify/$depth: $c(subject)" + } + if {$debug > 0} { + return 1; # FORCE OK + } else { + return $rc + } + } + "info" { + # poor man's lassign + foreach {chan major minor state msg} $args break + + if {$msg != ""} { + append state ": $msg" + } + # For tracing + upvar #0 tls::$chan cb + set cb($major) $minor + + log 2 "TLS/$chan: $major/$minor: $state" + } + default { + return -code error "bad option \"$option\":\ + must be one of error, info, or verify" + } + } +} + +proc tls::xhandshake {chan} { + upvar #0 tls::$chan cb + + if {[info exists cb(handshake)] && \ + $cb(handshake) == "done"} { + return 1 + } + while {1} { + vwait tls::${chan}(handshake) + if {![info exists cb(handshake)]} { + return 0 + } + if {$cb(handshake) == "done"} { + return 1 + } + } +} + +proc tls::password {} { + log 0 "TLS/Password: did you forget to set your passwd!" + # Return the worlds best kept secret password. + return "secret" +} + +proc tls::log {level msg} { + variable debug + variable logcmd + + if {$level > $debug || $logcmd == ""} { + return + } + set cmd $logcmd + lappend cmd $msg + uplevel #0 $cmd +} + DELETED scriptlibs/softwareupdate/curl/BUILD-HOMEPAGE.url Index: scriptlibs/softwareupdate/curl/BUILD-HOMEPAGE.url ================================================================== --- scriptlibs/softwareupdate/curl/BUILD-HOMEPAGE.url +++ scriptlibs/softwareupdate/curl/BUILD-HOMEPAGE.url @@ -1,2 +0,0 @@ -[InternetShortcut] -URL=https://github.com/vszakats/harbour-deps DELETED scriptlibs/softwareupdate/curl/BUILD-README.txt Index: scriptlibs/softwareupdate/curl/BUILD-README.txt ================================================================== --- scriptlibs/softwareupdate/curl/BUILD-README.txt +++ scriptlibs/softwareupdate/curl/BUILD-README.txt @@ -1,10 +0,0 @@ -Visit the project page for details about these builds and the list of changes: - - https://github.com/vszakats/harbour-deps - -Please donate to support maintaining these builds: - - PayPal: - https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=2DZM6WAGRJWT6 - -Thank you! DELETED scriptlibs/softwareupdate/curl/CHANGES.txt Index: scriptlibs/softwareupdate/curl/CHANGES.txt ================================================================== --- scriptlibs/softwareupdate/curl/CHANGES.txt +++ scriptlibs/softwareupdate/curl/CHANGES.txt @@ -1,6057 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - Changelog - -Version 7.53.1 (24 Feb 2017) - -Daniel Stenberg (24 Feb 2017) -- release: 7.53.1 - -- Revert "tests: use consistent environment variables for setting charset" - - This reverts commit ecd1d020abdae3c3ce3643ddab3106501e62e7c0. - - That commit caused test failures on my Debian Linux machine for all - changed test cases. We need to reconsider how that should get done. - -Dan Fandrich (23 Feb 2017) -- tests: use consistent environment variables for setting charset - - Character set in POSIX is set by the locale defined (in decreasing order - of precedence) by the LC_ALL, LC_CTYPE and LANG environment variables (I - believe CHARSET is only historic). LC_ALL is cleared to ensure that - LC_CTYPE takes effect, but LC_ALL is not used to set the locale to - ensure that other parts of the locale aren't overriden, if set. Since - there doesn't seem to be a cross-platform way of specifying a UTF-8 - locale, and not all systems may support UTF-8, a is used - (where relevant) to skip the test if UTF-8 isn't in use. Test 1035 was - also converted to UTF-8 for consistency, as the actual character set - used there is irrelevant to the test. - -Jay Satiro (23 Feb 2017) -- url: Default the CA proxy bundle location to CURL_CA_BUNDLE - - If the compile-time CURL_CA_BUNDLE location is defined use it as the - default value for the proxy CA bundle location, which is the same as - what we already do for the regular CA bundle location. - - Ref: https://github.com/curl/curl/pull/1257 - -Daniel Stenberg (23 Feb 2017) -- [Sergii Pylypenko brought this change] - - rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header - - Closes #1285 - -- TODO: "OPTIONS *" - - Closes #1280 - -- RELEASE-NOTES: synced with 443e5b03a7d441 - -- THANKS-filter: shachaf - -- [İsmail Dönmez brought this change] - - tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047 - - Closes #1283 - Fixes #1277 - -- bump: 7.53.1 coming up - - synced with df665f4df0f7a352 - -- formdata: check for EOF when reading from stdin - - Reported-by: shachaf@users.noreply.github.com - - Fixes #1281 - -Jay Satiro (22 Feb 2017) -- docs: gitignore curl.1 - - curl.1 is generated by the cmdline-opts script since 4c49b83. - -Daniel Stenberg (22 Feb 2017) -- TODO: HTTP Digest using SHA-256 - -- TODO: brotli is deployed widely now - -Jay Satiro (21 Feb 2017) -- [Viktor Szakats brought this change] - - urldata: include curl_sspi.h when Windows SSPI is enabled - - f77dabe broke builds in Windows using Windows SSPI but not Windows SSL. - - Bug: https://github.com/curl/curl/issues/1276 - Reported-by: jveazey@users.noreply.github.com - -- url: Improve CURLOPT_PROXY_CAPATH error handling - - - Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option - is not supported, which is the same as what we already do for - CURLOPT_CAPATH. - - - Change the curl tool to handle CURLOPT_PROXY_CAPATH error - CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the - same as what we already do for CURLOPT_CAPATH. - - - Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the - respective CAPATH option is not supported by the SSL library. - - Ref: https://github.com/curl/curl/pull/1257 - -- cyassl: fix typo - -Version 7.53.0 (22 Feb 2017) - -Daniel Stenberg (22 Feb 2017) -- release: 7.53.0 - -- cookie: fix declaration of 'dup' shadows a global declaration - -- TLS: make SSL_VERIFYSTATUS work again - - The CURLOPT_SSL_VERIFYSTATUS option was not properly handled by libcurl - and thus even if the status couldn't be verified, the connection would - be allowed and the user would not be told about the failed verification. - - Regression since cb4e2be7c6d42ca - - CVE-2017-2629 - Bug: https://curl.haxx.se/docs/adv_20170222.html - - Reported-by: Marcus Hoffmann - -Jay Satiro (21 Feb 2017) -- digest_sspi: Handle 'stale=TRUE' directive in HTTP digest - - - If the server has provided another challenge use it as the replacement - input token if stale=TRUE. Otherwise previous credentials have failed - so return CURLE_LOGIN_DENIED. - - Prior to this change the stale directive was ignored and if another - challenge was received it would cause error CURLE_BAD_CONTENT_ENCODING. - - Ref: https://tools.ietf.org/html/rfc2617#page-10 - - Bug: https://github.com/curl/curl/issues/928 - Reported-by: tarek112@users.noreply.github.com - -Daniel Stenberg (20 Feb 2017) -- smb: use getpid replacement for windows UWP builds - - Source: https://github.com/Microsoft/vcpkg/blob/7676b8780db1e1e591c4fc7eba4f96f73c428cb4/ports/curl/0002_fix_uwp.patch - -- TODO: CURLOPT_RESOLVE for any port number - - Closes #1264 - -- RELEASE-NOTES: synced with af30f1152d43dcdb - -- [Jean Gressmann brought this change] - - sftp: improved checks for create dir failures - - Since negative values are errors and not only -1. This makes SFTP upload - with --create-dirs work (again). - - Closes #1269 - -Jay Satiro (20 Feb 2017) -- [Max Khon brought this change] - - digest_sspi: Fix nonce-count generation in HTTP digest - - - on the first invocation: keep security context returned by - InitializeSecurityContext() - - - on subsequent invocations: use MakeSignature() instead of - InitializeSecurityContext() to generate HTTP digest response - - Bug: https://github.com/curl/curl/issues/870 - Reported-by: Andreas Roth - - Closes https://github.com/curl/curl/pull/1251 - -- examples/multi-uv: checksrc compliance - -Michael Kaufmann (19 Feb 2017) -- string formatting: fix 4 printf-style format strings - -Dan Fandrich (18 Feb 2017) -- tests: removed the obsolete name parameter - -Michael Kaufmann (18 Feb 2017) -- speed caps: update the timeouts if the speed is too low/high - - Follow-up to 4b86113 - - Fixes https://github.com/curl/curl/issues/793 - Fixes https://github.com/curl/curl/issues/942 - -- docs: fix timeout handling in multi-uv example - -- proxy: fix hostname resolution and IDN conversion - - Properly resolve, convert and log the proxy host names. - Support the "--connect-to" feature for SOCKS proxies and for passive FTP - data transfers. - - Follow-up to cb4e2be - - Reported-by: Jay Satiro - Fixes https://github.com/curl/curl/issues/1248 - -Jay Satiro (17 Feb 2017) -- [Isaac Boukris brought this change] - - http: fix missing 'Content-Length: 0' while negotiating auth - - - While negotiating auth during PUT/POST if a user-specified - Content-Length header is set send 'Content-Length: 0'. - - This is what we do already in HTTPREQ_POST_FORM and what we did in the - HTTPREQ_POST case (regression since afd288b). - - Prior to this change no Content-Length header would be sent in such a - case. - - Bug: https://curl.haxx.se/mail/lib-2017-02/0006.html - Reported-by: Dominik Hölzl - - Closes https://github.com/curl/curl/pull/1242 - -Daniel Stenberg (16 Feb 2017) -- [Simon Warta brought this change] - - winbuild: add note on auto-detection of MACHINE in Makefile.vc - - Closes #1265 - -- RELEASE-PROCEDURE: update the upcoming release calendar - -- TODO: consider file name from the redirected URL with -O ? - - It isn't easily solved, but with some thinking someone could probably - come up with a working approach? - - Closes #1241 - -Jay Satiro (15 Feb 2017) -- tool_urlglob: Allow a glob range with the same start and stop - - For example allow ranges like [1-1] and [a-a] etc. - - Regression since 5ca96cb. - - Bug: https://github.com/curl/curl/issues/1238 - Reported-by: R. Dennis Steed - -Daniel Stenberg (15 Feb 2017) -- axtls: adapt to API changes - - Builds with axTLS 2.1.2. This then also breaks compatibility with axTLS - < 2.1.0 (the older API) - - ... and fix the session_id mixup brought in 04b4ee549 - - Fixes #1220 - -- RELEASE-NOTES: synced with 690935390c29c - -- [Nick Draffen brought this change] - - curl: fix typo in time condition warning message - - The warning message had a typo. The argument long form is --time-cond - not --timecond - - Closes #1263 - -- smb: code indent - -Jay Satiro (14 Feb 2017) -- configure: Allow disabling pthreads, fall back on Win32 threads - - When the threaded resolver option is specified for configure the default - thread library is pthreads. This change makes it possible to - --disable-pthreads and then configure can fall back on Win32 threads for - native Windows builds. - - Closes https://github.com/curl/curl/pull/1260 - -Daniel Stenberg (13 Feb 2017) -- http2: fix memory-leak when denying push streams - - Reported-by: zelinchen@users.noreply.github.com - Fixes #1229 - -Jay Satiro (11 Feb 2017) -- tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT - - When CURLE_SSL_CACERT occurs the tool shows a lengthy error message to - the user explaining possible solutions such as --cacert and --insecure. - - This change appends to that message similar options --proxy-cacert and - --proxy-insecure when there's a specified HTTPS proxy. - - Closes https://github.com/curl/curl/issues/1258 - -Daniel Stenberg (10 Feb 2017) -- cmdline-opts/page-footer: ftp.sunet.se is no longer an FTP mirror - -- URL: only accept ";options" in SMTP/POP3/IMAP URL schemes - - Fixes #1252 - -Jay Satiro (9 Feb 2017) -- cmdline-opts/socks*: Mention --preproxy in --socks* opts - - - Document in --socks* opts they're still mutually exclusive of --proxy. - - Partial revert of 423a93c; I had misinterpreted the SOCKS proxy + - HTTP/HTTPS proxy combination. - - - Document in --socks* opts that --preproxy can be used to specify a - SOCKS proxy at the same time --proxy is used with an HTTP/HTTPS proxy. - -Daniel Stenberg (9 Feb 2017) -- CURLOPT_SSL_VERIFYPEER.3: also the https proxy version - -Kamil Dudka (9 Feb 2017) -- nss: make FTPS work with --proxytunnel - - If the NSS code was in the middle of a non-blocking handshake and it - was asked to finish the handshake in blocking mode, it unexpectedly - continued in the non-blocking mode, which caused a FTPS connection - over CONNECT to fail with "(81) Socket not ready for send/recv". - - Bug: https://bugzilla.redhat.com/1420327 - -Daniel Stenberg (9 Feb 2017) -- examples/multithread.c: link to our multi-thread docs - - ... instead of the OpenSSL mutex page. - -- http_proxy: avoid freeing static memory - - Follow up to 7fe81ec298e0: make sure 'host' is either NULL or malloced. - -- [Cameron MacMinn brought this change] - - http_proxy: Fix tiny memory leak upon edge case connecting to proxy - - Fixes #1255 - -Michael Kaufmann (8 Feb 2017) -- polarssl, mbedtls: Fix detection of pending data - - Reported-by: Dan Fandrich - Bug: https://curl.haxx.se/mail/lib-2017-02/0032.html - -Dan Fandrich (7 Feb 2017) -- test1139: Added the --manual keyword since the manual is required - -Daniel Stenberg (7 Feb 2017) -- RELEASE-NOTES: synced with 102454459dd688c - -- THANKS-filter: polish some recent contributors - -- http2: reset push header counter fixes crash - - When removing an easy handler from a multi before it completed its - transfer, and it had pushed streams, it would segfault due to the pushed - counted not being cleared. - - Fixed-by: zelinchen@users.noreply.github.com - Fixes #1249 - -- [Markus Westerlind brought this change] - - transfer: only retry nobody-requests for HTTP - - Using sftp to delete a file with CURLOPT_NOBODY set with a reused - connection would fail as curl expected to get some data. Thus it would - retry the command again which fails as the file has already been - deleted. - - Fixes #1243 - -Jay Satiro (7 Feb 2017) -- [Daniel Gustafsson brought this change] - - telnet: Fix typos - - Ref: https://github.com/curl/curl/pull/1245 - -- [Daniel Gustafsson brought this change] - - test552: Fix typos - - Closes https://github.com/curl/curl/pull/1245 - -- [Daniel Gustafsson brought this change] - - darwinssl: Avoid parsing certificates when not in verbose mode - - The information extracted from the server certificates in step 3 is only - used when in verbose mode, and there is no error handling or validation - performed as that has already been done. Only run the certificate - information extraction when in verbose mode and libcurl was built with - verbose strings. - - Closes https://github.com/curl/curl/pull/1246 - -- [JDepooter brought this change] - - schannel: Remove incorrect SNI disabled message - - - Remove the SNI disabled when host verification disabled message - since that is incorrect. - - - Show a message for legacy versions of Windows <= XP that connections - may fail since those versions of WinSSL lack SNI, algorithms, etc. - - Bug: https://github.com/curl/curl/pull/1240 - -Daniel Stenberg (7 Feb 2017) -- CHANGES: spell fix, use correct path to script - -- CHANGES.0: removed - - This is the previously manually edited changelog, not touched since Aug - 2015. Still present in git for those who wants it. - -Dan Fandrich (6 Feb 2017) -- cmdline-opts: Fixed build and test in out of source tree builds - -Viktor Szakats (6 Feb 2017) -- use *.sourceforge.io and misc URL updates - - Ref: https://sourceforge.net/blog/introducing-https-for-project-websites/ - Closes: https://github.com/curl/curl/pull/1247 - -Jay Satiro (6 Feb 2017) -- docs: Add more HTTPS proxy documentation - - - Document HTTPS proxy type. - - - Document --write-out %{proxy_ssl_verify_result}. - - - Document SOCKS proxy + HTTP/HTTPS proxy combination. - - HTTPS proxy support was added in 7.52.0 for OpenSSL, GnuTLS and NSS. - - Ref: https://github.com/curl/curl/commit/cb4e2be - -- OS400: Fix symbols - - - s/CURLOPT_SOCKS_PROXY/CURLOPT_PRE_PROXY - Follow-up to 7907a2b and 845522c. - - - Fix incorrect id for CURLOPT_PROXY_PINNEDPUBLICKEY. - - - Add id for CURLOPT_ABSTRACT_UNIX_SOCKET. - - Bug: https://github.com/curl/curl/issues/1237 - Reported-by: jonrumsey@users.noreply.github.com - -- [Sean Burford brought this change] - - cmake: Support curl --xattr when built with cmake - - - Test for and set HAVE_FSETXATTR when support for extended file - attributes is present. - - Closes https://github.com/curl/curl/pull/1176 - -- [Adam Langley brought this change] - - openssl: Don't use certificate after transferring ownership - - SSL_CTX_add_extra_chain_cert takes ownership of the given certificate - while, despite the similar name, SSL_CTX_add_client_CA does not. Thus - it's best to call SSL_CTX_add_client_CA before - SSL_CTX_add_extra_chain_cert, while the code still has ownership of the - argument. - - Closes https://github.com/curl/curl/pull/1236 - -Daniel Stenberg (29 Jan 2017) -- [Antoine Aubert brought this change] - - mbedtls: implement CTR-DRBG and HAVEGE random generators - - closes #1227 - -- docs: we no longer ship HTML versions of man pages - - ... refer to the web site for the web versions. - -- [railsnewbie257 brought this change] - - docs: proofread README.netware README.win32 - - Closes #1231 - -- RELEASE-NOTES; synced with ab08d82648 - -Michael Kaufmann (28 Jan 2017) -- mbedtls: disable TLS session tickets - - SSL session reuse with TLS session tickets is not supported yet. - Use SSL session IDs instead. - - See https://github.com/curl/curl/issues/1109 - -- gnutls: disable TLS session tickets - - SSL session reuse with TLS session tickets is not supported yet. - Use SSL session IDs instead. - - Fixes https://github.com/curl/curl/issues/1109 - -- polarssl: fix hangs - - This bugfix is similar to commit c111178bd4. - -Daniel Stenberg (27 Jan 2017) -- cookies: do not assume a valid domain has a dot - - This repairs cookies for localhost. - - Non-PSL builds will now only accept "localhost" without dots, while PSL - builds okeys everything not listed as PSL. - - Added test 1258 to verify. - - This was a regression brought in a76825a5efa6b4 - -- TODO: remove "Support TLS v1.3" - - Support is trickling in already. - -- [railsnewbie257 brought this change] - - INTERNALS.md: language improvements - - Closes #1226 - -- telnet: fix windows compiler warnings - - Thumbs-up-by: Jay Satiro - - Closes #1225 - -- VC: remove the makefile.vc6 build infra - - The winbuild/ build files is now the single MSVC makefile build choice. - - Closes #1215 - -- [Jay Satiro brought this change] - - cmdline-opts/gen.pl: Open input files in CRLF mode - - On Windows it's possible to have input files with CRLF line endings and - a perl that defaults to LF line endings (eg msysgit). Currently that - results in generator output of mixed line endings of CR, LF and CRLF. - - This change fixes that issue in the most succinct way by opening the - files in :crlf text mode even when the perl being used does not default - to that mode. (On operating systems that don't have a separate text mode - it's essentially a no-op.) The output continues to be in the perl's - native line ending. - -- docs/curl.1: generate from the cmdline-opts script - -- vtls: source indentation fix - -- contri*.sh: cut off parentheses from names too - -- RELEASE-NOTES: synced with 01ab7c30bba6f - -- vtls: fix PolarSSL non-blocking handling - - A regression brought in cb4e2be - - Reported-by: Michael Kaufmann - Bug: https://github.com/curl/curl/issues/1174#issuecomment-274018791 - -- [Antoine Aubert brought this change] - - vtls: fix mbedtls multi non blocking handshake. - - When using multi, mbedtls handshake is in non blocking mode. vtls must - set wait for read/write flags for the socket. - - Closes #1223 - -- [Richy Kim brought this change] - - CURLOPT_BUFFERSIZE: support enlarging receive buffer - - Replace use of fixed macro BUFSIZE to define the size of the receive - buffer. Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive - buffer size. Upon setting, resize buffer if larger than the current - default size up to a MAX_BUFSIZE (512KB). This can benefit protocols - like SFTP. - - Closes #1222 - -- sws: use SOCKERRNO, not errno - - Reported-by: Gisle Vanem - -Michael Kaufmann (19 Jan 2017) -- KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted - - This has been implemented with commit 9ad034e. - -Viktor Szakats (19 Jan 2017) -- *.rc: escape non-ASCII/non-UTF-8 character for clarity - - Closes https://github.com/curl/curl/pull/1217 - -Kamil Dudka (19 Jan 2017) -- docs: non-blocking SSL handshake is now supported with NSS - - Implemented since curl-7_36_0-130-g8868a22 - - Reported-by: Fahim Chandurwala - -Michael Kaufmann (18 Jan 2017) -- CURLOPT_CONNECT_TO: Fix compile warnings - - Fix compile warnings that appeared only when curl has been configured - with '--disable-verbose'. - -Daniel Stenberg (18 Jan 2017) -- usercertinmem.c: improve the short description - -- parseurl: move back buffer to function scope - - Regression since 1d4202ad, which moved the buffer into a more narrow - scope, but the data in that buffer was used outside of that more narrow - scope. - - Reported-by: Dan Fandrich - Bug: https://curl.haxx.se/mail/lib-2017-01/0093.html - -Jay Satiro (17 Jan 2017) -- openssl: Fix random generation - - - Fix logic error in Curl_ossl_random. - - Broken a few days ago in 807698d. - -Daniel Stenberg (17 Jan 2017) -- TODO: share OpenSSL contexts - - By supporting this, subsequent connects would load a lot less data from - disk. - - Closes #1110 - -- bump: next release will be 7.53.0 - -Kamil Dudka (15 Jan 2017) -- nss: use the correct lock in nss_find_slot_by_name() - -Alessandro Ghedini (15 Jan 2017) -- http2: disable server push if not requested - - Ref: https://github.com/curl/curl/pull/1160 - -Daniel Stenberg (14 Jan 2017) -- [railsnewbie257 brought this change] - - docs: improved language in README.md HISTORY.md CONTRIBUTE.md - - Closes #1211 - -Alessandro Ghedini (14 Jan 2017) -- http: print correct HTTP string in verbose output when using HTTP/2 - - Before: - ``` - % src/curl https://sigsegv.ninja/ -v --http2 - ... - > GET / HTTP/1.1 - > Host: sigsegv.ninja - > User-Agent: curl/7.52.2-DEV - > Accept: */* - > - ... - ``` - - After: - ``` - % src/curl https://sigsegv.ninja/ -v --http2 - ... - > GET / HTTP/2 - > Host: sigsegv.ninja - > User-Agent: curl/7.52.2-DEV - > Accept: */* - > - ``` - -Daniel Stenberg (14 Jan 2017) -- TODO: send only part of --data - - Closes #1200 - -- TODO: implemened "--fail-fast to exit on first transfer fail" - - Even though it is called --fail-early - -- TODO: Chunked transfer multipart formpost - - Closes #1139 - -- TODO: Improve formpost API, not just add an easy argument - -- addrinfo: fix compiler warning on offsetof() use - - curl_addrinfo.c:519:20: error: conversion to ‘curl_socklen_t {aka - unsigned int}’ from ‘long unsigned int’ may alter its value - [-Werror=conversion] - - Follow-up to 1d786faee1046f - -- THANKS-filter: Jiri Malak - -- RELEASE-NOTES: synced with a7c73ae309c - -Peter Wu (13 Jan 2017) -- [Isaac Boukris brought this change] - - unix_socket: add support for abstract unix domain socket - - In addition to unix domain sockets, Linux also supports an - abstract namespace which is independent of the filesystem. - - In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET - option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH - internally, along with a flag to specify abstract socket. - - On non-supporting platforms, the abstract address will be - interpreted as an empty string and fail gracefully. - - Also add new --abstract-unix-socket tool parameter. - - Signed-off-by: Isaac Boukris - Reported-by: Chungtsun Li (typeless) - Reviewed-by: Daniel Stenberg - Reviewed-by: Peter Wu - Closes #1197 - Fixes #1061 - -Daniel Stenberg (13 Jan 2017) -- write-out.d: 'time_total' is not always shown with ms precision - - We have higher resolution since 7.52.0 - -- next.d: --trace and --trace-ascii are also global - -- [Isaac Boukris brought this change] - - curl: reset the easy handle at --next - - So that only "global" options (verbose mostly) survive into the next - transfer, and the others have to be set again unless default is fine. - -- [Frank Gevaerts brought this change] - - docs: Add note about libcurl copying strings to CURLOPT_* manpages - - Closes #1169 - -- [Frank Gevaerts brought this change] - - CURLOPT_PREQUOTE.3: takes a struct curl_slist*, not a char* - -- IDN: Use TR46 non-transitional - - Assisted-by: Tim Rühsen - -- IDN: revert use of the transitional option - - It made the german ß get converted to ss, IDNA2003 style, and we can't - have that for the .de TLD - a primary reason for our switch to IDNA2008. - - Test 165 verifies. - -- [Tim Rühsen brought this change] - - IDN: Fix compile time detection of linidn2 TR46 - - Follow-up to f30cbcac1 - - Closes #1207 - -- [ERAMOTO Masaya brought this change] - - url: --noproxy option overrides NO_PROXY environment variable - - Under condition using http_proxy env var, noproxy list was the - combination of --noproxy option and NO_PROXY env var previously. Since - this commit, --noproxy option overrides NO_PROXY environment variable - even if use http_proxy env var. - - Closes #1140 - -- [ERAMOTO Masaya brought this change] - - url: Refactor detect_proxy() - - If defined CURL_DISABLE_HTTP, detect_proxy() returned NULL. If not - defined CURL_DISABLE_HTTP, detect_proxy() checked noproxy list. - - Thus refactor to set proxy to NULL instead of calling detect_proxy() if - define CURL_DISABLE_HTTP, and refactor to call detect_proxy() if not - define CURL_DISABLE_HTTP and the host is not in the noproxy list. - -- [ERAMOTO Masaya brought this change] - - url: Fix NO_PROXY env var to work properly with --proxy option. - - The combination of --noproxy option and http_proxy env var works well - both for proxied hosts and non-proxied hosts. - - However, when combining NO_PROXY env var with --proxy option, - non-proxied hosts are not reachable while proxied host is OK. - - This patch allows us to access non-proxied hosts even if using NO_PROXY - env var with --proxy option. - -- [Tim Rühsen brought this change] - - IDN: Use TR46 'transitional' for toASCII translations - - References: http://unicode.org/faq/idn.html - http://unicode.org/reports/tr46 - - Closes #1206 - -- [railsnewbie257 brought this change] - - docs: FAQ MAIL-ETIQUETTE language fixes - - Closes #1194 - -- [Marcus Hoffmann brought this change] - - gnutls: check for alpn and ocsp in configure - - Check for presence of gnutls_alpn_* and gnutls_ocsp_* functions during - configure instead of relying on the version number. GnuTLS has options - to turn these features off and we ca just work with with such builds - like we work with older versions. - - Signed-off-by: Marcus Hoffmann - - Closes #1204 - -Jay Satiro (12 Jan 2017) -- url: Fix parsing for when 'file' is the default protocol - - Follow-up to 3463408. - - Prior to 3463408 file:// hostnames were silently stripped. - - Prior to this commit it did not work when a schemeless url was used with - file as the default protocol. - - Ref: https://curl.haxx.se/mail/lib-2016-11/0081.html - Closes https://github.com/curl/curl/pull/1124 - - Also fix for drive letters: - - - Support --proto-default file c:/foo/bar.txt - - - Support file://c:/foo/bar.txt - - - Fail when a file:// drive letter is detected and not MSDOS/Windows. - - Bug: https://github.com/curl/curl/issues/1187 - Reported-by: Anatol Belski - Assisted-by: Anatol Belski - -Daniel Stenberg (12 Jan 2017) -- rand: make it work without TLS backing - - Regression introduced in commit f682156a4fc6c4 - - Reported-by: John Kohl - Bug: https://curl.haxx.se/mail/lib-2017-01/0055.html - -Jay Satiro (12 Jan 2017) -- STARTTLS: Don't print response character in denied messages - - Both IMAP and POP3 response characters are used internally, but when - appended to the STARTTLS denial message likely could confuse the user. - - Closes https://github.com/curl/curl/pull/1203 - -- smtp: Fix STARTTLS denied error message - - - Format the numeric denial code as an integer instead of a character. - -Daniel Stenberg (11 Jan 2017) -- http2_send: avoid unsigned integer wrap around - - ... when checking for a too large request. - -Jay Satiro (9 Jan 2017) -- [Jiri Malak brought this change] - - cmake: Fix passing _WINSOCKAPI_ macro to compiler - - Define _WINSOCKAPI_ blank rather than to 1 in order to match the value - used by Microsoft's winsock header files. - - Closes https://github.com/curl/curl/pull/1195 - -Daniel Stenberg (9 Jan 2017) -- sws: retry send() on EWOULDBLOCK - - Fixes spurious test 1060 and 1061 failures on OpenBSD, Solaris and more. - - Bug: https://curl.haxx.se/mail/lib-2017-01/0009.html - Reported-by: Christian Weisgerber - -- RELEASE-NOTES: synced with a41e8592d6b3e58 - -- examples: make the C++ examples follow our code style too - - At least mostly, not counting // comments. - -- [Aulddays brought this change] - - asiohiper: improved socket handling - - libcurl requires CURLMOPT_SOCKETFUNCTION to KEEP watching socket events - and notify back. Modify event_cb() to continue watching events when - fired. - - Fixes #1191 - Closes #1192 - Fixed-by: Mingliang Zhu - -- [Jiří Malák brought this change] - - lib506: fix build for Open Watcom - - Rename symbol lock to locks to not clash with OW CRTL function name. - - Closes #1196 - -- ROADMAP: 2017 cleanup - - Removed items already fixed, clarified a few others. - -- COPYING: update the generic copyright year range - -- docs/silent: mention --show-error in --silent description - - Reported in #1190 - Reported-by: Dan Jacobson - -- docs/page-header: mention how to disable the progress meter - - curl.1 is regenerated - - Fixes #1190 - -Dan Fandrich (7 Jan 2017) -- wolfssl: display negotiated SSL version and cipher - -- wolfssl: support setting cipher list - -Patrick Monnerat (6 Jan 2017) -- CIPHERS.md: document GSKit ciphers - -Jay Satiro (5 Jan 2017) -- [peterpih brought this change] - - TheArtOfHttpScripting: grammar - -Nick Zitzmann (3 Jan 2017) -- darwinssl: --insecure overrides --cacert if both settings are in use - - Fixes #1184 - -Jay Satiro (2 Jan 2017) -- docs/libcurl: TCP_KEEPALIVE start and interval default to 60 - - Since the TCP keep-alive options were added in 705f0f7 the start and - interval default values have been 60, but that wasn't documented. - - Bug: https://curl.haxx.se/mail/lib-2017-01/0000.html - Reported-by: Praveen Pvs - -Daniel Stenberg (29 Dec 2016) -- curl.h: CURLE_FUNCTION_NOT_FOUND is no longer in use - - This error code was once introduced when some library was dynamically - loaded and a funciton within said library couldn't be found. - -- content_encoding: change return code on a failure - - Failure to decompress is now a write error instead of the weird - "function not found". - -- page-footer: error 36 is protocol agnostic! - -Jay Satiro (28 Dec 2016) -- tool_operate: Fix --remote-time incorrect times on Windows - - - Use Windows API SetFileTime to set the file time instead of utime. - - Avoid utime on Windows if possible because it may apply a daylight - saving time offset to our UTC file time. - - Bug: https://curl.haxx.se/mail/archive-2016-11/0033.html - Reported-by: Tim - - Closes https://github.com/curl/curl/pull/1121 - -Daniel Stenberg (29 Dec 2016) -- [Max Khon brought this change] - - digest_sspi: copy terminating NUL as well - - Curl_auth_decode_digest_http_message(): copy terminating NUL as later - Curl_override_sspi_http_realm() expects a NUL-terminated string. - - Fixes #1180 - -- curl_formadd.3: CURLFORM_CONTENTSLENGTH not needed when chunked - - Mentioned in #1013 - -- [Kyselgov E.N brought this change] - - cmake: use crypt32.lib when building with OpenSSL on windows - - Reviewed-by: Peter Wu - Closes #1149 - Fixes #1147 - -- [Chris Araman brought this change] - - darwinssl: fix CFArrayRef leak - - Reviewed-by: Nick Zitzmann - Closes #1173 - -- [Chris Araman brought this change] - - darwinssl: fix iOS build - - Reviewed-by: Nick Zitzmann - Fixes #1172 - -- curl: remove superfluous include file - - The is a leftover from the past when TCP socket options - were set in this file. This include causes build issues on AIX 4.3. - - Reported-by: Kim Minjoong - - Closes #1178 - -- RELEASE-NOTES: synced with a7b38c9dc98481e - -- vtls: s/SSLEAY/OPENSSL - - Fixed an old leftover use of the USE_SSLEAY define which would make a - socket get removed from the applications sockets to monitor when the - multi_socket API was used, leading to timeouts. - - Bug: #1174 - -- docs/ciphers: link to our own new page about ciphers - - ... as the former ones always go stale! - -- cmdline-opts/page-footer: add three more exit codes - - ... and regenerated curl.1 - -- formdata: use NULL, not 0, when returning pointers - -- ftp: failure to resolve proxy should return that error code - -- configure: accept --with-libidn2 instead - - ... which the help text already implied since we switched to libidn2 - from libidn in commit 9c91ec778104ae3b back in October 2016. - - Reported-by: Christian Weisgerber - Bug: https://curl.haxx.se/mail/lib-2016-12/0110.html - -- test1282: verify the ftp-gss check - -- ftp-gss: check for init before use - - To avoid dereferencing a NULL pointer. - - Reported-by: Daniel Romero - -Jay Satiro (24 Dec 2016) -- build-wolfssl: Sync config with wolfSSL 3.10 - - wolfSSL configure script relevant changes from 3.9 to 3.10: - - - DES3 no longer enabled by default - - Shamir no longer enabled by default - - Extended master secret enabled by default - - RSA and ECC timing protections enabled by default - - For backwards compatibility I enabled DES3 and ECC shamir config options - (ie no change from 3.9), and the other changes are included. - -- cyassl: use time_t instead of long for timeout - -Daniel Stenberg (23 Dec 2016) -- bump: toward next release - -- http: remove "Curl_http_done: called premature" message - - ... it only confuses people. - -- openssl-random: check return code when asking for random - - and fail appropriately if it returns error - -- gnutls-random: check return code for failed random - -Version 7.52.1 (22 Dec 2016) - -Daniel Stenberg (22 Dec 2016) -- RELEASE-NOTES: curl 7.52.1 - -- lib557.c: use a shorter MAXIMIZE representation - - Since several compilers had problems with the previous one - - Reported-by: Ray Satiro - Bug: https://curl.haxx.se/mail/lib-2016-12/0098.html - -- runtests: remove the valgrind parser - - Old legacy parsing that 1) hid problems for us and 2) probably isn't - needed anymore. - -- [Kamil Dudka brought this change] - - randit: store the value in the buffer - -- tests/Makefile: run checksrc on debug builds - - ... just like we already do in src/ and lib/ - -- lib557: move the "enable LONGLINE" to allow more long lines - - This file is riddled with them... - -- bump: toward next release - -Marcel Raad (21 Dec 2016) -- lib: fix MSVC compiler warnings - - Visual C++ complained: - warning C4267: '=': conversion from 'size_t' to 'long', possible loss of data - warning C4701: potentially uninitialized local variable 'path' used - -Version 7.52.0 (20 Dec 2016) - -Daniel Stenberg (20 Dec 2016) -- THANKS: 13 new contributors from 7.52.0 - -- RELEASE-NOTES: 7.52.0 - -- ssh: inhibit coverity warning with (void) - - CID 1397391 (#1 of 1): Unchecked return value (CHECKED_RETURN) - -- Curl_recv_has_postponed_data: silence compiler warnings - - Follow-up to d00f2a8f2 - -Jay Satiro (19 Dec 2016) -- tests: checksrc compliance - -- http_proxy: Fix proxy CONNECT hang on pending data - - - Check for pending data before waiting on the socket. - - Bug: https://github.com/curl/curl/issues/1156 - Reported-by: Adam Langley - -Daniel Stenberg (19 Dec 2016) -- cmdline-opts/tlsv1.d: rephrased - -- [Dan McNulty brought this change] - - schannel: fix wildcard cert name validation on Win CE - - Fixes a few issues in manual wildcard cert name validation in - schannel support code for Win32 CE: - - when comparing the wildcard name to the hostname, the wildcard - character was removed from the cert name and the hostname - was checked to see if it ended with the modified cert name. - This allowed cert names like *.com to match the connection - hostname. This violates recommendations from RFC 6125. - - when the wildcard name in the certificate is longer than the - connection hostname, a buffer overread of the connection - hostname buffer would occur during the comparison of the - certificate name and the connection hostname. - -- printf: fix floating point buffer overflow issues - - ... and add a bunch of floating point printf tests - -- config-amigaos.h: (embarrassed) made the line shorter - -- config-amigaos.h: fix bug report email reference - -- RELEASE-NOTES: synced with 4517158abfeba - -- CIPHERS.md: backtick the names to show underscores fine - -- form-string.d: fix format mistake - - and regenerated curl.1 - - Reported-by: Gisle Vanem - -Michael Kaufmann (18 Dec 2016) -- openssl: simplify expression in Curl_ossl_version - -- curl_easy_recv: Improve documentation and example program - - Follow-up to 82245ea: Fix the example program sendrecv.c (handle - CURLE_AGAIN, handle incomplete send). Improve the documentation - for curl_easy_recv() and curl_easy_send(). - - Reviewed-by: Frank Meier - Assisted-by: Jay Satiro - - See https://github.com/curl/curl/pull/1134 - -- [Isaac Boukris brought this change] - - Curl_getconnectinfo: avoid checking if the connection is closed - - It doesn't benefit us much as the connection could get closed at - any time, and also by checking we lose the ability to determine - if the socket was closed by reading zero bytes. - - Reported-by: Michael Kaufmann - - Closes https://github.com/curl/curl/pull/1134 - -Daniel Stenberg (18 Dec 2016) -- CIPHERS.md: attempt to document TLS cipher names - - As the official docs seems really hard to keep track of and link to over - time - -- curl.1: generated after 6cce4dbf830 - -- cmdline-opts/post30X.d: fix the RFC references - -- curl.1: regenerated - - Fixed trailing whitespace and numerous formatting glitches - -- cmdline-opts: formatting fixes - -- curl_easy_setopt.3: removed CURLOPT_SOCKS_PROXYTYPE - -- tool_getparam.c: make comments use the up-to-date option names - -- manpage-scan.pl: allow deprecated options to get removed from curl.1 - - --krb4, --ftp-ssl and --ftp-ssl-reqd no longer need to be documented in the - man page - -- cmdline-opts/gen.pl: trim off trailing spaces - -- cmdline-opts/proxy-tlsuser.d: remove trailing .d - -- curl_easy_setopt.3: CURLOPT_PRE_PROXY instead of CURLOPT_SOCKS_PROXY - -- symbols: removed two, added one - -- cmdline-opts: include the man page split up files in the dist - -- curl.1: generated with gen.pl - - This is the first time we replace the manually edited curt.1 with the - generated one created by gen.pl and the individual option documentation - pages. - - Do not edit this file, edit the individual pages and regenerate this - output. - - This file will be generated by the build system soon and then removed - from git. - -- cmdline-opts: added some missing info - -- CURLINFO_SSL_VERIFYRESULT.3: language - -- HTTPS-PROXY docs: update/polish - -- cmdline-opts/page-header: mention it is generated - - ... to avoid people from trying to edit the pending curl.1 version that - gets generated by gen.pl - -- preproxy: renamed what was added as SOCKS_PROXY - - CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY - - Added the corresponding --preroxy command line option. Sets a SOCKS - proxy to connect to _before_ connecting to a HTTP(S) proxy. - -- curl: normal socks proxies still use CURLOPT_PROXY - - ... the newly introduced CURLOPT_SOCKS_PROXY is special and should be - asked for specially. (Needs new code.) - - Unified proxy type to a single variable in the config struct. - -- CURLOPT_SOCKS_PROXYTYPE: removed - - This was added as part of the SOCKS+HTTPS proxy merge but there's no - need to support this as we prefer to have the protocol specified as a - prefix instead. - -- curl_multi_socket.3: fix typo - -- checksrc: warn for assignments within if() expressions - - ... they're already frowned upon in our source code style guide, this - now enforces the rule harder. - -- checksrc: stricter no-space-before-paren enforcement - - In order to make the code style more uniform everywhere - -- ISSUE_TEMPLATE: try mentioning known bugs/todo in new issue template - -- RELEASE-NOTES: synced with 71a55534fa6 - -- [Adam Langley brought this change] - - openssl: don't use OpenSSL's ERR_PACK. - - ERR_PACK is an internal detail of OpenSSL. Also, when using it, a - function name must be specified which is overly specific: the test will - break whenever OpenSSL internally change things so that a different - function creates the error. - - Closes #1157 - -Dan Fandrich (5 Dec 2016) -- test2032: Mark test as flaky - -Jay Satiro (3 Dec 2016) -- [Jeremy Pearson brought this change] - - libcurl-multi.3: typo - - Closes https://github.com/curl/curl/pull/1153 - -Dan Fandrich (2 Dec 2016) -- test1281: added http as a required feature - -Daniel Stenberg (2 Dec 2016) -- curl: support zero-length argument strings in config files - - ... like 'user-agent = ""' - - Adjusted test 71 to verify. - -- http_proxy: simplify CONNECT response reading - - Since it now reads responses one byte a time, a loop could be removed - and it is no longer limited to get the whole response within 16K, it is - now instead only limited to 16K maximum header line lengths. - -- tests: fix CONNECT test cases to be more strict - - ... as they broke with the cleaned up CONNECT handling - -- CONNECT: read responses one byte at a time - - ... so that it doesn't read data that is actually coming from the - remote. 2xx responses have no body from the proxy, that data is from the - peer. - - Fixes #1132 - -- CONNECT: reject TE or CL in 2xx responses - - A server MUST NOT send any Transfer-Encoding or Content-Length header - fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section - 4.3.6) - - Also fixes the three test cases that did this. - -- URL parser: reject non-numerical port numbers - - Test 1281 added to verify - -Dan Fandrich (30 Nov 2016) -- runtests: made Servers: output be more consistent by removing OFF - -- cyassl: fixed typo introduced in 4f8b1774 - -Michael Kaufmann (30 Nov 2016) -- CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries properly - - If a port number in a "connect-to" entry does not match, skip this - entry instead of connecting to port 0. - - If a port number in a "connect-to" entry matches, use this entry - and look no further. - - Reported-by: Jay Satiro - Assisted-by: Jay Satiro, Daniel Stenberg - - Closes #1148 - -Daniel Stenberg (29 Nov 2016) -- BUGS: describe bug handling process - -- RELEASE-NOTES: synced with 19613fb3 - -Jay Satiro (28 Nov 2016) -- http2: check nghttp2_session_set_local_window_size exists - - The function only exists since nghttp2 1.12.0. - - Bug: https://github.com/curl/curl/commit/a4d8888#commitcomment-19985676 - Reported-by: Michael Kaufmann - -Daniel Stenberg (28 Nov 2016) -- [Anders Bakken brought this change] - - http2: Fix crashes when parent stream gets aborted - - Closes #1125 - -- cmdline-docs: more options converted and fixed - - Now all options are in the new system. - -- gen: include footer in mainpage output - -Jay Satiro (28 Nov 2016) -- lib1536: checksrc compliance - -Daniel Stenberg (28 Nov 2016) -- cmdline-opts: more command line options documented - - Moved over to the new format - -- curl: remove --proxy-ssl* options - - There's mostly likely no need to allow setting SSLv2/3 version for HTTPS - proxy. Those protocols are insecure by design and deprecated. - -- CURLOPT_PROXY_*.3: polished some proxy option man pages - -Patrick Monnerat (26 Nov 2016) -- os400: support CURLOPT_PROXY_PINNEDPUBLICKEY - - Also define it in ILE/RPG binding. - -Daniel Stenberg (26 Nov 2016) -- [Okhin Vasilij brought this change] - - curl_version_info: add CURL_VERSION_HTTPS_PROXY - - Closes #1142 - -- [Frank Gevaerts brought this change] - - tests: Add some testcases for recent new features. - - Add missing tests for CURLINFO_SCHEME, CURLINFO_PROTOCOL, %{scheme}, - and %{http_version} - - closes #1143 - -- [Frank Gevaerts brought this change] - - curl_easy_reset: clear info for CULRINFO_PROTOCOL and CURLINFO_SCHEME - -- CURLOPT_PROXY_CAINFO.3: clarify proxy use - -- CURLOPT_PROXY_CRLFILE.3: clarify https proxy and availability - -- curl_easy_setopt.3: add CURLOPT_PROXY_PINNEDPUBLICKEY - - Follow-up to 4f8b17743d7c55a - -- docs: include all opts man pages in dist - - Sorted the lists too. - - ... and include the new ones in the PDF and HTML generation targets - -- [Thomas Glanzmann brought this change] - - HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEY - -- [Thomas Glanzmann brought this change] - - url: proxy: Use 443 as default port for https proxies - -- TODO: removed "HTTPS proxy" - -- [Jan-E brought this change] - - winbuild: add config option ENABLE_NGHTTP2 - - Closes #1141 - -Jay Satiro (24 Nov 2016) -- tool_urlglob: Improve sanity check in glob_range - - Prior to this change we depended on errno if strtol could not perform a - conversion. POSIX says EINVAL *may* be set. Some implementations like - Microsoft's will not set it if there's no conversion. - - Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189 - -- tool_help: Change description for --retry-connrefused - - Ref: https://github.com/curl/curl/pull/1064#issuecomment-260052409 - -Patrick Monnerat (25 Nov 2016) -- os400: sync ILE/RPG binding - -Jay Satiro (24 Nov 2016) -- test1135: Fix curl_easy_duphandle prototype for code style - - Follow-up to dbadaeb which changed the style. - -- x509asn1: Restore the parameter check in Curl_getASN1Element - - - Restore the removed parts of the parameter check. - - Follow-up to 945f60e which altered the parameter check. - -Daniel Stenberg (25 Nov 2016) -- RELEASE-NOTES: update option counters - -- [Frank Gevaerts brought this change] - - add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme} - - Adds access to the effectively used protocol/scheme to both libcurl and - curl, both in string and numeric (CURLPROTO_*) form. - - Note that the string form will be uppercase, as it is just the internal - string. - - As these strings are declared internally as const, and all other strings - returned by curl_easy_getinfo() are de-facto const as well, string - handling in getinfo.c got const-ified. - - Closes #1137 - -- RELEASE-NOTES: synced with 63198a4750aeb - -- curl.1: the new --proxy options ship in 7.52.0 - -- checksrc: move open braces to comply with function declaration style - -- checksrc: detect wrongly placed open braces in func declarations - -- checksrc: white space edits to comply to stricter checksrc - -- checksrc: verify ASTERISKNOSPACE - - Detects (char*) and 'char*foo' uses. - -- checksrc: code style: use 'char *name' style - -- checksrc: add ASTERISKSPACE - - Verifies a 'char *name' style, with no space after the asterisk. - -- openssl: remove dead code - - Coverity CID 1394666 - -- [Okhin Vasilij brought this change] - - HTTPS-proxy: fixed mbedtls and polishing - -- darwinssl: adopted to the HTTPS proxy changes - - It builds and runs all test cases. No adaptations for actual HTTPS proxy - support has been made. - -- gtls: fix indent to silence compiler warning - - vtls/gtls.c: In function ‘Curl_gtls_data_pending’: - vtls/gtls.c:1429:3: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation] - if(conn->proxy_ssl[connindex].session && - ^~ - vtls/gtls.c:1433:5: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’ - return res; - -- [Thomas Glanzmann brought this change] - - mbedtls: Fix compile errors - -- [Alex Rousskov brought this change] - - proxy: Support HTTPS proxy and SOCKS+HTTP(s) - - * HTTPS proxies: - - An HTTPS proxy receives all transactions over an SSL/TLS connection. - Once a secure connection with the proxy is established, the user agent - uses the proxy as usual, including sending CONNECT requests to instruct - the proxy to establish a [usually secure] TCP tunnel with an origin - server. HTTPS proxies protect nearly all aspects of user-proxy - communications as opposed to HTTP proxies that receive all requests - (including CONNECT requests) in vulnerable clear text. - - With HTTPS proxies, it is possible to have two concurrent _nested_ - SSL/TLS sessions: the "outer" one between the user agent and the proxy - and the "inner" one between the user agent and the origin server - (through the proxy). This change adds supports for such nested sessions - as well. - - A secure connection with a proxy requires its own set of the usual SSL - options (their actual descriptions differ and need polishing, see TODO): - - --proxy-cacert FILE CA certificate to verify peer against - --proxy-capath DIR CA directory to verify peer against - --proxy-cert CERT[:PASSWD] Client certificate file and password - --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) - --proxy-ciphers LIST SSL ciphers to use - --proxy-crlfile FILE Get a CRL list in PEM format from the file - --proxy-insecure Allow connections to proxies with bad certs - --proxy-key KEY Private key file name - --proxy-key-type TYPE Private key file type (DER/PEM/ENG) - --proxy-pass PASS Pass phrase for the private key - --proxy-ssl-allow-beast Allow security flaw to improve interop - --proxy-sslv2 Use SSLv2 - --proxy-sslv3 Use SSLv3 - --proxy-tlsv1 Use TLSv1 - --proxy-tlsuser USER TLS username - --proxy-tlspassword STRING TLS password - --proxy-tlsauthtype STRING TLS authentication type (default SRP) - - All --proxy-foo options are independent from their --foo counterparts, - except --proxy-crlfile which defaults to --crlfile and --proxy-capath - which defaults to --capath. - - Curl now also supports %{proxy_ssl_verify_result} --write-out variable, - similar to the existing %{ssl_verify_result} variable. - - Supported backends: OpenSSL, GnuTLS, and NSS. - - * A SOCKS proxy + HTTP/HTTPS proxy combination: - - If both --socks* and --proxy options are given, Curl first connects to - the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS - proxy. - - TODO: Update documentation for the new APIs and --proxy-* options. - Look for "Added in 7.XXX" marks. - -Patrick Monnerat (24 Nov 2016) -- Declare endian read functions argument as a const pointer. - This is done for all functions of the form Curl_read[136][624]_[lb]e. - -- Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows. - See CRL-01-006. - -Jay Satiro (22 Nov 2016) -- url: Fix conn reuse for local ports and interfaces - - - Fix connection reuse for when the proposed new conn 'needle' has a - specified local port but does not have a specified device interface. - - Bug: https://curl.haxx.se/mail/lib-2016-11/0137.html - Reported-by: bjt3[at]hotmail.com - -Daniel Stenberg (21 Nov 2016) -- rand: pass in number of randoms as an unsigned argument - -Jay Satiro (20 Nov 2016) -- rand: Fix potentially uninitialized result warning - -Marcel Raad (19 Nov 2016) -- vtls: fix build warnings - - Fix warnings about conversions from long to time_t in openssl.c and - schannel.c. - - Follow-up to de4de4e3c7c - -Daniel Stenberg (18 Nov 2016) -- [Marcel Raad brought this change] - - lib: fix compiler warnings after de4de4e3c7c - - Visual C++ now complains about implicitly casting time_t (64-bit) to - long (32-bit). Fix this by changing some variables from long to time_t, - or explicitly casting to long where the public interface would be - affected. - - Closes #1131 - -Peter Wu (17 Nov 2016) -- [Isaac Boukris brought this change] - - Don't mix unix domain sockets with regular ones - - When reusing a connection, make sure the unix domain - socket option matches. - -Jay Satiro (17 Nov 2016) -- tests: Fix HTTP2-Settings header for huge window size - - Follow-up to a4d8888. Changing the window size in that commit resulted - in a different HTTP2-Settings upgrade header, causing test 1800 to fail. - -- http2: Use huge HTTP/2 windows - - - Improve performance by using a huge HTTP/2 window size. - - Bug: https://github.com/curl/curl/issues/1102 - Reported-by: afrind@users.noreply.github.com - Assisted-by: Tatsuhiro Tsujikawa - -Daniel Stenberg (16 Nov 2016) -- cmdline-docs: more conversion - -- gen: support 'protos' - - and warn on unrecognized lines - -- gen: support 'single' to make an individual page man page - -- cmdline-docs: more options converted over - -- gen: support 'redirect' - - ... and warn for too long --help lines - -- cmdline/gen: replace options in texts better - -Jay Satiro (16 Nov 2016) -- http2: Fix address sanitizer memcpy warning - - - In Curl_http2_switched don't call memcpy when src is NULL. - - Curl_http2_switched can be called like: - - Curl_http2_switched(conn, NULL, 0); - - .. and prior to this change memcpy was then called like: - - memcpy(dest, NULL, 0) - - .. causing address sanitizer to warn: - - http2.c:2057:3: runtime error: null pointer passed as argument 2, which - is declared to never be null - -- tool_help: Clarify --dump-header only writes received headers - -- curl.1: Clarify --dump-header only writes received headers - -Daniel Stenberg (15 Nov 2016) -- [Alex Chan brought this change] - - docs: Spelling fixes - -Kamil Dudka (15 Nov 2016) -- docs: the next release will be 7.52.0 - -Daniel Stenberg (15 Nov 2016) -- cmdline-opts: support generating the --help output - -- [David Schweikert brought this change] - - darwinssl: fix SSL client certificate not found on MacOS Sierra - - Reviewed-by: Nick Zitzmann - - Closes #1105 - -- curl: add --fail-early to help output - - Fixes test 1139 failures - - Follow-up to f82bbe01c8835 - -- glob: fix [a-c] globbing regression - - Brought in ee4f76606cf - - Added test case 1280 to verify - - Reported-by: Dave Reisner - - Bug: https://github.com/curl/curl/commit/ee4f76606cfa4ee068bf28edd37c8dae7e8db317#commitcomment-19823146 - -- curl: add --fail-early - - Exit with an error on the first transfer error instead of continuing to - do the rest of the URLs. - - Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html - -- Curl_rand: fixed and moved to rand.c - - Now Curl_rand() is made to fail if it cannot get the necessary random - level. - - Changed the proto of Curl_rand() slightly to provide a number of ints at - once. - - Moved out from vtls, since it isn't a TLS function and vtls provides - Curl_ssl_random() for this to use. - - Discussion: https://curl.haxx.se/mail/lib-2016-11/0119.html - -- cmdline-opts: first test version of a new man page generator kit - - See MANPAGE.md for the description of how this works. Each command line - option is now described in a separate .d file. - -- time_t fix: follow-up to de4de4e3c7c - - Blah, I accidentally wrote size_t instead of time_t for two variables. - - Reported-by: Dave Reisner - -- timeval: prefer time_t to hold seconds instead of long - - ... as long is still 32bit on modern 64bit windows machines, while - time_t is generally 64bit. - -Dan Fandrich (12 Nov 2016) -- tests: fixed variable might be clobbered warning - - This stops the compiler from potentially making invalid assumptions - about the immutability of sdp and sap across the longjmp boundary. - -Daniel Stenberg (12 Nov 2016) -- RELEASE-NOTES: synced with 346340808c - -- URL-parser: for file://[host]/ URLs, the [host] must be localhost - - Previously, the [host] part was just ignored which made libcurl accept - strange URLs misleading users. like "file://etc/passwd" which might've - looked like it refers to "/etc/passwd" but is just "/passwd" since the - "etc" is an ignored host name. - - Reported-by: Mike Crowe - Assisted-by: Kamil Dudka - -- test558: adapt to 0649433da - -- openssl: make sure to fail in the unlikely event that PRNG seeding fails - -- openssl: avoid unnecessary seeding if already done - - 1.1.0+ does more of this by itself so we can avoid extra processing this - way. - -- openssl: RAND_status always exists in OpenSSL >= 0.9.7 - - and remove RAND_screen from configure since nothing is using that - function - -- Curl_pgrsUpdate: use dedicated function for time passed - -- realloc: use Curl_saferealloc to avoid common mistakes - - Discussed: https://curl.haxx.se/mail/lib-2016-11/0087.html - -- [Daniel Hwang brought this change] - - curl: Add --retry-connrefused - - to consider ECONNREFUSED as a transient error. - - Closes #1064 - -- openssl: raise the max_version to 1.3 if asked for - - Now I've managed to negotiate TLS 1.3 with https://enabled.tls13.com/ when - using boringssl. - -Jay Satiro (9 Nov 2016) -- vtls: Fail on unrecognized param for CURLOPT_SSLVERSION - - - Fix GnuTLS code for CURL_SSLVERSION_TLSv1_2 that broke when the - TLS 1.3 support was added in 6ad3add. - - - Homogenize across code for all backends the error message when TLS 1.3 - is not available to ": TLS 1.3 is not yet supported". - - - Return an error when a user-specified ssl version is unrecognized. - - --- - - Prior to this change our code for some of the backends used the - 'default' label in the switch statement (ie ver unrecognized) for - ssl.version and treated it the same as CURL_SSLVERSION_DEFAULT. - - Bug: https://curl.haxx.se/mail/lib-2016-11/0048.html - Reported-by: Kamil Dudka - -Daniel Stenberg (9 Nov 2016) -- [Isaac Boukris brought this change] - - SPNEGO: Fix memory leak when authentication fails - - If SPNEGO fails, cleanup the negotiate handle right away. - - Fixes #1115 - - Signed-off-by: Isaac Boukris - Reported-by: ashman-p - -- CODE_STYLE.md: link to INTERNALS.md correctly - -- bump: next version will be 7.52.0 - -- RELEASE-NOTES: synced with dfcdaaba371e9a3 - -- examples/fileupload.c: fclose the file as well - -- printf: fix ".*f" handling - - It would always use precision 1 instead of reading it from the argument - list as intended. - - Reported-by: Ray Satiro - - Bug: #1113 - -- curl_formadd.3: *_FILECONTENT and *_FILE need the file to be kept - - Reported-by: Frank Gevaerts - -Kamil Dudka (7 Nov 2016) -- nss: silence warning 'SSL_NEXT_PROTO_EARLY_VALUE not handled in switch' - - ... with nss-3.26.0 and newer - - Reported-by: Daniel Stenberg - -Daniel Stenberg (7 Nov 2016) -- openssl: initial TLS 1.3 adaptions - - BoringSSL supports TLSv1.3 already, but these changes don't seem to be anough - to get it working. - -- ssh: check md5 fingerprints case insensitively (regression) - - Revert the change from ce8d09483eea but use the new function - - Reported-by: Kamil Dudka - Bug: https://github.com/curl/curl/commit/ce8d09483eea2fcb1b50e323e1a8ed1f3613b2e3#commitcomment-19666146 - -Kamil Dudka (7 Nov 2016) -- curl: introduce the --tlsv1.3 option to force TLS 1.3 - - Fully implemented with the NSS backend only for now. - - Reviewed-by: Ray Satiro - -- vtls: support TLS 1.3 via CURL_SSLVERSION_TLSv1_3 - - Fully implemented with the NSS backend only for now. - - Reviewed-by: Ray Satiro - -- nss: map CURL_SSLVERSION_DEFAULT to NSS default - - ... but make sure we use at least TLSv1.0 according to libcurl API - - Reported-by: Cure53 - Reviewed-by: Ray Satiro - -Daniel Stenberg (7 Nov 2016) -- s/cURL/curl - - We're mostly saying just "curl" in lower case these days so here's a big - cleanup to adapt to this reality. A few instances are left as the - project could still formally be considered called cURL. - -Jay Satiro (7 Nov 2016) -- [Tatsuhiro Tsujikawa brought this change] - - http2: Don't send header fields prohibited by HTTP/2 spec - - Previously, we just ignored "Connection" header field. But HTTP/2 - specification actually prohibits few more header fields. This commit - ignores all of them so that we don't send these bad header fields. - - Bug: https://curl.haxx.se/mail/archive-2016-10/0033.html - Reported-by: Ricki Hirner - - Closes https://github.com/curl/curl/pull/1092 - -Daniel Stenberg (7 Nov 2016) -- curl.1: explain the SMTP data expected for -T - - Fixes #1107 - - Reported-by: Adam Piggott - -Peter Wu (6 Nov 2016) -- cmake: disable poll for macOS - - Mirrors the autotools behavior introduced with curl-7_50_3-83-ga34c7ce. - - Fixes #1089 - -Jay Satiro (5 Nov 2016) -- easy: Initialize info variables on easy init and duphandle - - - Call Curl_initinfo on init and duphandle. - - Prior to this change the statistical and informational variables were - simply zeroed by calloc on easy init and duphandle. While zero is the - correct default value for almost all info variables, there is one where - it isn't (filetime initializes to -1). - - Bug: https://github.com/curl/curl/issues/1103 - Reported-by: Neal Poole - -Daniel Stenberg (5 Nov 2016) -- [Mauro Rappa brought this change] - - curl -w: added more decimal digits to timing counters - - Now showing microsecond resolution. - - Closes #1106 - -Jakub Zakrzewski (4 Nov 2016) -- dist: add CMakeLists.txt to the tarball - -Daniel Stenberg (4 Nov 2016) -- mbedtls: fix build with mbedtls versions < 2.4.0 - - Regression added in 62a8095e714 - - Reported-by: Tony Kelman - - Discussed in #1087 - -- configure: verify that compiler groks -Werror=partial-availability - - Reported-by: bemoody - - Fixes #1104 - -- docs: shorten and simplify the top comment in multi-uv.c - - and change URL to use https - -- [Andrei Sedoi brought this change] - - docs: handle CURL_POLL_INOUT in multi-uv example - -- [Andrei Sedoi brought this change] - - docs: multi-uv: don't use CURLMsg after cleanup - -- [Andrei Sedoi brought this change] - - docs: remove unused variables in multi-uv example - -- bump: start working on 7.51.1 - -- winbuild: remove strcase.obj from curl build - - Reported-by: Bruce Stephens - - Fixes #1098 - -Dan Fandrich (2 Nov 2016) -- msvc: removed a straggling reference to strequal.c - - Follow-up to 502acba2 - -Version 7.51.0 (2 Nov 2016) - -Daniel Stenberg (2 Nov 2016) -- THANKS: synced with 7.51.0 - -- RELEASE-NOTES: 7.51.0 - -- ftp_done: don't clobber the passed in error code - - Coverity CID 1374359 pointed out the unused result value. - -- ftp: remove dead code in ftp_done - - Coverity CID 1374358 - -Jay Satiro (1 Nov 2016) -- generate.bat: Include include/curl in libcurl VS projects - - .. because including those headers helps Visual Studio's Intellisense. - -- generate.bat: Remove strcase.[ch] from curl tool VS projects - - ..because they're no longer needed in the tool build. strcase is still - built by the libcurl project and exports curl_str(n)equal which is used - by the curl tool. - - Bug: https://github.com/curl/curl/commit/9363f1a#all_commit_comments - -Daniel Stenberg (2 Nov 2016) -- metalink: simplify the hex parsing function - - ... and now it avoids using the libcurl toupper() function - -Michael Kaufmann (1 Nov 2016) -- file: fix compiler warning - - follow-up to 46133aa5 - -Dan Fandrich (1 Nov 2016) -- strcase: fixed Metalink builds by redefining checkprefix() - - ...to use the public function curl_strnequal(). This isn't ideal because - it adds extra overhead to any internal calls to checkprefix. - - follow-up to 95bd2b3e - -Daniel Stenberg (1 Nov 2016) -- curl.1: typo - -- curl.1: expand on how multiple uses of -o looks - - Suggested-by: Dan Jacobson - Issue: https://github.com/curl/curl/issues/1097 - -- tests/util: get a private strncasecompare clone - - ... since the curlx_* code no longer provides one and we don't link - libcurl to these test servers. - -- strcase: make the tool use curl_str[n]equal instead - - As they are after all part of the public API. Saves space and reduces - complexity. Remove the strcase defines from the curlx_ family. - - Suggested-by: Dan Fandrich - Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html - -Kamil Dudka (31 Oct 2016) -- gskit, nss: do not include strequal.h - - follow-up to 811a693b80 - -Dan Fandrich (31 Oct 2016) -- strcasecompare: include curl.h in strcase.c - - This should fix the "warning: 'curl_strequal' redeclared without - dllimport attribute: previous dllimport ignored" message and subsequent - link error on Windows because of the missing CURL_EXTERN on the - prototype. - -Daniel Stenberg (31 Oct 2016) -- strcase: fix the remaining rawstr users - -- msvc builds: s/rawstr/strcase - - Follow-up to 811a693b - -Dan Fandrich (31 Oct 2016) -- strcasecompare: replaced remaining rawstr.h with strcase.h - - This is a followup to commit 811a693b - -Marcel Raad (31 Oct 2016) -- digest_sspi: fix include - - Fix compile break from 811a693b80 - -Dan Fandrich (31 Oct 2016) -- libauthretry: use the external function curl_strequal - - The internal version strcasecompare isn't available outside libcurl - -Daniel Stenberg (31 Oct 2016) -- RELEASE-NOTES: synced with d14538d2501ef0da - -- configure: raise the default minimum version for macos to 10.8 - - follow-up to 4f8d0b6f02aa7043. Since the darwinssl code breaks - otherwise. If you build without darwinssl 10.5 works fine. - -- unit1301: keep testing curl_strequal - - as that is still part of the API, fix from 8fe4bd084412f30 - -- ldap: fix include - - Fix bug from 811a693b80 - -- url: remove unconditional idn2.h include - - Mistake brought by 9c91ec778104a - -- curl_strequal: part of public API/ABI, needs to be kept - - These two public functions have been mentioned as deprecated since a - very long time but since they are still part of the API and ABI we need - to keep them around. - -- strcase: s/strequal/strcasecompare - - some more follow-ups to 811a693b80 - -- ldap: fix strcase use - - follow-up to 811a693b80 - -- test165: adapted to the libidn2 use and IDNA2008 fix - -- cookie: replace use of fgets() with custom version - - ... that will ignore lines that are too long to fit in the buffer. - - CVE-2016-8615 - - Bug: https://curl.haxx.se/docs/adv_20161102A.html - Reported-by: Cure53 - -- strcasecompare: all case insensitive string compares ignore locale now - - We had some confusions on when each function was used. We should not act - differently on different locales anyway. - -- strcasecompare: is the new name for strequal() - - ... to make it less likely that we forget that the function actually - does case insentive compares. Also replaced several invokes of the - function with a plain strcmp when case sensitivity is not an issue (like - comparing with "-"). - -- ftp: check for previous patch must be case sensitive! - - ... otherwise example.com/PATH and example.com/path would be assumed to - be the same and they usually aren't! - -- SSH: check md5 fingerprint case sensitively - -- connectionexists: use case sensitive user/password comparisons - - CVE-2016-8616 - - Bug: https://curl.haxx.se/docs/adv_20161102B.html - Reported-by: Cure53 - -- base64: check for integer overflow on large input - - CVE-2016-8617 - - Bug: https://curl.haxx.se/docs/adv_20161102C.html - Reported-by: Cure53 - -- krb5: avoid realloc(0) - - If the requested size is zero, bail out with error instead of doing a - realloc() that would cause a double-free: realloc(0) acts as a free() - and then there's a second free in the cleanup path. - - CVE-2016-8619 - - Bug: https://curl.haxx.se/docs/adv_20161102E.html - Reported-by: Cure53 - -- aprintf: detect wrap-around when growing allocation - - On 32bit systems we could otherwise wrap around after 2GB and allocate 0 - bytes and crash. - - CVE-2016-8618 - - Bug: https://curl.haxx.se/docs/adv_20161102D.html - Reported-by: Cure53 - -- range: reject char globs with missing end like '[L-]' - - ... which previously would lead to out of boundary reads. - - Reported-by: Luật Nguyễn - -- glob_next_url: make sure to stay within the given output buffer - -- range: prevent negative end number in a glob range - - CVE-2016-8620 - - Bug: https://curl.haxx.se/docs/adv_20161102F.html - Reported-by: Luật Nguyễn - -- parsedate: handle cut off numbers better - - ... and don't read outside of the given buffer! - - CVE-2016-8621 - - bug: https://curl.haxx.se/docs/adv_20161102G.html - Reported-by: Luật Nguyễn - -- escape: avoid using curl_easy_unescape() internally - - Since the internal Curl_urldecode() function has a better API. - -- unescape: avoid integer overflow - - CVE-2016-8622 - - Bug: https://curl.haxx.se/docs/adv_20161102H.html - Reported-by: Cure53 - -- cookies: getlist() now holds deep copies of all cookies - - Previously it only held references to them, which was reckless as the - thread lock was released so the cookies could get modified by other - handles that share the same cookie jar over the share interface. - - CVE-2016-8623 - - Bug: https://curl.haxx.se/docs/adv_20161102I.html - Reported-by: Cure53 - -- TODO: remove IDNA2008 - -- idn: switch to libidn2 use and IDNA2008 support - - CVE-2016-8625 - - Bug: https://curl.haxx.se/docs/adv_20161102K.html - Reported-by: Christian Heimes - -- test1246: verify URL parsing with host name ending with '#' - -- urlparse: accept '#' as end of host name - - 'http://example.com#@127.0.0.1/x.txt' equals a request to example.com - for the '/' document with the rest of the URL being a fragment. - - CVE-2016-8624 - - Bug: https://curl.haxx.se/docs/adv_20161102J.html - Reported-by: Fernando Muñoz - -Jay Satiro (31 Oct 2016) -- INTERNALS: better markdown (follow-up) - - - Wrap more words with underscores in backticks. - - Follow-up to 13f4913. - -Daniel Stenberg (30 Oct 2016) -- INTERNALS: better markdown - - words with underscore need to be within `these` - - Bug: https://github.com/curl/curl-www/issues/19 - Reported-by : Jay Satiro - -Jay Satiro (30 Oct 2016) -- mk-ca-bundle.vbs: Fix UTF-8 output - - - Change initial message box to mention delay when downloading/parsing. - - Since there is no progress meter it was somewhat unexpected that after - choosing a filename nothing appears to happen, when actually the cert - data is in the process of being downloaded and parsed. - - - Warn if OpenSSL is not present. - - - Use a UTF-8 stream to make the ca-bundle data. - - - Save the UTF-8 ca-bundle stream as binary so that no BOM is added. - - --- - - This is a follow-up to d2c6d15 which switched mk-ca-bundle.vbs output to - ANSI due to corrupt UTF-8 output, now fixed. - - This change completes making the default certificate bundle output of - mk-ca-bundle.vbs as close as possible to that of mk-ca-bundle.pl, which - should make it easier to review any difference between their output. - - Ref: https://github.com/curl/curl/pull/1012 - -Daniel Stenberg (28 Oct 2016) -- BINDINGS: converted to markdown - - To make it render better on the web site, at the price of it becoming - slightly less readable as text. - -Jay Satiro (27 Oct 2016) -- CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2 - - - Clarify that this option is only for HTTP/1.1 pipelining. - - Bug: https://github.com/curl/curl/issues/1059 - Reported-by: Jeroen Ooms - - Assisted-by: Daniel Stenberg - -Daniel Stenberg (27 Oct 2016) -- KNOWN_BUGS: HTTP/2 server push enabled when no pushes can be accepted - - Closes #927 - -- KNOWN_BUGS: c-ares deviates from stock resolver on http://1346569778 - - Closes #893 - -Michael Osipov (27 Oct 2016) -- configure.in: Fix test syntax - - Some versions of test allow == for equality, but others (such as the HP-UX - version) do not. Use a single = for correctness. - - Error output: - checking for monotonic clock_gettime... ./configure[20445]: ==: A test command parameter is not valid. - -Daniel Stenberg (27 Oct 2016) -- SECURITY: minor updates - - - we allow the security push up to 48 hours before the release - - - add a mention about possible pre-notifications - - - lower case the 'curl-security' title - -- [Andrei Sedoi brought this change] - - docs: fix req->data in multi-uv example - - Closes #1088 - -- mbedtls: stop using deprecated include file - - Reported-by: wyattoday - Fixes #1087 - -Kamil Dudka (25 Oct 2016) -- [Martin Frodl brought this change] - - nss: fix tight loop in non-blocking TLS handhsake over proxy - - ... in case the handshake completes before entering - CURLM_STATE_PROTOCONNECT - - Bug: https://bugzilla.redhat.com/1388162 - -Jay Satiro (25 Oct 2016) -- mk-ca-bundle: Update the vbscript version - - Bring the VBScript version more in line with the perl version: - - - Change timestamp to UTC. - - - Change URL retrieval to HTTPS-only by default. - - - Comment out the options that disabled SSL cert checking by default. - - - Assume OpenSSL is present, get SHA256. And add a flag to toggle it. - - - Fix cert issuer name output. - - The cert issuer output is now ansi, converted from UTF-8. Prior to this - it was corrupt UTF-8. It turns out though we can work with UTF-8 the - FSO object that writes ca-bundle can't write UTF-8, so there will have - to be some alternative if UTF-8 is needed (like an ADODB.Stream). - - - Disable the certificate text info feature. - - The certificate text info doesn't work properly with any recent OpenSSL. - -Daniel Stenberg (24 Oct 2016) -- TODO: indent code to make it render properly - -- TODO: Remove the generated include file - -- TODO: add "--retry should resume" - - See #1084 - -- mk-ca-bundle.1: document -k - - Brought in 1ad2bdcf110266c. Now does HTTPS by default and needs -k to - fall back to plain HTTP. - -- [Jay Satiro brought this change] - - mk-ca-bundle: Change URL retrieval to HTTPS-only by default - - - Change all predefined Mozilla URLs to HTTPS (Gregory Szorc). - - - New option -k to allow URLs other than HTTPS and enable HTTP fallback. - - Prior to this change the default URL retrieval mode was to fall back to - HTTP if HTTPS didn't work. - - Reported-by: Gregory Szorc - - Closes #1012 - -- RELEASE-NOTES: synced with 50ee3aaf1a9b22d - -Dan Fandrich (23 Oct 2016) -- INSTALL.md: Updated minimum file sizes for 7.50.3 - -Daniel Stenberg (22 Oct 2016) -- multi: force connections to get closed in close_all_connections - - Several independent reports on infinite loops hanging in the - close_all_connections() function when closing a multi handle, can be - fixed by first marking the connection to get closed before calling - Curl_disconnect. - - This is more fixing-the-symptom rather than the underlying problem - though. - - Bug: https://curl.haxx.se/mail/lib-2016-10/0011.html - Bug: https://curl.haxx.se/mail/lib-2016-10/0059.html - - Reported-by: Dan Fandrich, Valentin David, Miloš Ljumović - -- [Anders Bakken brought this change] - - curl_multi_remove_handle: fix a double-free - - In short the easy handle needs to be disconnected from its connection at - this point since the connection still is serving other easy handles. - - In our app we can reliably reproduce a crash in our http2 stress test - that is fixed by this change. I can't easily reproduce the same test in - a small example. - - This is the gdb/asan output: - - ==11785==ERROR: AddressSanitizer: heap-use-after-free on address 0xe9f4fb80 at pc 0x09f41f19 bp 0xf27be688 sp 0xf27be67c - READ of size 4 at 0xe9f4fb80 thread T13 (RESOURCE_HTTP) - #0 0x9f41f18 in curl_multi_remove_handle /path/to/source/3rdparty/curl/lib/multi.c:666 - - 0xe9f4fb80 is located 0 bytes inside of 1128-byte region [0xe9f4fb80,0xe9f4ffe8) - freed by thread T13 (RESOURCE_HTTP) here: - #0 0xf7b1b5c2 in __interceptor_free /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_malloc_linux.cc:45 - #1 0x9f7862d in conn_free /path/to/source/3rdparty/curl/lib/url.c:2808 - #2 0x9f78c6a in Curl_disconnect /path/to/source/3rdparty/curl/lib/url.c:2876 - #3 0x9f41b09 in multi_done /path/to/source/3rdparty/curl/lib/multi.c:615 - #4 0x9f48017 in multi_runsingle /path/to/source/3rdparty/curl/lib/multi.c:1896 - #5 0x9f490f1 in curl_multi_perform /path/to/source/3rdparty/curl/lib/multi.c:2123 - #6 0x9c4443c in perform /path/to/source/src/net/resourcemanager/ResourceManagerCurlThread.cpp:854 - #7 0x9c445e0 in ... - #8 0x9c4cf1d in ... - #9 0xa2be6b5 in ... - #10 0xf7aa5780 in asan_thread_start /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_interceptors.cc:226 - #11 0xf4d3a16d in __clone (/lib/i386-linux-gnu/libc.so.6+0xe716d) - - previously allocated by thread T13 (RESOURCE_HTTP) here: - #0 0xf7b1ba27 in __interceptor_calloc /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_malloc_linux.cc:70 - #1 0x9f7dfa6 in allocate_conn /path/to/source/3rdparty/curl/lib/url.c:3904 - #2 0x9f88ca0 in create_conn /path/to/source/3rdparty/curl/lib/url.c:5797 - #3 0x9f8c928 in Curl_connect /path/to/source/3rdparty/curl/lib/url.c:6438 - #4 0x9f45a8c in multi_runsingle /path/to/source/3rdparty/curl/lib/multi.c:1411 - #5 0x9f490f1 in curl_multi_perform /path/to/source/3rdparty/curl/lib/multi.c:2123 - #6 0x9c4443c in perform /path/to/source/src/net/resourcemanager/ResourceManagerCurlThread.cpp:854 - #7 0x9c445e0 in ... - #8 0x9c4cf1d in ... - #9 0xa2be6b5 in ... - #10 0xf7aa5780 in asan_thread_start /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_interceptors.cc:226 - #11 0xf4d3a16d in __clone (/lib/i386-linux-gnu/libc.so.6+0xe716d) - - SUMMARY: AddressSanitizer: heap-use-after-free /path/to/source/3rdparty/curl/lib/multi.c:666 in curl_multi_remove_handle - Shadow bytes around the buggy address: - 0x3d3e9f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd - 0x3d3e9f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd - 0x3d3e9f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd - 0x3d3e9f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa - 0x3d3e9f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa - =>0x3d3e9f70:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd - 0x3d3e9f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd - 0x3d3e9f90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd - 0x3d3e9fa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd - 0x3d3e9fb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd - 0x3d3e9fc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd - Shadow byte legend (one shadow byte represents 8 application bytes): - Addressable: 00 - Partially addressable: 01 02 03 04 05 06 07 - Heap left redzone: fa - Heap right redzone: fb - Freed heap region: fd - Stack left redzone: f1 - Stack mid redzone: f2 - Stack right redzone: f3 - Stack partial redzone: f4 - Stack after return: f5 - Stack use after scope: f8 - Global redzone: f9 - Global init order: f6 - Poisoned by user: f7 - Container overflow: fc - Array cookie: ac - Intra object redzone: bb - ASan internal: fe - Left alloca redzone: ca - Right alloca redzone: cb - ==11785==ABORTING - - Thread 14 "RESOURCE_HTTP" received signal SIGABRT, Aborted. - [Switching to Thread 0xf27bfb40 (LWP 12324)] - 0xf7fd8be9 in __kernel_vsyscall () - (gdb) bt - #0 0xf7fd8be9 in __kernel_vsyscall () - #1 0xf4c7ee89 in __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:54 - #2 0xf4c803e7 in __GI_abort () at abort.c:89 - #3 0xf7b2ef2e in __sanitizer::Abort () at /opt/toolchain/src/gcc-6.2.0/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cc:122 - #4 0xf7b262fa in __sanitizer::Die () at /opt/toolchain/src/gcc-6.2.0/libsanitizer/sanitizer_common/sanitizer_common.cc:145 - #5 0xf7b21ab3 in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0xf27be171, __in_chrg=) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_report.cc:689 - #6 0xf7b214a5 in __asan::ReportGenericError (pc=166993689, bp=4068206216, sp=4068206204, addr=3925146496, is_write=false, access_size=4, exp=0, fatal=true) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_report.cc:1074 - #7 0xf7b21fce in __asan::__asan_report_load4 (addr=3925146496) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_rtl.cc:129 - #8 0x09f41f19 in curl_multi_remove_handle (multi=0xf3406080, data=0xde582400) at /path/to/source3rdparty/curl/lib/multi.c:666 - #9 0x09f6b277 in Curl_close (data=0xde582400) at /path/to/source3rdparty/curl/lib/url.c:415 - #10 0x09f3354e in curl_easy_cleanup (data=0xde582400) at /path/to/source3rdparty/curl/lib/easy.c:860 - #11 0x09c6de3f in ... - #12 0x09c378c5 in ... - #13 0x09c48133 in ... - #14 0x09c4d092 in ... - #15 0x0a2be6b6 in ... - #16 0xf7aa5781 in asan_thread_start (arg=0xf2d22938) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_interceptors.cc:226 - #17 0xf5de52b5 in start_thread (arg=0xf27bfb40) at pthread_create.c:333 - #18 0xf4d3a16e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:114 - - Fixes #1083 - -- testcurl.1: fix the URL to the autobuild summary - -- testcurl.1: update URLs - -- INSTALL: converted to markdown => INSTALL.md - - Also heavily edited for content. Removed lots of old cruft that we added - like 10+ years ago that is likely incorrect by now. - - Also removed INSTALL.devcpp for same reason. - -- [Martin Storsjo brought this change] - - configure: Check for other variants of the -m*os*-version-min flags - - In addition to -miphoneos-version-min, the same version can be set - using -mios-version-min. And for WatchOS and TvOS, there's - -mwatchos-version-min and -mtvos-version-min. - -- configure: set min version flags for builds on mac - - This helps building binaries that can work on multiple macOS versions. - - Help-by: Martin Storsjö - - Fixes #1069 - -- curl_multi_add_handle: set timeouts in closure handles - - The closure handle only ever has default timeouts set. To improve the - state somewhat we clone the timeouts from each added handle so that the - closure handle always has the same timeouts as the most recently added - easy handle. - - Fixes #739 - -- configure/CURL_CHECK_FUNC_POLL: disable poll completely on mac - - ... so that the same libcurl build easier can run on any version. - - Follow-up to issue #1057 - -- RELEASE-NOTES: synced with f36f8c14551efc6772 - -- test14xx: fixed --libcurl output tests again after 8e8afa82cbb - -- s/cURL/curl - - The tool was never called cURL, only the project. But even so, we have - more and more over time switched to just use lower case. - -- polarssl: indented code, removed unused variables - -- polarssl: reduce #ifdef madness with a macro - -- polarssl: fix unaligned SSL session-id lock - -- Curl_polarsslthreadlock_thread_setup: clear array at init - - ... since if it fails to init the entire array and then tries to clean - it up, it would attempt to work on an uninitialized pointer. - -- curl: set INTERLEAVEDATA too - - As otherwise the callback could be called with a NULL pointer when RTSP - data is provided. - -- gopher: properly return error for poll failures - -- select: switch to macros in uppercase - - Curl_select_ready() was the former API that was replaced with - Curl_select_check() a while back and the former arg setup was provided - with a define (in order to leave existing code unmodified). - - Now we instead offer SOCKET_READABLE and SOCKET_WRITABLE for the most - common shortcuts where only one socket is checked. They're also more - visibly macros. - -- select: use more proper macro-looking names - - ... so that it becomes more obvious in the code what is what. Also added - a typecast for one of the calculations. - -- Curl_socket_check: add extra check to avoid integer overflow - -- maketgz: make it support "only" generating version info - - ... to allow you to update the local repository with the given version - number data. - -Jay Satiro (17 Oct 2016) -- url: skip to-be-closed connections when pipelining (follow-up) - - - Change back behavior so that pipelining is considered possible for - connections that have not yet reached the protocol level. - - This is a follow-up to e5f0b1a which had changed the behavior of - checking if pipelining is possible to ignore connections that had - 'bits.close' set. Connections that have not yet reached the protocol - level also have that bit set, and we need to consider pipelining - possible on those connections. - -Daniel Stenberg (17 Oct 2016) -- HTTP2: mention the tool's limited support - -- RELEASE-NOTES: synced with a1a5cd04877fd6fd - -- [David Woodhouse brought this change] - - curl: do not set CURLOPT_SSLENGINEDEFAULT automatically - - There were bugs in the PKCS#11 engine, and fixing them triggers bugs in - OpenSSL. Just don't get involved; there's no need to be making the - engine methods the default anyway. - - https://github.com/OpenSC/libp11/pull/108 - https://github.com/openssl/openssl/pull/1639 - - Merges #1042 - -- KNOWN_BUGS: two more existing problems - -Marcel Raad (16 Oct 2016) -- win: fix Universal Windows Platform build - - This fixes a merge error in commit 7f3df80 caused by commit 332e8d6. - - Additionally, this changes Curl_verify_windows_version for Windows App - builds to assume to always be running on the target Windows version. - There seems to be no way to determine the Windows version from a - UWP app. Neither GetVersion(Ex), nor VerifyVersionInfo, nor the - Version Helper functions are supported. - - Bug: https://github.com/curl/curl/pull/820#issuecomment-250889878 - Reported-by: Paul Joyce - - Closes https://github.com/curl/curl/pull/1048 - -Daniel Stenberg (16 Oct 2016) -- KNOWN_BUGS: minor formatting edit - -Jay Satiro (14 Oct 2016) -- [Rider Linden brought this change] - - url: skip to-be-closed connections when pipelining - - No longer attempt to use "doomed" to-be-closed connections when - pipelining. Prior to this change connections marked for deletion (e.g. - timeout) would be erroneously used, resulting in sporadic crashes. - - As originally reported and fixed by Carlo Wood (origin unknown). - - Bug: https://github.com/curl/curl/issues/627 - Reported-by: Rider Linden - - Closes https://github.com/curl/curl/pull/1075 - Participation-by: nopjmp@users.noreply.github.com - -Daniel Stenberg (13 Oct 2016) -- vtls: only re-use session-ids using the same scheme - - To make it harder to do cross-protocol mistakes - -Jay Satiro (11 Oct 2016) -- [Torben Dannhauer brought this change] - - dist: add missing cmake modules to the tarball - - Closes https://github.com/curl/curl/pull/1070 - -Daniel Stenberg (11 Oct 2016) -- configure: detect the broken poll() in macOS 10.12 - - Fixes #1057 - -- dist: remove PDF and HTML converted docs from the releases - -- [Remo E brought this change] - - cmake: add nghttp2 support - - Closes #922 - -- [Andreas Streichardt brought this change] - - resolve: add error message when resolving using SIGALRM - - Closes #1066 - -- GIT-INFO: remove the Mac 10.1-specific details - - There shouldn't be many devs out there anymore using such outdated macOS - versions. And it removes the dead link. - - Closes #1049 - -- RELEASE-NOTES: spellfix - -- RELEASE-NOTES: synced with 82720490628cb53a - - 5 more fixes, 2 more contributors - -- [Tobias Stoeckmann brought this change] - - smb: properly check incoming packet boundaries - - Not all reply messages were properly checked for their lengths, which - made it possible to access uninitialized memory (but this does not lead - to out of boundary accesses). - - Closes #1052 - -- test557: verify printf() with 128 and 129 arguments - -- mprintf: return error on too many arguments - - 128 arguments should be enough for everyone - -- ftp: fix Curl_ftpsendf() - - ... it no longer takes printf() arguments since it was only really taken - advantage by one user and it was not written and used in a safe - way. Thus the 'f' is removed from the function name and the proto is - changed. - - Although the current code wouldn't end up in badness, it was a risk that - future changes could end up springf()ing too large data or passing in a - format string inadvertently. - -- formpost: avoid silent snprintf() truncation - - The previous use of snprintf() could make libcurl silently truncate some - input data and not report that back on overly large input, which could - make data get sent over the network in a bad format. - - Example: - - $ curl --form 'a=b' -H "Content-Type: $(perl -e 'print "A"x4100')" - -- TODO: build: Enable PIE and RELRO by default - -- TODO: Support better than MD5 hostkey hash (for ssh) - -- [Daniel Gustafsson brought this change] - - tests: Fix a small typo in the tests README (#1060) - - The subdirectory for logs in tests/ is named log/ without an 's' - at the end. - -- TODO: Introduce --fail-fast to exit on first transfer fail - - See #1054 - -- TODO: Leave secure cookies alone - -- [Rainer Müller brought this change] - - CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056) - - The 'userp' argument is unused in this example code. - -- TODO: TCP Fast Open for windows - -- RELEASE-NOTES: synced with 8fd2a754f0de - -- CURLOPT_KEEP_SENDING_ON_ERROR.3: mention when it is added - -- memdup: use 'void *' as return and source type - -- TODO: Add easy argument to formpost functions - -- formpost: trying to attach a directory no longer crashes - - The error path would previously add a freed entry to the linked list. - - Reported-by: Toby Peterson - - Fixes #1053 - -- [Sergei Kuzmin brought this change] - - cookies: same domain handling changed to match browser behavior - - Cokie with the same domain but different tailmatching property are now - considered different and do not replace each other. If header contains - following lines then two cookies will be set: Set-Cookie: foo=bar; - domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz; - domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 - - This matches Chrome, Opera, Safari, and Firefox behavior. When sending - stored tokens to foo.com Chrome, Opera, Firefox store send them in the - stored order, while Safari pre-sort the cookies. - - Closes #1050 - -- [Stephen Brokenshire brought this change] - - FAQ: Fix typos in section 5.14 (#1047) - - Type required for YourClass::func C++ function (using size_t in line - with the documentation for CURLOPT_WRITEFUNCTION) and missing second - colon when specifying the static function for CURLOPT_WRITEFUNCTION. - -- [Sebastian Mundry brought this change] - - KNOWN_BUGS: Fix typos in section 5.8. - - Closes #1046 - -- [mundry brought this change] - - CONTRIBUTE.md: Fix typo in 'About pull requests' section. (#1045) - -- curl.1: --trace supports % for sending to stderr! - -- KNOWN_BUGS: 5.8 configure finding libs in wrong directory - -Dan Fandrich (24 Sep 2016) -- configure: Fixed builds with libssh2 in a custom location - - A libssh2 library in the standard system location was being used in - preference to the desired one while linking. - -Daniel Stenberg (23 Sep 2016) -- SECURITY: remove the top ascii logo - -Michael Kaufmann (22 Sep 2016) -- New libcurl option to keep sending on error - - Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether - sending the request body shall be completed when the server responds - early with an error status code. - - This is suitable for manual NTLM authentication. - - Reviewed-by: Jay Satiro - - Closes https://github.com/curl/curl/pull/904 - -Kamil Dudka (22 Sep 2016) -- nss: add chacha20-poly1305 cipher suites if supported by NSS - -- nss: add cipher suites using SHA384 if supported by NSS - -- nss: fix typo in ecdhe_rsa_null cipher suite string - - As it seems to be a rarely used cipher suite (for securely established - but _unencrypted_ connections), I believe it is fine not to provide an - alias for the misspelled variant. - -Jay Satiro (21 Sep 2016) -- docs: Remove that --proto is just used for initial retrieval - - .. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not - override protocols denied by --proto and CURLOPT_PROTOCOLS. - - - Add a test to enforce: --proto deny must override --proto-redir allow - - Closes https://github.com/curl/curl/pull/1031 - -Daniel Stenberg (21 Sep 2016) -- dist: add CurlSymbolHiding.cmake to the tarball - - Follow-up to 6140dfcf3e784 - - Reported-by: Alexander Sinditskiy - -- curl_global_cleanup.3: don't unload the lib with sub threads running - - Discussed in #997 - - Assisted-by: Jay Satiro - -- MAIL-ETIQUETTE: language - -Jay Satiro (20 Sep 2016) -- easy: Reset all statistical session info in curl_easy_reset - - Bug: https://github.com/curl/curl/issues/1017 - Reported-by: Jeroen Ooms - -Daniel Stenberg (19 Sep 2016) -- RELEASE-NOTES: synced with 79607eec51055 - -Jay Satiro (19 Sep 2016) -- [Daniel Gustafsson brought this change] - - darwinssl: Fix typo in comment - - Closes https://github.com/curl/curl/pull/1028 - -Daniel Stenberg (19 Sep 2016) -- [Bernard Spil brought this change] - - libressl: fix version output - - LibreSSL defines `OPENSSL_VERSION_NUMBER` as `0x20000000L` for all - versions returning `LibreSSL/2.0.0` for any LibreSSL version. - - This change provides a local OpenSSL_version_num function replacement - returning LIBRESSL_VERSION_NUMBER instead. - - Closes #1029 - -- [rugk brought this change] - - TODO: Add PINNEDPUBLICKEY - HPKP compatibility, HSTS & HPKP - - Closes #1025 - Closes #1026 - Closes #1027 - -- openssl: don't call ERR_remote_thread_state on >= 1.1.0 - - Follow-up fix to d9321562 - -- openssl: don’t call CRYTPO_cleanup_all_ex_data - - The OpenSSL function CRYTPO_cleanup_all_ex_data() cannot be called - multiple times without crashing - and other libs might call it! We - basically cannot call it without risking a crash. The function is a - no-op since OpenSSL 1.1.0. - - Not calling this function only risks a small memory leak with OpenSSL < - 1.1.0. - - Bug: https://curl.haxx.se/mail/lib-2016-09/0045.html - Reported-by: Todd Short - -- TODO: Support SSLKEYLOGFILE - -Jay Satiro (18 Sep 2016) -- CURLOPT_PINNEDPUBLICKEY.3: fix the AVAILABILITY formatting - -Nick Zitzmann (18 Sep 2016) -- darwinssl: disable RC4 cipher-suite support - - RC4 was a nice alternative to CBC back in the days of BEAST, but it's insecure and obsolete now. - -- configure: change "iOS/Mac OS X native" to "Apple OS native" - - Since I first wrote that text, Apple introduced tvOS and watchOS, and renamed "Mac OS X" to "macOS." Let's make the text a little more inclusive, since curl can be built for all four operating systems. - -Jay Satiro (18 Sep 2016) -- test2048: fix url - -- examples/imap-append: Set size of data to be uploaded - - Prior to this commit this example failed with error - 'Cannot APPEND with unknown input file size'. - - Bug: https://github.com/curl/curl/issues/1008 - Reported-by: lukaszgn@users.noreply.github.com - - Closes https://github.com/curl/curl/pull/1011 - -Daniel Stenberg (16 Sep 2016) -- [Tony Kelman brought this change] - - LICENSE-MIXING.md: update with mbedTLS dual licensing - - Recent versions of mbedTLS are available under either Apache 2.0 or GPL - 2.0, see https://tls.mbed.org/how-to-get - - Closes #1019 - -- KNOWN_BUGS: chunked-encoded requests with HTTP/2 is fixed - -- http2: debug ouput sent HTTP/2 request headers - -- http: accept "Transfer-Encoding: chunked" for HTTP/2 as well - - ... but don't send the actual header over the wire as it isn't accepted. - Chunked uploading is still triggered using this method. - - Fixes #1013 - Fixes #662 - -- openssl: fix per-thread memory leak usiong 1.0.1 or 1.0.2 - - OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread - so we need to clean it when easy handles are freed, in case the thread - will be killed in which the easy handle was used. All OpenSSL code in - libcurl should extract the error in association with the error already - so clearing this queue here should be harmless at worst. - - Fixes #964 - -- RELEASE-NOTES: reset and go toward 7.51.0 (again) - -Version 7.50.3 (14 Sep 2016) - -Daniel Stenberg (14 Sep 2016) -- THANKS: updated with curl 7.50.3 contributors - -- RELEASE-NOTES: curl 7.50.3 - -- test1605: verify negative input lengths to (un)escape functions - -- curl_easy_unescape: deny negative string lengths as input - - CVE-2016-7167 - - Bug: https://curl.haxx.se/docs/adv_20160914.html - -- curl_easy_escape: deny negative string lengths as input - - CVE-2016-7167 - - Bug: https://curl.haxx.se/docs/adv_20160914.html - -- curl: make --create-dirs on windows grok both forward and backward slashes - - Reported-by: Ryan Scott - - Fixes #1007 - -- RELEASE-NOTES: synced with 665694979b6 - -- [Tony Kelman brought this change] - - mbedtls: switch off NTLM in build if md4 isn't available - - NTLM support with mbedTLS was added in 497e7c9 but requires that mbedTLS - is built with the MD4 functions available, which it isn't in default - builds. This now adapts if the funtion isn't there and builds libcurl - without NTLM support if so. - - Fixes #1004 - -Jay Satiro (12 Sep 2016) -- CODE_STYLE: fix long-line guideline - - - Change maximum allowed line length from 80 to 79. - -- CODE_STYLE: add column alignment section - - Note that since the added examples are for column alignment I had to - encapsulate with ~~~c markdown to preserve their alignment. - -Peter Wu (11 Sep 2016) -- cmake: fix curl-config --static-libs - - The `curl-config --static-libs` command should not output paths like - -l/usr/lib/libssl.so, instead print the absolute path without `-l`. - - This also removes the confusing message "Static linking is broken" which - was printed because curl-config --static-libs was disfunctional even - though the static libcurl.a library works properly. - - Fixes https://github.com/curl/curl/issues/841 - -Daniel Stenberg (11 Sep 2016) -- http: refuse to pass on response body with NO_NODY was set - - ... like when a HTTP/0.9 response comes back without any headers at all - and just a body this now prevents that body from being sent to the - callback etc. - - Adapted test 1144 to verify. - - Fixes #973 - - Assisted-by: Ray Satiro - -- RELEASE-NOTES: synced with 257bf3ac67eb6 - -Jakub Zakrzewski (10 Sep 2016) -- CMake: Don't build unit tests if private symbols are hidden - - This only excludes building unit tests from default build ( 'all' Make - target or "Build Solution" in VisualStudio). The projects and Make - targets will still be generated and shown in supporting IDEs. - - Fixes https://github.com/curl/curl/issues/981 - Reported-by: Randy Armstrong - - Closes https://github.com/curl/curl/pull/990 - -- CMake: Try to (un-)hide private library symbols - - Detect support for compiler symbol visibility flags and apply those - according to CURL_HIDDEN_SYMBOLS option. - It should work true to the autotools build except it tries to unhide - symbols on Windows when requested and prints warning if it fails. - - Ref: https://github.com/curl/curl/issues/981#issuecomment-242665951 - Reported-by: Daniel Stenberg - -Daniel Stenberg (9 Sep 2016) -- openssl: fix bad memory free (regression) - - ... by partially reverting f975f06033b1. The allocation could be made by - OpenSSL so the free must be made with OPENSSL_free() to avoid problems. - - Reported-by: Harold Stuart - Fixes #1005 - -- http2: support > 64bit sized uploads - - ... by making sure we don't count down the "upload left" counter when the - uploaded size is unknown and then it can be allowed to continue forever. - - Fixes #996 - -Jay Satiro (7 Sep 2016) -- errors: new alias CURLE_WEIRD_SERVER_REPLY (8) - - Since we're using CURLE_FTP_WEIRD_SERVER_REPLY in imap, pop3 and smtp as - more of a generic "failed to parse" introduce an alias without FTP in - the name. - - Closes https://github.com/curl/curl/pull/975 - -Daniel Stenberg (7 Sep 2016) -- bump: toward 7.51.0 - -- HISTORY: remove ascii logo to render nicer on web - -- curl: whitelist use of strtok() in non-threaded context - -- checksrc: detect strtok() use - - ... as that function slipped through once before. - -GitHub (7 Sep 2016) -- [Viktor Szakats brought this change] - - mk-ca-bundle.pl: use SHA256 instead of SHA1 - - This hash is used to verify the original downloaded certificate bundle - and also included in the generated bundle's comment header. Also - rename related internal symbols to algorithm-agnostic names. - -Version 7.50.2 (7 Sep 2016) - -Daniel Stenberg (7 Sep 2016) -- RELEASE-NOTES: curl 7.50.2 release - -- THANKS: updated for 7.50.2 - -Jay Satiro (6 Sep 2016) -- [Gaurav Malhotra brought this change] - - openssl: fix CURLINFO_SSL_VERIFYRESULT - - CURLINFO_SSL_VERIFYRESULT does not get the certificate verification - result when SSL_connect fails because of a certificate verification - error. - - This fix saves the result of SSL_get_verify_result so that it is - returned by CURLINFO_SSL_VERIFYRESULT. - - Closes https://github.com/curl/curl/pull/995 - -Daniel Stenberg (6 Sep 2016) -- [Daniel Gustafsson brought this change] - - darwinssl: test for errSecSuccess in PKCS12 import rather than noErr (#993) - - While noErr and errSecSuccess are defined as the same value, the API - documentation states that SecPKCS12Import() returns errSecSuccess if - there were no errors in importing. Ensure that a future change of the - defined value doesn't break (however unlikely) and be consistent with - the API docs. - -- [Daniel Gustafsson brought this change] - - docs: Fix link to CONTRIBUTE in Github contribution guidelines (#994) - -- [Marcel Raad brought this change] - - openssl: Fix compilation with OPENSSL_API_COMPAT=0x10100000L - - With OPENSSL_API_COMPAT=0x10100000L (OpenSSL 1.1 API), the cleanup - functions are unavailable (they're no-ops anyway in OpenSSL 1.1). The - replacements for SSL_load_error_strings, SSLeay_add_ssl_algorithms, and - OpenSSL_add_all_algorithms are called automatically [1][2]. SSLeay() is - now called OpenSSL_version_num(). - - [1]: https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html - [2]: https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html - - Closes #992 - -- RELEASE-NOTES: synced with 3d4c0c8b9bc1d - -- http2: return EOF when done uploading without known size - - Fixes #982 - -- http2: skip the content-length parsing, detect unknown size - -- http2: minor white space edit - -- http2: use named define instead of magic constant in read callback - -- [Craig Davison brought this change] - - configure: make the cpp -P detection not clobber CPPFLAGS - - CPPPFLAGS is now CPPPFLAG. Fixes CURL_CHECK_DEF. - - Fixes #958 - -- [Olivier Brunel brought this change] - - speed caps: not based on average speeds anymore - - Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE & - CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits - with the cumulative average speed of the entire transfer; While this - might work at times with good/constant connections, in other cases it - can result to the limits simply being "ignored" for more than "short - bursts" (as told in man page). - - Consider a download that goes on much slower than the limit for some - time (because bandwidth is used elsewhere, server is slow, whatever the - reason), then once things get better, curl would simply ignore the limit - up until the average speed (since the beginning of the transfer) reached - the limit. This could prove the limit useless to effectively avoid - using the entire bandwidth (at least for quite some time). - - So instead, we now use a "moving starting point" as reference, and every - time at least as much as the limit as been transferred, we can reset - this starting point to the current position. This gets a good limiting - effect that applies to the "current speed" with instant reactivity (in - case of sudden speed burst). - - Closes #971 - -- HISTORY.md: the multi socket was put in the wrong year! - -- [Mark Hamilton brought this change] - - tool_helpers.c: fix comment typo (#989) - -- [Mark Hamilton brought this change] - - libtest/test.h: fix typo (#988) - -- CURLMOPT_PIPELINING.3: language - -- CURLMOPT_PIPELINING.3: extended and clarified - - Especially in regards to the multiplexing part. - -Steve Holme (31 Aug 2016) -- curl_sspi.c: Updated function description comments - - * Added description to Curl_sspi_free_identity() - * Added parameter and return explanations to Curl_sspi_global_init() - * Added parameter explaination to Curl_sspi_global_cleanup() - -- README: Corrected the supported Visual Studio versions - - Missed from commit 8356022d17. - -- KNOWN_BUGS: Move the Visual Studio project shortcomings from local README - -- KNOWN_BUGS: Expand 6.4 to include Kerberos V5 - - ...and discuss a possible solution. - -Daniel Stenberg (30 Aug 2016) -- connect: fix #ifdefs for debug versions of conn/streamclose() macros - - CURLDEBUG is for the memory debugging - - DEBUGBUILD is for the extra debug stuff - - Pointed-out-by: Steve Holme - -- KNOWN_BUGS: mention some cmake "support gaps" - -Nick Zitzmann (28 Aug 2016) -- darwinssl: add documentation stating that the --cainfo option is intended for backward compatibility only - - In other news, I changed one other reference to "Mac OS X" in the documentation (that I previously wrote) to say "macOS" instead. - -Daniel Stenberg (28 Aug 2016) -- http2: return CURLE_HTTP2_STREAM for unexpected stream close - - Follow-up to c3e906e9cd0f, seems like a more appropriate error code - - Suggested-by: Jay Satiro - -- [Tatsuhiro Tsujikawa brought this change] - - http2: handle closed streams when uploading - - Fixes #986 - -- http2: make sure stream errors don't needlessly close the connection - - With HTTP/2 each transfer is made in an indivial logical stream over the - connection, making most previous errors that caused the connection to get - forced-closed now instead just kill the stream and not the connection. - - Fixes #941 - -- Curl_verify_windows_version: minor edit to avoid compiler warnings - - ... instead of if() before the switch(), add a default to the switch so - that the compilers don't warn on "warning: enumeration value - 'PLATFORM_DONT_CARE' not handled in switch" anymore. - -Steve Holme (27 Aug 2016) -- RELEASE-NOTES: Added missing fix from commit 15592143f - -Jay Satiro (26 Aug 2016) -- schannel: Disable ALPN for Wine since it is causing problems - - - Disable ALPN on Wine. - - - Don't pass input secbuffer when ALPN is disabled. - - When ALPN support was added a change was made to pass an input secbuffer - to initialize the context. When ALPN is enabled the buffer contains the - ALPN information, and when it's disabled the buffer is empty. In either - case this input buffer caused problems with Wine and connections would - not complete. - - Bug: https://github.com/curl/curl/issues/983 - Reported-by: Christian Fillion - -Kamil Dudka (26 Aug 2016) -- [Peter Wang brought this change] - - nss: work around race condition in PK11_FindSlotByName() - - Serialise the call to PK11_FindSlotByName() to avoid spurious errors in - a multi-threaded environment. The underlying cause is a race condition - in nssSlot_IsTokenPresent(). - - Bug: https://bugzilla.mozilla.org/1297397 - - Closes #985 - -- nss: refuse previously loaded certificate from file - - ... when we are not asked to use a certificate from file - -Daniel Stenberg (26 Aug 2016) -- ftp_done: remove dead code - -- TLS: random file/egd doesn't have to match for conn reuse - -- test161: add comment for the exit code - -Dan Fandrich (26 Aug 2016) -- test219: Add http as a required feature - -Daniel Stenberg (25 Aug 2016) -- [Michael Kaufmann brought this change] - - HTTP: stop parsing headers when switching to unknown protocols - - - unknown protocols probably won't send more headers (e.g. WebSocket) - - improved comments and moved them to the correct case statements - - Closes #899 - -- openssl: make build with 1.1.0 again - - synced with OpenSSL git master commit cc06906707 - -- INTERNALS: fix title - -- configure: detect zlib with our pkg-config macros - - ... instead of relying on the pkg-config autoconf macros to be present. - - Fixes #972 (again...) - -Jay Satiro (25 Aug 2016) -- http2: Remove incorrect comments - - .. also remove same from scp - -Daniel Stenberg (23 Aug 2016) -- [Ales Novak brought this change] - - ftp: fix wrong poll on the secondary socket - - When we're uploading using FTP and the server issues a tiny pause - between opening the connection to the client's secondary socket, the - client's initial poll() times out, which leads to second poll() which - does not wait for POLLIN on the secondary socket. So that poll() also - has to time out, creating a long (200ms) pause. - - This patch adds the correct flag to the secondary socket, making the - second poll() correctly wait for the connection there too. - - Signed-off-by: Ales Novak - - Closes #978 - -- RELEASE-NOTES: synced with 95ded2c56 - -- configure: make it work without PKG_CHECK_MODULES - - With commit c2f9b78 we added a new dependency on pkg-config for - developers which may be unwanted. This change make the configure script - still work as before if pkg-config isn't installed, it'll just use the - old zlib detection logic without pkg-config. - - Reported-by: Marc Hörsken - - Fixes #972 - -Marc Hoersken (21 Aug 2016) -- Revert "KNOWN_BUGS: SOCKS proxy not working via IPv6" - - This reverts commit 9cb1059f92286a6eb5d28c477fdd3f26aed1d554. - - As discussed in #835 SOCKS5 supports IPv6 proxies and destinations. - -Daniel Stenberg (21 Aug 2016) -- [Marco Deckel brought this change] - - win: Basic support for Universal Windows Platform apps - - Closes #820 - -Steve Holme (21 Aug 2016) -- sasl: Don't use GSSAPI authentication when domain name not specified - - Only choose the GSSAPI authentication mechanism when the user name - contains a Windows domain name or the user is a valid UPN. - - Fixes #718 - -- vauth: Added check for supported SSPI based authentication mechanisms - - Completing commit 00417fd66c and 2708d4259b. - -- http.c: Remove duplicate (authp->avail & CURLAUTH_DIGEST) check - - From commit 2708d4259b. - -Marc Hoersken (20 Aug 2016) -- socks.c: display the hostname returned by the SOCKS5 proxy server - - Instead of displaying the requested hostname the one returned - by the SOCKS5 proxy server is used in case of connection error. - The requested hostname is displayed earlier in the connection sequence. - - The upper-value of the port is moved to a temporary variable and - replaced with a 0-byte to make sure the hostname is 0-terminated. - -Steve Holme (20 Aug 2016) -- urldata.h: Corrected comment for httpcode which is also populated by SMTP - - As of 7.25.0 and commit 5430007222. - -Marc Hoersken (20 Aug 2016) -- socks.c: use Curl_printable_address in SOCKS5 connection sequence - - Replace custom string formatting with Curl_printable_address. - Add additional debug and error output in case of failures. - -- socks.c: align SOCKS4 connection sequence with SOCKS5 - - Calling sscanf is not required since the raw IPv4 address is - available and the protocol can be detected using ai_family. - -Steve Holme (20 Aug 2016) -- http.c: Corrected indentation change from commit 2708d4259b - - Made by Visual Studio's auto-correct feature and missed by me in my own - code reviews! - -- http: Added calls to Curl_auth_is__supported() - - Hooked up the HTTP authentication layer to query the new 'is mechanism - supported' functions when deciding what mechanism to use. - - As per commit 00417fd66c existing functionality is maintained for now. - -Marc Hoersken (20 Aug 2016) -- socks.c: improve verbose output of SOCKS5 connection sequence - -- configure.ac: add missing quotes to PKG_CHECK_MODULES - -Steve Holme (20 Aug 2016) -- sasl: Added calls to Curl_auth_is__supported() - - Hooked up the SASL authentication layer to query the new 'is mechanism - supported' functions when deciding what mechanism to use. - - For now existing functionality is maintained. - -Daniel Stenberg (19 Aug 2016) -- [Miroslav Franc brought this change] - - spnego_sspi: fix memory leak in case *outlen is zero (#970) - -- CURLMOPT_MAX_TOTAL_CONNECTIONS.3: mention it can also multiplex - -Steve Holme (18 Aug 2016) -- vauth: Introduced Curl_auth_is__supported() functions - - As Windows SSPI authentication calls fail when a particular mechanism - isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5 - and Negotiate to allow both HTTP and SASL authentication the opportunity - to query support for a supported mechanism before selecting it. - - For now each function returns TRUE to maintain compatability with the - existing code when called. - -Daniel Stenberg (18 Aug 2016) -- test1144: verify HEAD with body-only response - -Steve Holme (17 Aug 2016) -- RELEASE-PROCEDURE: Added some more future release dates - - ...and removed some old ones - -Daniel Stenberg (17 Aug 2016) -- [David Woodhouse brought this change] - - curl: allow "pkcs11:" prefix for client certificates - - RFC7512 provides a standard method to reference certificates in PKCS#11 - tokens, by means of a URI starting 'pkcs11:'. - - We're working on fixing various applications so that whenever they would - have been able to use certificates from a file, users can simply insert - a PKCS#11 URI instead and expect it to work. This expectation is now a - part of the Fedora packaging guidelines, for example. - - This doesn't work with cURL because of the way that the colon is used - to separate the certificate argument from the passphrase. So instead of - - curl -E 'pkcs11:manufacturer=piv_II;id=%01' … - - I instead need to invoke cURL with the colon escaped, like this: - - curl -E 'pkcs11\:manufacturer=piv_II;id=%01' … - - This is suboptimal because we want *consistency* — the URI should be - usable in place of a filename anywhere, without having strange - differences for different applications. - - This patch therefore disables the processing in parse_cert_parameter() - when the string starts with 'pkcs11:'. It means you can't pass a - passphrase with an unescaped PKCS#11 URI, but there's no need to do so - because RFC7512 allows a PIN to be given as a 'pin-value' attribute in - the URI itself. - - Also, if users are already using RFC7512 URIs with the colon escaped as - in the above example — even providing a passphrase for cURL to handling - instead of using a pin-value attribute, that will continue to work - because their string will start 'pkcs11\:' and won't match the check. - - What *does* break with this patch is the extremely unlikely case that a - user has a file which is in the local directory and literally named - just "pkcs11", and they have a passphrase on it. If that ever happened, - the user would need to refer to it as './pkcs11:' instead. - -- nss: make the global variables static - -- openssl: use regular malloc instead of OPENSSL_malloc - - This allows for better memmory debugging and torture tests. - -- proxy: fix tests as follow-up to 93b0d907d5 - - This fixes tests that were added after 113f04e664b as the tests would - fail otherwise. - - We bring back "Proxy-Connection: Keep-Alive" now unconditionally to fix - regressions with old and stupid proxies, but we could possibly switch to - using it only for CONNECT or only for NTLM in a future if we want to - gradually reduce it. - - Fixes #954 - - Reported-by: János Fekete - -- Revert "Proxy-Connection: stop sending this header by default" - - This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68. - -- CURLOPT_PROXY.3: unsupported schemes cause errors now - - Follow-up to a96319ebb9 (document the new behavior) - -- tests/README: mention nghttpx for HTTP/2 tests - -- README.md: add our CII Best Practices badge - -- proxy: polished the error message for unsupported schemes - - Follow up to a96319ebb93 - -- test219: verify unsupported scheme for proxies get rejected - -- proxy: reject attempts to use unsupported proxy schemes - - I discovered some people have been using "https://example.com" style - strings as proxy and it "works" (curl doesn't complain) because curl - ignores unknown schemes and then assumes plain HTTP instead. - - I think this misleads users into believing curl uses HTTPS to proxies - when it doesn't. Now curl rejects proxy strings using unsupported - schemes instead of just ignoring and defaulting to HTTP. - -- RELEASE-NOTES: synced with b7ee5316c2fd5b - -Marc Hoersken (14 Aug 2016) -- socks.c: Correctly calculate position of port in response packet - - Third commit to fix issue #944 regarding SOCKS5 error handling. - - Reported-by: David Kalnischkies - -- socks.c: Do not modify and invalidate calculated response length - - Second commit to fix issue #944 regarding SOCKS5 error handling. - - Reported-by: David Kalnischkies - -- socks.c: Move error output after reading the whole response packet - - First commit to fix issue #944 regarding SOCKS5 error handling. - - Reported-by: David Kalnischkies - -Daniel Stenberg (13 Aug 2016) -- [Ronnie Mose brought this change] - - MANUAL: Remove invalid link to LDAP documentation (#962) - - The server developer.netscape.com does not resolve into any - ip address and can be removed. - -Jay Satiro (13 Aug 2016) -- openssl: accept subjectAltName iPAddress if no dNSName match - - Undo change introduced in d4643d6 which caused iPAddress match to be - ignored if dNSName was present but did not match. - - Also, if iPAddress is present but does not match, and dNSName is not - present, fail as no-match. Prior to this change in such a case the CN - would be checked for a match. - - Bug: https://github.com/curl/curl/issues/959 - Reported-by: wmsch@users.noreply.github.com - -Daniel Stenberg (12 Aug 2016) -- [Dambaev Alexander brought this change] - - configure.ac: add zlib search with pkg-config - - Closes #956 - -- rtsp: ignore whitespace in session id - - Follow-up to e577c43bb to fix test case 569 brekage: stop the parser at - whitespace as well. - - Help-by: Erik Janssen - -- HTTP: retry failed HEAD requests too - - Mark's new document about HTTP Retries - (https://mnot.github.io/I-D/httpbis-retry/) made me check our code and I - spotted that we don't retry failed HEAD requests which seems totally - inconsistent and I can't see any reason for that separate treatment. - - So, no separate treatment for HEAD starting now. A HTTP request sent - over a reused connection that gets cut off before a single byte is - received will be retried on a fresh connection. - - Made-aware-by: Mark Nottingham - -- mk-ca-bundle.1: document -m, added in 1.26 - -- RELEASE-NOTES: synced with e577c43bb5 - -- [Erik Janssen brought this change] - - rtsp: accept any RTSP session id - - Makes libcurl work in communication with gstreamer-based RTSP - servers. The original code validates the session id to be in accordance - with the RFC. I think it is better not to do that: - - - For curl the actual content is a don't care. - - - The clarity of the RFC is debatable, is $ allowed or only as \$, that - is imho not clear - - - Gstreamer seems to url-encode the session id but % is not allowed by - the RFC - - - less code - - With this patch curl will correctly handle real-life lines like: - Session: biTN4Kc.8%2B1w-AF.; timeout=60 - - Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html - -- symbols-in-versions: add CURL_STRICTER - - Added in 5fce88aa8c12564 - -- [Simon Warta brought this change] - - winbuild: Allow changing C compiler via environment variable CC (#952) - - This makes it possible to use specific compilers or a cache. - - Sample use for clcache: - set CC=clcache.bat - nmake /f Makefile.vc DEBUG=no MODE=static VC=14 GEN_PDB=no - -- LICENSE-MIXING.md: switched to markdown - -- docs-make: have markdown files use .md - -- curl.h: make CURL_NO_OLDIES define CURL_STRICTER - -- HISTORY.md: use markdown extension - -- SSLCERTS.md: renamed to markdown extension - -- INTERNALS.md: use markdown extension for markdown content - -- CONTRIBUTE.md: markdown extension - -- CONTRIBUTE: changed to markdown - -- CONTRIBUTE: refreshed - -- TODO: added an SSH section and two SFTP things to do - -- TODO: remove the 1.22 duplicated item - -- TODO: move "CURLOPT_MAIL_CLIENT" to SMTP section - -- TODO: API for URL parsing/splitting - -- TODO: move QUIC to the HTTP section - -- [Simon Warta brought this change] - - winbuild: Free name $(CC) in Makefile (#950) - - In the old line number 290, CC and CURL_CC had the same value. After - that, /DCURL_STATICLIB was added to CC but not CURL_CC (intended?). - - This gets rid of the CC variable entirely. It is a first step to make it - possible to manualyl set a CC variable in order to be able to change the - compiler. - -- TODO: Use huge HTTP/2 windows - -- [Simon Warta brought this change] - - winbuild: Avoid setting redundant CFLAGS to compile commands (#949) - - $(CURL_CC) is always used with $(CURL_CFLAGS) appended, so before this, - all arguments in CURL_CFLAGS have been added twice. - -Jay Satiro (8 Aug 2016) -- cmake: Enable win32 threaded resolver by default - - - Turn on USE_THREADS_WIN32 in Windows if ares isn't on - - This change is similar to what we already do in the autotools build. - -- cmake: Enable win32 large file support by default - - All compilers used by cmake in Windows should support large files. - - - Add test SIZEOF_OFF_T - - Remove outdated test SIZEOF_CURL_OFF_T - - Turn on USE_WIN32_LARGE_FILES in Windows - - Check for 'Largefile' during the features output - -Daniel Stenberg (7 Aug 2016) -- TODO: added several ideas, removed SPDY - -- http2: always wait for readable socket - - Since the server can at any time send a HTTP/2 frame to us, we need to - wait for the socket to be readable during all transfers so that we can - act on incoming frames even when uploading etc. - - Reminded-by: Tatsuhiro Tsujikawa - -- RELEASE-NOTES: synced with 7b4bf37a44791 - -- [Thomas Glanzmann brought this change] - - mbedtls: set debug threshold to 4 (verbose) when MBEDTLS_DEBUG is defined - - In order to make MBEDTLS_DEBUG work, the debug threshold must be unequal - to 0. This patch also adds a comment how mbedtls must be compiled in - order to make debugging work, and explains the possible debug levels. - -- CURLOPT_TCP_NODELAY: now enabled by default - - After a few wasted hours hunting down the reason for slowness during a - TLS handshake that turned out to be because of TCP_NODELAY not being - set, I think we have enough motivation to toggle the default for this - option. We now enable TCP_NODELAY by default and allow applications to - switch it off. - - This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be - used to disable it. - - Thanks-to: Tim Rühsen - Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html - -- [Serj Kalichev brought this change] - - TFTP: Fix upload problem with piped input - - When input stream for curl is stdin and input stream is not a file but - generated by a script then curl can truncate data transfer to arbitrary - size since a partial packet is treated as end of transfer by TFTP. - - Fixes #857 - -- mk-ca-bundle.pl: -m keeps ca cert meta data in output - - Makes the script pass on comments holding meta data to the output - file. Like fingerprinters, issuer, date ranges etc. - - Closes #937 - -- multi: make Curl_expire() work with 0 ms timeouts - - Previously, passing a timeout of zero to Curl_expire() was a magic code - for clearing all timeouts for the handle. That is now instead made with - the new Curl_expire_clear() function and thus a 0 timeout is fine to set - and will trigger a timeout ASAP. - - This will help removing short delays, in particular notable when doing - HTTP/2. - -- transfer: return without select when the read loop reached maxcount - - Regression added in 790d6de48515. The was then added to avoid one - particular transfer to starve out others. But when aborting due to - reading the maxcount, the connection must be marked to be read from - again without first doing a select as for some protocols (like SFTP/SCP) - the data may already have been read off the socket. - - Reported-by: Dan Donahue - Bug: https://curl.haxx.se/mail/lib-2016-07/0057.html - -Steve Holme (3 Aug 2016) -- [Bill Nagel brought this change] - - mbedtls: Added support for NTLM - -Daniel Stenberg (3 Aug 2016) -- [Sergei Nikulov brought this change] - - travis: removed option to rebuild autotool from source - - Fixes #943 - -- bump: start working toward 7.50.2 - -Version 7.50.1 (3 Aug 2016) - -Daniel Stenberg (3 Aug 2016) -- THANKS: 7 new contributors from the 7.50.1 release - -- RELEASE-NOTES: 7.50.1 - -- TLS: only reuse connections with the same client cert - - CVE-2016-5420 - Bug: https://curl.haxx.se/docs/adv_20160803B.html - -- TLS: switch off SSL session id when client cert is used - - CVE-2016-5419 - Bug: https://curl.haxx.se/docs/adv_20160803A.html - Reported-by: Bru Rom - Contributions-by: Eric Rescorla and Ray Satiro - -- curl_multi_cleanup: clear connection pointer for easy handles - - CVE-2016-5421 - Bug: https://curl.haxx.se/docs/adv_20160803C.html - Reported-by: Marcelo Echeverria and Fernando Muñoz - -- KNOWN_BUGS: SOCKS proxy not working via IPv6 - - Closes #835 - -- KNOWN_BUGS: CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM - - Closes #768 - -- KNOWN_BUGS: transfer-encoding: chunked in HTTP/2 - - Closes #662 - -- TODO: Provide cmake config-file - - Closes #885 - -Patrick Monnerat (2 Aug 2016) -- os400: define BUILDING_LIBCURL in make script. - -Daniel Stenberg (1 Aug 2016) -- RELEASE-NOTES: synced with aa9f536a18b - -Jay Satiro (1 Aug 2016) -- [Thomas Glanzmann brought this change] - - mbedtls: Fix debug function name - - This patch is necessary so that curl compiles if MBEDTLS_DEBUG is - defined. - - Bug: https://curl.haxx.se/mail/lib-2016-08/0001.html - -Daniel Stenberg (1 Aug 2016) -- [Sergei Nikulov brought this change] - - travis: fix OSX build by re-installing libtool - - Apparently due to a broken homebrew install - - fixes #934 - Closes #939 - -- [Martin Vejnár brought this change] - - win32: fix a potential memory leak in Curl_load_library - - If a call to GetSystemDirectory fails, the `path` pointer that was - previously allocated would be leaked. This makes sure that `path` is - always freed. - - Closes #938 - -- include: revert 9adf3c4 and make public types void * again - - Many applications assume the actual contents of the public types and use - that do for example forward declarations (saving them from including our - public header) which then breaks when we switch from void * to a struct - *. - - I'm not convinced we were wrong, but since this practise seems - widespread enough I'm willing to (partly) step down. - - Now libcurl uses the struct itself when it is built and it allows - applications to use the struct type if CURL_STRICTER is defined at the - time of the #include. - - Reported-by: Peter Frühberger - Fixes #926 - -Jay Satiro (28 Jul 2016) -- [Yonggang Luo brought this change] - - cmake: Fix for schannel support - - The check_library_exists_concat do not check crypt32 library properly. - So include it directly. - - Bug: https://github.com/curl/curl/pull/917 - Reported-by: Yonggang Luo - - Bug: https://github.com/curl/curl/issues/935 - Reported-by: Alain Danteny - -- Revert "travis: Install libtool for OS X builds" - - Didn't work. - - This reverts commit 50723585ed380744358de054e2a55dccee65dfd7. - -- travis: Install libtool for OS X builds - - CI is failing due to missing libtoolize, so I'm trying this. - -Daniel Stenberg (26 Jul 2016) -- [Viktor Szakats brought this change] - - TODO: minor typo in last commit - - merged #931 - -- TODO: Timeout idle connections from the pool - -Patrick Monnerat (25 Jul 2016) -- os400: minimum supported OS version: V6R1M0. - Do not log compilation informational messages. - -Jay Satiro (24 Jul 2016) -- tests: Fix for http/2 feature - - Bug: https://curl.haxx.se/mail/lib-2016-07/0070.html - Reported-by: Paul Howarth - -Steve Holme (23 Jul 2016) -- README: Mention wolfSSL in the 'Dependencies' section - -- vauth.h: No need to query HAVE_GSSAPI || USE_WINDOWS_SSPI for SPNEGO - - As SPNEGO is only defined when these pre-processor variables are defined - there is no need to query them explicitly. - -- spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declaration - - Typo introduced in commit ad5e9bfd5d. - -Daniel Stenberg (22 Jul 2016) -- SECURITY: mention how to get windows-specific CVEs - - ... and make the distros link a proper link - -Dan Fandrich (21 Jul 2016) -- test558: fix test by stripping file paths from FD lines - -Kamil Dudka (21 Jul 2016) -- tests: distribute the http2-server.pl script, too - -- docs: distribute the CURLINFO_HTTP_VERSION(3) man page, too - -Daniel Stenberg (21 Jul 2016) -- bump: start working on 7.50.1 - -Version 7.50.0 (21 Jul 2016) - -Daniel Stenberg (21 Jul 2016) -- RELEASE-NOTES: version 7.50.0 ready - -- THANKS: 13 new contributors from the 7.50.0 release - -Jay Satiro (21 Jul 2016) -- winbuild: fix embedded manifest option - - Embedded manifest option didn't work due to typo. - - Reported-by: Stefan Kanthak - -- vauth: Fix memleak by freeing credentials if out of memory - - This is a follow up to the parent commit dcdd4be which fixes one leak - but creates another by failing to free the credentials handle if out of - memory. Also there's a second location a few lines down where we fail to - do same. This commit fixes both of those issues. - -Daniel Stenberg (20 Jul 2016) -- [Saurav Babu brought this change] - - vauth: Fixed memory leak due to function returning without free - - This patch allocates memory to "output_token" only when it is required - so that memory is not leaked if function returns. - -- test558: updated after ipv6-check move - - Follow-up commit to c50980807c5 to make this test pass. - -Jay Satiro (20 Jul 2016) -- connect: disable TFO on Linux when using SSL - - - Linux TFO + TLS is not implemented yet. - - Bug: https://github.com/curl/curl/issues/907 - -Daniel Stenberg (19 Jul 2016) -- ROADMAP: QUIC and TLS 1.3 - -- RELEASE-NOTES: synced with c50980807c5 - -Jay Satiro (18 Jul 2016) -- [Brian Prodoehl brought this change] - - curl_global_init: Check if IPv6 works - - - Curl_ipv6works() is not thread-safe until after the first call, so - call it once during global init to avoid a possible race condition. - - Bug: https://github.com/curl/curl/issues/915 - PR: https://github.com/curl/curl/pull/918 - -- [Timothy Polich brought this change] - - CURLMOPT_SOCKETFUNCTION.3: fix typo - - Closes https://github.com/curl/curl/pull/914 - -- [Miroslav Franc brought this change] - - library: Fix memory leaks found during static analysis - - Closes https://github.com/curl/curl/pull/913 - -- [Viktor Szakats brought this change] - - cookie.c: Fix misleading indentation - - Closes https://github.com/curl/curl/pull/911 - -- FAQ: Update FTP directory listing section for MLSD command - - Explain how some FTP servers support the machine readable listing - format MLSD from RFC 3659 and compare it to LIST. - - Ref: https://github.com/curl/curl/issues/906 - -Daniel Stenberg (1 Jul 2016) -- [Sergei Nikulov brought this change] - - Appveyor: Updates for options - CURL_STATICLIB/BUILD_TESTING - - Closes #892 - -- TODO: 17.4 also brings more HTTP/2 support - -- TODO: try next proxy if one doesn't work - - Closes #896 - -- conn: don't free easy handle data in handler->disconnect - - Reported-by: Gou Lingfeng - Bug: https://curl.haxx.se/mail/lib-2016-06/0139.html - -- test1244: test different proxy ports same URL - -- curl_global_init.3: improved formatting of the flags - -- curl_global_init.3: expand on the SSL and WIN32 bits purpose - - Reported-by: Richard Gray - Bug: https://curl.haxx.se/mail/lib-2016-06/0136.html - -- [Michael Kaufmann brought this change] - - cleanup: minor code cleanup in Curl_http_readwrite_headers() - - - the expression of an 'if' was always true - - a 'while' contained a condition that was always true - - use 'if(k->exp100 > EXP100_SEND_DATA)' instead of 'if(k->exp100)' - - fixed a typo - - Closes #889 - -- SFTP: set a generic error when no SFTP one exists... - - ... as otherwise we could get a 0 which would count as no error and we'd - wrongly continue and could end up segfaulting. - - Bug: https://curl.haxx.se/mail/lib-2016-06/0052.html - Reported-by: 暖和的和暖 - -- ROADMAP: http2 tests are merged, mention http2 perf - -- docs/README.md: to render nicer pages on github - - ... as previously the README.cmake would be picked and put at the bottom - of the docs page there and it wasn't very representative! - -- README.md: change host name for the svg logo - - rawgit.com asks to use the domain cdn.rawgit.com for production - - See #900 - -- [Viktor Szakats brought this change] - - README.md: use the SVG logo - -- README.md: logo on top! - -- KNOWN_BUGS: 3.4 POP3 expects "CRLF.CRLF" eob for some - - Closes #740 - -- RELEASE-NOTES: synced with d61c80515aa8 - -- [Michael Osipov brought this change] - - acinclude.m4: improve autodetection of CA bundle on FreeBSD - - The FreeBSD Port security/ca_root_nss installs the Mozilla NSS CA bundle - to /usr/local/share/certs/ca-root-nss.crt. Use this bundle in the - discovery process. - - This change also removes the former FreeBSD path that has been obsolete - for 8 years since this FreeBSD ports commit: - https://svnweb.freebsd.org/ports/head/security/?view=revision&revision=215953 - - Closes #894 - -- configure: don't specify .lib for libs on windows - - Another follow up for crypt32.lib linking with winssl - -- configure: fix winssl LIBS change typo - - follow-up from 120bf29e - -- TODO: "TCP Fast Open" is done, add monitor pool connections - -- configure: add crypt32.lib for winssl builds - - Necessary since 6cabd78531f - -- Makefile.vc: link with crypt32.lib for winssl builds - - Necessary since 6cabd78531f - - Fixes #853 - -- [Joel Depooter brought this change] - - VC: Add crypt32.lib to Visual Sudio project template files - - Closes #854 - -- vc: fix the build for schannel certinfo support - - Broken since 6cabd785, which adds use of the Curl_extract_certinfo - function from the x509asn1.c file. - -- typedefs: use the full structs in internal code... - - ... and save the typedef'ed names for headers and external APIs. - -- internals: rename the SessionHandle struct to Curl_easy - -- headers: forward declare CURL, CURLM and CURLSH as structs - - Instead of typedef'ing to void, typedef to their corresponding actual - struct names to allow compilers to type-check. - - Assisted-by: Reinhard Max - -Jay Satiro (22 Jun 2016) -- vtls: Only call add/getsession if session id is enabled - - Prior to this change we called Curl_ssl_getsessionid and - Curl_ssl_addsessionid regardless of whether session ID reusing was - enabled. According to comments that is in case session ID reuse was - disabled but then later enabled. - - The old way was not intuitive and probably not something users expected. - When a user disables session ID caching I'd guess they don't expect the - session ID to be cached anyway in case the caching is later enabled. - -Daniel Stenberg (22 Jun 2016) -- curl.1: the used progress meter suffix is k in lower case - - Closes #883 - -- [Sergei Nikulov brought this change] - - cmake: now using BUILD_TESTING=ON/OFF - - CMake build now using BUILD_TESTING=ON/OFF (default is OFF) to build - tests and enabling CTest integration. Options BUILD_CURL_TESTS and - BUILD_DASHBOARD_REPORTS was removed. - - Closes #882 - - Reviewed-by: Brad King - -- [Michael Kaufmann brought this change] - - cleanup: fix method names in code comments - - Closes #887 - -Kamil Dudka (21 Jun 2016) -- curl-compilers.m4: improve detection of GCC's -fvisibility= flag - - Some builds of GCC produce output on both stdout and stderr when --help - --verbose is used. The 2>&1 redirection caused them to be arbitrarily - interleaved with each other because of stream buffering. Consequently, - grep failed to match the fvisibility= string in the mixed output, even - though the string was present in GCC's standard output. - - This led to silently disabling symbol hiding in some builds of curl. - -Daniel Stenberg (19 Jun 2016) -- tests: fix the HTTP/2 tests - - The HTTP/2 tests brought with commit bf05606ef1f were using the internal - name 'http2' for the HTTP/2 server, while in fact that name was already - used for the second instance of the HTTP server. This made tests using - the second instance (like test 2050) fail after a HTTP/2 test had run. - - The server is now known as HTTP/2 internally and within the - section in test cases. 1700, 1701 and 1702 were updated accordingly. - -- openssl: use more 'const' to fix build warnings with 1.1.0 branch - -- curl.1: missed 'T' in the progress unit suffixes - -- curl.1: mention the unix for the progress meter - -Patrick Monnerat (16 Jun 2016) -- os400: add new definitions to ILE/RPG binding. - -Daniel Stenberg (16 Jun 2016) -- openssl: fix cert check with non-DNS name fields present - - Regression introduced in 5f5b62635 (released in 7.48.0) - - Reported-by: Fabian Ruff - Fixes #875 - -Dan Fandrich (16 Jun 2016) -- axtls: Use Curl_wait_ms instead of the less-portable usleep - -- axtls: Fixed compile after compile 31c521b0 - -- tests: Added HTTP proxy keywords to tests 1141 & 1142 - -Jay Satiro (15 Jun 2016) -- [Sergei Nikulov brought this change] - - cmake: Fix build with winldap - - Bug: https://github.com/curl/curl/pull/874 - Reported-by: Sergei Nikulov - -- CURLOPT_POSTFIELDS.3: Clarify what happens when set empty - - When CURLOPT_POSTFIELDS is set to an empty string libcurl will send a - zero-byte POST. Prior to this change it was documented as sending data - from the read callback. - - This also changes the wording of what happens when empty or NULL so that - it's hopefully easier to understand for people whose primary language - isn't English. - - Bug: https://github.com/curl/curl/issues/862 - Reported-by: Askar Safin - -- [Michael Wallner brought this change] - - curl_multi_socket_action.3: Fix rewording - - - Remove some erroneous text. - - Closes https://github.com/curl/curl/pull/865 - -- [Luo Jinghua brought this change] - - resolve: enable protocol family logic for synthesized IPv6 - - - Enable protocol family logic for IPv6 resolves even when support - for synthesized addresses is enabled. - - This is a follow up to the parent commit that added support for - synthesized IPv6 addresses from IPv4 on iOS/OS X. The protocol family - logic needed for IPv6 was inadvertently excluded if support for - synthesized addresses was enabled. - - Bug: https://github.com/curl/curl/issues/863 - Ref: https://github.com/curl/curl/pull/866 - Ref: https://github.com/curl/curl/pull/867 - -Daniel Stenberg (7 Jun 2016) -- [Luo Jinghua brought this change] - - resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOS - - Use getaddrinfo() to resolve the IPv4 address literal on iOS/Mac OS X. - If the current network interface doesn’t support IPv4, but supports - IPv6, NAT64, and DNS64. - - Closes #866 - Fixes #863 - -- tests: two more HTTP/2 tests - - 1701 and 1702 - -- runtests: don't display logs when http2 server fails to start - -- runtests: make stripfile work on stdout as well - - ... and have test 1700 use that to strip out the nghttpx server: headers - -- http2-tests: test1700 is the first real HTTP/2 test - - It requires that 'nghttpx' is in the PATH, and it will run the tests - using nghttpx as a front-end proxy in front of the standard HTTP/1 test - server. This uses HTTP/2 over plain TCP. - - If you like me have nghttpx installed in a custom path, you can run test 1700 - like this: - - $ PATH=$PATH:$HOME/build-nghttp2/bin/ ./runtests.pl 1700 - -- RELEASE-NOTES: synced with 34855feeb4c299 - -Steve Holme (6 Jun 2016) -- schannel: Disable ALPN on Windows < 8.1 - - Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL - fails on Windows < 8.1 so we need to disable ALPN on these OS versions. - - Inspiration provide by: Daniel Seither - - Closes #848 - Fixes #840 - -Jay Satiro (5 Jun 2016) -- checksrc: Add LoadLibrary to the banned functions list - - LoadLibrary was supplanted by Curl_load_library for security - reasons in 6df916d. - -- http: Fix HTTP/2 connection reuse - - - Change the parser to not require a minor version for HTTP/2. - - HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2 - in 8243a95 because the parser still expected a minor version. - - Bug: https://github.com/curl/curl/issues/855 - Reported-by: Andrew Robbins, Frank Gevaerts - -Steve Holme (4 Jun 2016) -- connect.c: Fixed compilation warning from commit 332e8d6164 - - connect.c:952:5: warning: suggest explicit braces to avoid ambiguous 'else' - -- win32: Used centralised verify windows version function - - Closes #845 - -- win32: Added verify windows version functionality - -- win32: Introduced centralised verify windows version function - -Kamil Dudka (3 Jun 2016) -- tool_urlglob: fix off-by-one error in glob_parse() - - ... causing SIGSEGV while parsing URL with too many globs. - Minimal example: - - $ curl $(for i in $(seq 101); do printf '{a}'; done) - - Reported-by: Romain Coltel - Bug: https://bugzilla.redhat.com/1340757 - -Daniel Stenberg (1 Jun 2016) -- [Benjamin Kircher brought this change] - - libcurl-multi.3: fix small typo - - Closes #850 - -- [Viktor Szakats brought this change] - - makefile.m32: add crypt32 for winssl builds - - Dependency added by 6cabd78 - - Closes #849 - -- [Ivan Avdeev brought this change] - - vtls: fix ssl session cache race condition - - Sessionid cache management is inseparable from managing individual - session lifetimes. E.g. for reference-counted sessions (like those in - SChannel and OpenSSL engines) every session addition and removal - should be accompanied with refcount increment and decrement - respectively. Failing to do so synchronously leads to a race condition - that causes symptoms like use-after-free and memory corruption. - This commit: - - makes existing session cache locking explicit, thus allowing - individual engines to manage lock's scope. - - fixes OpenSSL and SChannel engines by putting refcount management - inside this lock's scope in relevant places. - - adds these explicit locking calls to other engines that use - sessionid cache to accommodate for this change. Note, however, - that it is unknown whether any of these engines could also have - this race. - - Bug: https://github.com/curl/curl/issues/815 - Fixes #815 - Closes #847 - -- [Andrew Kurushin brought this change] - - schannel: add CURLOPT_CERTINFO support - - Closes #822 - -- RELEASE-NOTES: synced with 142ee9fa15002315 - -- openssl: rename the private SSL_strerror - - ... to make it not look like an OpenSSL function - -- [Michael Kaufmann brought this change] - - openssl: Use correct buffer sizes for error messages - - Closes #844 - -- curl: fix -q [regression] - - This broke in 7.49.0 with commit e200034425a7625 - - Fixes #842 - -- URL parser: allow URLs to use one, two or three slashes - - Mostly in order to support broken web sites that redirect to broken URLs - that are accepted by browsers. - - Browsers are typically even more leniant than this as the WHATWG URL - spec they should allow an _infinite_ amount. I tested 8000 slashes with - Firefox and it just worked. - - Added test case 1141, 1142 and 1143 to verify the new parser. - - Closes #791 - -- [Renaud Lehoux brought this change] - - cmake: Added missing mbedTLS support - - Closes #837 - -- [Renaud Lehoux brought this change] - - mbedtls: removed unused variables - - Closes #838 - -- [Frank Gevaerts brought this change] - - http: add CURLINFO_HTTP_VERSION and %{http_version} - - Adds access to the effectively used http version to both libcurl and - curl. - - Closes #799 - -- bump: start the journey toward 7.50.0 - -- [Marcel Raad brought this change] - - openssl: fix build with OPENSSL_NO_COMP - - With OPENSSL_NO_COMP defined, there is no function - SSL_COMP_free_compression_methods - - Closes #836 - -- [Gisle Vanem brought this change] - - memdebug: fix MSVC crash with -DMEMDEBUG_LOG_SYNC - - Fixes #828 - -- [Jonathan brought this change] - - README.md: polish - - Closes #834 - -- RELEASE-NOTES: fix vuln link - -Version 7.49.1 (30 May 2016) - -Daniel Stenberg (30 May 2016) -- RELEASE-NOTES: 7.49.1 - -- [Steve Holme brought this change] - - loadlibrary: Only load system DLLs from the system directory - - Inspiration provided by: Daniel Stenberg and Ray Satiro - - Bug: https://curl.haxx.se/docs/adv_20160530.html - - Ref: Windows DLL hijacking with curl, CVE-2016-4802 - -- ssh: fix version number check typo - -Jay Satiro (29 May 2016) -- curl_share_setopt.3: Add min ver needed for ssl session lock - - Bug: https://github.com/curl/curl/issues/826 - Reported-by: Michael Wallner - -Daniel Stenberg (29 May 2016) -- ssh: fix build for libssh2 before 1.2.6 - - The statvfs functionality was added to libssh2 in that version, so we - switch off that functionality when built with older libraries. - - Fixes #831 - -- mbedtls: fix includes so snprintf() works - - Regression from the previous *printf() rearrangements, this file missed to - include the correct header to make sure snprintf() works universally. - - Reported-by: Moti Avrahami - Bug: https://curl.haxx.se/mail/lib-2016-05/0196.html - -Steve Holme (23 May 2016) -- checksrc.pl: Added variants of strcat() & strncat() to banned function list - - Added support for checking the tchar, unicode and mbcs variants of - strcat() and strncat() in the banned function list. - -Daniel Stenberg (23 May 2016) -- smtp: minor ident (white space) fixes - -- THANKS: updated after script fixes - - Now giving credit properly to github user names, fixed some UTF-8 issues - and added names discovered when contrithanks was improved. - -- THANKS-filter: more name cleanups - -- contrithanks.sh: exclude existing names case insensitively - -- contrithanks.sh: use same grep pattern and -a flag as contributors.sh - -- contributors.sh: better grep pattern, use grep -a - -- THANKS-filter: fix more names - -- contrithanks.sh: do the same github fix as contributors.sh - - from 1577bfa35ba - -Jay Satiro (23 May 2016) -- contributors: Show GitHub username if real name unknown - - Prior to this change if a GitHub contributor's real name was unknown - they would be omitted from the list. - - Bug: https://github.com/curl/curl/issues/824 - -Daniel Stenberg (21 May 2016) -- RELEASE-NOTES: synced with 3caaeffbe8ded4 - -Jay Satiro (20 May 2016) -- openssl: cleanup must free compression methods - - - Free compression methods if OpenSSL 1.0.2 to avoid a memory leak. - - Bug: https://github.com/curl/curl/issues/817 - Reported-by: jveazey@users.noreply.github.com - -Daniel Stenberg (20 May 2016) -- [Gisle Vanem brought this change] - - curl_multibyte: fix compiler error - - While compiling lib/curl_multibyte.c with '-DUSE_WIN32_IDN' etc. I was - getting: - - f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2054: expected '(' - to follow 'CURL_EXTERN' - - f:\mingw32\src\inet\curl\lib\memdebug.h(38): error C2085: - 'curl_domalloc': not in formal parameter list - -- THANKS-filter: make Jan-E get proper credit - -- [Jan-E brought this change] - - winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity - - Closes #818 - -- [Alexander Traud brought this change] - - libcurl.m4: Avoid obsolete warning - - Closes #821 - -Jay Satiro (20 May 2016) -- [Michael Kaufmann brought this change] - - CURLOPT_CONNECT_TO.3: user must not free the list prematurely - - The connect-to list isn't copied so as long as the handle may be used - for a transfer the list must be valid. - - Bug: https://github.com/curl/curl/pull/819 - Reported-by: Michael Kaufmann - -Daniel Stenberg (19 May 2016) -- RELEASE-NOTES: synced with 48114a8634242c - -- openssl: ERR_remove_thread_state() is deprecated in latest 1.1.0 - - See OpenSSL commit 21e001747d4a - -- http2: use HTTP/2 in the HTTP/1.1-alike header - - ... when generating them, not "2.0" as the protocol is called just - HTTP/2 and nothing else. - -Jay Satiro (19 May 2016) -- dist: include curl_multi_socket_all.3 - - Closes https://github.com/curl/curl/pull/816 - -Steve Holme (18 May 2016) -- bump: Start work on 7.49.1 - -Daniel Stenberg (18 May 2016) -- curlbuild.h.dist: check __LP64__ as well to fix MIPS build - - The preprocessor check that sets up the 32bit defines for non-configure - builds didn't work properly for MIPS systems as __mips__ is defined for - both 32bit and 64bit. Now __LP64__ is also checked and indicates 64bit. - - Reported-by: Tomas Jakobsson - Fixes #813 - -- [Marcel Raad brought this change] - - schannel: fix compile break with MSVC XP toolset - - For the Windows XP toolset of Visual C++ 2013/2015, the old Windows SDK - 7.1 is used. In this case, _USING_V110_SDK71_ is defined. - - Closes #812 - -- dist: include CHECKSRC.md - - Reported-by: Paul Howarth - Bug: https://curl.haxx.se/mail/lib-2016-05/0116.html - -- test/Makefile.am: include manpage-scan.pl and nroff-scan.pl in dist - - Reported-by: Ray Satiro - Bug: https://curl.haxx.se/mail/lib-2016-05/0113.html - -Version 7.49.0 (17 May 2016) - -Daniel Stenberg (17 May 2016) -- THANKS: 24 new names from 7.49.0 release notes - -- RELEASE-NOTES: 7.49.0 - -- mbedtls/polarssl: set "hostname" unconditionally - - ...as otherwise the TLS libs will skip the CN/SAN check and just allow - connection to any server. curl previously skipped this function when SNI - wasn't used or when connecting to an IP address specified host. - - CVE-2016-3739 - - Bug: https://curl.haxx.se/docs/adv_20160518A.html - Reported-by: Moti Avrahami - -- [Frank Gevaerts brought this change] - - CURLOPT_RESOLVE.3: fix typo - - Closes #811 - -- docs: CURLOPT_RESOLVE overrides CURLOPT_IPRESOLVE - -- KNOWN_BUGS: GnuTLS backend skips really long certificate fields - - Closes #762 - -- CURLOPT_HTTPPOST.3: the data needs to be around while in use - -- openssl: get_cert_chain: fix NULL dereference - - CID 1361815: Explicit null dereferenced (FORWARD_NULL) - -- openssl: get_cert_chain: avoid NULL dereference - - CID 1361811: Explicit null dereferenced (FORWARD_NULL) - -- dprintf_formatf: fix (false?) Coverity warning - - CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when - we run over 'workend' but the condition says <= workend and for all I - can see it should be safe. Compensating for the warning by adding a byte - margin in the buffer. - - Also, removed the extra brace level indentation in the code and made it - so that 'workend' is only assigned once within the function. - -- RELEASE-NOTES: synced with 2dcb5adc72d6 - -- THANKS-filter: fixed Jonathan Cardoso - -Jay Satiro (15 May 2016) -- ftp: fix incorrect out-of-memory code in Curl_pretransfer - - - Return value type must match function type. - - s/CURLM_OUT_OF_MEMORY/CURLE_OUT_OF_MEMORY/ - - Caught by Travis CI - -Daniel Stenberg (15 May 2016) -- ftp wildcard: segfault due to init only in multi_perform - - The proper FTP wildcard init is now more properly done in Curl_pretransfer() - and the corresponding cleanup in Curl_close(). - - The previous place of init/cleanup code made the internal pointer to be NULL - when this feature was used with the multi_socket() API, as it was made within - the curl_multi_perform() function. - - Reported-by: Jonathan Cardoso Machado - Fixes #800 - -Jay Satiro (13 May 2016) -- libcurl-tlibcurl-thread: Update OpenSSL links - - Because the old OpenSSL link now redirects to their master documentation - (currently 1.1.0), which does not document the required actions for - OpenSSL <= 1.0.2. - -Daniel Stenberg (13 May 2016) -- [Viktor Szakats brought this change] - - darwinssl.c: fix OS X codename typo in comment - -- RELEASE-NOTES: synced with 68701e51c1f7 - - Added 8 bug fixes and 5 more contrbutors - -- [Jay Satiro brought this change] - - mprintf: Fix processing of width and prec args - - Prior to this change a width arg could be erroneously output, and also - width and precision args could not be used together without crashing. - - "%0*d%s", 2, 9, "foo" - - Before: "092" - After: "09foo" - - "%*.*s", 5, 2, "foo" - - Before: crash - After: " fo" - - Test 557 is updated to verify this and more - -- [Michael Kaufmann brought this change] - - ConnectionExists: follow-up fix for proxy re-use - - Follow-up commit to 5823179 - - Closes #648 - -- [Per Malmberg brought this change] - - darwinssl: fix certificate verification disable on OS X 10.8 - - The new way of disabling certificate verification doesn't work on - Mountain Lion (OS X 10.8) so we need to use the old way in that version - too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2 - and 10.11. - - Closes #802 - -- [Cory Benfield brought this change] - - http2: Add space between colon and header value - - curl's representation of HTTP/2 responses involves transforming the - response to a format that is similar to HTTP/1.1. Prior to this change, - curl would do this by separating header names and values with only a - colon, without introducing a space after the colon. - - While this is technically a valid way to represent a HTTP/1.1 header - block, it is much more common to see a space following the colon. This - change introduces that space, to ensure that incautious tools are safely - able to parse the header block. - - This also ensures that the difference between the HTTP/1.1 and HTTP/2 - response layout is as minimal as possible. - - Bug: https://github.com/curl/curl/issues/797 - - Closes #798 - Fixes #797 - -Kamil Dudka (12 May 2016) -- openssl: fix compile-time warning in Curl_ossl_check_cxn() - - ... introduced in curl-7_48_0-293-g2968c83: - - Error: COMPILER_WARNING: - lib/vtls/openssl.c: scope_hint: In function ‘Curl_ossl_check_cxn’ - lib/vtls/openssl.c:767:15: warning: conversion to ‘int’ from ‘ssize_t’ - may alter its value [-Wconversion] - -Jay Satiro (11 May 2016) -- openssl: stricter connection check function - - - In the case of recv error, limit returning 'connection still in place' - to EINPROGRESS, EAGAIN and EWOULDBLOCK. - - This is an improvement on the parent commit which changed the openssl - connection check to use recv MSG_PEEK instead of SSL_peek. - - Ref: https://github.com/curl/curl/commit/856baf5#comments - -Daniel Stenberg (11 May 2016) -- [Anders Bakken brought this change] - - TLS: SSL_peek is not a const operation - - Calling SSL_peek can cause bytes to be read from the raw socket which in - turn can upset the select machinery that determines whether there's data - available on the socket. - - Since Curl_ossl_check_cxn only tries to determine whether the socket is - alive and doesn't actually need to see the bytes SSL_peek seems like - the wrong function to call. - - We're able to occasionally reproduce a connect timeout due to this - bug. What happens is that Curl doesn't know to call SSL_connect again - after the peek happens since data is buffered in the SSL buffer and thus - select won't fire for this socket. - - Closes #795 - -Jay Satiro (9 May 2016) -- [Daniel Stenberg brought this change] - - TLS: move the ALPN/NPN enable bits to the connection - - Only protocols that actually have a protocol registered for ALPN and NPN - should try to get that negotiated in the TLS handshake. That is only - HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN - would wrongly be used in all handshakes if libcurl was built with it - enabled. - - Reported-by: Jay Satiro - - Fixes #789 - -Daniel Stenberg (8 May 2016) -- libcurl-thread.3: openssl 1.1.0 is safe, and so is boringssl - -- [Antonio Larrosa brought this change] - - connect: fix invalid "Network is unreachable" errors - - Sometimes, in systems with both ipv4 and ipv6 addresses but where the - network doesn't support ipv6, Curl_is_connected returns an error - (intermittently) even if the ipv4 socket connects successfully. - - This happens because there's a for-loop that iterates on the sockets but - the error variable is not resetted when the ipv4 is checked and is ok. - - This patch fixes this problem by setting error to 0 when checking the - second socket and not having a result yet. - - Fixes #794 - -Jay Satiro (5 May 2016) -- FAQ: refer to thread safety guidelines - -Daniel Stenberg (3 May 2016) -- connections: non-HTTP proxies on different ports aren't reused either - - Reported-by: Oleg Pudeyev and fuchaoqun - - Fixes #648 - -- http: make sure a blank header overrides accept_decoding - - Reported-by: rcanavan - Assisted-by: Isaac Boukris - Closes #785 - -- CHECKSRC.md: clarified, explained the whitelist file - -- nroff-scan.pl: verify that references are made with \fI - -- docs: unified man page references to use \fI - -- TODO: 17.14 --fail without --location should treat 3xx as a failure - - Closes #727 - -- RELEASE-NOTES: synced with 7987f5cb14d - -- [Isaac Boukris brought this change] - - CURLOPT_ACCEPT_ENCODING.3: Follow-up clarification - - Mention possible content-length mismatch with sum of bytes reported - by write callbacks when auto decoding is enabled. - - See #785 - -- test1140: run nroff-scan to verify man pages - -- nroff-scan.pl: verify the .BR references as well - -- CURLOPT_CONV_TO_NETWORK_FUNCTION.3: fix bad man page reference - -- CURLOPT_BUFFERSIZE.3: fix reference to CURLOPT_MAX_RECV_SPEED_LARGE - -- curl_easy_pause.3: fix man page reference - -Jay Satiro (1 May 2016) -- tool_cb_hdr: Fix --remote-header-name with schemeless URL - - - Move the existing scheme check from tool_operate. - - In the case of --remote-header-name we want to parse Content-disposition - for a filename, but only if the scheme is http or https. A recent - adjustment 0dc4d8e was made to account for schemeless URLs however it's - not 100% accurate. To remedy that I've moved the scheme check to the - header callback, since at that point the library has already determined - the scheme. - - Bug: https://github.com/curl/curl/issues/760 - Reported-by: Kai Noda - -Daniel Stenberg (1 May 2016) -- tls: make setting pinnedkey option fail if not supported - - to make it obvious to users trying to use the feature with TLS backends - not supporting it. - - Discussed in #781 - Reported-by: Travis Burtrum - -- nroff-scan.pl: verifies nroff pages - - ... not used by any test yet but can be used stand-alone. - -- opts: fix broken/bad references - -- [Michael Kaufmann brought this change] - - docs: fix bugs in CURLOPT_HTTP_VERSION.3 and CURLOPT_PIPEWAIT.3 - - Closes #786 - -- CURLOPT_ACCEPT_ENCODING.3: clarified - - As discussed in #785 - -- curl.1: --mail-rcpt can be used multiple times - - Reported-by: mgendre - Closes #784 - -- [Karlson2k brought this change] - - tests: Use 'pathhelp' for paths conversions in secureserver.pl - - Closes #675 - -- [Karlson2k brought this change] - - tests: Use 'pathhelp' for paths conversions in sshserver.pl - -- [Karlson2k brought this change] - - tests: Use 'pathhelp' for current path in runtests.pl - -- [Karlson2k brought this change] - - tests: pathhelp.pm to process paths on Msys/Cygwin - -- lib: include curl_printf.h as one of the last headers - - curl_printf.h defines printf to curl_mprintf, etc. This can cause - problems with external headers which may use - __attribute__((format(printf, ...))) markers etc. - - To avoid that they cause problems with system includes, we include - curl_printf.h after any system headers. That makes the three last - headers to always be, and we keep them in this order: - - curl_printf.h - curl_memory.h - memdebug.h - - None of them include system headers, they all do funny #defines. - - Reported-by: David Benjamin - - Fixes #743 - -- memdebug.h: remove inclusion of other headers - - Mostly because they're not needed, because memdebug.h is always included - last of all headers so the others already included the correct ones. - - But also, starting now we don't want this to accidentally include any - system headers, as the header included _before_ this header may add - defines and other fun stuff that we won't want used in system includes. - -- [Jay Satiro brought this change] - - curl -J: make it work even without http:// scheme on URL - - It does open up a miniscule risk that one of the other protocols that - libcurl could use would send back a Content-Disposition header and then - curl would act on it even if not HTTP. - - A future mitigation for this risk would be to allow the callback to ask - libcurl which protocol is being used. - - Verified with test 1312 - - Closes #760 - -- manpage-scan.pl: also verify the command line option docs - - This script now also scans src/tool_getparam.c, docs/curl.1 and - src/tool_help.c and will warn if any of them lists a command line option - not mentioned in one of the other places. - -- curl: show the long option version of -q in the -h list - -- curl: remove "--socks" as "--socks5" turned 8 - - In commit 2e42b0a2524 (Jan 2008) we made the option "--socks" deprecated - and it has not been documented since. The more explicit socks options - (like --socks4 or --socks5) should be used. - -- curl.1: document the deprecated --ftp-ssl option - -- curl: remove --http-request - - It was mentioned as deprecated already in commit ae1912cb0d4 from - 1999. It has not been documented in this millennium. - -- curl: mention --ntlm-wb in -h list - -- curl: -h output lacked --proxy-header - -- curl.1: document --ntlm-wb - -- curl.1: document the long format of -q: --disable - -- curl.1: mention the deprecated --krb4 option - -- curl.1: document --ftp-ssl-reqd - - Even if deprecated, document it so that people will find it as old - scripts may still use it. - -- curl: use --telnet-option as documented - - The code said "telnet-options" but no documentation ever said so. It - worked fine since the code is fine with a unique match of the first - part. - -- getparam: remove support for --ftpport - - It has been deprecated and undocumented since commit ad5ead8bed7 (Dec - 2003). --ftp-port is the proper long option name. - -- curl: make --disable work as long form of -q - - To make the aliases list reflect reality. - -- aliases: remove trailing space from capath string - -- cmdline parse: only single letter options have single-letter strings - - ... moved around options so that parsing the code to find all - single-letter options easier. - -Jay Satiro (28 Apr 2016) -- CURLINFO_TLS_SSL_PTR.3: Clarify SSL pointer availability - - Bug: https://curl.haxx.se/mail/lib-2016-04/0126.html - Reported-by: Bru Rom - -Daniel Stenberg (28 Apr 2016) -- curl_easy_getinfo.3: remove superfluous blank lines - -- test1139: verifies libcurl option man page presence - - - checks that each option has its own man page present - - - checks that each option is mentioned in its corresponding index man - page - -- curl_easy_getinfo.3: added missing mention of CURLINFO_TLS_SESSION - - ... although it is deprecated. - -Jay Satiro (28 Apr 2016) -- mbedtls: Fix session resume - - This also fixes PolarSSL session resume. - - Prior to this change the TLS session information wasn't properly - saved and restored for PolarSSL and mbedTLS. - - Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html - Reported-by: Thomas Glanzmann - - Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html - Reported-by: Moti Avrahami - -Daniel Stenberg (27 Apr 2016) -- RELEASE-NOTES: synced with f4298fcc6d2 - -- [Michael Kaufmann brought this change] - - opts: Fix some syntax errors in example code fragments - - Fixes #779 - -- openssl: avoid BN_print a NULL bignum - - OpenSSL 1.1.0-pre seems to return NULL(?) for a whole lot of those - numbers so make sure the function handles this. - - Reported-by: Linus Nordberg - -- [Marcel Raad brought this change] - - CONNECT_ONLY: don't close connection on GSS 401/407 reponses - - Previously, connections were closed immediately before the user had a - chance to extract the socket when the proxy required Negotiate - authentication. - - This regression was brought in with the security fix in commit - 79b9d5f1a42578f - - Closes #655 - -- CURLINFO_TLS_SESSION.3: clarify TLS library support before 7.48.0 - -- mbedtls.c: silly spellfix of a comment - -- KNOWN_BUGS: 1.10 Strips trailing dot from host name - - Closes #716 - -- test1322: verify stripping of trailing dot from host name - - While being debated (in #716) and a violation of RFC 7230 section 5.4, - this test verifies that the existing functionality works as intended. It - strips the dot from the host name and uses the host without dot - throughout the internals. - -- multi: accidentally used resolved host name instead of proxy - - Regression introduced in 09b5a998 - - Bug: https://curl.haxx.se/mail/lib-2016-04/0084.html - Reported-by: BoBo - -- symbols-in-versions: added new CURLSSLBACKEND_ symbols - -- test148: fixed after the --ftp-create-dirs retry change - - follow-up commit to 3c1e84f569 as it made curl try a little harder - -- curl.h: clarify curl_sslbackend for openssl clones and renames - -- [Karlson2k brought this change] - - url.c: fixed DEBUGASSERT() for WinSock workaround - - If buffer is allocated, but nothing is received during prereceive - stage, than number of processed bytes must be zero. - - Closes #778 - -- KNOWN_BUGS: --interface for ipv6 binds to unusable IP address - - Closes #686 for now. - -- TODO: 1.17 Add support for IRIs - - Adding support for IRIs is a mouthful, but is probably interesting at - least for areas and countries where the use of such "URLs" are growing - popularity. - - Closes #776 - -- THANKS-filter: Travis Burtrum - -- lib1517: checksrc compliance - -- [moparisthebest brought this change] - - PolarSSL: Implement public key pinning - -Patrick Monnerat (22 Apr 2016) -- os400: upgrade ILE/RPG binding - -- curl.h: CURLOPT_CONNECT_TO sets a struct slist *, not a string - -Daniel Stenberg (22 Apr 2016) -- contributors.sh: make --releasenotes implied - - It got too annoying to type =) - -- RELEASE-NOTES: synced with 3c1e84f5693d8093 - -- curl: make --ftp-create-dirs retry on failure - - The underlying libcurl option used for this feature is - CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir - creation, but it was never set to do that by the command line tool. - - Now it does. - - Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html - Reported-by: John Wanghui - Help-by: Leif W - -- [Henrik Gaßmann brought this change] - - winbuild: add mbedtls support - - Add WITH_MBEDTLS option. Make WITH_SSL, WITH_MBEDTLS and ENABLE_WINSSL - options mutual exclusive. - - Closes #606 - -- KNOWN_BUGS: fixed "5.6 Improper use of Autoconf cache variables" - - As of commit d9f3b365a3 - -- [Irfan Adilovic brought this change] - - configure: ac_cv_ -> curl_cv_ for write-only vars - - These configure vars are modified in a curl-specific way but never - evaluated or loaded from cache, even though they are designated as - _cv_. We could either implement proper AC_CACHE_CHECKs for them, or - remove them completely. - - Fixes #603 as ac_cv_func_gethostbyname is no longer clobbered, and - AC_CHECK_FUNC(gethostbyname...) will no longer spuriously succeed after - the first configure run with caching. - - `ac_cv_func_strcasecmp` is curious, see #770. - - `eval "ac_cv_func_$func=yes"` can still cause problems as it works in - tandem with AC_CHECK_FUNCS and then potentially modifies its result. It - would be best to rewrite this test to use a new CURL_CHECK_FUNCS macro, - which works the same as AC_CHECK_FUNCS but relies on caching the values - of curl_cv_func_* variables, without modifiying ac_cv_func_*. - -- [Irfan Adilovic brought this change] - - configure: ac_cv_ -> curl_cv_ for r/w vars - - These configure vars are modified in a curl-specific way and modified by - the configure process, but are never loaded from cache, even though they - are designated as _cv_. We should implement proper AC_CACHE_CHECKs for - them eventually. - -- [Irfan Adilovic brought this change] - - configure: ac_cv_func_clock_gettime -> curl_... - - This variable must not be cached in its current form, as any cached - information will prevent the next configure run from determining the - correct LIBS needed for the function. Thus, rename prefix `ac_cv_` to - just `curl_`. - -- [Irfan Adilovic brought this change] - - configure: ac_cv_ -> curl_cv_ for all cached vars - - This was automated by: - - sed -b -i -f <(ack -A1 AC_CACHE_CHECK | \ - ack -o 'ac_cv_.*?\b' | \ - sort -u | xargs -n1 bash -c \ - 'echo "s/$0/curl_cv_${0#ac_cv_}/g"') \ - $(git ls-files) - - This only changed the prefix for 16 variables actually checked with - AC_CACHE_CHECK. - -- openssl: builds with OpenSSL 1.1.0-pre5 - - The RSA, DSA and DH structs are now opaque and require use of new APIs - - Fixes #763 - -Steve Holme (20 Apr 2016) -- url.c: Prefer we don't use explicit NULLs in conditions - - Fixed commit fa5fa65a30 to not use NULLs in if condition. - -Daniel Stenberg (20 Apr 2016) -- [Isaac Boukris brought this change] - - NTLM: check for NULL pointer before deferencing - - At ConnectionExists, both check->proxyuser and check->proxypasswd - could be NULL, so make sure to check first. - - Fixes #765 - -- [Karlson2k brought this change] - - tests: added test1517 - - ... for checking ability to receive full HTTP response when POST request - is used with slow read callback function. - - This test checks for bug #657 and verifies the work-around from - 72d5e144fbc6. - - Closes #720 - -- [Karlson2k brought this change] - - sendf.c: added ability to call recv() before send() as workaround - - WinSock destroys recv() buffer if send() is failed. As result - server - response may be lost if server sent it while curl is still sending - request. This behavior noticeable on HTTP server short replies if - libcurl use several send() for request (usually for POST request). - To workaround this problem, libcurl use recv() before every send() and - keeps received data in intermediate buffer for further processing. - - Fixes: #657 - Closes: #668 - -Kamil Dudka (19 Apr 2016) -- connect: make sure that rc is initialized in singleipconnect() - - This commit fixes a Clang warning introduced in curl-7_48_0-190-g8f72b13: - - Error: CLANG_WARNING: - lib/connect.c:1120:11: warning: The right operand of '==' is a garbage value - 1118| } - 1119| - 1120|-> if(-1 == rc) - 1121| error = SOCKERRNO; - 1122| } - -Daniel Stenberg (19 Apr 2016) -- make/checksrc: use $srcdir, not $top_srcdir - -- src/checksrc.whitelist: removed - -- tool_operate: switch to inline checksrc ignore - -- lib/checksrc.whitelist: not needed anymore - - ... as checksrc now skips comments - -- vtls.h: remove a space before semicolon - - ... that the new checksrc detected - -- darwinssl: removed commented out code - -- http_chunks: removed checksrc disable - - ... since checksrc now skips comments - -- imap: inlined checksrc disable instead of whitelist edit - -- checksrc: taught to skip comments - - ... but output non-stripped version of the line, even if that then can - make the script identify the wrong position in the line at - times. Showing the line stripped (ie without comments) is just too - surprising. - -- opts/Makefile.am: list all docs file one by one - - ... to make it easier to add lines in patches that won't just break all - other patches trying to add lines too. - -- curl_easy_setopt.3: mention CURLOPT_TCP_FASTOPEN - -- RELEASE-NOTES: synced with 03de4e4b219 - - (since we just merged two major features) - -- [Alessandro Ghedini brought this change] - - connect: implement TCP Fast Open for Linux - - Closes #660 - -- [Alessandro Ghedini brought this change] - - tool: add --tcp-fastopen option - -- [Alessandro Ghedini brought this change] - - connect: implement TCP Fast Open for OS X - -- [Alessandro Ghedini brought this change] - - url: add CURLOPT_TCP_FASTOPEN option - -- checksrc: pass on -D so the whitelists are found correctly - -- configure: remove check for libresolve - - 'strncasecmp' was once provided by libresolv (no trailing e) for SunOS, - but this check is broken and most likely adds nothing useful. Removing - now. - - Reported-by: Irfan Adilovic - - Discussed in #770 - -- scripts/make: use $(EXEEXT) for executables - - Reported-by: bodop - - Fixes #771 - -- includes: avoid duplicate memory callback typdefs even harder - -- checksrc/makefile.am: use $top_srcdir to find source files - - ... to properly support out of source tree builds. - -- RELEASE-NOTES: synced with 26ec93dd6aeba8dfb5 - -- opts: fix option references missing (section) - -- [Michael Kaufmann brought this change] - - news: CURLOPT_CONNECT_TO and --connect-to - - Makes curl connect to the given host+port instead of the host+port found - in the URL. - -- makefile.vc6: use d suffix on debug object - - To allow both release and debug builds in parallel. - - Reported-by: Rod Widdowson - - Fixes #769 - -Jay Satiro (12 Apr 2016) -- http2: Use size_t type for data drain count - - Ref: https://github.com/curl/curl/issues/659 - Ref: https://github.com/curl/curl/pull/663 - -- http2: Improve header parsing - - - Error if a header line is larger than supported. - - - Warn if cumulative header line length may be larger than supported. - - - Allow spaces when parsing the path component. - - - Make sure each header line ends in \r\n. This fixes an out of bounds. - - - Disallow header continuation lines until we decide what to do. - - Ref: https://github.com/curl/curl/issues/659 - Ref: https://github.com/curl/curl/pull/663 - -- http2: Add Curl_http2_strerror for HTTP/2 error codes - - Ref: https://github.com/curl/curl/issues/659 - Ref: https://github.com/curl/curl/pull/663 - -- [Tatsuhiro Tsujikawa brought this change] - - http2: Don't increment drain when one header field is received - - Sicne we write header field in temporary location, not in the memory - that upper layer provides, incrementing drain should not happen. - - Ref: https://github.com/curl/curl/issues/659 - Ref: https://github.com/curl/curl/pull/663 - -- [Tatsuhiro Tsujikawa brought this change] - - http2: Ensure that http2_handle_stream_close is called - - This commit ensures that streams which was closed in on_stream_close - callback gets passed to http2_handle_stream_close. Previously, this - might not happen. To achieve this, we increment drain property to - forcibly call recv function for that stream. - - To more accurately check that we have no pending event before shutting - down HTTP/2 session, we sum up drain property into - http_conn.drain_total. We only shutdown session if that value is 0. - - With this commit, when stream was closed before reading response - header fields, error code CURLE_HTTP2_STREAM is returned even if - HTTP/2 level error is NO_ERROR. This signals the upper layer that - stream was closed by error just like TCP connection close in HTTP/1. - - Ref: https://github.com/curl/curl/issues/659 - Ref: https://github.com/curl/curl/pull/663 - -- [Tatsuhiro Tsujikawa brought this change] - - http2: Process paused data first before tear down http2 session - - This commit ensures that data from network are processed before HTTP/2 - session is terminated. This is achieved by pausing nghttp2 whenever - different stream than current easy handle receives data. - - This commit also fixes the bug that sometimes processing hangs when - multiple HTTP/2 streams are multiplexed. - - Ref: https://github.com/curl/curl/issues/659 - Ref: https://github.com/curl/curl/pull/663 - -- [Tatsuhiro Tsujikawa brought this change] - - http2: Check session closure early in http2_recv - - Ref: https://github.com/curl/curl/issues/659 - Ref: https://github.com/curl/curl/pull/663 - -- [Tatsuhiro Tsujikawa brought this change] - - http2: Add handling stream level error - - Previously, when a stream was closed with other than NGHTTP2_NO_ERROR - by RST_STREAM, underlying TCP connection was dropped. This is - undesirable since there may be other streams multiplexed and they are - very much fine. This change introduce new error code - CURLE_HTTP2_STREAM, which indicates stream error that only affects the - relevant stream, and connection should be kept open. The existing - CURLE_HTTP2 means connection error in general. - - Ref: https://github.com/curl/curl/issues/659 - Ref: https://github.com/curl/curl/pull/663 - -Daniel Stenberg (11 Apr 2016) -- http2: drain the socket better... - - ... but ignore EAGAIN if the stream has ended so that we don't end up in - a loop. This is a follow-up to c8ab613 in order to avoid the problem - d261652 was made to fix. - - Reported-by: Jay Satiro - Clues-provided-by: Tatsuhiro Tsujikawa - - Discussed in #750 - -- KNOWN_BUGS: added info for "Hangs with PolarSSL" - -- KNOWN_BUGS: 1.9 HTTP/2 frames while in the connection pool kill reuse - - Closes #750 - -- build: include scripts/ in the dist - -Steve Holme (9 Apr 2016) -- CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME - - As these two options provide identical functionality, the former for - SOCK5 proxies and the latter for HTTP proxies, merged the two options - together. - - As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of - 7.49.0. - -- urldata: Use bool for socks5_gssapi_nec as it is a flag - - This value is set to TRUE or FALSE so should be a bool and not a long. - -- url: Ternary operator code style changes - -- CODE_STYLE: Added ternary operator example to 'Space around operators' - - Following conversation on the libcurl mailing list. - -- sasl: Fixed compilation errors from commit 9d89a0387 - - ...when GSS-API or Windows SSPI are not used. - -- url: Corrected comments following 9d89a0387 - -- docs: Added clarification following commit 9d89a0387 - -- Makefile: Fixed echo of checksrc check - -- checksrc: Fix issue with the autobuilds not picking up the whitelist - -- checksrc: Added missing vauth and vtls directories - -- ftp/imap/pop3/smtp: Allow the service name to be overridden - - Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5 - authentication in FTP, IMAP, POP3 and SMTP. - -- http_negotiate: Calculate service name and proxy service name locally - - Calculate the service name and proxy service names locally, rather than - in url.c which will allow for us to support overriding the service name - for other protocols such as FTP, IMAP, POP3 and SMTP. - -- ROADMAP: Updated following the move of the authentication code - -Patrick Monnerat (8 Apr 2016) -- KNOWN_BUGS: openldap hangs. TODO: binary SASL. - -Daniel Stenberg (8 Apr 2016) -- KNOWN_BUGS: 5.6 Improper use of Autoconf cache variables - - Closes #603 - -- KNOWN_BUGS: 11.2 error buffer not set... - - Closes #544 - -- KNOWN_BUGS: 11.1 Curl leaks .onion hostnames in DNS - - Closes #543 - -- KNOWN_BUGS: 1.8 DNS timing is wrong for HTTP redirects - - Closes #522 - -- TODO: HTTP/2 "prior knowledge" is implemented! - -- [Damien Vielpeau brought this change] - - mbedtls: fix MBEDTLS_DEBUG builds - -- mbedtls: implement and provide *_data_pending() - - ... as otherwise we might get stuck thinking there's no more data to - handle. - - Reported-by: Damien Vielpeau - - Fixes #737 - -- mbedtls: follow-up for the previous commit - -- mbedtls.c: name space pollution fix, Use 'Curl_' - -- mbedtls.c: changed private prefix to mbed_ - - mbedtls_ is the prefix used by the mbedTLS library itself so we should - avoid using that for our private functions. - -- mbedtls.h: fix compiler warnings - -- Revert "winbuild: trying to set some files eol=crlf for git" - - This reverts commit 9c08b4f1e7eced5a4d3782a3e0daa484c9d77d21. - - Didn't help. Caused problems. - - Fixes #756 - -- curl.1: use example.com more - - Make (most) example snippets use the example.com domain instead of the - random ones picked and used before. Some of those were probably - legitimate sites and some not. example.com is designed for this purpose. - -- [Michael Kaufmann brought this change] - - HTTP2: Add a space character after the status code - - The space character after the status code is mandatory, even if the - reason phrase is empty (see RFC 7230 section 3.1.2) - - Closes #755 - -- [Viktor Szakats brought this change] - - URLs: change http to https in many places - - Closes #754 - -- winbuild: trying to set some files eol=crlf for git - - Thinking it might help to apply patches etc with git. - -- [Theodore Dubois brought this change] - - curl.1: change example for -F - - It's a bad idea to send your passwords anywhere, especially over HTTP. - Modified example to send a picture instead. - - Fixes #752 - -- KNOWN_BUGS: reorganized and cleaned up - - Now sorted into categories and organized in the same style we do the - TODO document. It will make each issue linked properly on the - https://curl.haxx.se/docs/knownbugs.html web page. - - The sections should make it easier to find issues and issues related to - areas of the reader's specific interest. - -Jay Satiro (6 Apr 2016) -- KNOWN_BUGS: #95 curl in Windows can't handle Unicode arguments - -Steve Holme (6 Apr 2016) -- KNOWN_BUGS: Use https://curl.haxx.se URL for github based issues - -- CHECKSRC.md: Corrected some typos - -- RELEASE-NOTES: Corrected last updated - - Included a summary of the checksrc.bat updates and combined two krb5 - changes as they should have been implemented at the same time. - -- vauth: Corrected a number of typos in comments - - Reported-by: Michael Osipov - -Jay Satiro (5 Apr 2016) -- KNOWN_BUGS: #94 IMAP custom requests use the LIST handler - - Bug: https://github.com/curl/curl/issues/536 - Reported-by: eXeC64@users.noreply.github.com - -Daniel Stenberg (5 Apr 2016) -- KNOWN_BUGS: remove 68, 70 and 72. - - Due to their age (we don't fully know if they actually remain) and lack - of detail - very few people will bother to find out what they're about - or work on them. If people truly still suffer from any of these, I - assume they will be reported again and then we'll deal with them. - - 72. "Pausing pipeline problems." - https://curl.haxx.se/mail/lib-2009-07/0214.html - - 70. Problem re-using easy handle after call to curl_multi_remove_handle - https://curl.haxx.se/mail/lib-2009-07/0249.html - - 68. "More questions about ares behavior". - https://curl.haxx.se/mail/lib-2009-08/0012.html - -- KNOWN_BUGS: remove 92 and 88, fixed - -- http2: fix connection reuse when PING comes after last DATA - - It turns out the google GFE HTTP/2 servers send a PING frame immediately - after a stream ends and its last DATA has been received by curl. So if - we don't drain that from the socket, it makes the socket readable in - subsequent checks and libcurl then (wrongly) assumes the connection is - dead when trying to reuse the connection. - - Reported-by: Joonas Kuorilehto - - Discussed in #750 - -- multi: remove trailing space in debug output - -- RELEASE-NOTES: synced with 86e97b642fb - -- CHECKSRC.md: mention cmdline options, fix the bullet list - -- docs/CHECKSRC.md: initial version - -Steve Holme (3 Apr 2016) -- checksrc.bat: Added support for the examples - -Daniel Stenberg (3 Apr 2016) -- lib/src: fix the checksrc invoke - - ... now works correctly when invoke from the root makefile DELETED scriptlibs/softwareupdate/curl/COPYING-libssh2.txt Index: scriptlibs/softwareupdate/curl/COPYING-libssh2.txt ================================================================== --- scriptlibs/softwareupdate/curl/COPYING-libssh2.txt +++ scriptlibs/softwareupdate/curl/COPYING-libssh2.txt @@ -1,42 +0,0 @@ -/* Copyright (c) 2004-2007 Sara Golemon - * Copyright (c) 2005,2006 Mikhail Gusarov - * Copyright (c) 2006-2007 The Written Word, Inc. - * Copyright (c) 2007 Eli Fant - * Copyright (c) 2009-2014 Daniel Stenberg - * Copyright (C) 2008, 2009 Simon Josefsson - * All rights reserved. - * - * Redistribution and use in source and binary forms, - * with or without modification, are permitted provided - * that the following conditions are met: - * - * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * - * Redistributions in binary form must reproduce the above - * copyright notice, this list of conditions and the following - * disclaimer in the documentation and/or other materials - * provided with the distribution. - * - * Neither the name of the copyright holder nor the names - * of any other contributors may be used to endorse or - * promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR - * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE - * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY - * OF SUCH DAMAGE. - */ - DELETED scriptlibs/softwareupdate/curl/COPYING-nghttp2.txt Index: scriptlibs/softwareupdate/curl/COPYING-nghttp2.txt ================================================================== --- scriptlibs/softwareupdate/curl/COPYING-nghttp2.txt +++ scriptlibs/softwareupdate/curl/COPYING-nghttp2.txt @@ -1,23 +0,0 @@ -The MIT License - -Copyright (c) 2012, 2014, 2015, 2016 Tatsuhiro Tsujikawa -Copyright (c) 2012, 2014, 2015, 2016 nghttp2 contributors - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. DELETED scriptlibs/softwareupdate/curl/COPYING-zlib.txt Index: scriptlibs/softwareupdate/curl/COPYING-zlib.txt ================================================================== --- scriptlibs/softwareupdate/curl/COPYING-zlib.txt +++ scriptlibs/softwareupdate/curl/COPYING-zlib.txt @@ -1,115 +0,0 @@ -ZLIB DATA COMPRESSION LIBRARY - -zlib 1.2.11 is a general purpose data compression library. All the code is -thread safe. The data format used by the zlib library is described by RFCs -(Request for Comments) 1950 to 1952 in the files -http://tools.ietf.org/html/rfc1950 (zlib format), rfc1951 (deflate format) and -rfc1952 (gzip format). - -All functions of the compression library are documented in the file zlib.h -(volunteer to write man pages welcome, contact zlib@gzip.org). A usage example -of the library is given in the file test/example.c which also tests that -the library is working correctly. Another example is given in the file -test/minigzip.c. The compression library itself is composed of all source -files in the root directory. - -To compile all files and run the test program, follow the instructions given at -the top of Makefile.in. In short "./configure; make test", and if that goes -well, "make install" should work for most flavors of Unix. For Windows, use -one of the special makefiles in win32/ or contrib/vstudio/ . For VMS, use -make_vms.com. - -Questions about zlib should be sent to , or to Gilles Vollant - for the Windows DLL version. The zlib home page is -http://zlib.net/ . Before reporting a problem, please check this site to -verify that you have the latest version of zlib; otherwise get the latest -version and check whether the problem still exists or not. - -PLEASE read the zlib FAQ http://zlib.net/zlib_faq.html before asking for help. - -Mark Nelson wrote an article about zlib for the Jan. 1997 -issue of Dr. Dobb's Journal; a copy of the article is available at -http://marknelson.us/1997/01/01/zlib-engine/ . - -The changes made in version 1.2.11 are documented in the file ChangeLog. - -Unsupported third party contributions are provided in directory contrib/ . - -zlib is available in Java using the java.util.zip package, documented at -http://java.sun.com/developer/technicalArticles/Programming/compression/ . - -A Perl interface to zlib written by Paul Marquess is available -at CPAN (Comprehensive Perl Archive Network) sites, including -http://search.cpan.org/~pmqs/IO-Compress-Zlib/ . - -A Python interface to zlib written by A.M. Kuchling is -available in Python 1.5 and later versions, see -http://docs.python.org/library/zlib.html . - -zlib is built into tcl: http://wiki.tcl.tk/4610 . - -An experimental package to read and write files in .zip format, written on top -of zlib by Gilles Vollant , is available in the -contrib/minizip directory of zlib. - - -Notes for some targets: - -- For Windows DLL versions, please see win32/DLL_FAQ.txt - -- For 64-bit Irix, deflate.c must be compiled without any optimization. With - -O, one libpng test fails. The test works in 32 bit mode (with the -n32 - compiler flag). The compiler bug has been reported to SGI. - -- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1 it works - when compiled with cc. - -- On Digital Unix 4.0D (formely OSF/1) on AlphaServer, the cc option -std1 is - necessary to get gzprintf working correctly. This is done by configure. - -- zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works with - other compilers. Use "make test" to check your compiler. - -- gzdopen is not supported on RISCOS or BEOS. - -- For PalmOs, see http://palmzlib.sourceforge.net/ - - -Acknowledgments: - - The deflate format used by zlib was defined by Phil Katz. The deflate and - zlib specifications were written by L. Peter Deutsch. Thanks to all the - people who reported problems and suggested various improvements in zlib; they - are too numerous to cite here. - -Copyright notice: - - (C) 1995-2017 Jean-loup Gailly and Mark Adler - - This software is provided 'as-is', without any express or implied - warranty. In no event will the authors be held liable for any damages - arising from the use of this software. - - Permission is granted to anyone to use this software for any purpose, - including commercial applications, and to alter it and redistribute it - freely, subject to the following restrictions: - - 1. The origin of this software must not be misrepresented; you must not - claim that you wrote the original software. If you use this software - in a product, an acknowledgment in the product documentation would be - appreciated but is not required. - 2. Altered source versions must be plainly marked as such, and must not be - misrepresented as being the original software. - 3. This notice may not be removed or altered from any source distribution. - - Jean-loup Gailly Mark Adler - jloup@gzip.org madler@alumni.caltech.edu - -If you use the zlib library in a product, we would appreciate *not* receiving -lengthy legal documents to sign. The sources are provided for free but without -warranty of any kind. The library has been entirely written by Jean-loup -Gailly and Mark Adler; it does not include third-party code. - -If you redistribute modified sources, we would appreciate that you include in -the file ChangeLog history information documenting your changes. Please read -the FAQ for more information on the distribution of modified source versions. DELETED scriptlibs/softwareupdate/curl/COPYING.txt Index: scriptlibs/softwareupdate/curl/COPYING.txt ================================================================== --- scriptlibs/softwareupdate/curl/COPYING.txt +++ scriptlibs/softwareupdate/curl/COPYING.txt @@ -1,22 +0,0 @@ -COPYRIGHT AND PERMISSION NOTICE - -Copyright (c) 1996 - 2017, Daniel Stenberg, , and many -contributors, see the THANKS file. - -All rights reserved. - -Permission to use, copy, modify, and distribute this software for any purpose -with or without fee is hereby granted, provided that the above copyright -notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN -NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE -OR OTHER DEALINGS IN THE SOFTWARE. - -Except as contained in this notice, the name of a copyright holder shall not -be used in advertising or otherwise to promote the sale, use or other dealings -in this Software without prior written authorization of the copyright holder. DELETED scriptlibs/softwareupdate/curl/LICENSE-openssl.txt Index: scriptlibs/softwareupdate/curl/LICENSE-openssl.txt ================================================================== --- scriptlibs/softwareupdate/curl/LICENSE-openssl.txt +++ scriptlibs/softwareupdate/curl/LICENSE-openssl.txt @@ -1,125 +0,0 @@ - - LICENSE ISSUES - ============== - - The OpenSSL toolkit stays under a dual license, i.e. both the conditions of - the OpenSSL License and the original SSLeay license apply to the toolkit. - See below for the actual license texts. - - OpenSSL License - --------------- - -/* ==================================================================== - * Copyright (c) 1998-2016 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - Original SSLeay License - ----------------------- - -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - DELETED scriptlibs/softwareupdate/curl/README.txt Index: scriptlibs/softwareupdate/curl/README.txt ================================================================== --- scriptlibs/softwareupdate/curl/README.txt +++ scriptlibs/softwareupdate/curl/README.txt @@ -1,49 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -README - - Curl is a command line tool for transferring data specified with URL - syntax. Find out how to use curl by reading the curl.1 man page or the - MANUAL document. Find out how to install Curl by reading the INSTALL - document. - - libcurl is the library curl is using to do its job. It is readily - available to be used by your software. Read the libcurl.3 man page to - learn how! - - You find answers to the most frequent questions we get in the FAQ document. - - Study the COPYING file for distribution terms and similar. If you distribute - curl binaries or other binaries that involve libcurl, you might enjoy the - LICENSE-MIXING document. - -CONTACT - - If you have problems, questions, ideas or suggestions, please contact us - by posting to a suitable mailing list. See https://curl.haxx.se/mail/ - - All contributors to the project are listed in the THANKS document. - -WEB SITE - - Visit the curl web site for the latest news and downloads: - - https://curl.haxx.se/ - -GIT - - To download the very latest source off the GIT server do this: - - git clone https://github.com/curl/curl.git - - (you'll get a directory named curl created, filled with the source code) - -NOTICE - - Curl contains pieces of source code that is Copyright (c) 1998, 1999 - Kungliga Tekniska Högskolan. This notice is included here to comply with the - distribution terms. DELETED scriptlibs/softwareupdate/curl/RELEASE-NOTES.txt Index: scriptlibs/softwareupdate/curl/RELEASE-NOTES.txt ================================================================== --- scriptlibs/softwareupdate/curl/RELEASE-NOTES.txt +++ scriptlibs/softwareupdate/curl/RELEASE-NOTES.txt @@ -1,39 +0,0 @@ -Curl and libcurl 7.53.1 - - Public curl releases: 164 - Command line options: 205 - curl_easy_setopt() options: 244 - Public functions in libcurl: 61 - Contributors: 1507 - -This release includes the following bugfixes: - - o cyassl: fix typo - o url: Improve CURLOPT_PROXY_CAPATH error handling [1] - o urldata: include curl_sspi.h when Windows SSPI is enabled [2] - o formdata: check for EOF when reading from stdin [3] - o tests: Set CHARSET & LANG to UTF-8 in 1035, 2046 and 2047 [4] - o url: Default the proxy CA bundle location to CURL_CA_BUNDLE [5] - o rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h header [6] - -This release includes the following known bugs: - - o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) - -This release would not have looked like this without help, code, reports and -advice from friends like these: - - Dan Fandrich, Daniel Stenberg, İsmail Dönmez, jveazey on github, Ray Satiro, - Sergii Pylypenko, Shachaf Ben-Kiki, Viktor Szakáts, - (8 contributors) - - Thanks! (and sorry if I forgot to mention someone) - -References to bug reports and discussions on issues: - - [1] = https://curl.haxx.se/bug/?i=1257 - [2] = https://curl.haxx.se/bug/?i=1276 - [3] = https://curl.haxx.se/bug/?i=1281 - [4] = https://curl.haxx.se/bug/?i=1277 - [5] = https://curl.haxx.se/bug/?i=1257 - [6] = https://curl.haxx.se/bug/?i=1285 DELETED scriptlibs/softwareupdate/curl/bin/curl-ca-bundle.crt Index: scriptlibs/softwareupdate/curl/bin/curl-ca-bundle.crt ================================================================== --- scriptlibs/softwareupdate/curl/bin/curl-ca-bundle.crt +++ scriptlibs/softwareupdate/curl/bin/curl-ca-bundle.crt @@ -1,4043 +0,0 @@ -## -## Bundle of CA Root Certificates -## -## Certificate data from Mozilla as of: Wed Jan 18 04:12:05 2017 GMT -## -## This is a bundle of X.509 certificates of public Certificate Authorities -## (CA). These were automatically extracted from Mozilla's root certificates -## file (certdata.txt). This file can be found in the mozilla source tree: -## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt -## -## It contains the certificates in PEM format and therefore -## can be directly used with curl / libcurl / php_curl, or with -## an Apache+mod_ssl webserver for SSL client authentication. -## Just configure this file as the SSLCACertificateFile. -## -## Conversion done with mk-ca-bundle.pl version 1.27. -## SHA256: dffa79e6aa993f558e82884abf7bb54bf440ab66ee91d82a27a627f6f2a4ace4 -## - - -GlobalSign Root CA -================== ------BEGIN CERTIFICATE----- -MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGA1UEBhMCQkUx -GTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkds -b2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAwMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNV -BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYD -VQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa -DuaZjc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6sc -THAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4bwY8iGlb -Kk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVtbNV4FpWi6cgKOOvyJBNP -c1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrX -gzT/LCrBbBlDSgeF59N89iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0BAQUF -AAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOzyj1hTdNGCbM+w6Dj -Y1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE38NflNUVyRRBnMRddWQVDf9VMOyG -j/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhH -hm4qxFYxldBniYUr+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveC -X4XSQRjbgbMEHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== ------END CERTIFICATE----- - -GlobalSign Root CA - R2 -======================= ------BEGIN CERTIFICATE----- -MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4GA1UECxMXR2xv -YmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh -bFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT -aWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln -bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6 -ErPLv4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8eoLrvozp -s6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklqtTleiDTsvHgMCJiEbKjN -S7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzdC9XZzPnqJworc5HGnRusyMvo4KD0L5CL -TfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pazq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6C -ygPCm48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E -FgQUm+IHV2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9i -YWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG3lm0mi3f3BmGLjAN -BgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4GsJ0/WwbgcQ3izDJr86iw8bmEbTUsp -9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu -01yiPqFbQfXf5WRDLenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG7 -9G+dwfCMNYxdAfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 -TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== ------END CERTIFICATE----- - -Verisign Class 3 Public Primary Certification Authority - G3 -============================================================ ------BEGIN CERTIFICATE----- -MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJV -UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv -cmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl -IG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQsw -CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy -dXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhv -cml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWduIENsYXNzIDMgUHVibGljIFByaW1hcnkg -Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAMu6nFL8eB8aHm8bN3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1 -EUGO+i2tKmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGukxUc -cLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBmCC+Vk7+qRy+oRpfw -EuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJXwzw3sJ2zq/3avL6QaaiMxTJ5Xpj -055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWuimi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEA -ERSWwauSCPc/L8my/uRan2Te2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5f -j267Cz3qWhMeDGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC -/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565pF4ErWjfJXir0 -xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGtTxzhT5yvDwyd93gN2PQ1VoDa -t20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== ------END CERTIFICATE----- - -Entrust.net Premium 2048 Secure Server CA -========================================= ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChMLRW50cnVzdC5u -ZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAuIGJ5IHJlZi4gKGxp -bWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV -BAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQx -NzUwNTFaFw0yOTA3MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3 -d3d3LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTEl -MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5u -ZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEArU1LqRKGsuqjIAcVFmQqK0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOL -Gp18EzoOH1u3Hs/lJBQesYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSr -hRSGlVuXMlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVTXTzW -nLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/HoZdenoVve8AjhUi -VBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH4QIDAQABo0IwQDAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJ -KoZIhvcNAQEFBQADggEBADubj1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPy -T/4xmf3IDExoU8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf -zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKT -J1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e -nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE= ------END CERTIFICATE----- - -Baltimore CyberTrust Root -========================= ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJRTESMBAGA1UE -ChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3li -ZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoXDTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMC -SUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFs -dGltb3JlIEN5YmVyVHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKME -uyKrmD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjrIZ3AQSsB -UnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeKmpYcqWe4PwzV9/lSEy/C -G9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSuXmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9 -XbIGevOF6uvUA65ehD5f/xXtabz5OTZydc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjpr -l3RjM71oGDHweI12v/yejl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoI -VDaGezq1BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEB -BQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT929hkTI7gQCvlYpNRh -cL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3WgxjkzSswF07r51XgdIGn9w/xZchMB5 -hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsa -Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H -RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp ------END CERTIFICATE----- - -AddTrust Low-Value Services Root -================================ ------BEGIN CERTIFICATE----- -MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRU -cnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQsw -CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBO -ZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ulCDtbKRY6 -54eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0/7Gcrjyvd7ZWxbWr -oulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1 -Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJui -GMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8w -HQYDVR0OBBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTAD -AQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBlMQswCQYDVQQGEwJT -RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEw -HwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxt -ZBsfzQ3duQH6lmM0MkhHma6X7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0Ph -iVYrqW9yTkkz43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY -eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJlpz/+0WatC7xr -mYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vj -ccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= ------END CERTIFICATE----- - -AddTrust External Root -====================== ------BEGIN CERTIFICATE----- -MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYD -VQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEw -NDgzOFowbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRU -cnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0Eg -Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvtH7xsD821 -+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9uMq/NzgtHj6RQa1wVsfw -Tz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzXmk6vBbOmcZSccbNQYArHE504B4YCqOmo -aSYYkKtMsE8jqzpPhNjfzp/haW+710LXa0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy -2xSoRcRdKn23tNbE7qzNE0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv7 -7+ldU9U0WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYDVR0P -BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0Jvf6xCZU7wO94CTL -VBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRk -VHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENB -IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZl -j7DYd7usQWxHYINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 -6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvCNr4TDea9Y355 -e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4u -G+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= ------END CERTIFICATE----- - -AddTrust Public Services Root -============================= ------BEGIN CERTIFICATE----- -MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSAwHgYDVQQDExdBZGRU -cnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAxMDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJ -BgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5l -dHdvcmsxIDAeBgNVBAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV6tsfSlbu -nyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nXGCwwfQ56HmIexkvA/X1i -d9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnPdzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSG -Aa2Il+tmzV7R/9x98oTaunet3IAIx6eH1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAw -HM+A+WD+eeSI8t0A65RF62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0G -A1UdDgQWBBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDELMAkGA1UEBhMCU0Ux -FDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29yazEgMB4G -A1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4 -JNojVhaTdt02KLmuG7jD8WS6IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL -+YPoRNWyQSW/iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao -GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh4SINhwBk/ox9 -Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQmXiLsks3/QppEIW1cxeMiHV9H -EufOX1362KqxMy3ZdvJOOjMMK7MtkAY= ------END CERTIFICATE----- - -AddTrust Qualified Certificates Root -==================================== ------BEGIN CERTIFICATE----- -MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSMwIQYDVQQDExpBZGRU -cnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcx -CzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQ -IE5ldHdvcmsxIzAhBgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx -64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3 -KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1tUvznoD1o -L/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GR -wVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HU -MIHRMB0GA1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6FrpGkwZzELMAkGA1UE -BhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29y -azEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlmaWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQAD -ggEBABmrder4i2VhlRO6aQTvhsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxG -GuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X -dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3P6CxB9bpT9ze -RXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDB -iFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5noxqE= ------END CERTIFICATE----- - -Entrust Root Certification Authority -==================================== ------BEGIN CERTIFICATE----- -MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV -BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw -b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG -A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0 -MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu -MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu -Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v -dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz -A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww -Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68 -j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN -rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw -DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1 -MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH -hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA -A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM -Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa -v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS -W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0 -tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8 ------END CERTIFICATE----- - -GeoTrust Global CA -================== ------BEGIN CERTIFICATE----- -MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQK -Ew1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMDIwNTIxMDQw -MDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j -LjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjo -BbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet -8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+Vc -T4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagU -vTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVk -DBF9qn1luMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57Q -zxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4 -d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2 -mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6p -XE0zX5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm -Mw== ------END CERTIFICATE----- - -GeoTrust Global CA 2 -==================== ------BEGIN CERTIFICATE----- -MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN -R2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwHhcNMDQwMzA0MDUw -MDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j -LjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDvPE1APRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/ -NTL8Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hLTytCOb1k -LUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL5mkWRxHCJ1kDs6ZgwiFA -Vvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7S4wMcoKK+xfNAGw6EzywhIdLFnopsk/b -HdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNH -K266ZUapEBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6tdEPx7 -srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv/NgdRN3ggX+d6Yvh -ZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywNA0ZF66D0f0hExghAzN4bcLUprbqL -OzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkC -x1YAzUm5s2x7UwQa4qjJqhIFI8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqF -H4z1Ir+rzoPz4iIprn2DQKi6bA== ------END CERTIFICATE----- - -GeoTrust Universal CA -===================== ------BEGIN CERTIFICATE----- -MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN -R2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVyc2FsIENBMB4XDTA0MDMwNDA1 -MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu -Yy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBAKYVVaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9t -JPi8cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTTQjOgNB0e -RXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFhF7em6fgemdtzbvQKoiFs -7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2vc7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d -8Lsrlh/eezJS/R27tQahsiFepdaVaH/wmZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7V -qnJNk22CDtucvc+081xdVHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3Cga -Rr0BHdCXteGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZf9hB -Z3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfReBi9Fi1jUIxaS5BZu -KGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+nhutxx9z3SxPGWX9f5NAEC7S8O08 -ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0 -XG0D08DYj3rWMB8GA1UdIwQYMBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIB -hjANBgkqhkiG9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc -aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fXIwjhmF7DWgh2 -qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzynANXH/KttgCJwpQzgXQQpAvvL -oJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0zuzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsK -xr2EoyNB3tZ3b4XUhRxQ4K5RirqNPnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxF -KyDuSN/n3QmOGKjaQI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2 -DFKWkoRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9ER/frslK -xfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQtDF4JbAiXfKM9fJP/P6EU -p8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/SfuvmbJxPgWp6ZKy7PtXny3YuxadIwVyQD8vI -P/rmMuGNG2+k5o7Y+SlIis5z/iw= ------END CERTIFICATE----- - -GeoTrust Universal CA 2 -======================= ------BEGIN CERTIFICATE----- -MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN -R2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwHhcNMDQwMzA0 -MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg -SW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0 -DE81WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUGFF+3Qs17 -j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdqXbboW0W63MOhBW9Wjo8Q -JqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxLse4YuU6W3Nx2/zu+z18DwPw76L5GG//a -QMJS9/7jOvdqdzXQ2o3rXhhqMcceujwbKNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2 -WP0+GfPtDCapkzj4T8FdIgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP -20gaXT73y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRthAAn -ZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgocQIgfksILAAX/8sgC -SqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4Lt1ZrtmhN79UNdxzMk+MBB4zsslG -8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2 -+/CfXGJx7Tz0RzgQKzAfBgNVHSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8E -BAMCAYYwDQYJKoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z -dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQL1EuxBRa3ugZ -4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgrFg5fNuH8KrUwJM/gYwx7WBr+ -mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSoag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpq -A1Ihn0CoZ1Dy81of398j9tx4TuaYT1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpg -Y+RdM4kX2TGq2tbzGDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiP -pm8m1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJVOCiNUW7d -FGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH6aLcr34YEoP9VhdBLtUp -gn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSLakhT2+zNVVXxxvjpoixMptEm -X36vWkzaH6byHCx+rgIW0lbQL1dTR+iS ------END CERTIFICATE----- - -Visa eCommerce Root -=================== ------BEGIN CERTIFICATE----- -MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQG -EwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2Ug -QXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2 -WhcNMjIwNjI0MDAxNjEyWjBrMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMm -VmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv -bW1lcmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h2mCxlCfL -F9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4ElpF7sDPwsRROEW+1QK8b -RaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdVZqW1LS7YgFmypw23RuwhY/81q6UCzyr0 -TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI -/k4+oKsGGelT84ATB+0tvz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzs -GHxBvfaLdXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG -MB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUFAAOCAQEAX/FBfXxc -CLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcRzCSs00Rsca4BIGsDoo8Ytyk6feUW -YFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pz -zkWKsKZJ/0x9nXGIxHYdkFsd7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBu -YQa7FkKMcPcw++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt -398znM/jra6O1I7mT1GvFpLgXPYHDw== ------END CERTIFICATE----- - -Certum Root CA -============== ------BEGIN CERTIFICATE----- -MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQK -ExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQTAeFw0wMjA2MTExMDQ2Mzla -Fw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8u -by4xEjAQBgNVBAMTCUNlcnR1bSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6x -wS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdL -kKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ -89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/K -Uz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu/qpGWX7P -NSzVttpd90gzFFS269lvzs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkq -hkiG9w0BAQUFAAOCAQEAuI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+ -GXYkHAQaTOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvg -GrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqTE5s7FCMTY5w/ -0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5xO/fIR/RpbxXyEV6DHpx8Uq79AtoS -qFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs6GAqm4VKQPNriiTsBhYscw== ------END CERTIFICATE----- - -Comodo AAA Services root -======================== ------BEGIN CERTIFICATE----- -MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS -R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg -TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw -MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl -c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV -BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG -C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs -i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW -Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH -Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK -Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f -BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl -cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz -LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm -7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz -Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z -8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C -12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== ------END CERTIFICATE----- - -Comodo Secure Services root -=========================== ------BEGIN CERTIFICATE----- -MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS -R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg -TGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAw -MDAwMFoXDTI4MTIzMTIzNTk1OVowfjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFu -Y2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAi -BgNVBAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPMcm3ye5drswfxdySRXyWP -9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3SHpR7LZQdqnXXs5jLrLxkU0C8j6ysNstc -rbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rC -oznl2yY4rYsK7hljxxwk3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3V -p6ea5EQz6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNVHQ4E -FgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -gYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL1NlY3VyZUNlcnRpZmlj -YXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRwOi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlm -aWNhdGVTZXJ2aWNlcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm -4J4oqF7Tt/Q05qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj -Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtIgKvcnDe4IRRL -DXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJaD61JlfutuC23bkpgHl9j6Pw -pCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDlizeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1H -RR3B7Hzs/Sk= ------END CERTIFICATE----- - -Comodo Trusted Services root -============================ ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS -R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg -TGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEw -MDAwMDBaFw0yODEyMzEyMzU5NTlaMH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1h -bmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUw -IwYDVQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWWfnJSoBVC21ndZHoa0Lh7 -3TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMtTGo87IvDktJTdyR0nAducPy9C1t2ul/y -/9c3S0pgePfw+spwtOpZqqPOSC+pw7ILfhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6 -juljatEPmsbS9Is6FARW1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsS -ivnkBbA7kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0GA1Ud -DgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21vZG9jYS5jb20vVHJ1c3RlZENlcnRp -ZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRodHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENl -cnRpZmljYXRlU2VydmljZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8Ntw -uleGFTQQuS9/HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32 -pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxISjBc/lDb+XbDA -BHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+xqFx7D+gIIxmOom0jtTYsU0l -R+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/AtyjcndBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O -9y5Xt5hwXsjEeLBi ------END CERTIFICATE----- - -QuoVadis Root CA -================ ------BEGIN CERTIFICATE----- -MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJCTTEZMBcGA1UE -ChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 -eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAz -MTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp -cyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQD -EyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMuk -J0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtL -F8HVj71lODqV0D1VNk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeL -YzcS19Dsw3sgQUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWen -AScOospUxbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4w -PQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y -ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAABMIH7 -MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmlj -YXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJs -ZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh -Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYIKwYBBQUHAgEW -Fmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3TKbkGGew5Oanwl4Rqy+/fMIGu -BgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkw -FwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6 -tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lo -fFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuul -LsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2x -gI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi -5upZIof4l/UO/erMkqQWxFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi -5nrQNiOKSnQ2+Q== ------END CERTIFICATE----- - -QuoVadis Root CA 2 -================== ------BEGIN CERTIFICATE----- -MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT -EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx -ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6 -XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk -lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB -lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy -lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt -66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn -wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh -D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy -BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie -J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud -DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU -a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT -ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv -Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3 -UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm -VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK -+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW -IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1 -WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X -f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II -4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8 -VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u ------END CERTIFICATE----- - -QuoVadis Root CA 3 -================== ------BEGIN CERTIFICATE----- -MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT -EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx -OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg -DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij -KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K -DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv -BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp -p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8 -nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX -MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM -Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz -uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT -BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj -YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 -aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB -BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD -VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4 -ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE -AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV -qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s -hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z -POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2 -Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp -8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC -bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu -g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p -vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr -qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto= ------END CERTIFICATE----- - -Security Communication Root CA -============================== ------BEGIN CERTIFICATE----- -MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP -U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw -HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP -U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw -8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM -DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX -5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd -DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2 -JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw -DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g -0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a -mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ -s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ -6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi -FL39vmwLAw== ------END CERTIFICATE----- - -Sonera Class 2 Root CA -====================== ------BEGIN CERTIFICATE----- -MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEPMA0GA1UEChMG -U29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAxMDQwNjA3Mjk0MFoXDTIxMDQw -NjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJh -IENsYXNzMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3 -/Ei9vX+ALTU74W+oZ6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybT -dXnt5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s3TmVToMG -f+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2EjvOr7nQKV0ba5cTppCD8P -tOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu8nYybieDwnPz3BjotJPqdURrBGAgcVeH -nfO+oJAjPYok4doh28MCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITT -XjwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt -0jSv9zilzqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/3DEI -cbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr450kkkdAdavph -Oe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6Tk6ezAyNlNzZRZxe7EJQY670XcSx -EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH -llpwrN9M ------END CERTIFICATE----- - -UTN USERFirst Hardware Root CA -============================== ------BEGIN CERTIFICATE----- -MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UE -BhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhl -IFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAd -BgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgx -OTIyWjCBlzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0 -eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVz -ZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlI -wrthdBKWHTxqctU8EGc6Oe0rE81m65UJM6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFd -tqdt++BxF2uiiPsA3/4aMXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8 -i4fDidNdoI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqIDsjf -Pe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9KsyoUhbAgMBAAGjgbkw -gbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKFyXyYbKJhDlV0HN9WF -lp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNF -UkZpcnN0LUhhcmR3YXJlLmNybDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUF -BwMGBggrBgEFBQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM -//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28GpgoiskliCE7/yMgUsogW -XecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gECJChicsZUN/KHAG8HQQZexB2 -lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kn -iCrVWFCVH/A7HFe7fRQ5YiuayZSSKqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67 -nfhmqA== ------END CERTIFICATE----- - -Camerfirma Chambers of Commerce Root -==================================== ------BEGIN CERTIFICATE----- -MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe -QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i -ZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAx -NjEzNDNaFw0zNzA5MzAxNjEzNDRaMH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZp -cm1hIFNBIENJRiBBODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3Jn -MSIwIAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0BAQEFAAOC -AQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtbunXF/KGIJPov7coISjlU -xFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0dBmpAPrMMhe5cG3nCYsS4No41XQEMIwRH -NaqbYE6gZj3LJgqcQKH0XZi/caulAGgq7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jW -DA+wWFjbw2Y3npuRVDM30pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFV -d9oKDMyXroDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIGA1Ud -EwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5jaGFtYmVyc2lnbi5v -cmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p26EpW1eLTXYGduHRooowDgYDVR0P -AQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hh -bWJlcnNpZ24ub3JnMCcGA1UdEgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYD -VR0gBFEwTzBNBgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz -aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAAxBl8IahsAi -fJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZdp0AJPaxJRUXcLo0waLIJuvvD -L8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wN -UPf6s+xCX6ndbcj0dc97wXImsQEcXCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/n -ADydb47kMgkdTXg0eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1 -erfutGWaIZDgqtCYvDi1czyL+Nw= ------END CERTIFICATE----- - -Camerfirma Global Chambersign Root -================================== ------BEGIN CERTIFICATE----- -MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe -QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i -ZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYx -NDE4WhcNMzcwOTMwMTYxNDE4WjB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJt -YSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEg -MB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAw -ggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0Mi+ITaFgCPS3CU6gSS9J -1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/sQJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8O -by4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpVeAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl -6DJWk0aJqCWKZQbua795B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c -8lCrEqWhz0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0TAQH/ -BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1iZXJzaWduLm9yZy9j -aGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4wTcbOX60Qq+UDpfqpFDAOBgNVHQ8B -Af8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBj -aGFtYmVyc2lnbi5vcmcwKgYDVR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9y -ZzBbBgNVHSAEVDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh -bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0BAQUFAAOCAQEA -PDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUMbKGKfKX0j//U2K0X1S0E0T9Y -gOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXiryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJ -PJ7oKXqJ1/6v/2j1pReQvayZzKWGVwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4 -IBHNfTIzSJRUTN3cecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREes -t2d/AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== ------END CERTIFICATE----- - -XRamp Global CA Root -==================== ------BEGIN CERTIFICATE----- -MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE -BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj -dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx -HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg -U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu -IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx -foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE -zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs -AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry -xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud -EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap -oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC -AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc -/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt -qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n -nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz -8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw= ------END CERTIFICATE----- - -Go Daddy Class 2 CA -=================== ------BEGIN CERTIFICATE----- -MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY -VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG -A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g -RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD -ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv -2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32 -qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j -YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY -vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O -BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o -atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu -MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG -A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim -PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt -I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ -HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI -Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b -vZ8= ------END CERTIFICATE----- - -Starfield Class 2 CA -==================== ------BEGIN CERTIFICATE----- -MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc -U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg -Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo -MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG -A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG -SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY -bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ -JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm -epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN -F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF -MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f -hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo -bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g -QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs -afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM -PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl -xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD -KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3 -QBFGmh95DmK/D5fs4C8fF5Q= ------END CERTIFICATE----- - -StartCom Certification Authority -================================ ------BEGIN CERTIFICATE----- -MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN -U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu -ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0 -NjM2WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk -LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg -U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw -ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y -o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/ -Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d -eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt -2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z -6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ -osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/ -untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc -UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT -37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE -FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0 -Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNj -YS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUH -AgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRw -Oi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYg -U3RhcnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5 -LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENl -cnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUgYXQgaHR0cDovL2NlcnQuc3Rh -cnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilT -dGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC -AgEAFmyZ9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8jhvh -3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUWFjgKXlf2Ysd6AgXm -vB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHk -fY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3 -fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZ -EoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq -yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl -1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/7HW/ -lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkyShNOsF/5oirpt9P/FlUQqmMGqz9IgcgA38coro -g14= ------END CERTIFICATE----- - -Taiwan GRCA -=========== ------BEGIN CERTIFICATE----- -MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQG -EwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X -DTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1owPzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dv -dmVybm1lbnQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBAJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qN -w8XRIePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1qgQdW8or5 -BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKyyhwOeYHWtXBiCAEuTk8O -1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAtsF/tnyMKtsc2AtJfcdgEWFelq16TheEfO -htX7MfP6Mb40qij7cEwdScevLJ1tZqa2jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wov -J5pGfaENda1UhhXcSTvxls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7 -Q3hub/FCVGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHKYS1t -B6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoHEgKXTiCQ8P8NHuJB -O9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThNXo+EHWbNxWCWtFJaBYmOlXqYwZE8 -lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1UdDgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNV -HRMEBTADAQH/MDkGBGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg2 -09yewDL7MTqKUWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ -TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyfqzvS/3WXy6Tj -Zwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaKZEk9GhiHkASfQlK3T8v+R0F2 -Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFEJPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlU -D7gsL0u8qV1bYH+Mh6XgUmMqvtg7hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6Qz -DxARvBMB1uUO07+1EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+Hbk -Z6MmnD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WXudpVBrkk -7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44VbnzssQwmSNOXfJIoRIM3BKQ -CZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v3Aun+kbfYNucpllQdSNpc5Oy -+fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYsfPQS ------END CERTIFICATE----- - -Swisscom Root CA 1 -================== ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQG -EwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy -dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4 -MTgyMjA2MjBaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGln -aXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIIC -IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9m2BtRsiM -MW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdihFvkcxC7mlSpnzNApbjyF -NDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/TilftKaNXXsLmREDA/7n29uj/x2lzZAe -AR81sH8A25Bvxn570e56eqeqDFdvpG3FEzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkC -b6dJtDZd0KTeByy2dbcokdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn -7uHbHaBuHYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNFvJbN -cA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo19AOeCMgkckkKmUp -WyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjCL3UcPX7ape8eYIVpQtPM+GP+HkM5 -haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJWbjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNY -MUJDLXT5xp6mig/p/r+D5kNXJLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw -HQYDVR0hBBYwFDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j -BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzcK6FptWfUjNP9 -MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzfky9NfEBWMXrrpA9gzXrzvsMn -jgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7IkVh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQ -MbFamIp1TpBcahQq4FJHgmDmHtqBsfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4H -VtA4oJVwIHaM190e3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtl -vrsRls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ipmXeascCl -OS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HHb6D0jqTsNFFbjCYDcKF3 -1QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksfrK/7DZBaZmBwXarNeNQk7shBoJMBkpxq -nvy5JMWzFYJ+vq6VK+uxwNrjAWALXmmshFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCy -x/yP2FS1k2Kdzs9Z+z0YzirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMW -NY6E0F/6MBr1mmz0DlP5OlvRHA== ------END CERTIFICATE----- - -DigiCert Assured ID Root CA -=========================== ------BEGIN CERTIFICATE----- -MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw -IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx -MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL -ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO -9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy -UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW -/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy -oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf -GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF -66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq -hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc -EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn -SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i -8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe -+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== ------END CERTIFICATE----- - -DigiCert Global Root CA -======================= ------BEGIN CERTIFICATE----- -MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw -HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw -MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 -dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn -TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5 -BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H -4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y -7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB -o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm -8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF -BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr -EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt -tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886 -UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk -CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= ------END CERTIFICATE----- - -DigiCert High Assurance EV Root CA -================================== ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw -KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw -MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ -MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu -Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t -Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS -OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3 -MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ -NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe -h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB -Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY -JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ -V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp -myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK -mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe -vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K ------END CERTIFICATE----- - -Certplus Class 2 Primary CA -=========================== ------BEGIN CERTIFICATE----- -MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAwPTELMAkGA1UE -BhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFzcyAyIFByaW1hcnkgQ0EwHhcN -OTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2Vy -dHBsdXMxGzAZBgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBANxQltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR -5aiRVhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyLkcAbmXuZ -Vg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCdEgETjdyAYveVqUSISnFO -YFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yasH7WLO7dDWWuwJKZtkIvEcupdM5i3y95e -e++U8Rs+yskhwcWYAqqi9lt3m/V+llU0HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRME -CDAGAQH/AgEKMAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJ -YIZIAYb4QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMuY29t -L0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/AN9WM2K191EBkOvD -P9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8yfFC82x/xXp8HVGIutIKPidd3i1R -TtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMRFcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+ -7UCmnYR0ObncHoUW2ikbhiMAybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW -//1IMwrh3KWBkJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 -l7+ijrRU ------END CERTIFICATE----- - -DST Root CA X3 -============== ------BEGIN CERTIFICATE----- -MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK -ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X -DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1 -cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT -rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9 -UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy -xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d -utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T -AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ -MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug -dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE -GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw -RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS -fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ ------END CERTIFICATE----- - -DST ACES CA X6 -============== ------BEGIN CERTIFICATE----- -MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQG -EwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QxETAPBgNVBAsTCERTVCBBQ0VT -MRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0wMzExMjAyMTE5NThaFw0xNzExMjAyMTE5NTha -MFsxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UE -CxMIRFNUIEFDRVMxFzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPuktKe1jzI -DZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7gLFViYsx+tC3dr5BPTCa -pCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZHfAjIgrrep4c9oW24MFbCswKBXy314pow -GCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4aahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPy -MjwmR/onJALJfh1biEITajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1Ud -EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rkc3Qu -Y29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjtodHRwOi8vd3d3LnRy -dXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMtaW5kZXguaHRtbDAdBgNVHQ4EFgQU -CXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZIhvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V2 -5FYrnJmQ6AgwbN99Pe7lv7UkQIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6t -Fr8hlxCBPeP/h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq -nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpRrscL9yuwNwXs -vFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf29w4LTJxoeHtxMcfrHuBnQfO3 -oKfN5XozNmr6mis= ------END CERTIFICATE----- - -SwissSign Gold CA - G2 -====================== ------BEGIN CERTIFICATE----- -MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw -EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN -MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp -c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B -AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq -t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C -jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg -vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF -ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR -AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend -jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO -peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR -7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi -GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw -AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64 -OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov -L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm -5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr -44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf -Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m -Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp -mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk -vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf -KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br -NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj -viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ ------END CERTIFICATE----- - -SwissSign Silver CA - G2 -======================== ------BEGIN CERTIFICATE----- -MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT -BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X -DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3 -aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG -9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644 -N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm -+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH -6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu -MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h -qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5 -FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs -ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc -celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X -CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB -tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 -cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P -4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F -kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L -3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx -/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa -DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP -e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu -WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ -DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub -DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u ------END CERTIFICATE----- - -GeoTrust Primary Certification Authority -======================================== ------BEGIN CERTIFICATE----- -MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQG -EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgx -CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQ -cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWN -b6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9 -nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5X9gaBGge -RwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGt -tm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZI -hvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CePbJC/kRYkRj5K -Ts4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl4b7UVXGYNTq+k+qurUKykG/g/CFN -NWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHa -Floxt/m0cYASSJlyc1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG -1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= ------END CERTIFICATE----- - -thawte Primary Root CA -====================== ------BEGIN CERTIFICATE----- -MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UE -BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2 -aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv -cml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3 -MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwg -SW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMv -KGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMT -FnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs -oPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ -1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGc -q/gcfomk6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/K -aAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR32HuHUETVPm4p -afs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD -VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUF -AAOCAQEAeRHAS7ORtvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE -uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX -xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2/qxAeeWsEG89 -jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVH -z7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA== ------END CERTIFICATE----- - -VeriSign Class 3 Public Primary Certification Authority - G5 -============================================================ ------BEGIN CERTIFICATE----- -MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE -BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO -ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk -IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB -yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln -biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh -dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKz -j/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhD -Y2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/ -Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70r -fk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/ -BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv -Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy -aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG -SIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+ -X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKE -KQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiC -Km0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vE -ZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq ------END CERTIFICATE----- - -SecureTrust CA -============== ------BEGIN CERTIFICATE----- -MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG -EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy -dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe -BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX -OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t -DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH -GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b -01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH -ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/ -BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj -aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ -KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu -SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf -mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ -nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR -3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= ------END CERTIFICATE----- - -Secure Global CA -================ ------BEGIN CERTIFICATE----- -MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG -EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH -bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg -MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg -Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx -YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ -bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g -8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV -HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi -0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud -EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn -oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA -MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+ -OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn -CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5 -3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc -f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW ------END CERTIFICATE----- - -COMODO Certification Authority -============================== ------BEGIN CERTIFICATE----- -MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE -BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG -A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1 -dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb -MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD -T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH -+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww -xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV -4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA -1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI -rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k -b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC -AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP -OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ -RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc -IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN -+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ== ------END CERTIFICATE----- - -Network Solutions Certificate Authority -======================================= ------BEGIN CERTIFICATE----- -MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQG -EwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydOZXR3b3Jr -IFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMx -MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu -MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwzc7MEL7xx -jOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6UDL4wpPT -aaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXT -crA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc -/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMB -AAGjgZcwgZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwubmV0c29sc3NsLmNv -bS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3JpdHkuY3JsMA0GCSqGSIb3DQEBBQUA -A4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc86fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q -4LqILPxFzBiwmZVRDuwduIj/h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/ -GGUsyfJj4akH/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv -wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxD -ydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey ------END CERTIFICATE----- - -WellsSecure Public Root Certificate Authority -============================================= ------BEGIN CERTIFICATE----- -MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoM -F1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYw -NAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcN -MDcxMjEzMTcwNzU0WhcNMjIxMjE0MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dl -bGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYD -VQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+rWxxTkqxtnt3CxC5FlAM1 -iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjUDk/41itMpBb570OYj7OeUt9tkTmPOL13 -i0Nj67eT/DBMHAGTthP796EfvyXhdDcsHqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8 -bJVhHlfXBIEyg1J55oNjz7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiB -K0HmOFafSZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/SlwxlAgMB -AAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwu -cGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBQm -lRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0jBIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGB -i6SBiDCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRww -GgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg -Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEBALkVsUSRzCPI -K0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd/ZDJPHV3V3p9+N701NX3leZ0 -bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pBA4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSlj -qHyita04pO2t/caaH/+Xc/77szWnk4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+es -E2fDbbFwRnzVlhE9iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJ -tylv2G0xffX8oRAHh84vWdw+WNs= ------END CERTIFICATE----- - -COMODO ECC Certification Authority -================================== ------BEGIN CERTIFICATE----- -MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC -R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE -ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix -GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR -Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo -b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X -4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni -wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG -FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA -U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= ------END CERTIFICATE----- - -Security Communication EV RootCA1 -================================= ------BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDElMCMGA1UEChMc -U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMhU2VjdXJpdHkgQ29tbXVuaWNh -dGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIzMloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UE -BhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNl -Y3VyaXR5IENvbW11bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSERMqm4miO -/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gOzXppFodEtZDkBp2uoQSX -WHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4z -ZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDFMxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4 -bepJz11sS6/vmsJWXMY1VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK -9U2vP9eCOKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG -SIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HWtWS3irO4G8za+6xm -iEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZq51ihPZRwSzJIxXYKLerJRO1RuGG -Av8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDbEJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnW -mHyojf6GPgcWkuF75x3sM3Z+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEW -T1MKZPlO9L9OVL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490 ------END CERTIFICATE----- - -OISTE WISeKey Global Root GA CA -=============================== ------BEGIN CERTIFICATE----- -MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UE -BhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHlyaWdodCAoYykgMjAwNTEiMCAG -A1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBH -bG9iYWwgUm9vdCBHQSBDQTAeFw0wNTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYD -VQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIw -IAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5 -IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0+zAJs9 -Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxRVVuuk+g3/ytr6dTqvirdqFEr12bDYVxg -Asj1znJ7O7jyTmUIms2kahnBAbtzptf2w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbD -d50kc3vkDIzh2TbhmYsFmQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ -/yxViJGg4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t94B3R -LoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw -AwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ -KoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOxSPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vIm -MMkQyh2I+3QZH4VFvbBsUfk2ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4 -+vg1YFkCExh8vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa -hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZiFj4A4xylNoEY -okxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ/L7fCg0= ------END CERTIFICATE----- - -Microsec e-Szigno Root CA -========================= ------BEGIN CERTIFICATE----- -MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEFBQAwcjELMAkGA1UE -BhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQKEw1NaWNyb3NlYyBMdGQuMRQwEgYDVQQL -EwtlLVN6aWdubyBDQTEiMCAGA1UEAxMZTWljcm9zZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0 -MDYxMjI4NDRaFw0xNzA0MDYxMjI4NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVz -dDEWMBQGA1UEChMNTWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temlnbm8gQ0ExIjAgBgNVBAMT -GU1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB -AQDtyADVgXvNOABHzNuEwSFpLHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2uuO/TEdyB5s87lozWbxXG -d36hL+BfkrYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+LMsvfUh6PXX5qqAnu3jCBspRwn5mS6/N -oqdNAoI/gqyFxuEPkEeZlApxcpMqyabAvjxWTHOSJ/FrtfX9/DAFYJLG65Z+AZHCabEeHXtTRbjc -QR/Ji3HWVBTji1R4P770Yjtb9aPs1ZJ04nQw7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJ -PqW+jqpx62z69Rrkav17fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcBAQRb -MFkwKAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3AwLQYIKwYBBQUHMAKG -IWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAPBgNVHRMBAf8EBTADAQH/MIIBcwYD -VR0gBIIBajCCAWYwggFiBgwrBgEEAYGoGAIBAQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3 -LmUtc3ppZ25vLmh1L1NaU1ovMIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0A -dAB2AOEAbgB5ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBzACAAZQBsAGYAbwBn -AGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA4QBsAHQAYQB0APMAIABTAHoAbwBsAGcA -4QBsAHQAYQB0AOEAcwBpACAAUwB6AGEAYgDhAGwAeQB6AGEAdABhACAAcwB6AGUAcgBpAG4AdAAg -AGsAZQBsAGwAIABlAGwAagDhAHIAbgBpADoAIABoAHQAdABwADoALwAvAHcAdwB3AC4AZQAtAHMA -egBpAGcAbgBvAC4AaAB1AC8AUwBaAFMAWgAvMIHIBgNVHR8EgcAwgb0wgbqggbeggbSGIWh0dHA6 -Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNybIaBjmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NO -PU1pY3Jvc2VjJTIwZS1Temlnbm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxPPU1pY3Jv -c2VjJTIwTHRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5h -cnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuBEGluZm9AZS1zemlnbm8uaHWkdzB1MSMw -IQYDVQQDDBpNaWNyb3NlYyBlLVN6aWduw7MgUm9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhT -WjEWMBQGA1UEChMNTWljcm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhV -MIGsBgNVHSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYDVQQGEwJIVTER -MA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2VjIEx0ZC4xFDASBgNVBAsTC2UtU3pp -Z25vIENBMSIwIAYDVQQDExlNaWNyb3NlYyBlLVN6aWdubyBSb290IENBghEAzLjnv04pGv2i3Gal -HCwPETAdBgNVHQ4EFgQUx6BJdRZhhNsxS4TS8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMT -nGZjWS7KXHAM/IO8VbH0jgdsZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep1fvj1KcExJW4C+FE -aGAHQzAxQmHl7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopYse7tDk2016g2JnzgOsHVV4Lxdbb9iV/a -86g4nzUGCM4ilb7N1fy+W955a9x6qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfRhUZLphK3dehK -yVZs15KrnfVJONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/MPMMNz7UwiiAc7EBt51alhQB -S6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU= ------END CERTIFICATE----- - -Certigna -======== ------BEGIN CERTIFICATE----- -MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw -EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3 -MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI -Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q -XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH -GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p -ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg -DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf -Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ -tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ -BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J -SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA -hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+ -ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu -PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY -1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw -WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== ------END CERTIFICATE----- - -Deutsche Telekom Root CA 2 -========================== ------BEGIN CERTIFICATE----- -MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMT -RGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEG -A1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENBIDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5 -MjM1OTAwWjBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0G -A1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBS -b290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEUha88EOQ5 -bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhCQN/Po7qCWWqSG6wcmtoI -KyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1MjwrrFDa1sPeg5TKqAyZMg4ISFZbavva4VhY -AUlfckE8FQYBjl2tqriTtM2e66foai1SNNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aK -Se5TBY8ZTNXeWHmb0mocQqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTV -jlsB9WoHtxa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAPBgNV -HRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAlGRZrTlk5ynr -E/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756AbrsptJh6sTtU6zkXR34ajgv8HzFZMQSy -zhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpaIzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8 -rZ7/gFnkm0W09juwzTkZmDLl6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4G -dyd1Lx+4ivn+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU -Cm26OWMohpLzGITY+9HPBVZkVw== ------END CERTIFICATE----- - -Cybertrust Global Root -====================== ------BEGIN CERTIFICATE----- -MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYGA1UEChMPQ3li -ZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBSb290MB4XDTA2MTIxNTA4 -MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQD -ExZDeWJlcnRydXN0IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -+Mi8vRRQZhP/8NN57CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW -0ozSJ8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2yHLtgwEZL -AfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iPt3sMpTjr3kfb1V05/Iin -89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNzFtApD0mpSPCzqrdsxacwOUBdrsTiXSZT -8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAYXSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2 -MDSgMqAwhi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3JsMB8G -A1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUAA4IBAQBW7wojoFRO -lZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMjWqd8BfP9IjsO0QbE2zZMcwSO5bAi -5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUxXOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2 -hO0j9n0Hq0V+09+zv+mKts2oomcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+T -X3EJIrduPuocA06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW -WL1WMRJOEcgh4LMRkWXbtKaIOM5V ------END CERTIFICATE----- - -ePKI Root Certification Authority -================================= ------BEGIN CERTIFICATE----- -MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG -EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg -Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx -MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq -MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B -AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs -IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi -lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv -qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX -12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O -WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ -ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao -lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/ -vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi -Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi -MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH -ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0 -1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq -KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV -xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP -NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r -GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE -xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx -gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy -sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD -BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw= ------END CERTIFICATE----- - -T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3 -============================================================================================================================= ------BEGIN CERTIFICATE----- -MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRSMRgwFgYDVQQH -DA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJpbGltc2VsIHZlIFRla25vbG9q -aWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSwVEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ry -b25payB2ZSBLcmlwdG9sb2ppIEFyYcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNV -BAsMGkthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUg -S8O2ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAeFw0wNzA4 -MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIxGDAWBgNVBAcMD0dlYnpl -IC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmlsaW1zZWwgdmUgVGVrbm9sb2ppayBBcmHF -n3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBUQUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZl -IEtyaXB0b2xvamkgQXJhxZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2Ft -dSBTZXJ0aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7ZrIFNl -cnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4hgb46ezzb8R1Sf1n68yJMlaCQvEhO -Eav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yKO7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1 -xnnRFDDtG1hba+818qEhTsXOfJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR -6Oqeyjh1jmKwlZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL -hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQIDAQABo0IwQDAd -BgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmPNOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4 -N5EY3ATIZJkrGG2AA1nJrvhY0D7twyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLT -y9LQQfMmNkqblWwM7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYh -LBOhgLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5noN+J1q2M -dqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUsyZyQ2uypQjyttgI= ------END CERTIFICATE----- - -certSIGN ROOT CA -================ ------BEGIN CERTIFICATE----- -MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD -VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa -Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE -CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I -JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH -rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2 -ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD -0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943 -AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B -Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB -AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8 -SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0 -x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt -vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz -TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD ------END CERTIFICATE----- - -CNNIC ROOT -========== ------BEGIN CERTIFICATE----- -MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJDTjEOMAwGA1UE -ChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2MDcwOTE0WhcNMjcwNDE2MDcw -OTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1Qw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzD -o+/hn7E7SIX1mlwhIhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tiz -VHa6dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZOV/kbZKKT -VrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrCGHn2emU1z5DrvTOTn1Or -czvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gNv7Sg2Ca+I19zN38m5pIEo3/PIKe38zrK -y5nLAgMBAAGjczBxMBEGCWCGSAGG+EIBAQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscC -wQ7vptU7ETAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991S -lgrHAsEO76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnKOOK5 -Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvHugDnuL8BV8F3RTIM -O/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7HgviyJA/qIYM/PmLXoXLT1tLYhFHxUV8 -BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fLbuXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2 -G8kS1sHNzYDzAgE8yGnLRUhj2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5m -mxE= ------END CERTIFICATE----- - -ApplicationCA - Japanese Government -=================================== ------BEGIN CERTIFICATE----- -MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEcMBoGA1UEChMT -SmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRpb25DQTAeFw0wNzEyMTIxNTAw -MDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYTAkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zl -cm5tZW50MRYwFAYDVQQLEw1BcHBsaWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAp23gdE6Hj6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4 -fl+Kf5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55IrmTwcrN -wVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cwFO5cjFW6WY2H/CPek9AE -jP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDihtQWEjdnjDuGWk81quzMKq2edY3rZ+nYVu -nyoKb58DKTCXKB28t89UKU5RMfkntigm/qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRU -WssmP3HMlEYNllPqa0jQk/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNV -BAYTAkpQMRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOCseOD -vOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADlqRHZ3ODrs -o2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJhyzjVOGjprIIC8CFqMjSnHH2HZ9g -/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYD -io+nEhEMy/0/ecGc/WLuo89UDNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmW -dupwX3kSa+SjB1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL -rosot4LKGAfmt1t06SAZf7IbiVQ= ------END CERTIFICATE----- - -GeoTrust Primary Certification Authority - G3 -============================================= ------BEGIN CERTIFICATE----- -MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UE -BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0 -IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFy -eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIz -NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAo -YykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT -LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5j -K/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdE -c5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3C -IShwiP/WJmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKu -dlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl1UcCAwEAAaNC -MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMR5yo6hTgMdHNxr -2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9 -cr5HqQ6XErhK8WTTOd8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE -Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD -AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUHSJsMC8tJP33s -t/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt ------END CERTIFICATE----- - -thawte Primary Root CA - G2 -=========================== ------BEGIN CERTIFICATE----- -MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDELMAkGA1UEBhMC -VVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMu -IC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3Qg -Q0EgLSBHMjAeFw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEV -MBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBG -b3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAt -IEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJS -LSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2twu8x+qi5 -8/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU -mtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUN -G4k8VIZ3KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3K -rr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== ------END CERTIFICATE----- - -thawte Primary Root CA - G3 -=========================== ------BEGIN CERTIFICATE----- -MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UE -BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2 -aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv -cml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0w -ODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh -d3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYD -VQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIG -A1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2At -P0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC -+BsUa0Lfb1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY -7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkGcuYMXDhpxwTW -vGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUkOQIDAQABo0IwQDAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJ -KoZIhvcNAQELBQADggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK -A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu -t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC -8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcm -er/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A= ------END CERTIFICATE----- - -GeoTrust Primary Certification Authority - G2 -============================================= ------BEGIN CERTIFICATE----- -MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMC -VVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IElu -Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBD -ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1 -OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg -MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdl -b1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEG -BSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33KSLjHUGMc -KiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYD -VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+ -EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7m -ndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6ogRLQy7rQkgu2 -npaqBA+K ------END CERTIFICATE----- - -VeriSign Universal Root Certification Authority -=============================================== ------BEGIN CERTIFICATE----- -MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCBvTELMAkGA1UE -BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO -ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk -IHVzZSBvbmx5MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9u -IEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJV -UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv -cmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl -IG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj -1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGP -MiJhgsWHH26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL72 -9fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMReYTtXlT2NJ8I -AfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPTrJ9VAMf2CGqUuV/c4DPxhGD5WycR -tPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0G -CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O -a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud -DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3 -Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazx -Y8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTx -P/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+P -wGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4 -mJO37M2CYfE45k+XmCpajQ== ------END CERTIFICATE----- - -VeriSign Class 3 Public Primary Certification Authority - G4 -============================================================ ------BEGIN CERTIFICATE----- -MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjELMAkGA1UEBhMC -VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3 -b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVz -ZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj -YXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjEL -MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU -cnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRo -b3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5 -IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8 -Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGz -rl0Bp3vefLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB -/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEw -HzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24u -Y29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMD -A2gAMGUCMGYhDBgmYFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx -AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== ------END CERTIFICATE----- - -NetLock Arany (Class Gold) Főtanúsítvány -======================================== ------BEGIN CERTIFICATE----- -MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G -A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610 -dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB -cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx -MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO -ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv -biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6 -c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu -0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw -/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk -H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw -fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1 -neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW -qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta -YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC -bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna -NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu -dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= ------END CERTIFICATE----- - -Staat der Nederlanden Root CA - G2 -================================== ------BEGIN CERTIFICATE----- -MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE -CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g -Um9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oXDTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMC -TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l -ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ -5291qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8SpuOUfiUtn -vWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPUZ5uW6M7XxgpT0GtJlvOj -CwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvEpMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiil -e7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCR -OME4HYYEhLoaJXhena/MUGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpI -CT0ugpTNGmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy5V65 -48r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv6q012iDTiIJh8BIi -trzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEKeN5KzlW/HdXZt1bv8Hb/C3m1r737 -qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMB -AAGjgZcwgZQwDwYDVR0TAQH/BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcC -ARYxaHR0cDovL3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV -HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqGSIb3DQEBCwUA -A4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLySCZa59sCrI2AGeYwRTlHSeYAz -+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwj -f/ST7ZwaUb7dRUG/kSS0H4zpX897IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaN -kqbG9AclVMwWVxJKgnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfk -CpYL+63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxLvJxxcypF -URmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkmbEgeqmiSBeGCc1qb3Adb -CG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvkN1trSt8sV4pAWja63XVECDdCcAz+3F4h -oKOKwJCcaNpQ5kUQR3i2TtJlycM33+FCY7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoV -IPVVYpbtbZNQvOSqeK3Zywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm -66+KAQ== ------END CERTIFICATE----- - -Hongkong Post Root CA 1 -======================= ------BEGIN CERTIFICATE----- -MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT -DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx -NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n -IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1 -ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr -auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh -qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY -V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV -HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i -h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio -l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei -IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps -T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT -c4afU9hDDl3WY4JxHYB0yvbiAmvZWg== ------END CERTIFICATE----- - -SecureSign RootCA11 -=================== ------BEGIN CERTIFICATE----- -MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi -SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS -b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw -KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1 -cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL -TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO -wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq -g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP -O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA -bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX -t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh -OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r -bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ -Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01 -y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061 -lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I= ------END CERTIFICATE----- - -ACEDICOM Root -============= ------BEGIN CERTIFICATE----- -MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UEAwwNQUNFRElD -T00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMB4XDTA4 -MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEWMBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoG -A1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHk -WLn709gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7XBZXehuD -YAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5PGrjm6gSSrj0RuVFCPYew -MYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAKt0SdE3QrwqXrIhWYENiLxQSfHY9g5QYb -m8+5eaA9oiM/Qj9r+hwDezCNzmzAv+YbX79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbk -HQl/Sog4P75n/TSW9R28MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTT -xKJxqvQUfecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI2Sf2 -3EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyHK9caUPgn6C9D4zq9 -2Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEaeZAwUswdbxcJzbPEHXEUkFDWug/Fq -TYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz -4SsrSbbXc6GqlPUB53NlTKxQMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU -9QHnc2VMrFAwRAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv -bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWImfQwng4/F9tqg -aHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3gvoFNTPhNahXwOf9jU8/kzJP -eGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKeI6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1Pwk -zQSulgUV1qzOMPPKC8W64iLgpq0i5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1 -ThCojz2GuHURwCRiipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oI -KiMnMCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZo5NjEFIq -nxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6zqylfDJKZ0DcMDQj3dcE -I2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacNGHk0vFQYXlPKNFHtRQrmjseCNj6nOGOp -MCwXEGCSn1WHElkQwg9naRHMTh5+Spqtr0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3o -tkYNbn5XOmeUwssfnHdKZ05phkOTOPu220+DkdRgfks+KzgHVZhepA== ------END CERTIFICATE----- - -Microsec e-Szigno Root CA 2009 -============================== ------BEGIN CERTIFICATE----- -MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER -MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv -c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o -dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE -BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt -U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA -fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG -0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA -pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm -1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC -AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf -QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE -FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o -lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX -I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 -tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02 -yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi -LXpUq3DDfSJlgnCW ------END CERTIFICATE----- - -GlobalSign Root CA - R3 -======================= ------BEGIN CERTIFICATE----- -MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv -YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh -bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT -aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln -bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt -iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ -0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3 -rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl -OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2 -xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE -FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7 -lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8 -EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E -bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18 -YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r -kpeDMdmztcpHWD9f ------END CERTIFICATE----- - -Autoridad de Certificacion Firmaprofesional CIF A62634068 -========================================================= ------BEGIN CERTIFICATE----- -MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA -BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 -MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw -QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB -NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD -Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P -B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY -7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH -ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI -plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX -MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX -LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK -bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU -vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud -EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH -DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp -cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA -bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx -ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx -51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk -R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP -T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f -Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl -osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR -crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR -saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD -KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi -6Et8Vcad+qMUu2WFbm5PEn4KPJ2V ------END CERTIFICATE----- - -Izenpe.com -========== ------BEGIN CERTIFICATE----- -MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG -EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz -MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu -QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ -03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK -ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU -+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC -PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT -OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK -F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK -0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+ -0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB -leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID -AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+ -SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG -NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx -MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O -BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l -Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga -kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q -hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs -g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5 -aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5 -nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC -ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo -Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z -WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== ------END CERTIFICATE----- - -Chambers of Commerce Root - 2008 -================================ ------BEGIN CERTIFICATE----- -MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJFVTFD -MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv -bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu -QS4xKTAnBgNVBAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEy -Mjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNl -ZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF -EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJl -cnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC -AQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKA -XuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorj -h40G072QDuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/ -ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFHcpOrUMPrCXZk -NNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05aSd+pZgvMPMZ4fKecHePOjlO+Bd5g -D2vlGts/4+EhySnB8esHnFIbAURRPHsl18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331 -lubKgdaX8ZSD6e2wsWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ -0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj -ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAxhduub+84Mxh2 -EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCI -G8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJ -BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNh -bWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENh -bWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiC -CQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH -AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAJASryI1 -wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH -3qLPaYRgM+gQDROpI9CF5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbU -RWpGqOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaHFoI6 -M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2pSB7+R5KBWIBpih1 -YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF -9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK -zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvG -nrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg -OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ ------END CERTIFICATE----- - -Global Chambersign Root - 2008 -============================== ------BEGIN CERTIFICATE----- -MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYDVQQGEwJFVTFD -MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv -bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu -QS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMx -NDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUg -Y3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ -QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD -aGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDf -VtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXf -XjaOcNFccUMd2drvXNL7G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0 -ZJJ0YPP2zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB -/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiMvvKRhI9lNNgA -TH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2Id3UwD2ln58fQ1DJu7xsepeY7s2M -H/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfe -Ox2YItaswTXbo6Al/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF -HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh -wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsogzCtLkykPAgMB -AAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuT -BjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UE -BhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm -aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm -aXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp -1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0 -dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAICIf3DekijZBZRG -/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6 -ReAJ3spED8IXDneRRXozX1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/s -dZ7LoR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVza2Mg -9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yydYhz2rXzdpjEetrHH -foUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9Du -qqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr -P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVq -c5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z -09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B ------END CERTIFICATE----- - -Go Daddy Root Certificate Authority - G2 -======================================== ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT -B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu -MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 -MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 -b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G -A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq -9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD -+qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd -fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl -NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC -MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9 -BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac -vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r -5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV -N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO -LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1 ------END CERTIFICATE----- - -Starfield Root Certificate Authority - G2 -========================================= ------BEGIN CERTIFICATE----- -MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT -B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s -b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 -eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw -DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg -VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB -dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv -W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs -bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk -N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf -ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU -JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol -TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx -4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw -F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K -pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ -c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 ------END CERTIFICATE----- - -Starfield Services Root Certificate Authority - G2 -================================================== ------BEGIN CERTIFICATE----- -MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT -B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s -b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl -IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT -dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg -Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2 -h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa -hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP -LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB -rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw -AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG -SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP -E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy -xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd -iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza -YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6 ------END CERTIFICATE----- - -AffirmTrust Commercial -====================== ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS -BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw -MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly -bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb -DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV -C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6 -BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww -MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV -HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG -hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi -qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv -0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh -sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= ------END CERTIFICATE----- - -AffirmTrust Networking -====================== ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS -BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw -MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly -bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE -Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI -dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24 -/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb -h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV -HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu -UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6 -12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23 -WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9 -/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= ------END CERTIFICATE----- - -AffirmTrust Premium -=================== ------BEGIN CERTIFICATE----- -MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS -BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy -OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy -dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn -BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV -5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs -+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd -GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R -p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI -S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04 -6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5 -/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo -+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv -MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg -Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC -6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S -L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK -+4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV -BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg -IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60 -g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb -zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw== ------END CERTIFICATE----- - -AffirmTrust Premium ECC -======================= ------BEGIN CERTIFICATE----- -MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV -BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx -MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U -cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ -N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW -BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK -BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X -57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM -eQ== ------END CERTIFICATE----- - -Certum Trusted Network CA -========================= ------BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK -ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy -MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU -ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC -l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J -J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4 -fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0 -cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB -Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw -DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj -jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1 -mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj -Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI -03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= ------END CERTIFICATE----- - -Certinomis - Autorité Racine -============================ ------BEGIN CERTIFICATE----- -MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjETMBEGA1UEChMK -Q2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAkBgNVBAMMHUNlcnRpbm9taXMg -LSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkG -A1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYw -JAYDVQQDDB1DZXJ0aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jYF1AMnmHa -wE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N8y4oH3DfVS9O7cdxbwly -Lu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWerP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw -2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92N -jMD2AR5vpTESOH2VwnHu7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9q -c1pkIuVC28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6lSTC -lrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1Enn1So2+WLhl+HPNb -xxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB0iSVL1N6aaLwD4ZFjliCK0wi1F6g -530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql095gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna -4NH4+ej9Uji29YnfAgMBAAGjWzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G -A1UdDgQWBBQNjLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ -KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9sov3/4gbIOZ/x -WqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZMOH8oMDX/nyNTt7buFHAAQCva -R6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40 -nJ+U8/aGH88bc62UeYdocMMzpXDn2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1B -CxMjidPJC+iKunqjo3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjv -JL1vnxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG5ERQL1TE -qkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWqpdEdnV1j6CTmNhTih60b -WfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZbdsLLO7XSAPCjDuGtbkD326C00EauFddE -wk01+dIL8hf2rGbVJLJP0RyZwG71fet0BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/ -vgt2Fl43N+bYdJeimUV5 ------END CERTIFICATE----- - -TWCA Root Certification Authority -================================= ------BEGIN CERTIFICATE----- -MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ -VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG -EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB -IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx -QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC -oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP -4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r -y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG -9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC -mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW -QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY -T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny -Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== ------END CERTIFICATE----- - -Security Communication RootCA2 -============================== ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc -U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh -dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC -SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy -aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++ -+T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R -3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV -spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K -EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8 -QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB -CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj -u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk -3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q -tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29 -mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 ------END CERTIFICATE----- - -EC-ACC -====== ------BEGIN CERTIFICATE----- -MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UE -BhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0w -ODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD -VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UE -CxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMT -BkVDLUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQGEwJFUzE7 -MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8gKE5JRiBRLTA4MDExNzYt -SSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBDZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZl -Z2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQubmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJh -cnF1aWEgRW50aXRhdHMgZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUND -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R85iK -w5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm4CgPukLjbo73FCeT -ae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaVHMf5NLWUhdWZXqBIoH7nF2W4onW4 -HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNdQlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0a -E9jD2z3Il3rucO2n5nzbcc8tlGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw -0JDnJwIDAQABo4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4opvpXY0wfwYD -VR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBodHRwczovL3d3dy5jYXRjZXJ0 -Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5l -dC92ZXJhcnJlbCAwDQYJKoZIhvcNAQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJ -lF7W2u++AVtd0x7Y/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNa -Al6kSBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhyRp/7SNVe -l+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOSAgu+TGbrIP65y7WZf+a2 -E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xlnJ2lYJU6Un/10asIbvPuW/mIPX64b24D -5EI= ------END CERTIFICATE----- - -Hellenic Academic and Research Institutions RootCA 2011 -======================================================= ------BEGIN CERTIFICATE----- -MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBAoT -O0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9y -aXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z -IFJvb3RDQSAyMDExMB4XDTExMTIwNjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYT -AkdSMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z -IENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNo -IEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPzdYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI -1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJfel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa -71HFK9+WXesyHgLacEnsbgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u -8yBRQlqD75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSPFEDH -3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNVHRMBAf8EBTADAQH/ -MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp5dgTBCPuQSUwRwYDVR0eBEAwPqA8 -MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQub3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQu -b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVt -XdMiKahsog2p6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 -TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD -/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N -7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4 ------END CERTIFICATE----- - -Actalis Authentication Root CA -============================== ------BEGIN CERTIFICATE----- -MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM -BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE -AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky -MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz -IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 -IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ -wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa -by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6 -zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f -YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2 -oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l -EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7 -hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8 -EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5 -jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY -iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt -ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI -WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0 -JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx -K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+ -Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC -4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo -2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz -lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem -OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9 -vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== ------END CERTIFICATE----- - -Trustis FPS Root CA -=================== ------BEGIN CERTIFICATE----- -MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQG -EwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQLExNUcnVzdGlzIEZQUyBSb290 -IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTExMzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNV -BAoTD1RydXN0aXMgTGltaXRlZDEcMBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQ -RUN+AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihHiTHcDnlk -H5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjjvSkCqPoc4Vu5g6hBSLwa -cY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zt -o3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlBOrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEA -AaNTMFEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAd -BgNVHQ4EFgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01GX2c -GE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmWzaD+vkAMXBJV+JOC -yinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP41BIy+Q7DsdwyhEQsb8tGD+pmQQ9P -8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZEf1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHV -l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl -iB6XzCGcKQENZetX2fNXlrtIzYE= ------END CERTIFICATE----- - -StartCom Certification Authority -================================ ------BEGIN CERTIFICATE----- -MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN -U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu -ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0 -NjM3WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk -LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg -U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw -ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y -o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/ -Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d -eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt -2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z -6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ -osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/ -untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc -UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT -37uMdBNSSwIDAQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD -VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQ -Qa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCCATgwLgYIKwYBBQUHAgEWImh0 -dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu -c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENv -bW1lcmNpYWwgKFN0YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0 -aGUgc2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0 -aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t -L3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBG -cmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5 -fPGFf59Jb2vKXfuM/gTFwWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWm -N3PH/UvSTa0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst0OcN -Org+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNcpRJvkrKTlMeIFw6T -tn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKlCcWw0bdT82AUuoVpaiF8H3VhFyAX -e2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVFP0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA -2MFrLH9ZXF2RsXAiV+uKa0hK1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBs -HvUwyKMQ5bLmKhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE -JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ8dCAWZvLMdib -D4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnmfyWl8kgAwKQB2j8= ------END CERTIFICATE----- - -StartCom Certification Authority G2 -=================================== ------BEGIN CERTIFICATE----- -MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMN -U3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -RzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UE -ChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8O -o1XJJZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsDvfOpL9HG -4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnooD/Uefyf3lLE3PbfHkffi -Aez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/Q0kGi4xDuFby2X8hQxfqp0iVAXV16iul -Q5XqFYSdCI0mblWbq9zSOdIxHWDirMxWRST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbs -O+wmETRIjfaAKxojAuuKHDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8H -vKTlXcxNnw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM0D4L -nMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/iUUjXuG+v+E5+M5iS -FGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9Ha90OrInwMEePnWjFqmveiJdnxMa -z6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHgTuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJ -KoZIhvcNAQELBQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K -2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfXUfEpY9Z1zRbk -J4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl6/2o1PXWT6RbdejF0mCy2wl+ -JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG -/+gyRr61M3Z3qAFdlsHB1b6uJcDJHgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTc -nIhT76IxW1hPkWLIwpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/Xld -blhYXzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5lIxKVCCIc -l85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoohdVddLHRDiBYmxOlsGOm -7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulrso8uBtjRkcfGEvRM/TAXw8HaOFvjqerm -obp573PYtlNXLfbQ4ddI ------END CERTIFICATE----- - -Buypass Class 2 Root CA -======================= ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU -QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X -DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 -eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1 -g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn -9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b -/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU -CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff -awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI -zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn -Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX -Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs -M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD -VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF -AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s -A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI -osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S -aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd -DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD -LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0 -oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC -wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS -CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN -rJgWVqA= ------END CERTIFICATE----- - -Buypass Class 3 Root CA -======================= ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU -QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X -DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 -eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH -sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR -5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh -7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ -ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH -2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV -/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ -RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA -Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq -j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD -VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF -AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV -cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G -uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG -Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8 -ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2 -KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz -6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug -UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe -eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi -Cp/HuZc= ------END CERTIFICATE----- - -T-TeleSec GlobalRoot Class 3 -============================ ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM -IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU -cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx -MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz -dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD -ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK -9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU -NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF -iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W -0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA -MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr -AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb -fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT -ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h -P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml -e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw== ------END CERTIFICATE----- - -EE Certification Centre Root CA -=============================== ------BEGIN CERTIFICATE----- -MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQG -EwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2Vy -dGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIw -MTAxMDMwMTAxMDMwWhgPMjAzMDEyMTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlB -UyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRy -ZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUyeuuOF0+W2Ap7kaJjbMeM -TC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvObntl8jixwKIy72KyaOBhU8E2lf/slLo2 -rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIwWFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw -93X2PaRka9ZP585ArQ/dMtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtN -P2MbRMNE1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYDVR0T -AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/zQas8fElyalL1BSZ -MEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEF -BQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+Rj -xY6hUFaTlrg4wCQiZrxTFGGVv9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqM -lIpPnTX/dqQGE5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u -uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU -3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/vGVCJYMzpJJUPwssd8m92kMfM -dcGWxZ0= ------END CERTIFICATE----- - -TURKTRUST Certificate Services Provider Root 2007 -================================================= ------BEGIN CERTIFICATE----- -MIIEPTCCAyWgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvzE/MD0GA1UEAww2VMOcUktUUlVTVCBF -bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEP -MA0GA1UEBwwGQW5rYXJhMV4wXAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUg -QmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgQXJhbMSxayAyMDA3MB4X -DTA3MTIyNTE4MzcxOVoXDTE3MTIyMjE4MzcxOVowgb8xPzA9BgNVBAMMNlTDnFJLVFJVU1QgRWxl -a3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTELMAkGA1UEBhMCVFIxDzAN -BgNVBAcMBkFua2FyYTFeMFwGA1UECgxVVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZlIEJp -bGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7Fni4gKGMpIEFyYWzEsWsgMjAwNzCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKu3PgqMyKVYFeaK7yc9SrToJdPNM8Ig3BnuiD9N -YvDdE3ePYakqtdTyuTFYKTsvP2qcb3N2Je40IIDu6rfwxArNK4aUyeNgsURSsloptJGXg9i3phQv -KUmi8wUG+7RP2qFsmmaf8EMJyupyj+sA1zU511YXRxcw9L6/P8JorzZAwan0qafoEGsIiveGHtya -KhUG9qPw9ODHFNRRf8+0222vR5YXm3dx2KdxnSQM9pQ/hTEST7ruToK4uT6PIzdezKKqdfcYbwnT -rqdUKDT74eA7YH2gvnmJhsifLfkKS8RQouf9eRbHegsYz85M733WB2+Y8a+xwXrXgTW4qhe04MsC -AwEAAaNCMEAwHQYDVR0OBBYEFCnFkKslrxHkYb+j/4hhkeYO/pyBMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAQDdr4Ouwo0RSVgrESLFF6QSU2TJ/s -Px+EnWVUXKgWAkD6bho3hO9ynYYKVZ1WKKxmLNA6VpM0ByWtCLCPyA8JWcqdmBzlVPi5RX9ql2+I -aE1KBiY3iAIOtsbWcpnOa3faYjGkVh+uX4132l32iPwa2Z61gfAyuOOI0JzzaqC5mxRZNTZPz/OO -Xl0XrRWV2N2y1RVuAE6zS89mlOTgzbUF2mNXi+WzqtvALhyQRNsaXRik7r4EW5nVcV9VZWRi1aKb -BFmGyGJ353yCRWo9F7/snXUMrqNvWtMvmDb08PUZqxFdyKbjKlhqQgnDvZImZjINXQhVdP+MmNAK -poRq0Tl9 ------END CERTIFICATE----- - -D-TRUST Root Class 3 CA 2 2009 -============================== ------BEGIN CERTIFICATE----- -MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK -DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe -Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE -LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD -ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA -BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv -KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z -p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC -AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ -4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y -eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw -MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G -PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw -OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm -2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 -o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV -dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph -X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I= ------END CERTIFICATE----- - -D-TRUST Root Class 3 CA 2 EV 2009 -================================= ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK -DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw -OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK -DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw -OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS -egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh -zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T -7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60 -sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35 -11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv -cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v -ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El -MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp -b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh -c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+ -PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 -nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX -ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA -NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv -w9y4AyHqnxbxLFS1 ------END CERTIFICATE----- - -PSCProcert -========== ------BEGIN CERTIFICATE----- -MIIJhjCCB26gAwIBAgIBCzANBgkqhkiG9w0BAQsFADCCAR4xPjA8BgNVBAMTNUF1dG9yaWRhZCBk -ZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9sYW5vMQswCQYDVQQGEwJWRTEQ -MA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlzdHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lz -dGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBl -cmludGVuZGVuY2lhIGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUw -IwYJKoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyODE2NTEwMFoXDTIw -MTIyNTIzNTk1OVowgdExJjAkBgkqhkiG9w0BCQEWF2NvbnRhY3RvQHByb2NlcnQubmV0LnZlMQ8w -DQYDVQQHEwZDaGFjYW8xEDAOBgNVBAgTB01pcmFuZGExKjAoBgNVBAsTIVByb3ZlZWRvciBkZSBD -ZXJ0aWZpY2Fkb3MgUFJPQ0VSVDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZp -Y2FjaW9uIEVsZWN0cm9uaWNhMQswCQYDVQQGEwJWRTETMBEGA1UEAxMKUFNDUHJvY2VydDCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANW39KOUM6FGqVVhSQ2oh3NekS1wwQYalNo97BVC -wfWMrmoX8Yqt/ICV6oNEolt6Vc5Pp6XVurgfoCfAUFM+jbnADrgV3NZs+J74BCXfgI8Qhd19L3uA -3VcAZCP4bsm+lU/hdezgfl6VzbHvvnpC2Mks0+saGiKLt38GieU89RLAu9MLmV+QfI4tL3czkkoh -RqipCKzx9hEC2ZUWno0vluYC3XXCFCpa1sl9JcLB/KpnheLsvtF8PPqv1W7/U0HU9TI4seJfxPmO -EO8GqQKJ/+MMbpfg353bIdD0PghpbNjU5Db4g7ayNo+c7zo3Fn2/omnXO1ty0K+qP1xmk6wKImG2 -0qCZyFSTXai20b1dCl53lKItwIKOvMoDKjSuc/HUtQy9vmebVOvh+qBa7Dh+PsHMosdEMXXqP+UH -0quhJZb25uSgXTcYOWEAM11G1ADEtMo88aKjPvM6/2kwLkDd9p+cJsmWN63nOaK/6mnbVSKVUyqU -td+tFjiBdWbjxywbk5yqjKPK2Ww8F22c3HxT4CAnQzb5EuE8XL1mv6JpIzi4mWCZDlZTOpx+FIyw -Bm/xhnaQr/2v/pDGj59/i5IjnOcVdo/Vi5QTcmn7K2FjiO/mpF7moxdqWEfLcU8UC17IAggmosvp -r2uKGcfLFFb14dq12fy/czja+eevbqQ34gcnAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/ -AgEBMDcGA1UdEgQwMC6CD3N1c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAz -Ni0wMB0GA1UdDgQWBBRBDxk4qpl/Qguk1yeYVKIXTC1RVDCCAVAGA1UdIwSCAUcwggFDgBStuyId -xuDSAaj9dlBSk+2YwU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0b3JpZGFkIGRlIENlcnRp -ZmljYWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xhbm8xCzAJBgNVBAYTAlZFMRAwDgYDVQQH -EwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0cml0byBDYXBpdGFsMTYwNAYDVQQKEy1TaXN0ZW1hIE5h -Y2lvbmFsIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5k -ZW5jaWEgZGUgU2VydmljaW9zIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkqhkiG -9w0BCQEWFmFjcmFpekBzdXNjZXJ0ZS5nb2IudmWCAQowDgYDVR0PAQH/BAQDAgEGME0GA1UdEQRG -MESCDnByb2NlcnQubmV0LnZloBUGBWCGXgIBoAwMClBTQy0wMDAwMDKgGwYFYIZeAgKgEgwQUklG -LUotMzE2MzUzNzMtNzB2BgNVHR8EbzBtMEagRKBChkBodHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52 -ZS9sY3IvQ0VSVElGSUNBRE8tUkFJWi1TSEEzODRDUkxERVIuY3JsMCOgIaAfhh1sZGFwOi8vYWNy -YWl6LnN1c2NlcnRlLmdvYi52ZTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9v -Y3NwLnN1c2NlcnRlLmdvYi52ZTBBBgNVHSAEOjA4MDYGBmCGXgMBAjAsMCoGCCsGAQUFBwIBFh5o -dHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9kcGMwDQYJKoZIhvcNAQELBQADggIBACtZ6yKZu4Sq -T96QxtGGcSOeSwORR3C7wJJg7ODU523G0+1ng3dS1fLld6c2suNUvtm7CpsR72H0xpkzmfWvADmN -g7+mvTV+LFwxNG9s2/NkAZiqlCxB3RWGymspThbASfzXg0gTB1GEMVKIu4YXx2sviiCtxQuPcD4q -uxtxj7mkoP3YldmvWb8lK5jpY5MvYB7Eqvh39YtsL+1+LrVPQA3uvFd359m21D+VJzog1eWuq2w1 -n8GhHVnchIHuTQfiSLaeS5UtQbHh6N5+LwUeaO6/u5BlOsju6rEYNxxik6SgMexxbJHmpHmJWhSn -FFAFTKQAVzAswbVhltw+HoSvOULP5dAssSS830DD7X9jSr3hTxJkhpXzsOfIt+FTvZLm8wyWuevo -5pLtp4EJFAv8lXrPj9Y0TzYS3F7RNHXGRoAvlQSMx4bEqCaJqD8Zm4G7UaRKhqsLEQ+xrmNTbSjq -3TNWOByyrYDT13K9mmyZY+gAu0F2BbdbmRiKw7gSXFbPVgx96OLP7bx0R/vu0xdOIk9W/1DzLuY5 -poLWccret9W6aAjtmcz9opLLabid+Qqkpj5PkygqYWwHJgD/ll9ohri4zspV4KuxPX+Y1zMOWj3Y -eMLEYC/HYvBhkdI4sPaeVdtAgAUSM84dkpvRabP/v/GSCmE1P93+hvS84Bpxs2Km ------END CERTIFICATE----- - -China Internet Network Information Center EV Certificates Root -============================================================== ------BEGIN CERTIFICATE----- -MIID9zCCAt+gAwIBAgIESJ8AATANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCQ04xMjAwBgNV -BAoMKUNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyMUcwRQYDVQQDDD5D -aGluYSBJbnRlcm5ldCBOZXR3b3JrIEluZm9ybWF0aW9uIENlbnRlciBFViBDZXJ0aWZpY2F0ZXMg -Um9vdDAeFw0xMDA4MzEwNzExMjVaFw0zMDA4MzEwNzExMjVaMIGKMQswCQYDVQQGEwJDTjEyMDAG -A1UECgwpQ2hpbmEgSW50ZXJuZXQgTmV0d29yayBJbmZvcm1hdGlvbiBDZW50ZXIxRzBFBgNVBAMM -PkNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyIEVWIENlcnRpZmljYXRl -cyBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm35z7r07eKpkQ0H1UN+U8i6y -jUqORlTSIRLIOTJCBumD1Z9S7eVnAztUwYyZmczpwA//DdmEEbK40ctb3B75aDFk4Zv6dOtouSCV -98YPjUesWgbdYavi7NifFy2cyjw1l1VxzUOFsUcW9SxTgHbP0wBkvUCZ3czY28Sf1hNfQYOL+Q2H -klY0bBoQCxfVWhyXWIQ8hBouXJE0bhlffxdpxWXvayHG1VA6v2G5BY3vbzQ6sm8UY78WO5upKv23 -KzhmBsUs4qpnHkWnjQRmQvaPK++IIGmPMowUc9orhpFjIpryp9vOiYurXccUwVswah+xt54ugQEC -7c+WXmPbqOY4twIDAQABo2MwYTAfBgNVHSMEGDAWgBR8cks5x8DbYqVPm6oYNJKiyoOCWTAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUfHJLOcfA22KlT5uqGDSSosqD -glkwDQYJKoZIhvcNAQEFBQADggEBACrDx0M3j92tpLIM7twUbY8opJhJywyA6vPtI2Z1fcXTIWd5 -0XPFtQO3WKwMVC/GVhMPMdoG52U7HW8228gd+f2ABsqjPWYWqJ1MFn3AlUa1UeTiH9fqBk1jjZaM -7+czV0I664zBechNdn3e9rG3geCg+aF4RhcaVpjwTj2rHO3sOdwHSPdj/gauwqRcalsyiMXHM4Ws -ZkJHwlgkmeHlPuV1LI5D1l08eB6olYIpUNHRFrrvwb562bTYzB5MRuF3sTGrvSrIzo9uoV1/A3U0 -5K2JRVRevq4opbs/eHnrc7MKDf2+yfdWrPa37S+bISnHOLaVxATywy39FCqQmbkHzJ8= ------END CERTIFICATE----- - -Swisscom Root CA 2 -================== ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQG -EwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy -dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2 -MjUwNzM4MTRaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGln -aXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIIC -IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvErjw0DzpPM -LgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r0rk0X2s682Q2zsKwzxNo -ysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJ -wDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVPACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpH -Wrumnf2U5NGKpV+GY3aFy6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1a -SgJA/MTAtukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL6yxS -NLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0uPoTXGiTOmekl9Ab -mbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrALacywlKinh/LTSlDcX3KwFnUey7QY -Ypqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velhk6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3 -qPyZ7iVNTA6z00yPhOgpD/0QVAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw -HQYDVR0hBBYwFDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O -BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqhb97iEoHF8Twu -MA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4RfbgZPnm3qKhyN2abGu2sEzsO -v2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ -82YqZh6NM4OKb3xuqFp1mrjX2lhIREeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLz -o9v/tdhZsnPdTSpxsrpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcs -a0vvaGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciATwoCqISxx -OQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99nBjx8Oto0QuFmtEYE3saW -mA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5Wt6NlUe07qxS/TFED6F+KBZvuim6c779o -+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TC -rvJcwhbtkj6EPnNgiLx29CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX -5OfNeOI5wSsSnqaeG8XmDtkx2Q== ------END CERTIFICATE----- - -Swisscom Root EV CA 2 -===================== ------BEGIN CERTIFICATE----- -MIIF4DCCA8igAwIBAgIRAPL6ZOJ0Y9ON/RAdBB92ylgwDQYJKoZIhvcNAQELBQAwZzELMAkGA1UE -BhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdpdGFsIENlcnRpZmljYXRlIFNl -cnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290IEVWIENBIDIwHhcNMTEwNjI0MDk0NTA4WhcN -MzEwNjI1MDg0NTA4WjBnMQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsT -HERpZ2l0YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxHjAcBgNVBAMTFVN3aXNzY29tIFJvb3QgRVYg -Q0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMT3HS9X6lds93BdY7BxUglgRCgz -o3pOCvrY6myLURYaVa5UJsTMRQdBTxB5f3HSek4/OE6zAMaVylvNwSqD1ycfMQ4jFrclyxy0uYAy -Xhqdk/HoPGAsp15XGVhRXrwsVgu42O+LgrQ8uMIkqBPHoCE2G3pXKSinLr9xJZDzRINpUKTk4Rti -GZQJo/PDvO/0vezbE53PnUgJUmfANykRHvvSEaeFGHR55E+FFOtSN+KxRdjMDUN/rhPSays/p8Li -qG12W0OfvrSdsyaGOx9/5fLoZigWJdBLlzin5M8J0TbDC77aO0RYjb7xnglrPvMyxyuHxuxenPaH -Za0zKcQvidm5y8kDnftslFGXEBuGCxobP/YCfnvUxVFkKJ3106yDgYjTdLRZncHrYTNaRdHLOdAG -alNgHa/2+2m8atwBz735j9m9W8E6X47aD0upm50qKGsaCnw8qyIL5XctcfaCNYGu+HuB5ur+rPQa -m3Rc6I8k9l2dRsQs0h4rIWqDJ2dVSqTjyDKXZpBy2uPUZC5f46Fq9mDU5zXNysRojddxyNMkM3Ox -bPlq4SjbX8Y96L5V5jcb7STZDxmPX2MYWFCBUWVv8p9+agTnNCRxunZLWB4ZvRVgRaoMEkABnRDi -xzgHcgplwLa7JSnaFp6LNYth7eVxV4O1PHGf40+/fh6Bn0GXAgMBAAGjgYYwgYMwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdIQQWMBQwEgYHYIV0AVMCAgYHYIV0AVMCAjASBgNVHRMBAf8ECDAGAQH/AgED -MB0GA1UdDgQWBBRF2aWBbj2ITY1x0kbBbkUe88SAnTAfBgNVHSMEGDAWgBRF2aWBbj2ITY1x0kbB -bkUe88SAnTANBgkqhkiG9w0BAQsFAAOCAgEAlDpzBp9SSzBc1P6xXCX5145v9Ydkn+0UjrgEjihL -j6p7jjm02Vj2e6E1CqGdivdj5eu9OYLU43otb98TPLr+flaYC/NUn81ETm484T4VvwYmneTwkLbU -wp4wLh/vx3rEUMfqe9pQy3omywC0Wqu1kx+AiYQElY2NfwmTv9SoqORjbdlk5LgpWgi/UOGED1V7 -XwgiG/W9mR4U9s70WBCCswo9GcG/W6uqmdjyMb3lOGbcWAXH7WMaLgqXfIeTK7KK4/HsGOV1timH -59yLGn602MnTihdsfSlEvoqq9X46Lmgxk7lq2prg2+kupYTNHAq4Sgj5nPFhJpiTt3tm7JFe3VE/ -23MPrQRYCd0EApUKPtN236YQHoA96M2kZNEzx5LH4k5E4wnJTsJdhw4Snr8PyQUQ3nqjsTzyP6Wq -J3mtMX0f/fwZacXduT98zca0wjAefm6S139hdlqP65VNvBFuIXxZN5nQBrz5Bm0yFqXZaajh3DyA -HmBR3NdUIR7KYndP+tiPsys6DXhyyWhBWkdKwqPrGtcKqzwyVcgKEZzfdNbwQBUdyLmPtTbFr/gi -uMod89a2GQ+fYWVq6nTIfI/DT11lgh/ZDYnadXL77/FHZxOzyNEZiCcmmpl5fx7kLD977vHeTYuW -l8PVP3wbI+2ksx0WckNLIOFZfsLorSa/ovc= ------END CERTIFICATE----- - -CA Disig Root R1 -================ ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAlNLMRMw -EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp -ZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQyMDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sx -EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp -c2lnIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy -3QRkD2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/oOI7bm+V8 -u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3AfQ+lekLZWnDZv6fXARz2 -m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJeIgpFy4QxTaz+29FHuvlglzmxZcfe+5nk -CiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8noc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTa -YVKvJrT1cU/J19IG32PK/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6 -vpmumwKjrckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD3AjL -LhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE7cderVC6xkGbrPAX -ZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkCyC2fg69naQanMVXVz0tv/wQFx1is -XxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLdqvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ -04IwDQYJKoZIhvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR -xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaASfX8MPWbTx9B -LxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXoHqJPYNcHKfyyo6SdbhWSVhlM -CrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpBemOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5Gfb -VSUZP/3oNn6z4eGBrxEWi1CXYBmCAMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85 -YmLLW1AL14FABZyb7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKS -ds+xDzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvkF7mGnjix -lAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqFa3qdnom2piiZk4hA9z7N -UaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsTQ6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJ -a7+h89n07eLw4+1knj0vllJPgFOL ------END CERTIFICATE----- - -CA Disig Root R2 -================ ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw -EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp -ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx -EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp -c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC -w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia -xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7 -A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S -GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV -g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa -5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE -koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A -Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i -Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u -Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM -tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV -sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je -dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8 -1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx -mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01 -utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0 -sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg -UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV -7+ZtsH8tZ/3zbBt1RqPlShfppNcL ------END CERTIFICATE----- - -ACCVRAIZ1 -========= ------BEGIN CERTIFICATE----- -MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB -SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1 -MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH -UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM -jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0 -RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD -aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ -0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG -WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7 -8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR -5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J -9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK -Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw -Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu -Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 -VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM -Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA -QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh -AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA -YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj -AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA -IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk -aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0 -dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2 -MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI -hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E -R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN -YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49 -nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ -TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3 -sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h -I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg -Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd -3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p -EfbRD0tVNEYqi4Y7 ------END CERTIFICATE----- - -TWCA Global Root CA -=================== ------BEGIN CERTIFICATE----- -MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT -CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD -QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK -EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg -Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C -nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV -r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR -Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV -tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W -KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99 -sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p -yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn -kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI -zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g -cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn -LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M -8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg -/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg -lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP -A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m -i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8 -EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3 -zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0= ------END CERTIFICATE----- - -TeliaSonera Root CA v1 -====================== ------BEGIN CERTIFICATE----- -MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE -CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4 -MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW -VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+ -6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA -3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k -B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn -Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH -oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3 -F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ -oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7 -gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc -TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB -AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW -DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm -zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx -0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW -pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV -G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc -c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT -JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2 -qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6 -Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems -WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= ------END CERTIFICATE----- - -E-Tugra Certification Authority -=============================== ------BEGIN CERTIFICATE----- -MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAlRSMQ8w -DQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamls -ZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN -ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMw -NTEyMDk0OFoXDTIzMDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmEx -QDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxl -cmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQD -DB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -MIICCgKCAgEA4vU/kwVRHoViVF56C/UYB4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vd -hQd2h8y/L5VMzH2nPbxHD5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5K -CKpbknSFQ9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEoq1+g -ElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3Dk14opz8n8Y4e0ypQ -BaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcHfC425lAcP9tDJMW/hkd5s3kc91r0 -E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsutdEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gz -rt48Ue7LE3wBf4QOXVGUnhMMti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAq -jqFGOjGY5RH8zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn -rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUXU8u3Zg5mTPj5 -dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6Jyr+zE7S6E5UMA8GA1UdEwEB -/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEG -MA0GCSqGSIb3DQEBCwUAA4ICAQAFNzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAK -kEh47U6YA5n+KGCRHTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jO -XKqYGwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c77NCR807 -VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3+GbHeJAAFS6LrVE1Uweo -a2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WKvJUawSg5TB9D0pH0clmKuVb8P7Sd2nCc -dlqMQ1DujjByTd//SffGqWfZbawCEeI6FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEV -KV0jq9BgoRJP3vQXzTLlyb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gT -Dx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q0 -8ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0G -C7TbO6Orb1wdtn7os4I07QZcJA== ------END CERTIFICATE----- - -T-TeleSec GlobalRoot Class 2 -============================ ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM -IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU -cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx -MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz -dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD -ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ -SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F -vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970 -2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV -WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA -MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy -YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4 -r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf -vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR -3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN -9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg== ------END CERTIFICATE----- - -Atos TrustedRoot 2011 -===================== ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU -cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4 -MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG -A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV -hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr -54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+ -DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320 -HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR -z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R -l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ -bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB -CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h -k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh -TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9 -61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G -3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed ------END CERTIFICATE----- - -QuoVadis Root CA 1 G3 -===================== ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG -A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv -b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN -MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg -RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE -PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm -PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6 -Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN -ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l -g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV -7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX -9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f -iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg -t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI -hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC -MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3 -GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct -Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP -+V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh -3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa -wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6 -O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0 -FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV -hMJKzRwuJIczYOXD ------END CERTIFICATE----- - -QuoVadis Root CA 2 G3 -===================== ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG -A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv -b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN -MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg -RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh -ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY -NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t -oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o -MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l -V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo -L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ -sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD -6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh -lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI -hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 -AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K -pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9 -x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz -dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X -U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw -mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD -zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN -JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr -O3jtZsSOeWmD3n+M ------END CERTIFICATE----- - -QuoVadis Root CA 3 G3 -===================== ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG -A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv -b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN -MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg -RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286 -IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL -Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe -6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3 -I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U -VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7 -5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi -Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM -dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt -rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI -hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px -KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS -t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ -TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du -DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib -Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD -hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX -0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW -dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2 -PpxxVJkES/1Y+Zj0 ------END CERTIFICATE----- - -DigiCert Assured ID Root G2 -=========================== ------BEGIN CERTIFICATE----- -MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw -IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw -MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL -ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH -35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq -bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw -VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP -YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn -lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO -w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv -0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz -d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW -hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M -jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo -IhNzbM8m9Yop5w== ------END CERTIFICATE----- - -DigiCert Assured ID Root G3 -=========================== ------BEGIN CERTIFICATE----- -MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV -UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD -VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 -MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ -BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb -RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs -KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF -UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy -YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy -1vUhZscv6pZjamVFkpUBtA== ------END CERTIFICATE----- - -DigiCert Global Root G2 -======================= ------BEGIN CERTIFICATE----- -MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw -HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx -MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 -dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ -kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO -3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV -BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM -UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB -o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu -5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr -F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U -WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH -QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/ -iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl -MrY= ------END CERTIFICATE----- - -DigiCert Global Root G3 -======================= ------BEGIN CERTIFICATE----- -MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV -UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD -VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw -MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k -aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C -AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O -YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP -BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp -Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y -3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34 -VOKa5Vt8sycX ------END CERTIFICATE----- - -DigiCert Trusted Root G4 -======================== ------BEGIN CERTIFICATE----- -MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw -HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 -MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp -pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o -k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa -vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY -QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6 -MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm -mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7 -f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH -dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8 -oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud -DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD -ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY -ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr -yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy -7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah -ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN -5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb -/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa -5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK -G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP -82Z+ ------END CERTIFICATE----- - -WoSign -====== ------BEGIN CERTIFICATE----- -MIIFdjCCA16gAwIBAgIQXmjWEXGUY1BWAGjzPsnFkTANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQG -EwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxKjAoBgNVBAMTIUNlcnRpZmljYXRpb24g -QXV0aG9yaXR5IG9mIFdvU2lnbjAeFw0wOTA4MDgwMTAwMDFaFw0zOTA4MDgwMTAwMDFaMFUxCzAJ -BgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEqMCgGA1UEAxMhQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkgb2YgV29TaWduMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA -vcqNrLiRFVaXe2tcesLea9mhsMMQI/qnobLMMfo+2aYpbxY94Gv4uEBf2zmoAHqLoE1UfcIiePyO -CbiohdfMlZdLdNiefvAA5A6JrkkoRBoQmTIPJYhTpA2zDxIIFgsDcSccf+Hb0v1naMQFXQoOXXDX -2JegvFNBmpGN9J42Znp+VsGQX+axaCA2pIwkLCxHC1l2ZjC1vt7tj/id07sBMOby8w7gLJKA84X5 -KIq0VC6a7fd2/BVoFutKbOsuEo/Uz/4Mx1wdC34FMr5esAkqQtXJTpCzWQ27en7N1QhatH/YHGkR -+ScPewavVIMYe+HdVHpRaG53/Ma/UkpmRqGyZxq7o093oL5d//xWC0Nyd5DKnvnyOfUNqfTq1+ez -EC8wQjchzDBwyYaYD8xYTYO7feUapTeNtqwylwA6Y3EkHp43xP901DfA4v6IRmAR3Qg/UDaruHqk -lWJqbrDKaiFaafPz+x1wOZXzp26mgYmhiMU7ccqjUu6Du/2gd/Tkb+dC221KmYo0SLwX3OSACCK2 -8jHAPwQ+658geda4BmRkAjHXqc1S+4RFaQkAKtxVi8QGRkvASh0JWzko/amrzgD5LkhLJuYwTKVY -yrREgk/nkR4zw7CT/xH8gdLKH3Ep3XZPkiWvHYG3Dy+MwwbMLyejSuQOmbp8HkUff6oZRZb9/D0C -AwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOFmzw7R -8bNLtwYgFP6HEtX2/vs+MA0GCSqGSIb3DQEBBQUAA4ICAQCoy3JAsnbBfnv8rWTjMnvMPLZdRtP1 -LOJwXcgu2AZ9mNELIaCJWSQBnfmvCX0KI4I01fx8cpm5o9dU9OpScA7F9dY74ToJMuYhOZO9sxXq -T2r09Ys/L3yNWC7F4TmgPsc9SnOeQHrAK2GpZ8nzJLmzbVUsWh2eJXLOC62qx1ViC777Y7NhRCOj -y+EaDveaBk3e1CNOIZZbOVtXHS9dCF4Jef98l7VNg64N1uajeeAz0JmWAjCnPv/So0M/BVoG6kQC -2nz4SNAzqfkHx5Xh9T71XXG68pWpdIhhWeO/yloTunK0jF02h+mmxTwTv97QRCbut+wucPrXnbes -5cVAWubXbHssw1abR80LzvobtCHXt2a49CUwi1wNuepnsvRtrtWhnk/Yn+knArAdBtaP4/tIEp9/ -EaEQPkxROpaw0RPxx9gmrjrKkcRpnd8BKWRRb2jaFOwIQZeQjdCygPLPwj2/kWjFgGcexGATVdVh -mVd8upUPYUk6ynW8yQqTP2cOEvIo4jEbwFcW3wh8GcF+Dx+FHgo2fFt+J7x6v+Db9NpSvd4MVHAx -kUOVyLzwPt0JfjBkUO1/AaQzZ01oT74V77D2AhGiGxMlOtzCWfHjXEa7ZywCRuoeSKbmW9m1vFGi -kpbbqsY3Iqb+zCB0oy2pLmvLwIIRIbWTee5Ehr7XHuQe+w== ------END CERTIFICATE----- - -WoSign China -============ ------BEGIN CERTIFICATE----- -MIIFWDCCA0CgAwIBAgIQUHBrzdgT/BtOOzNy0hFIjTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQG -EwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNVBAMMEkNBIOayg+mAmuagueiv -geS5pjAeFw0wOTA4MDgwMTAwMDFaFw0zOTA4MDgwMTAwMDFaMEYxCzAJBgNVBAYTAkNOMRowGAYD -VQQKExFXb1NpZ24gQ0EgTGltaXRlZDEbMBkGA1UEAwwSQ0Eg5rKD6YCa5qC56K+B5LmmMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0EkhHiX8h8EqwqzbdoYGTufQdDTc7WU1/FDWiD+k -8H/rD195L4mx/bxjWDeTmzj4t1up+thxx7S8gJeNbEvxUNUqKaqoGXqW5pWOdO2XCld19AXbbQs5 -uQF/qvbW2mzmBeCkTVL829B0txGMe41P/4eDrv8FAxNXUDf+jJZSEExfv5RxadmWPgxDT74wwJ85 -dE8GRV2j1lY5aAfMh09Qd5Nx2UQIsYo06Yms25tO4dnkUkWMLhQfkWsZHWgpLFbE4h4TV2TwYeO5 -Ed+w4VegG63XX9Gv2ystP9Bojg/qnw+LNVgbExz03jWhCl3W6t8Sb8D7aQdGctyB9gQjF+BNdeFy -b7Ao65vh4YOhn0pdr8yb+gIgthhid5E7o9Vlrdx8kHccREGkSovrlXLp9glk3Kgtn3R46MGiCWOc -76DbT52VqyBPt7D3h1ymoOQ3OMdc4zUPLK2jgKLsLl3Az+2LBcLmc272idX10kaO6m1jGx6KyX2m -+Jzr5dVjhU1zZmkR/sgO9MHHZklTfuQZa/HpelmjbX7FF+Ynxu8b22/8DU0GAbQOXDBGVWCvOGU6 -yke6rCzMRh+yRpY/8+0mBe53oWprfi1tWFxK1I5nuPHa1UaKJ/kR8slC/k7e3x9cxKSGhxYzoacX -GKUN5AXlK8IrC6KVkLn9YDxOiT7nnO4fuwECAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud -EwEB/wQFMAMBAf8wHQYDVR0OBBYEFOBNv9ybQV0T6GTwp+kVpOGBwboxMA0GCSqGSIb3DQEBCwUA -A4ICAQBqinA4WbbaixjIvirTthnVZil6Xc1bL3McJk6jfW+rtylNpumlEYOnOXOvEESS5iVdT2H6 -yAa+Tkvv/vMx/sZ8cApBWNromUuWyXi8mHwCKe0JgOYKOoICKuLJL8hWGSbueBwj/feTZU7n85iY -r83d2Z5AiDEoOqsuC7CsDCT6eiaY8xJhEPRdF/d+4niXVOKM6Cm6jBAyvd0zaziGfjk9DgNyp115 -j0WKWa5bIW4xRtVZjc8VX90xJc/bYNaBRHIpAlf2ltTW/+op2znFuCyKGo3Oy+dCMYYFaA6eFN0A -kLppRQjbbpCBhqcqBT/mhDn4t/lXX0ykeVoQDF7Va/81XwVRHmyjdanPUIPTfPRm94KNPQx96N97 -qA4bLJyuQHCH2u2nFoJavjVsIE4iYdm8UXrNemHcSxH5/mc0zy4EZmFcV5cjjPOGG0jfKq+nwf/Y -jj4Du9gqsPoUJbJRa4ZDhS4HIxaAjUz7tGM7zMN07RujHv41D198HRaG9Q7DlfEvr10lO1Hm13ZB -ONFLAzkopR6RctR9q5czxNM+4Gm2KHmgCY0c0f9BckgG/Jou5yD5m6Leie2uPAmvylezkolwQOQv -T8Jwg0DXJCxr5wkf09XHwQj02w47HAcLQxGEIYbpgNR12KvxAmLBsX5VYc8T1yaw15zLKYs4SgsO -kI26oQ== ------END CERTIFICATE----- - -COMODO RSA Certification Authority -================================== ------BEGIN CERTIFICATE----- -MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE -BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG -A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC -R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE -ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn -dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ -FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+ -5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG -x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX -2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL -OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3 -sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C -GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5 -WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E -FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt -rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+ -nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg -tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW -sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp -pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA -zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq -ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52 -7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I -LaZRfyHBNVOFBkpdn627G190 ------END CERTIFICATE----- - -USERTrust RSA Certification Authority -===================================== ------BEGIN CERTIFICATE----- -MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE -BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK -ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE -BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK -ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz -0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j -Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn -RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O -+T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq -/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE -Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM -lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8 -yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+ -eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd -BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW -FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ -7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ -Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM -8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi -FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi -yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c -J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw -sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx -Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9 ------END CERTIFICATE----- - -USERTrust ECC Certification Authority -===================================== ------BEGIN CERTIFICATE----- -MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC -VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU -aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC -VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU -aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2 -0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez -nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV -HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB -HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu -9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= ------END CERTIFICATE----- - -GlobalSign ECC Root CA - R4 -=========================== ------BEGIN CERTIFICATE----- -MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEkMCIGA1UECxMb -R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD -EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb -R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD -EwpHbG9iYWxTaWduMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprl -OQcJFspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAwDgYDVR0P -AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61FuOJAf/sKbvu+M8k8o4TV -MAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGXkPoUVy0D7O48027KqGx2vKLeuwIgJ6iF -JzWbVsaj8kfSt24bAgAXqmemFZHe+pTsewv4n4Q= ------END CERTIFICATE----- - -GlobalSign ECC Root CA - R5 -=========================== ------BEGIN CERTIFICATE----- -MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb -R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD -EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb -R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD -EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6 -SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS -h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd -BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx -uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7 -yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3 ------END CERTIFICATE----- - -Staat der Nederlanden Root CA - G3 -================================== ------BEGIN CERTIFICATE----- -MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE -CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g -Um9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloXDTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMC -TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l -ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4y -olQPcPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WWIkYFsO2t -x1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqXxz8ecAgwoNzFs21v0IJy -EavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFyKJLZWyNtZrVtB0LrpjPOktvA9mxjeM3K -Tj215VKb8b475lRgsGYeCasH/lSJEULR9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUur -mkVLoR9BvUhTFXFkC4az5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU5 -1nus6+N86U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7Ngzp -07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHPbMk7ccHViLVlvMDo -FxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXtBznaqB16nzaeErAMZRKQFWDZJkBE -41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTtXUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMB -AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleu -yjWcLhL75LpdINyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD -U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwpLiniyMMB8jPq -KqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8Ipf3YF3qKS9Ysr1YvY2WTxB1 -v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixpgZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA -8KCWAg8zxXHzniN9lLf9OtMJgwYh/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b -8KKaa8MFSu1BYBQw0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0r -mj1AfsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq4BZ+Extq -1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR1VmiiXTTn74eS9fGbbeI -JG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/QFH1T/U67cjF68IeHRaVesd+QnGTbksV -tzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM94B7IWcnMFk= ------END CERTIFICATE----- - -Staat der Nederlanden EV Root CA -================================ ------BEGIN CERTIFICATE----- -MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJOTDEeMBwGA1UE -CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFhdCBkZXIgTmVkZXJsYW5kZW4g -RVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0yMjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5M -MR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRl -cmxhbmRlbiBFViBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkk -SzrSM4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nCUiY4iKTW -O0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3dZ//BYY1jTw+bbRcwJu+r -0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46prfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8 -Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13lpJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gV -XJrm0w912fxBmJc+qiXbj5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr -08C+eKxCKFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS/ZbV -0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0XcgOPvZuM5l5Tnrmd -74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH1vI4gnPah1vlPNOePqc7nvQDs/nx -fRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrPpx9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNC -MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwa -ivsnuL8wbqg7MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI -eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u2dfOWBfoqSmu -c0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHSv4ilf0X8rLiltTMMgsT7B/Zq -5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTCwPTxGfARKbalGAKb12NMcIxHowNDXLldRqAN -b/9Zjr7dn3LDWyvfjFvO5QxGbJKyCqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tN -f1zuacpzEPuKqf2evTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi -5Dp6Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIaGl6I6lD4 -WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeLeG9QgkRQP2YGiqtDhFZK -DyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGy -eUN51q1veieQA6TqJIc/2b3Z6fJfUEkc7uzXLg== ------END CERTIFICATE----- - -IdenTrust Commercial Root CA 1 -============================== ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG -EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS -b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES -MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB -IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld -hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/ -mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi -1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C -XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl -3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy -NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV -WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg -xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix -uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI -hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH -6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg -ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt -ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV -YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX -feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro -kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe -2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz -Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R -cGzM7vRX+Bi6hG6H ------END CERTIFICATE----- - -IdenTrust Public Sector Root CA 1 -================================= ------BEGIN CERTIFICATE----- -MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG -EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv -ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV -UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS -b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy -P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6 -Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI -rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf -qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS -mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn -ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh -LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v -iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL -4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B -Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw -DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj -t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A -mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt -GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt -m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx -NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4 -Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI -ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC -ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ -3Wl9af0AVqW3rLatt8o+Ae+c ------END CERTIFICATE----- - -Entrust Root Certification Authority - G2 -========================================= ------BEGIN CERTIFICATE----- -MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV -BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy -bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug -b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw -HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT -DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx -OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s -eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP -/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz -HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU -s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y -TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx -AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6 -0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z -iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ -Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi -nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+ -vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO -e4pIb4tF9g== ------END CERTIFICATE----- - -Entrust Root Certification Authority - EC1 -========================================== ------BEGIN CERTIFICATE----- -MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx -FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn -YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl -ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw -FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs -LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg -dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt -IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy -AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef -9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE -FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h -vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8 -kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G ------END CERTIFICATE----- - -CFCA EV ROOT -============ ------BEGIN CERTIFICATE----- -MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE -CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB -IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw -MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD -DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV -BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD -7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN -uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW -ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7 -xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f -py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K -gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol -hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ -tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf -BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB -/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB -ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q -ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua -4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG -E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX -BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn -aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy -PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX -kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C -ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su ------END CERTIFICATE----- - -TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 -==================================================== ------BEGIN CERTIFICATE----- -MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCVFIxDzAN -BgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZlIEJp -bGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1Qg -RWxla3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAw -ODA3MDFaFw0yMzA0MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0w -SwYDVQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnE -n2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBFbGVrdHJvbmlrIFNlcnRp -ZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEApCUZ4WWe60ghUEoI5RHwWrom/4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537 -jVJp45wnEFPzpALFp/kRGml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1m -ep5Fimh34khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z5UNP -9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0hO8EuPbJbKoCPrZV -4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QIDAQABo0IwQDAdBgNVHQ4EFgQUVpkH -HtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAJ5FdnsXSDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPo -BP5yCccLqh0lVX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq -URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nfpeYVhDfwwvJl -lpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CFYv4HAqGEVka+lgqaE9chTLd8 -B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW+qtB4Uu2NQvAmxU= ------END CERTIFICATE----- - -TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 -==================================================== ------BEGIN CERTIFICATE----- -MIIEJjCCAw6gAwIBAgIGfaHyZeyKMA0GCSqGSIb3DQEBCwUAMIGxMQswCQYDVQQGEwJUUjEPMA0G -A1UEBwwGQW5rYXJhMU0wSwYDVQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmls -acWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBF -bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg2MB4XDTEzMTIxODA5 -MDQxMFoXDTIzMTIxNjA5MDQxMFowgbExCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExTTBL -BgNVBAoMRFTDnFJLVFJVU1QgQmlsZ2kgxLBsZXRpxZ9pbSB2ZSBCaWxpxZ9pbSBHw7x2ZW5sacSf -aSBIaXptZXRsZXJpIEEuxZ4uMUIwQAYDVQQDDDlUw5xSS1RSVVNUIEVsZWt0cm9uaWsgU2VydGlm -aWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLEgSDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCdsGjW6L0UlqMACprx9MfMkU1xeHe59yEmFXNRFpQJRwXiM/VomjX/3EsvMsew7eKC5W/a -2uqsxgbPJQ1BgfbBOCK9+bGlprMBvD9QFyv26WZV1DOzXPhDIHiTVRZwGTLmiddk671IUP320EED -wnS3/faAz1vFq6TWlRKb55cTMgPp1KtDWxbtMyJkKbbSk60vbNg9tvYdDjTu0n2pVQ8g9P0pu5Fb -HH3GQjhtQiht1AH7zYiXSX6484P4tZgvsycLSF5W506jM7NE1qXyGJTtHB6plVxiSvgNZ1GpryHV -+DKdeboaX+UEVU0TRv/yz3THGmNtwx8XEsMeED5gCLMxAgMBAAGjQjBAMB0GA1UdDgQWBBTdVRcT -9qzoSCHK77Wv0QAy7Z6MtTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG -9w0BAQsFAAOCAQEAb1gNl0OqFlQ+v6nfkkU/hQu7VtMMUszIv3ZnXuaqs6fvuay0EBQNdH49ba3R -fdCaqaXKGDsCQC4qnFAUi/5XfldcEQlLNkVS9z2sFP1E34uXI9TDwe7UU5X+LEr+DXCqu4svLcsy -o4LyVN/Y8t3XSHLuSqMplsNEzm61kod2pLv0kmzOLBQJZo6NrRa1xxsJYTvjIKIDgI6tflEATseW -hvtDmHd9KMeP2Cpu54Rvl0EpABZeTeIT6lnAY2c6RPuY/ATTMHKm9ocJV612ph1jmv3XZch4gyt1 -O6VbuA1df74jrlZVlFjvH4GMKrLN5ptjnhi85WsGtAuYSyher4hYyw== ------END CERTIFICATE----- - -Certinomis - Root CA -==================== ------BEGIN CERTIFICATE----- -MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjETMBEGA1UEChMK -Q2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAbBgNVBAMTFENlcnRpbm9taXMg -LSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMzMTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIx -EzARBgNVBAoTCkNlcnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRD -ZXJ0aW5vbWlzIC0gUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQos -P5L2fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJflLieY6pOo -d5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQVWZUKxkd8aRi5pwP5ynap -z8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDFTKWrteoB4owuZH9kb/2jJZOLyKIOSY00 -8B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09x -RLWtwHkziOC/7aOgFLScCbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE -6OXWk6RiwsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJwx3t -FvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SGm/lg0h9tkQPTYKbV -PZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4F2iw4lNVYC2vPsKD2NkJK/DAZNuH -i5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZngWVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGj -YzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I -6tNxIqSSaHh02TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF -AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/0KGRHCwPT5iV -WVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWwF6YSjNRieOpWauwK0kDDPAUw -Pk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZSg081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAX -lCOotQqSD7J6wWAsOMwaplv/8gzjqh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJ -y29SWwNyhlCVCNSNh4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9 -Iff/ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8Vbtaw5Bng -DwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwjY/M50n92Uaf0yKHxDHYi -I0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nM -cyrDflOR1m749fPH0FFNjkulW+YZFzvWgQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVr -hkIGuUE= ------END CERTIFICATE----- - -OISTE WISeKey Global Root GB CA -=============================== ------BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG -EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl -ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw -MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD -VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds -b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX -scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP -rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk -9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o -Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg -GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI -hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD -dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0 -VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui -HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic -Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= ------END CERTIFICATE----- - -Certification Authority of WoSign G2 -==================================== ------BEGIN CERTIFICATE----- -MIIDfDCCAmSgAwIBAgIQayXaioidfLwPBbOxemFFRDANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQG -EwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxLTArBgNVBAMTJENlcnRpZmljYXRpb24g -QXV0aG9yaXR5IG9mIFdvU2lnbiBHMjAeFw0xNDExMDgwMDU4NThaFw00NDExMDgwMDU4NThaMFgx -CzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEtMCsGA1UEAxMkQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAvsXEoCKASU+/2YcRxlPhuw+9YH+v9oIOH9ywjj2X4FA8jzrvZjtFB5sg+OPXJYY1kBai -XW8wGQiHC38Gsp1ij96vkqVg1CuAmlI/9ZqD6TRay9nVYlzmDuDfBpgOgHzKtB0TiGsOqCR3A9Du -W/PKaZE1OVbFbeP3PU9ekzgkyhjpJMuSA93MHD0JcOQg5PGurLtzaaNjOg9FD6FKmsLRY6zLEPg9 -5k4ot+vElbGs/V6r+kHLXZ1L3PR8du9nfwB6jdKgGlxNIuG12t12s9R23164i5jIFFTMaxeSt+BK -v0mUYQs4kI9dJGwlezt52eJ+na2fmKEG/HgUYFf47oB3sQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+mCp62XF3RYUCE4MD42b4Pdkr2cwDQYJKoZI -hvcNAQELBQADggEBAFfDejaCnI2Y4qtAqkePx6db7XznPWZaOzG73/MWM5H8fHulwqZm46qwtyeY -P0nXYGdnPzZPSsvxFPpahygc7Y9BMsaV+X3avXtbwrAh449G3CE4Q3RM+zD4F3LBMvzIkRfEzFg3 -TgvMWvchNSiDbGAtROtSjFA9tWwS1/oJu2yySrHFieT801LYYRf+epSEj3m2M1m6D8QL4nCgS3gu -+sif/a+RZQp4OBXllxcU3fngLDT4ONCEIgDAFFEYKwLcMFrw6AF8NTojrwjkr6qOKEJJLvD1mTS+ -7Q9LGOHSJDy7XUe3IfKN0QqZjuNuPq1w4I+5ysxugTH2e5x6eeRncRg= ------END CERTIFICATE----- - -CA WoSign ECC Root -================== ------BEGIN CERTIFICATE----- -MIICCTCCAY+gAwIBAgIQaEpYcIBr8I8C+vbe6LCQkDAKBggqhkjOPQQDAzBGMQswCQYDVQQGEwJD -TjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNVBAMTEkNBIFdvU2lnbiBFQ0MgUm9v -dDAeFw0xNDExMDgwMDU4NThaFw00NDExMDgwMDU4NThaMEYxCzAJBgNVBAYTAkNOMRowGAYDVQQK -ExFXb1NpZ24gQ0EgTGltaXRlZDEbMBkGA1UEAxMSQ0EgV29TaWduIEVDQyBSb290MHYwEAYHKoZI -zj0CAQYFK4EEACIDYgAE4f2OuEMkq5Z7hcK6C62N4DrjJLnSsb6IOsq/Srj57ywvr1FQPEd1bPiU -t5v8KB7FVMxjnRZLU8HnIKvNrCXSf4/CwVqCXjCLelTOA7WRf6qU0NGKSMyCBSah1VES1ns2o0Iw -QDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUqv3VWqP2h4syhf3R -MluARZPzA7gwCgYIKoZIzj0EAwMDaAAwZQIxAOSkhLCB1T2wdKyUpOgOPQB0TKGXa/kNUTyh2Tv0 -Daupn75OcsqF1NnstTJFGG+rrQIwfcf3aWMvoeGY7xMQ0Xk/0f7qO3/eVvSQsRUR2LIiFdAvwyYu -a/GRspBl9JrmkO5K ------END CERTIFICATE----- - -SZAFIR ROOT CA2 -=============== ------BEGIN CERTIFICATE----- -MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG -A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV -BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ -BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD -VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q -qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK -DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE -2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ -ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi -ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P -AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC -AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5 -O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67 -oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul -4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6 -+/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw== ------END CERTIFICATE----- - -Certum Trusted Network CA 2 -=========================== ------BEGIN CERTIFICATE----- -MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE -BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1 -bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y -ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ -TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl -cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB -IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9 -7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o -CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b -Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p -uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130 -GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ -9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB -Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye -hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM -BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI -hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW -Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA -L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo -clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM -pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb -w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo -J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm -ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX -is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7 -zAYspsbiDrW5viSP ------END CERTIFICATE----- - -Hellenic Academic and Research Institutions RootCA 2015 -======================================================= ------BEGIN CERTIFICATE----- -MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT -BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0 -aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl -YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx -MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg -QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV -BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw -MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv -bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh -iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+ -6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd -FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr -i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F -GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2 -fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu -iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc -Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI -hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+ -D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM -d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y -d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn -82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb -davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F -Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt -J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa -JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q -p/UsQu0yrbYhnr68 ------END CERTIFICATE----- - -Hellenic Academic and Research Institutions ECC RootCA 2015 -=========================================================== ------BEGIN CERTIFICATE----- -MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0 -aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u -cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj -aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw -MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj -IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD -VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290 -Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP -dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK -Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O -BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA -GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn -dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR ------END CERTIFICATE----- - -Certplus Root CA G1 -=================== ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUAMD4xCzAJBgNV -BAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMTAe -Fw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhD -ZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHN -r49aiZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt6kuJPKNx -Qv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP0FG7Yn2ksYyy/yARujVj -BYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTv -LRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDEEW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2 -z4QTd28n6v+WZxcIbekN1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc -4nBvCGrch2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCTmehd -4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV4EJQeIQEQWGw9CEj -jy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPOWftwenMGE9nTdDckQQoRb5fc5+R+ -ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G -A1UdDgQWBBSowcCbkahDFXxdBie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHY -lwuBsTANBgkqhkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh -66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7/SMNkPX0XtPG -YX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BSS7CTKtQ+FjPlnsZlFT5kOwQ/ -2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F -6ALEUz65noe8zDUa3qHpimOHZR4RKttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilX -CNQ314cnrUlZp5GrRHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWe -tUNy6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEVV/xuZDDC -VRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5g4VCXA9DO2pJNdWY9BW/ -+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl++O/QmueD6i9a5jc2NvLi6Td11n0bt3+ -qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo= ------END CERTIFICATE----- - -Certplus Root CA G2 -=================== ------BEGIN CERTIFICATE----- -MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4xCzAJBgNVBAYT -AkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMjAeFw0x -NDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0 -cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IA -BM0PW1aC3/BFGtat93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uN -Am8xIk0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0PAQH/BAQD -AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMB8GA1Ud -IwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqGSM49BAMDA2gAMGUCMHD+sAvZ94OX7PNV -HdTcswYO/jOYnYs5kGuUIe22113WTNchp+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjl -vPl5adytRSv3tjFzzAalU5ORGpOucGpnutee5WEaXw== ------END CERTIFICATE----- - -OpenTrust Root CA G1 -==================== ------BEGIN CERTIFICATE----- -MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUAMEAxCzAJBgNV -BAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEcx -MB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoM -CU9wZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7fa -Yp6bwiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX/uMftk87 -ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR077F9jAHiOH3BX2pfJLKO -YheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGPuY4zbGneWK2gDqdkVBFpRGZPTBKnjix9 -xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLxp2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO -9z0M+Yo0FMT7MzUj8czxKselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq -3ywgsNw2TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+WG+Oi -n6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPwvFEVVJSmdz7QdFG9 -URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYYEQRVzXR7z2FwefR7LFxckvzluFqr -TJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQUl0YhVyE12jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/Px -N3DlCPaTKbYwDQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E -PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kfgLMtMrpkZ2Cv -uVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbSFXJfLkur1J1juONI5f6ELlgK -n0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLh -X4SPgPL0DTatdrOjteFkdjpY3H1PXlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80 -nR14SohWZ25g/4/Ii+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcm -GS3tTAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L9109S5zvE/ -bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/KyPu1svf0OnWZzsD2097+o -4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJAwSQiumPv+i2tCqjI40cHLI5kqiPAlxA -OXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj1oxx ------END CERTIFICATE----- - -OpenTrust Root CA G2 -==================== ------BEGIN CERTIFICATE----- -MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUAMEAxCzAJBgNV -BAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEcy -MB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoM -CU9wZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+ -Ntmh/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78eCbY2albz -4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/61UWY0jUJ9gNDlP7ZvyCV -eYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fEFY8ElggGQgT4hNYdvJGmQr5J1WqIP7wt -UdGejeBSzFfdNTVY27SPJIjki9/ca1TSgSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz -3GIZ38i1MH/1PCZ1Eb3XG7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj -3CzMpSZyYhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaHvGOz -9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4t/bQWVyJ98LVtZR0 -0dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/gh7PU3+06yzbXfZqfUAkBXKJOAGT -y3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQUajn6QiL35okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59 -M4PLuG53hq8wDQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz -Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0nXGEL8pZ0keI -mUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qTRmTFAHneIWv2V6CG1wZy7HBG -S4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpTwm+bREx50B1ws9efAvSyB7DH5fitIw6mVskp -EndI2S9G/Tvw/HRwkqWOOAgfZDC2t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ -6e18CL13zSdkzJTaTkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97kr -gCf2o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU3jg9CcCo -SmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eAiN1nE28daCSLT7d0geX0 -YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14fWKGVyasvc0rQLW6aWQ9VGHgtPFGml4vm -u7JwqkwR3v98KzfUetF3NI/n+UL3PIEMS1IK ------END CERTIFICATE----- - -OpenTrust Root CA G3 -==================== ------BEGIN CERTIFICATE----- -MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAxCzAJBgNVBAYT -AkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEczMB4X -DTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9w -ZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAARK7liuTcpm3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5B -ta1doYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4GA1UdDwEB -/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAf -BgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAKBggqhkjOPQQDAwNpADBmAjEAj6jcnboM -BBf6Fek9LykBl7+BFjNAk2z8+e2AcG+qj9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta -3U1fJAuwACEl74+nBCZx4nxp5V2a+EEfOzmTk51V6s2N8fvB ------END CERTIFICATE----- - -ISRG Root X1 -============ ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE -BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD -EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG -EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT -DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r -Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1 -3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K -b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN -Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ -4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf -1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu -hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH -usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r -OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G -A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY -9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL -ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV -0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt -hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw -TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx -e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA -JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD -YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n -JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ -m+kXQ99b21/+jh5Xos1AnX5iItreGCc= ------END CERTIFICATE----- - -AC RAIZ FNMT-RCM -================ ------BEGIN CERTIFICATE----- -MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT -AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw -MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD -TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf -qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr -btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL -j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou -08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw -WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT -tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ -47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC -ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa -i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE -FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o -dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD -nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s -D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ -j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT -Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW -+YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7 -Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d -8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm -5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG -rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM= ------END CERTIFICATE----- - -Amazon Root CA 1 -================ ------BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD -VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1 -MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv -bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH -FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ -gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t -dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce -VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB -/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3 -DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM -CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy -8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa -2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2 -xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5 ------END CERTIFICATE----- - -Amazon Root CA 2 -================ ------BEGIN CERTIFICATE----- -MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD -VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1 -MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv -bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4 -kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp -N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9 -AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd -fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx -kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS -btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0 -Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN -c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+ -3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw -DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA -A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY -+gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE -YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW -xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ -gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW -aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV -Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3 -KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi -JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw= ------END CERTIFICATE----- - -Amazon Root CA 3 -================ ------BEGIN CERTIFICATE----- -MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG -EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy -NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ -MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB -f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr -Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43 -rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc -eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw== ------END CERTIFICATE----- - -Amazon Root CA 4 -================ ------BEGIN CERTIFICATE----- -MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG -EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy -NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ -MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN -/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri -83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV -HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA -MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1 -AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA== ------END CERTIFICATE----- - -LuxTrust Global Root 2 -====================== ------BEGIN CERTIFICATE----- -MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQELBQAwRjELMAkG -A1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNVBAMMFkx1eFRydXN0IEdsb2Jh -bCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUwMzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEW -MBQGA1UECgwNTHV4VHJ1c3QgUy5BLjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCC -AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wm -Kb3FibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTemhfY7RBi2 -xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1EMShduxq3sVs35a0VkBC -wGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsnXpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm -1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkm -FRseTJIpgp7VkoGSQXAZ96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niF -wpN6cj5mj5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4gDEa/ -a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+8kPREd8vZS9kzl8U -ubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2jX5t/Lax5Gw5CMZdjpPuKadUiDTSQ -MC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmHhFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB -/zBCBgNVHSAEOzA5MDcGByuBKwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5 -Lmx1eHRydXN0Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT -+Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQELBQADggIBAGoZ -FO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9BzZAcg4atmpZ1gDlaCDdLnIN -H2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTOjFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW -7MM3LGVYvlcAGvI1+ut7MV3CwRI9loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIu -ZY+kt9J/Z93I055cqqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWA -VWe+2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/JEAdemrR -TxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKrezrnK+T+Tb/mjuuqlPpmt -/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQfLSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc -7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31I -iyBMz2TWuJdGsE7RKlY6oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr ------END CERTIFICATE----- DELETED scriptlibs/softwareupdate/curl/bin/curl.exe Index: scriptlibs/softwareupdate/curl/bin/curl.exe ================================================================== --- scriptlibs/softwareupdate/curl/bin/curl.exe +++ scriptlibs/softwareupdate/curl/bin/curl.exe cannot compute difference between binary files DELETED scriptlibs/softwareupdate/curl/bin/libcurl.dll Index: scriptlibs/softwareupdate/curl/bin/libcurl.dll ================================================================== --- scriptlibs/softwareupdate/curl/bin/libcurl.dll +++ scriptlibs/softwareupdate/curl/bin/libcurl.dll cannot compute difference between binary files DELETED scriptlibs/softwareupdate/curl/docs/BINDINGS.md Index: scriptlibs/softwareupdate/curl/docs/BINDINGS.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/BINDINGS.md +++ scriptlibs/softwareupdate/curl/docs/BINDINGS.md @@ -1,106 +0,0 @@ -libcurl bindings -================ - - Creative people have written bindings or interfaces for various environments - and programming languages. Using one of these allows you to take advantage of - curl powers from within your favourite language or system. - - This is a list of all known interfaces as of this writing. - - The bindings listed below are not part of the curl/libcurl distribution - archives, but must be downloaded and installed separately. - -[Ada95](http://www.almroth.com/adacurl/index.html) Written by Andreas Almroth - -[Basic](http://scriptbasic.com/) ScriptBasic bindings written by Peter Verhas - -[C++](http://curlpp.org/) Written by Jean-Philippe Barrette-LaPierre - -[Ch](https://chcurl.sourceforge.io/) Written by Stephen Nestinger and Jonathan Rogado - -Cocoa: [BBHTTP](https://github.com/brunodecarvalho/BBHTTP) written by Bruno de Carvalho -[curlhandle](https://github.com/karelia/curlhandle) Written by Dan Wood - -[D](https://dlang.org/library/std/net/curl.html) Written by Kenneth Bogert - -[Dylan](https://dylanlibs.sourceforge.io/) Written by Chris Double - -[Eiffel](https://room.eiffel.com/library/curl) Written by Eiffel Software - -[Euphoria](http://rays-web.com/eulibcurl.htm) Written by Ray Smith - -[Falcon](http://www.falconpl.org/index.ftd?page_id=prjs&prj_id=curl) - -[Ferite](http://www.ferite.org/) Written by Paul Querna - -[Gambas](https://gambas.sourceforge.io/) - -[glib/GTK+](http://atterer.net/glibcurl/) Written by Richard Atterer - -[Guile](http://www.lonelycactus.com/guile-curl.html) Written by Michael L. Gran - -[Harbour](https://github.com/vszakats/harbour-core/tree/master/contrib/hbcurl) Written by Viktor Szakáts - -[Haskell](https://hackage.haskell.org/cgi-bin/hackage-scripts/package/curl) Written by Galois, Inc - -[Java](https://github.com/pjlegato/curl-java) - -[Julia](https://github.com/forio/Curl.jl) Written by Paul Howe - -[Lisp](https://common-lisp.net/project/cl-curl/) Written by Liam Healy - -Lua: [luacurl](http://luacurl.luaforge.net/) by Alexander Marinov, [Lua-cURL](http://luaforge.net/projects/lua-curl/) by Jürgen Hötzel - -[Mono](https://forge.novell.com/modules/xfmod/project/?libcurl-mono) Written by Jeffrey Phillips - -[.NET](https://sourceforge.net/projects/libcurl-net/) libcurl-net by Jeffrey Phillips - -[node.js](https://github.com/JCMais/node-libcurl) node-libcurl by Jonathan Cardoso Machado - -[Object-Pascal](http://www.tekool.com/opcurl) Free Pascal, Delphi and Kylix binding written by Christophe Espern. - -[O'Caml](https://sourceforge.net/projects/ocurl/) Written by Lars Nilsson - -[Pascal](http://houston.quik.com/jkp/curlpas/) Free Pascal, Delphi and Kylix binding written by Jeffrey Pohlmeyer. - -[Perl](https://github.com/szbalint/WWW--Curl) Maintained by Cris Bailiff and Bálint Szilakszi - -[PHP](https://php.net/curl) Originally written by Sterling Hughes - -[PostgreSQL](http://gborg.postgresql.org/project/pgcurl/projdisplay.php) Written by Gian Paolo Ciceri - -[Python](http://pycurl.io/) PycURL by Kjetil Jacobsen - -[R](https://cran.r-project.org/package=curl) - -[Rexx](https://rexxcurl.sourceforge.io/) Written Mark Hessling - -RPG, support for ILE/RPG on OS/400 is included in source distribution - -Ruby: [curb](http://curb.rubyforge.org/) written by Ross Bamford, [ruby-curl-multi](http://curl-multi.rubyforge.org/) written by Kristjan Petursson and Keith Rarick - -[Rust](https://github.com/carllerche/curl-rust) curl-rust - by Carl Lerche - -[Scheme](https://www.metapaper.net/lisovsky/web/curl/) Bigloo binding by Kirill Lisovsky - -[S-Lang](http://www.jedsoft.org/slang/modules/curl.html) by John E Davis - -[Smalltalk](http://www.squeaksource.com/CurlPlugin/) Written by Danil Osipchuk - -[SP-Forth](http://www.forth.org.ru/~ac/lib/lin/curl/) Written by ygrek - -[SPL](http://www.clifford.at/spl/) Written by Clifford Wolf - -[Tcl](http://mirror.yellow5.com/tclcurl/) Tclcurl by Andrés García - -[Visual Basic](https://sourceforge.net/projects/libcurl-vb/) libcurl-vb by Jeffrey Phillips - -[Visual Foxpro](http://www.ctl32.com.ar/libcurl.asp) by Carlos Alloatti - -[Q](https://q-lang.sourceforge.io/) The libcurl module is part of the default install - -[wxWidgets](https://wxcode.sourceforge.io/components/wxcurl/) Written by Casey O'Donnell - -[XBLite](http://perso.wanadoo.fr/xblite/libraries.html) Written by David Szafranski - -[Xojo](https://github.com/charonn0/RB-libcURL) Written by Andrew Lambert DELETED scriptlibs/softwareupdate/curl/docs/BUGS.txt Index: scriptlibs/softwareupdate/curl/docs/BUGS.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/BUGS.txt +++ scriptlibs/softwareupdate/curl/docs/BUGS.txt @@ -1,247 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -BUGS - - 1. Bugs - 1.1 There are still bugs - 1.2 Where to report - 1.3 What to report - 1.4 libcurl problems - 1.5 Who will fix the problems - 1.6 How to get a stack trace - 1.7 Bugs in libcurl bindings - - 2. Bug fixing procedure - 2.1 What happens on first filing - 2.2 First response - 2.3 Not reproducible - 2.4 Unresponsive - 2.5 Lack of time/interest - 2.6 KNOWN_BUGS - 2.7 TODO - 2.8 Closing off stalled bugs - -============================================================================== - -1.1 There are still bugs - - Curl and libcurl have grown substantially since the beginning. At the time - of writing (January 2013), there are about 83,000 lines of source code, and - by the time you read this it has probably grown even more. - - Of course there are lots of bugs left. And lots of misfeatures. - - To help us make curl the stable and solid product we want it to be, we need - bug reports and bug fixes. - -1.2 Where to report - - If you can't fix a bug yourself and submit a fix for it, try to report an as - detailed report as possible to a curl mailing list to allow one of us to - have a go at a solution. You can optionally also post your bug/problem at - curl's bug tracking system over at - - https://github.com/curl/curl/issues - - Please read the rest of this document below first before doing that! - - If you feel you need to ask around first, find a suitable mailing list and - post there. The lists are available on https://curl.haxx.se/mail/ - -1.3 What to report - - When reporting a bug, you should include all information that will help us - understand what's wrong, what you expected to happen and how to repeat the - bad behavior. You therefore need to tell us: - - - your operating system's name and version number - - - what version of curl you're using (curl -V is fine) - - - versions of the used libraries that libcurl is built to use - - - what URL you were working with (if possible), at least which protocol - - and anything and everything else you think matters. Tell us what you - expected to happen, tell use what did happen, tell us how you could make it - work another way. Dig around, try out, test. Then include all the tiny bits - and pieces in your report. You will benefit from this yourself, as it will - enable us to help you quicker and more accurately. - - Since curl deals with networks, it often helps us if you include a protocol - debug dump with your bug report. The output you get by using the -v or - --trace options. - - If curl crashed, causing a core dump (in unix), there is hardly any use to - send that huge file to anyone of us. Unless we have an exact same system - setup as you, we can't do much with it. Instead we ask you to get a stack - trace and send that (much smaller) output to us instead! - - The address and how to subscribe to the mailing lists are detailed in the - MANUAL file. - -1.4 libcurl problems - - When you've written your own application with libcurl to perform transfers, - it is even more important to be specific and detailed when reporting bugs. - - Tell us the libcurl version and your operating system. Tell us the name and - version of all relevant sub-components like for example the SSL library - you're using and what name resolving your libcurl uses. If you use SFTP or - SCP, the libssh2 version is relevant etc. - - Showing us a real source code example repeating your problem is the best way - to get our attention and it will greatly increase our chances to understand - your problem and to work on a fix (if we agree it truly is a problem). - - Lots of problems that appear to be libcurl problems are actually just abuses - of the libcurl API or other malfunctions in your applications. It is advised - that you run your problematic program using a memory debug tool like - valgrind or similar before you post memory-related or "crashing" problems to - us. - -1.5 Who will fix the problems - - If the problems or bugs you describe are considered to be bugs, we want to - have the problems fixed. - - There are no developers in the curl project that are paid to work on bugs. - All developers that take on reported bugs do this on a voluntary basis. We - do it out of an ambition to keep curl and libcurl excellent products and out - of pride. - - But please do not assume that you can just lump over something to us and it - will then magically be fixed after some given time. Most often we need - feedback and help to understand what you've experienced and how to repeat a - problem. Then we may only be able to assist YOU to debug the problem and to - track down the proper fix. - - We get reports from many people every month and each report can take a - considerable amount of time to really go to the bottom with. - -1.6 How to get a stack trace - - First, you must make sure that you compile all sources with -g and that you - don't 'strip' the final executable. Try to avoid optimizing the code as - well, remove -O, -O2 etc from the compiler options. - - Run the program until it cores. - - Run your debugger on the core file, like ' curl core'. - should be replaced with the name of your debugger, in most cases that will - be 'gdb', but 'dbx' and others also occur. - - When the debugger has finished loading the core file and presents you a - prompt, enter 'where' (without the quotes) and press return. - - The list that is presented is the stack trace. If everything worked, it is - supposed to contain the chain of functions that were called when curl - crashed. Include the stack trace with your detailed bug report. It'll help a - lot. - -1.7 Bugs in libcurl bindings - - There will of course pop up bugs in libcurl bindings. You should then - primarily approach the team that works on that particular binding and see - what you can do to help them fix the problem. - - If you suspect that the problem exists in the underlying libcurl, then - please convert your program over to plain C and follow the steps outlined - above. - -2. Bug fixing procedure - -2.1 What happens on first filing - - When a new issue is posted in the issue tracker or on the mailing list, the - team of developers first need to see the report. Maybe they took the day - off, maybe they're off in the woods hunting. Have patience. Allow at least a - few days before expecting someone to have responded. - - In the issue tracker you can expect that some labels will be set on the - issue to help categorize it. - -2.2 First response - - If your issue/bug report wasn't perfect at once (and few are), chances are - that someone will ask follow-up questions. Which version did you use? Which - options did you use? How often does the problem occur? How can we reproduce - this problem? Which protocols does it involve? Or perhaps much more specific - and deep diving questions. It all depends on your specific issue. - - You should then respond to these follow-up questions and provide more info - about the problem, so that we can help you figure it out. Or maybe you can - help us figure it out. An active back-and-forth communication is important - and the key for finding a cure and landing a fix. - -2.3 Not reproducible - - For problems that we can't reproduce and can't understand even after having - gotten all the info we need and having studied the source code over again, - are really hard to solve so then we may require further work from you who - actually see or experience the problem. - -2.4 Unresponsive - - If the problem haven't been understood or reproduced, and there's nobody - responding to follow-up questions or questions asking for clarifications or - for discussing possible ways to move forward with the task, we take that as - a strong suggestion that the bug is not important. - - Unimportant issues will be closed as inactive sooner or later as they can't - be fixed. The inactivity period (waiting for responses) should not be - shorter than two weeks but may extend months. - -2.5 Lack of time/interest - - Bugs that are filed and are understood can unfortunately end up in the - "nobody cares enough about it to work on it" category. Such bugs are - perfectly valid problems that *should* get fixed but apparently aren't. We - try to mark such bugs as "KNOWN_BUGS material" after a time of inactivity - and if no activity is noticed after yet some time those bugs are added to - KNOWN_BUGS and are closed in the issue tracker. - -2.6 KNOWN_BUGS - - This is a list of known bugs. Bugs we know exist and that have been pointed - out but that haven't yet been fixed. The reasons for why they haven't been - fixed can involve anything really, but the primary reason is that nobody has - considered these problems to be important enough to spend the necesary time - and effort to have them fixed. - - The KNOWN_BUGS are always up for grabs and we will always love the ones who - bring one of them back to live and offers solutions to them. - - The KNOWN_BUGS document has a sibling document known as TODO. - -2.7 TODO - - Issues that are filed or reported that aren't really bugs but more missing - features or ideas for future improvements and so on are marked as - 'enhancement' or 'feature-request' and will be added to the TODO document - instead and the issue is closed. We don't keep TODO items in the issue - tracker. - - The TODO document is full of ideas and suggestions of what we can add or fix - one day. You're always encouraged and free to grab one of those items and - take up a discussion with the curl development team on how that could be - implemented or provided in the project so that you can work on ticking it - odd that document. - - If the issue is rather a bug and not a missing feature or functionality, it - is listed in KNOWN_BUGS instead. - -2.8 Closing off stalled bugs - - The issue and pull request trackers on https://github.com/curl/curl will - only hold "active" entries (using a non-precise defintion of what active - actually is, but they're at least not completely dead). Those that are - abandonded or in other ways dormant will be closed and sometimes added to - TODO and KNOWN_BUGS instead. - - This way, we only have "active" issues open on github. Irrelevant issues and - pull requests will not distract developes or casual visitors. DELETED scriptlibs/softwareupdate/curl/docs/CHECKSRC.md Index: scriptlibs/softwareupdate/curl/docs/CHECKSRC.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/CHECKSRC.md +++ scriptlibs/softwareupdate/curl/docs/CHECKSRC.md @@ -1,124 +0,0 @@ -# checksrc - -This is the tool we use within the curl project to scan C source code and -check that it adheres to our [Source Code Style guide](CODE_STYLE.md). - -## Usage - - checksrc.pl [options] [file1] [file2] ... - -## Command line options - -`-W[file]` whitelists that file and excludes it from being checked. Helpful -when, for example, one of the files is generated. - -`-D[dir]` directory name to prepend to file names when accessing them. - -`-h` shows the help output, that also lists all recognized warnings - -## What does checksrc warn for? - -checksrc does not check and verify the code against the entire style guide, -but the script is instead an effort to detect the most common mistakes and -syntax mistakes that contributors make before they get accustomed to our code -style. Heck, many of us regulars do the mistakes too and this script helps us -keep the code in shape. - - checksrc.pl -h - -Lists how to use the script and it lists all existing warnings it has and -problems it detects. At the time of this writing, the existing checksrc -warnings are: - -- `BADCOMMAND`: There's a bad !checksrc! instruction in the code. See the - **Ignore certain warnings** section below for details. - -- `BANNEDFUNC`: A banned function was used. The functions sprintf, vsprintf, - strcat, strncat, gets are **never** allowed in curl source code. - -- `BRACEELSE`: '} else' on the same line. The else is supposed to be on the - following line. - -- `BRACEPOS`: wrong position for an open brace (`{`). - -- `COMMANOSPACE`: a comma without following space - -- `COPYRIGHT`: the file is missing a copyright statement! - -- `CPPCOMMENTS`: `//` comment detected, that's not C89 compliant - -- `FOPENMODE`: `fopen()` needs a macro for the mode string, use it - -- `INDENTATION`: detected a wrong start column for code. Note that this warning - only checks some specific places and will certainly miss many bad - indentations. - -- `LONGLINE`: A line is longer than 79 columns. - -- `PARENBRACE`: `){` was used without sufficient space in between. - -- `RETURNNOSPACE`: `return` was used without space between the keyword and the - following value. - -- `SPACEAFTERPAREN`: there was a space after open parenthesis, `( text`. - -- `SPACEBEFORECLOSE`: there was a space before a close parenthesis, `text )`. - -- `SPACEBEFORECOMMA`: there was a space before a comma, `one , two`. - -- `SPACEBEFOREPAREN`: there was a space before an open parenthesis, `if (`, - where one was not expected - -- `SPACESEMILCOLON`: there was a space before semicolon, ` ;`. - -- `TABS`: TAB characters are not allowed! - -- `TRAILINGSPACE`: Trailing white space on the line - -- `UNUSEDIGNORE`: a checksrc inlined warning ignore was asked for but not used, - that's an ignore that should be removed or changed to get used. - -## Ignore certain warnings - -Due to the nature of the source code and the flaws of the checksrc tool, there -is sometimes a need to ignore specific warnings. checksrc allows a few -different ways to do this. - -### Inline ignore - -You can control what to ignore within a specific source file by providing -instructions to checksrc in the source code itself. You need a magic marker -that is `!checksrc!` followed by the instruction. The instruction can ask to -ignore a specific warning N number of times or you ignore all of them until -you mark the end of the ignored section. - -Inline ignores are only done for that single specific source code file. - -Example - - /* !checksrc! disable LONGLINE all */ - -This will ignore the warning for overly long lines until it is re-enabled with: - - /* !checksrc! enable LONGLINE */ - -If the enabling isn't performed before the end of the file, it will be enabled -automatically for the next file. - -You can also opt to ignore just N violations so that if you have a single long -line you just can't shorten and is agreed to be fine anyway: - - /* !checksrc! disable LONGLINE 1 */ - -... and the warning for long lines will be enabled again automatically after -it has ignored that single warning. The number `1` can of course be changed to -any other integer number. It can be used to make sure only the exact intended -instances are ignored and nothing extra. - -### Directory wide ignore patterns - -This is a method we've transitioned away from. Use inline ignores as far as -possible. - -Make a `checksrc.whitelist` file in the directory of the source code with the -false positive, and include the full offending line into this file. DELETED scriptlibs/softwareupdate/curl/docs/CODE_OF_CONDUCT.md Index: scriptlibs/softwareupdate/curl/docs/CODE_OF_CONDUCT.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/CODE_OF_CONDUCT.md +++ scriptlibs/softwareupdate/curl/docs/CODE_OF_CONDUCT.md @@ -1,32 +0,0 @@ -Contributor Code of Conduct -=========================== - -As contributors and maintainers of this project, we pledge to respect all -people who contribute through reporting issues, posting feature requests, -updating documentation, submitting pull requests or patches, and other -activities. - -We are committed to making participation in this project a harassment-free -experience for everyone, regardless of level of experience, gender, gender -identity and expression, sexual orientation, disability, personal appearance, -body size, race, ethnicity, age, or religion. - -Examples of unacceptable behavior by participants include the use of sexual -language or imagery, derogatory comments or personal attacks, trolling, public -or private harassment, insults, or other unprofessional conduct. - -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct. Project maintainers who do not -follow the Code of Conduct may be removed from the project team. - -This code of conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by opening an issue or contacting one or more of the project -maintainers. - -This Code of Conduct is adapted from the [Contributor -Covenant](http://contributor-covenant.org), version 1.1.0, available at -[http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/) DELETED scriptlibs/softwareupdate/curl/docs/CODE_STYLE.md Index: scriptlibs/softwareupdate/curl/docs/CODE_STYLE.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/CODE_STYLE.md +++ scriptlibs/softwareupdate/curl/docs/CODE_STYLE.md @@ -1,238 +0,0 @@ -# curl C code style - -Source code that has a common style is easier to read than code that uses -different styles in different places. It helps making the code feel like one -single code base. Easy-to-read is a very important property of code and helps -making it easier to review when new things are added and it helps debugging -code when developers are trying to figure out why things go wrong. A unified -style is more important than individual contributors having their own personal -tastes satisfied. - -Our C code has a few style rules. Most of them are verified and upheld by the -`lib/checksrc.pl` script. Invoked with `make checksrc` or even by default by -the build system when built after `./configure --enable-debug` has been used. - -It is normally not a problem for anyone to follow the guidelines, as you just -need to copy the style already used in the source code and there are no -particularly unusual rules in our set of rules. - -We also work hard on writing code that are warning-free on all the major -platforms and in general on as many platforms as possible. Code that obviously -will cause warnings will not be accepted as-is. - -## Naming - -Try using a non-confusing naming scheme for your new functions and variable -names. It doesn't necessarily have to mean that you should use the same as in -other places of the code, just that the names should be logical, -understandable and be named according to what they're used for. File-local -functions should be made static. We like lower case names. - -See the [INTERNALS](INTERNALS.md) document on how we name non-exported -library-global symbols. - -## Indenting - -We use only spaces for indentation, never TABs. We use two spaces for each new -open brace. - - if(something_is_true) { - while(second_statement == fine) { - moo(); - } - } - -## Comments - -Since we write C89 code, `//` comments are not allowed. They weren't -introduced in the C standard until C99. We use only `/*` and `*/` comments: - - /* this is a comment */ - -## Long lines - -Source code in curl may never be wider than 79 columns and there are two -reasons for maintaining this even in the modern era of very large and high -resolution screens: - -1. Narrower columns are easier to read than very wide ones. There's a reason - newspapers have used columns for decades or centuries. - -2. Narrower columns allow developers to easier show multiple pieces of code - next to each other in different windows. I often have two or three source - code windows next to each other on the same screen - as well as multiple - terminal and debugging windows. - -## Braces - -In if/while/do/for expressions, we write the open brace on the same line as -the keyword and we then set the closing brace on the same indentation level as -the initial keyword. Like this: - - if(age < 40) { - /* clearly a youngster */ - } - -You may omit the braces if they would contain only a one-line statement: - - if(!x) - continue; - -For functions the opening brace should be on a separate line: - - int main(int argc, char **argv) - { - return 1; - } - -## 'else' on the following line - -When adding an `else` clause to a conditional expression using braces, we add -it on a new line after the closing brace. Like this: - - if(age < 40) { - /* clearly a youngster */ - } - else { - /* probably grumpy */ - } - -## No space before parentheses - -When writing expressions using if/while/do/for, there shall be no space -between the keyword and the open parenthesis. Like this: - - while(1) { - /* loop forever */ - } - -## Use boolean conditions - -Rather than test a conditional value such as a bool against TRUE or FALSE, a -pointer against NULL or != NULL and an int against zero or not zero in -if/while conditions we prefer: - - result = do_something(); - if(!result) { - /* something went wrong */ - return result; - } - -## No assignments in conditions - -To increase readability and reduce complexity of conditionals, we avoid -assigning variables within if/while conditions. We frown upon this style: - - if((ptr = malloc(100)) == NULL) - return NULL; - -and instead we encourage the above version to be spelled out more clearly: - - ptr = malloc(100); - if(!ptr) - return NULL; - -## New block on a new line - -We never write multiple statements on the same source line, even for very -short if() conditions. - - if(a) - return TRUE; - else if(b) - return FALSE; - -and NEVER: - - if(a) return TRUE; - else if(b) return FALSE; - -## Space around operators - -Please use spaces on both sides of operators in C expressions. Postfix `(), -[], ->, ., ++, --` and Unary `+, - !, ~, &` operators excluded they should -have no space. - -Examples: - - bla = func(); - who = name[0]; - age += 1; - true = !false; - size += -2 + 3 * (a + b); - ptr->member = a++; - struct.field = b--; - ptr = &address; - contents = *pointer; - complement = ~bits; - empty = (!*string) ? TRUE : FALSE; - -## Column alignment - -Some statements cannot be completed on a single line because the line would -be too long, the statement too hard to read, or due to other style guidelines -above. In such a case the statement will span multiple lines. - -If a continuation line is part of an expression or sub-expression then you -should align on the appropriate column so that it's easy to tell what part of -the statement it is. Operators should not start continuation lines. In other -cases follow the 2-space indent guideline. Here are some examples from libcurl: - -~~~c - if(Curl_pipeline_wanted(handle->multi, CURLPIPE_HTTP1) && - (handle->set.httpversion != CURL_HTTP_VERSION_1_0) && - (handle->set.httpreq == HTTPREQ_GET || - handle->set.httpreq == HTTPREQ_HEAD)) - /* didn't ask for HTTP/1.0 and a GET or HEAD */ - return TRUE; -~~~ - -~~~c - case CURLOPT_KEEP_SENDING_ON_ERROR: - data->set.http_keep_sending_on_error = (0 != va_arg(param, long)) ? - TRUE : FALSE; - break; -~~~ - -~~~c - data->set.http_disable_hostname_check_before_authentication = - (0 != va_arg(param, long)) ? TRUE : FALSE; -~~~ - -~~~c - if(option) { - result = parse_login_details(option, strlen(option), - (userp ? &user : NULL), - (passwdp ? &passwd : NULL), - NULL); - } -~~~ - -~~~c - DEBUGF(infof(data, "Curl_pp_readresp_ %d bytes of trailing " - "server response left\n", - (int)clipamount)); -~~~ - -## Platform dependent code - -Use `#ifdef HAVE_FEATURE` to do conditional code. We avoid checking for -particular operating systems or hardware in the #ifdef lines. The HAVE_FEATURE -shall be generated by the configure script for unix-like systems and they are -hard-coded in the config-[system].h files for the others. - -We also encourage use of macros/functions that possibly are empty or defined -to constants when libcurl is built without that feature, to make the code -seamless. Like this style where the `magic()` function works differently -depending on a build-time conditional: - - #ifdef HAVE_MAGIC - void magic(int a) - { - return a + 2; - } - #else - #define magic(x) 1 - #endif - - int content = magic(3); DELETED scriptlibs/softwareupdate/curl/docs/CONTRIBUTE.md Index: scriptlibs/softwareupdate/curl/docs/CONTRIBUTE.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/CONTRIBUTE.md +++ scriptlibs/softwareupdate/curl/docs/CONTRIBUTE.md @@ -1,247 +0,0 @@ -# Contributing to the curl project - -This document is intended to offer guidelines on how to best contribute to the -curl project. This concerns new features as well as corrections to existing -flaws or bugs. - -## Learning curl - -### Join the Community - -Skip over to [https://curl.haxx.se/mail/](https://curl.haxx.se/mail/) and join -the appropriate mailing list(s). Read up on details before you post -questions. Read this file before you start sending patches! We prefer -questions sent to and discussions being held on the mailing list(s), not sent -to individuals. - -Before posting to one of the curl mailing lists, please read up on the -[mailing list etiquette](https://curl.haxx.se/mail/etiquette.html). - -We also hang out on IRC in #curl on irc.freenode.net - -If you're at all interested in the code side of things, consider clicking -'watch' on the [curl repo on github](https://github.com/curl/curl) to get -notified on pull requests and new issues posted there. - -### License and copyright - -When contributing with code, you agree to put your changes and new code under -the same license curl and libcurl is already using unless stated and agreed -otherwise. - -If you add a larger piece of code, you can opt to make that file or set of -files to use a different license as long as they don't enforce any changes to -the rest of the package and they make sense. Such "separate parts" can not be -GPL licensed (as we don't want copyleft to affect users of libcurl) but they -must use "GPL compatible" licenses (as we want to allow users to use libcurl -properly in GPL licensed environments). - -When changing existing source code, you do not alter the copyright of the -original file(s). The copyright will still be owned by the original creator(s) -or those who have been assigned copyright by the original author(s). - -By submitting a patch to the curl project, you are assumed to have the right -to the code and to be allowed by your employer or whatever to hand over that -patch/code to us. We will credit you for your changes as far as possible, to -give credit but also to keep a trace back to who made what changes. Please -always provide us with your full real name when contributing! - -### What To Read - -Source code, the man pages, the [INTERNALS -document](https://curl.haxx.se/dev/internals.html), -[TODO](https://curl.haxx.se/docs/todo.html), -[KNOWN_BUGS](https://curl.haxx.se/docs/knownbugs.html) and the [most recent -changes](https://curl.haxx.se/dev/sourceactivity.html) in git. Just lurking on -the [curl-library mailing -list](https://curl.haxx.se/mail/list.cgi?list=curl-library) will give you a -lot of insights on what's going on right now. Asking there is a good idea too. - -## Write a good patch - -### Follow code style - -When writing C code, follow the -[CODE_STYLE](https://curl.haxx.se/dev/code-style.html) already established in -the project. Consistent style makes code easier to read and mistakes less -likely to happen. Run `make checksrc` before you submit anything, to make sure -you follow the basic style. That script doesn't verify everything, but if it -complains you know you have work to do. - -### Non-clobbering All Over - -When you write new functionality or fix bugs, it is important that you don't -fiddle all over the source files and functions. Remember that it is likely -that other people have done changes in the same source files as you have and -possibly even in the same functions. If you bring completely new -functionality, try writing it in a new source file. If you fix bugs, try to -fix one bug at a time and send them as separate patches. - -### Write Separate Changes - -It is annoying when you get a huge patch from someone that is said to fix 511 -odd problems, but discussions and opinions don't agree with 510 of them - or -509 of them were already fixed in a different way. Then the person merging -this change needs to extract the single interesting patch from somewhere -within the huge pile of source, and that creates a lot of extra work. - -Preferably, each fix that corrects a problem should be in its own patch/commit -with its own description/commit message stating exactly what they correct so -that all changes can be selectively applied by the maintainer or other -interested parties. - -Also, separate changes enable bisecting much better for tracking problems -and regression in the future. - -### Patch Against Recent Sources - -Please try to get the latest available sources to make your patches against. -It makes the lives of the developers so much easier. The very best is if you -get the most up-to-date sources from the git repository, but the latest -release archive is quite OK as well! - -### Documentation - -Writing docs is dead boring and one of the big problems with many open source -projects. But someone's gotta do it! It makes things a lot easier if you -submit a small description of your fix or your new features with every -contribution so that it can be swiftly added to the package documentation. - -The documentation is always made in man pages (nroff formatted) or plain -ASCII files. All HTML files on the web site and in the release archives are -generated from the nroff/ASCII versions. - -### Test Cases - -Since the introduction of the test suite, we can quickly verify that the main -features are working as they're supposed to. To maintain this situation and -improve it, all new features and functions that are added need to be tested -in the test suite. Every feature that is added should get at least one valid -test case that verifies that it works as documented. If every submitter also -posts a few test cases, it won't end up as a heavy burden on a single person! - -If you don't have test cases or perhaps you have done something that is very -hard to write tests for, do explain exactly how you have otherwise tested and -verified your changes. - -## Sharing Your Changes - -### How to get your changes into the main sources - -Ideally you file a [pull request on -github](https://github.com/curl/curl/pulls), but you can also send your plain -patch to [the curl-library mailing -list](https://curl.haxx.se/mail/list.cgi?list=curl-library). - -Either way, your change will be reviewed and discussed there and you will be -expected to correct flaws pointed out and update accordingly, or the change -risks stalling and eventually just getting deleted without action. As a -submitter of a change, you are the owner of that change until it has been merged. - -Respond on the list or on github about the change and answer questions and/or -fix nits/flaws. This is very important. We will take lack of replies as a -sign that you're not very anxious to get your patch accepted and we tend to -simply drop such changes. - -### About pull requests - -With github it is easy to send a [pull -request](https://github.com/curl/curl/pulls) to the curl project to have -changes merged. - -We prefer pull requests to mailed patches, as it makes it a proper git commit -that is easy to merge and they are easy to track and not that easy to loose -in the flood of many emails, like they sometimes do on the mailing lists. - -When you adjust your pull requests after review, consider squashing the -commits so that we can review the full updated version more easily. - -### Making quality patches - -Make the patch against as recent source versions as possible. - -If you've followed the tips in this document and your patch still hasn't been -incorporated or responded to after some weeks, consider resubmitting it to -the list or better yet: change it to a pull request. - -### Write good commit messages - -A short guide to how to write commit messages in the curl project. - - ---- start ---- - [area]: [short line describing the main effect] - -- empty line -- - [full description, no wider than 72 columns that describe as much as - possible as to why this change is made, and possibly what things - it fixes and everything else that is related] - -- empty line -- - [Bug: URL to source of the report or more related discussion] - [Reported-by: John Doe - credit the reporter] - [whatever-else-by: credit all helpers, finders, doers] - ---- stop ---- - -Don't forget to use commit --author="" if you commit someone else's work, -and make sure that you have your own user and email setup correctly in git -before you commit - -### Write Access to git Repository - -If you are a very frequent contributor, you may be given push access to the -git repository and then you'll be able to push your changes straight into the -git repo instead of sending changes as pull requests or by mail as patches. - -Just ask if this is what you'd want. You will be required to have posted -several high quality patches first, before you can be granted push access. - -### How To Make a Patch with git - -You need to first checkout the repository: - - git clone https://github.com/curl/curl.git - -You then proceed and edit all the files you like and you commit them to your -local repository: - - git commit [file] - -As usual, group your commits so that you commit all changes at once that -constitute a logical change. - -Once you have done all your commits and you're happy with what you see, you -can make patches out of your changes that are suitable for mailing: - - git format-patch remotes/origin/master - -This creates files in your local directory named NNNN-[name].patch for each -commit. - -Now send those patches off to the curl-library list. You can of course opt to -do that with the 'git send-email' command. - -### How To Make a Patch without git - -Keep a copy of the unmodified curl sources. Make your changes in a separate -source tree. When you think you have something that you want to offer the -curl community, use GNU diff to generate patches. - -If you have modified a single file, try something like: - - diff -u unmodified-file.c my-changed-one.c > my-fixes.diff - -If you have modified several files, possibly in different directories, you -can use diff recursively: - - diff -ur curl-original-dir curl-modified-sources-dir > my-fixes.diff - -The GNU diff and GNU patch tools exist for virtually all platforms, including -all kinds of Unixes and Windows: - -For unix-like operating systems: - - - [https://savannah.gnu.org/projects/patch/](https://savannah.gnu.org/projects/patch/) - - [https://www.gnu.org/software/diffutils/](https://www.gnu.org/software/diffutils/) - -For Windows: - - - [https://gnuwin32.sourceforge.io/packages/patch.htm](https://gnuwin32.sourceforge.io/packages/patch.htm) - - [https://gnuwin32.sourceforge.io/packages/diffutils.htm](https://gnuwin32.sourceforge.io/packages/diffutils.htm) DELETED scriptlibs/softwareupdate/curl/docs/FAQ.txt Index: scriptlibs/softwareupdate/curl/docs/FAQ.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/FAQ.txt +++ scriptlibs/softwareupdate/curl/docs/FAQ.txt @@ -1,1585 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -FAQ - - 1. Philosophy - 1.1 What is cURL? - 1.2 What is libcurl? - 1.3 What is curl not? - 1.4 When will you make curl do XXXX ? - 1.5 Who makes curl? - 1.6 What do you get for making curl? - 1.7 What about CURL from curl.com? - 1.8 I have a problem who do I mail? - 1.9 Where do I buy commercial support for curl? - 1.10 How many are using curl? - 1.11 Why don't you update ca-bundle.crt - 1.12 I have a problem who can I chat with? - 1.13 curl's ECCN number? - 1.14 How do I submit my patch? - 1.15 How do I port libcurl to my OS? - - 2. Install Related Problems - 2.1 configure doesn't find OpenSSL even when it is installed - 2.1.1 native linker doesn't find OpenSSL - 2.1.2 only the libssl lib is missing - 2.2 Does curl work/build with other SSL libraries? - 2.3 Where can I find a copy of LIBEAY32.DLL? - 2.4 Does curl support SOCKS (RFC 1928) ? - 2.5 Install libcurl for both 32bit and 64bit? - - 3. Usage Problems - 3.1 curl: (1) SSL is disabled, https: not supported - 3.2 How do I tell curl to resume a transfer? - 3.3 Why doesn't my posting using -F work? - 3.4 How do I tell curl to run custom FTP commands? - 3.5 How can I disable the Accept: */* header? - 3.6 Does curl support ASP, XML, XHTML or HTML version Y? - 3.7 Can I use curl to delete/rename a file through FTP? - 3.8 How do I tell curl to follow HTTP redirects? - 3.9 How do I use curl in my favorite programming language? - 3.10 What about SOAP, WebDAV, XML-RPC or similar protocols over HTTP? - 3.11 How do I POST with a different Content-Type? - 3.12 Why do FTP specific features over HTTP proxy fail? - 3.13 Why does my single/double quotes fail? - 3.14 Does curl support Javascript or PAC (automated proxy config)? - 3.15 Can I do recursive fetches with curl? - 3.16 What certificates do I need when I use SSL? - 3.17 How do I list the root dir of an FTP server? - 3.18 Can I use curl to send a POST/PUT and not wait for a response? - 3.19 How do I get HTTP from a host using a specific IP address? - 3.20 How to SFTP from my user's home directory? - 3.21 Protocol xxx not supported or disabled in libcurl - 3.22 curl -X gives me HTTP problems - - 4. Running Problems - 4.1 Problems connecting to SSL servers. - 4.2 Why do I get problems when I use & or % in the URL? - 4.3 How can I use {, }, [ or ] to specify multiple URLs? - 4.4 Why do I get downloaded data even though the web page doesn't exist? - 4.5 Why do I get return code XXX from a HTTP server? - 4.5.1 "400 Bad Request" - 4.5.2 "401 Unauthorized" - 4.5.3 "403 Forbidden" - 4.5.4 "404 Not Found" - 4.5.5 "405 Method Not Allowed" - 4.5.6 "301 Moved Permanently" - 4.6 Can you tell me what error code 142 means? - 4.7 How do I keep user names and passwords secret in Curl command lines? - 4.8 I found a bug! - 4.9 Curl can't authenticate to the server that requires NTLM? - 4.10 My HTTP request using HEAD, PUT or DELETE doesn't work! - 4.11 Why does my HTTP range requests return the full document? - 4.12 Why do I get "certificate verify failed" ? - 4.13 Why is curl -R on Windows one hour off? - 4.14 Redirects work in browser but not with curl! - 4.15 FTPS doesn't work - 4.16 My HTTP POST or PUT requests are slow! - 4.17 Non-functional connect timeouts on Windows - 4.18 file:// URLs containing drive letters (Windows, NetWare) - 4.19 Why doesn't curl return an error when the network cable is unplugged? - 4.20 curl doesn't return error for HTTP non-200 responses! - 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? - - 5. libcurl Issues - 5.1 Is libcurl thread-safe? - 5.2 How can I receive all data into a large memory chunk? - 5.3 How do I fetch multiple files with libcurl? - 5.4 Does libcurl do Winsock initing on win32 systems? - 5.5 Does CURLOPT_WRITEDATA and CURLOPT_READDATA work on win32 ? - 5.6 What about Keep-Alive or persistent connections? - 5.7 Link errors when building libcurl on Windows! - 5.8 libcurl.so.X: open failed: No such file or directory - 5.9 How does libcurl resolve host names? - 5.10 How do I prevent libcurl from writing the response to stdout? - 5.11 How do I make libcurl not receive the whole HTTP response? - 5.12 Can I make libcurl fake or hide my real IP address? - 5.13 How do I stop an ongoing transfer? - 5.14 Using C++ non-static functions for callbacks? - 5.15 How do I get an FTP directory listing? - 5.16 I want a different time-out! - 5.17 Can I write a server with libcurl? - 5.18 Does libcurl use threads? - - 6. License Issues - 6.1 I have a GPL program, can I use the libcurl library? - 6.2 I have a closed-source program, can I use the libcurl library? - 6.3 I have a BSD licensed program, can I use the libcurl library? - 6.4 I have a program that uses LGPL libraries, can I use libcurl? - 6.5 Can I modify curl/libcurl for my program and keep the changes secret? - 6.6 Can you please change the curl/libcurl license to XXXX? - 6.7 What are my obligations when using libcurl in my commercial apps? - - 7. PHP/CURL Issues - 7.1 What is PHP/CURL? - 7.2 Who wrote PHP/CURL? - 7.3 Can I perform multiple requests using the same handle? - -============================================================================== - -1. Philosophy - - 1.1 What is cURL? - - cURL is the name of the project. The name is a play on 'Client for URLs', - originally with URL spelled in uppercase to make it obvious it deals with - URLs. The fact it can also be pronounced 'see URL' also helped, it works as - an abbreviation for "Client URL Request Library" or why not the recursive - version: "Curl URL Request Library". - - The cURL project produces two products: - - libcurl - - A free and easy-to-use client-side URL transfer library, supporting DICT, - FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, - POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP. - - libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, - Kerberos, SPNEGO, HTTP form based upload, proxies, cookies, user+password - authentication, file transfer resume, http proxy tunneling and more! - - libcurl is highly portable, it builds and works identically on numerous - platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HP-UX, - IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOS, Mac - OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare, DOS, Symbian, OSF, - Android, Minix, IBM TPF and more... - - libcurl is free, thread-safe, IPv6 compatible, feature rich, well - supported and fast. - - curl - - A command line tool for getting or sending files using URL syntax. - - Since curl uses libcurl, curl supports the same wide range of common - Internet protocols that libcurl does. - - We pronounce curl with an initial k sound. It rhymes with words like girl - and earl. This is a short WAV file to help you: - - http://media.merriam-webster.com/soundc11/c/curl0001.wav - - There are numerous sub-projects and related projects that also use the word - curl in the project names in various combinations, but you should take - notice that this FAQ is directed at the command-line tool named curl (and - libcurl the library), and may therefore not be valid for other curl-related - projects. (There is however a small section for the PHP/CURL in this FAQ.) - - 1.2 What is libcurl? - - libcurl is a reliable and portable library which provides you with an easy - interface to a range of common Internet protocols. - - You can use libcurl for free in your application, be it open source, - commercial or closed-source. - - libcurl is most probably the most portable, most powerful and most often - used C-based multi-platform file transfer library on this planet - be it - open source or commercial. - - 1.3 What is curl not? - - Curl is not a wget clone. That is a common misconception. Never, during - curl's development, have we intended curl to replace wget or compete on its - market. Curl is targeted at single-shot file transfers. - - Curl is not a web site mirroring program. If you want to use curl to mirror - something: fine, go ahead and write a script that wraps around curl to make - it reality (like curlmirror.pl does). - - Curl is not an FTP site mirroring program. Sure, get and send FTP with curl - but if you want systematic and sequential behavior you should write a - script (or write a new program that interfaces libcurl) and do it. - - Curl is not a PHP tool, even though it works perfectly well when used from - or with PHP (when using the PHP/CURL module). - - Curl is not a program for a single operating system. Curl exists, compiles, - builds and runs under a wide range of operating systems, including all - modern Unixes (and a bunch of older ones too), Windows, Amiga, BeOS, OS/2, - OS X, QNX etc. - - 1.4 When will you make curl do XXXX ? - - We love suggestions of what to change in order to make curl and libcurl - better. We do however believe in a few rules when it comes to the future of - curl: - - Curl -- the command line tool -- is to remain a non-graphical command line - tool. If you want GUIs or fancy scripting capabilities, you should look for - another tool that uses libcurl. - - We do not add things to curl that other small and available tools already do - very well at the side. Curl's output can be piped into another program or - redirected to another file for the next program to interpret. - - We focus on protocol related issues and improvements. If you wanna do more - magic with the supported protocols than curl currently does, chances are good - we will agree. If you wanna add more protocols, we may very well agree. - - If you want someone else to do all the work while you wait for us to - implement it for you, that is not a very friendly attitude. We spend a - considerable time already on maintaining and developing curl. In order to - get more out of us, you should consider trading in some of your time and - effort in return. Simply go to the GitHub repo which resides at - https://github.com/curl/curl, fork the project, and create pull requests - with your proposed changes. - - If you write the code, chances are better that it will get into curl faster. - - 1.5 Who makes curl? - - curl and libcurl are not made by any single individual. Daniel Stenberg is - project leader and main developer, but other persons' submissions are - important and crucial. Anyone can contribute and post their changes and - improvements and have them inserted in the main sources (of course on the - condition that developers agree that the fixes are good). - - The full list of all contributors is found in the docs/THANKS file. - - curl is developed by a community, with Daniel at the wheel. - - 1.6 What do you get for making curl? - - Project cURL is entirely free and open. No person gets paid for developing - curl full time. We do this voluntarily, mostly in our spare time. - Occasionally companies pay individual developers to work on curl, but that's - up to each company and developer. This is not controlled by nor supervised in - any way by the project. - - We still get help from companies. Haxx provides web site, bandwidth, mailing - lists etc, sourceforge.net hosts project services we take advantage from, - like the bug tracker, and GitHub hosts the primary git repository at - https://github.com/curl/curl. Also again, some companies have sponsored - certain parts of the development in the past and I hope some will continue to - do so in the future. - - If you want to support our project, consider a donation or a banner-program - or even better: by helping us with coding, documenting or testing etc. - - 1.7 What about CURL from curl.com? - - During the summer of 2001, curl.com was busy advertising their client-side - programming language for the web, named CURL. - - We are in no way associated with curl.com or their CURL programming - language. - - Our project name curl has been in effective use since 1998. We were not the - first computer related project to use the name "curl" and do not claim any - rights to the name. - - We recognize that we will be living in parallel with curl.com and wish them - every success. - - 1.8 I have a problem whom do I mail? - - Please do not mail any single individual unless you really need to. Keep - curl-related questions on a suitable mailing list. All available mailing - lists are listed in the MANUAL document and online at - https://curl.haxx.se/mail/ - - Keeping curl-related questions and discussions on mailing lists allows - others to join in and help, to share their ideas, to contribute their - suggestions and to spread their wisdom. Keeping discussions on public mailing - lists also allows for others to learn from this (both current and future - users thanks to the web based archives of the mailing lists), thus saving us - from having to repeat ourselves even more. Thanks for respecting this. - - If you have found or simply suspect a security problem in curl or libcurl, - mail curl-security at haxx.se (closed list of receivers, mails are not - disclosed) and tell. Then we can produce a fix in a timely manner before the - flaw is announced to the world, thus lessen the impact the problem will have - on existing users. - - 1.9 Where do I buy commercial support for curl? - - curl is fully open source. It means you can hire any skilled engineer to fix - your curl-related problems. - - We list available alternatives on the curl web site: - https://curl.haxx.se/support.html - - 1.10 How many are using curl? - - It is impossible to tell. - - We don't know how many users that knowingly have installed and use curl. - - We don't know how many users that use curl without knowing that they are in - fact using it. - - We don't know how many users that downloaded or installed curl and then - never use it. - - In May 2012 Daniel did a counting game and came up with a number that may - be completely wrong or somewhat accurate. Over 500 million! - - See https://daniel.haxx.se/blog/2012/05/16/300m-users/ - - 1.11 Why don't you update ca-bundle.crt - - The ca cert bundle that used to be shipped with curl was very outdated and - must be replaced with an up-to-date version by anyone who wants to verify - peers. It is no longer provided by curl. The last curl release that ever - shipped a ca cert bundle was curl 7.18.0. - - In the cURL project we've decided not to attempt to keep this file updated - (or even present anymore) since deciding what to add to a ca cert bundle is - an undertaking we've not been ready to accept, and the one we can get from - Mozilla is perfectly fine so there's no need to duplicate that work. - - Today, with many services performed over HTTPS, every operating system - should come with a default ca cert bundle that can be deemed somewhat - trustworthy and that collection (if reasonably updated) should be deemed to - be a lot better than a private curl version. - - If you want the most recent collection of ca certs that Mozilla Firefox - uses, we recommend that you extract the collection yourself from Mozilla - Firefox (by running 'make ca-bundle), or by using our online service setup - for this purpose: https://curl.haxx.se/docs/caextract.html - - 1.12 I have a problem who can I chat with? - - There's a bunch of friendly people hanging out in the #curl channel on the - IRC network irc.freenode.net. If you're polite and nice, chances are good - that you can get -- or provide -- help instantly. - - 1.13 curl's ECCN number? - - The US government restricts exports of software that contains or uses - cryptography. When doing so, the Export Control Classification Number (ECCN) - is used to identify the level of export control etc. - - Apache Software Foundation gives a good explanation of ECCNs at - https://www.apache.org/dev/crypto.html - - We believe curl's number might be ECCN 5D002, another possibility is - 5D992. It seems necessary to write them (the authority that administers ECCN - numbers), asking to confirm. - - Comprehensible explanations of the meaning of such numbers and how to obtain - them (resp.) are here - - http://www.bis.doc.gov/licensing/exportingbasics.htm - http://www.bis.doc.gov/licensing/do_i_needaneccn.html - - An incomprehensible description of the two numbers above is here - http://www.access.gpo.gov/bis/ear/pdf/ccl5-pt2.pdf - - 1.14 How do I submit my patch? - - When you have made a patch or a change of whatever sort, and want to submit - that to the project, there are a few different ways we prefer: - - o send a patch to the curl-library mailing list. We're many subscribers - there and there are lots of people who can review patches, comment on them - and "receive" them properly. - - o if your patch changes or fixes a bug, you can also opt to submit a bug - report in the bug tracker and attach your patch there. There are less - people involved there. - - Lots of more details are found in the CONTRIBUTE and INTERNALS docs. - - 1.15 How do I port libcurl to my OS? - - Here's a rough step-by-step: - - 1. copy a suitable lib/config-*.h file as a start to lib/config-[youros].h - - 2. edit lib/config-[youros].h to match your OS and setup - - 3. edit lib/curl_setup.h to include config-[youros].h when your OS is - detected by the preprocessor, in the style others already exist - - 4. compile lib/*.c and make them into a library - - -2. Install Related Problems - - 2.1 configure doesn't find OpenSSL even when it is installed - - This may be because of several reasons. - - 2.1.1 native linker doesn't find openssl - - Affected platforms: - Solaris (native cc compiler) - HPUX (native cc compiler) - SGI IRIX (native cc compiler) - SCO UNIX (native cc compiler) - - When configuring curl, I specify --with-ssl. OpenSSL is installed in - /usr/local/ssl Configure reports SSL in /usr/local/ssl, but fails to find - CRYPTO_lock in -lcrypto - - Cause: The cc for this test places the -L/usr/local/ssl/lib AFTER - -lcrypto, so ld can't find the library. This is due to a bug in the GNU - autoconf tool. - - Workaround: Specifying "LDFLAGS=-L/usr/local/ssl/lib" in front of - ./configure places the -L/usr/local/ssl/lib early enough in the command - line to make things work - - 2.1.2 only the libssl lib is missing - - If all include files and the libcrypto lib is present, with only the - libssl being missing according to configure, this is most likely because - a few functions are left out from the libssl. - - If the function names missing include RSA or RSAREF you can be certain - that this is because libssl requires the RSA and RSAREF libs to build. - - See the INSTALL file section that explains how to add those libs to - configure. Make sure that you remove the config.cache file before you - rerun configure with the new flags. - - 2.2 Does curl work/build with other SSL libraries? - - Curl has been written to use a generic SSL function layer internally, and - that SSL functionality can then be provided by one out of many different SSL - backends. - - curl can be built to use one of the following SSL alternatives: OpenSSL, - GnuTLS, yassl, NSS, PolarSSL, axTLS, Secure Transport (native iOS/OS X), - WinSSL (native Windows) or GSKit (native IBM i). They all have their pros - and cons, and we try to maintain a comparison of them here: - https://curl.haxx.se/docs/ssl-compared.html - - 2.3 Where can I find a copy of LIBEAY32.DLL? - - That is an OpenSSL binary built for Windows. - - Curl can be built with OpenSSL to do the SSL stuff. The LIBEAY32.DLL is then - what curl needs on a windows machine to do https:// etc. Check out the curl - web site to find accurate and up-to-date pointers to recent OpenSSL DLLs and - other binary packages. - - 2.4 Does curl support SOCKS (RFC 1928) ? - - Yes, SOCKS 4 and 5 are supported. - - 2.5 Install libcurl for both 32bit and 64bit? - - In curl's configure procedure one of the regular include files gets created - with platform specific information. The file 'curl/curlbuild.h' in the - installed libcurl file tree is therefore somewhat tied to that particular - platform. - - To allow applications to get built for either 32bit or 64bit you need to - install libcurl headers for both setups and unfortunately curl doesn't do - this automatically. - - A commonly used procedure is this: - - $ ./configure [32bit platform] - $ mv curl/curlbuild.h curl/curlbuild-32bit.h - $ ./configure [64bit platform] - $ mv curl/curlbuild.h curl/curlbuild-64bit.h - - Then you make a toplevel curl/curlbuild.h replacement that only does this: - - #ifdef IS_32BIT - #include "curlbuild-32bit.h" - else - #include "curlbuild-64bit.h" - #endif - - -3. Usage problems - - 3.1 curl: (1) SSL is disabled, https: not supported - - If you get this output when trying to get anything from a https:// server, - it means that the instance of curl/libcurl that you're using was built - without support for this protocol. - - This could've happened if the configure script that was run at build time - couldn't find all libs and include files curl requires for SSL to work. If - the configure script fails to find them, curl is simply built without SSL - support. - - To get the https:// support into a curl that was previously built but that - reports that https:// is not supported, you should dig through the document - and logs and check out why the configure script doesn't find the SSL libs - and/or include files. - - Also, check out the other paragraph in this FAQ labelled "configure doesn't - find OpenSSL even when it is installed". - - 3.2 How do I tell curl to resume a transfer? - - Curl supports resumed transfers both ways on both FTP and HTTP. - Try the -C option. - - 3.3 Why doesn't my posting using -F work? - - You can't arbitrarily use -F or -d, the choice between -F or -d depends on the - HTTP operation you need curl to do and what the web server that will receive - your post expects. - - If the form you're trying to submit uses the type 'multipart/form-data', then - and only then you must use the -F type. In all the most common cases, you - should use -d which then causes a posting with the type - 'application/x-www-form-urlencoded'. - - This is described in some detail in the MANUAL and TheArtOfHttpScripting - documents, and if you don't understand it the first time, read it again - before you post questions about this to the mailing list. Also, try reading - through the mailing list archives for old postings and questions regarding - this. - - 3.4 How do I tell curl to run custom FTP commands? - - You can tell curl to perform optional commands both before and/or after a - file transfer. Study the -Q/--quote option. - - Since curl is used for file transfers, you don't normally use curl to - perform FTP commands without transferring anything. Therefore you must - always specify a URL to transfer to/from even when doing custom FTP - commands, or use -I which implies the "no body" option sent to libcurl. - - 3.5 How can I disable the Accept: */* header? - - You can change all internally generated headers by adding a replacement with - the -H/--header option. By adding a header with empty contents you safely - disable that one. Use -H "Accept:" to disable that specific header. - - 3.6 Does curl support ASP, XML, XHTML or HTML version Y? - - To curl, all contents are alike. It doesn't matter how the page was - generated. It may be ASP, PHP, Perl, shell-script, SSI or plain HTML - files. There's no difference to curl and it doesn't even know what kind of - language that generated the page. - - See also item 3.14 regarding javascript. - - 3.7 Can I use curl to delete/rename a file through FTP? - - Yes. You specify custom FTP commands with -Q/--quote. - - One example would be to delete a file after you have downloaded it: - - curl -O ftp://download.com/coolfile -Q '-DELE coolfile' - - or rename a file after upload: - - curl -T infile ftp://upload.com/dir/ -Q "-RNFR infile" -Q "-RNTO newname" - - 3.8 How do I tell curl to follow HTTP redirects? - - Curl does not follow so-called redirects by default. The Location: header - that informs the client about this is only interpreted if you're using the - -L/--location option. As in: - - curl -L http://redirector.com - - Not all redirects are HTTP ones, see 4.14 - - 3.9 How do I use curl in my favorite programming language? - - There exist many language interfaces/bindings for curl that integrates it - better with various languages. If you are fluid in a script language, you - may very well opt to use such an interface instead of using the command line - tool. - - Find out more about which languages that support curl directly, and how to - install and use them, in the libcurl section of the curl web site: - https://curl.haxx.se/libcurl/ - - All the various bindings to libcurl are made by other projects and people, - outside of the cURL project. The cURL project itself only produces libcurl - with its plain C API. If you don't find anywhere else to ask you can ask - about bindings on the curl-library list too, but be prepared that people on - that list may not know anything about bindings. - - In October 2009, there were interfaces available for the following - languages: Ada95, Basic, C, C++, Ch, Cocoa, D, Dylan, Eiffel, Euphoria, - Ferite, Gambas, glib/GTK+, Haskell, ILE/RPG, Java, Lisp, Lua, Mono, .NET, - Object-Pascal, O'Caml, Pascal, Perl, PHP, PostgreSQL, Python, R, Rexx, Ruby, - Scheme, S-Lang, Smalltalk, SP-Forth, SPL, Tcl, Visual Basic, Visual FoxPro, - Q, wxwidgets and XBLite. By the time you read this, additional ones may have - appeared! - - 3.10 What about SOAP, WebDAV, XML-RPC or similar protocols over HTTP? - - Curl adheres to the HTTP spec, which basically means you can play with *any* - protocol that is built on top of HTTP. Protocols such as SOAP, WEBDAV and - XML-RPC are all such ones. You can use -X to set custom requests and -H to - set custom headers (or replace internally generated ones). - - Using libcurl is of course just as good and you'd just use the proper - library options to do the same. - - 3.11 How do I POST with a different Content-Type? - - You can always replace the internally generated headers with -H/--header. - To make a simple HTTP POST with text/xml as content-type, do something like: - - curl -d "datatopost" -H "Content-Type: text/xml" [URL] - - 3.12 Why do FTP specific features over HTTP proxy fail? - - Because when you use a HTTP proxy, the protocol spoken on the network will - be HTTP, even if you specify a FTP URL. This effectively means that you - normally can't use FTP specific features such as FTP upload and FTP quote - etc. - - There is one exception to this rule, and that is if you can "tunnel through" - the given HTTP proxy. Proxy tunneling is enabled with a special option (-p) - and is generally not available as proxy admins usually disable tunneling to - ports other than 443 (which is used for HTTPS access through proxies). - - 3.13 Why does my single/double quotes fail? - - To specify a command line option that includes spaces, you might need to - put the entire option within quotes. Like in: - - curl -d " with spaces " url.com - - or perhaps - - curl -d ' with spaces ' url.com - - Exactly what kind of quotes and how to do this is entirely up to the shell - or command line interpreter that you are using. For most unix shells, you - can more or less pick either single (') or double (") quotes. For - Windows/DOS prompts I believe you're forced to use double (") quotes. - - Please study the documentation for your particular environment. Examples in - the curl docs will use a mix of both of these as shown above. You must - adjust them to work in your environment. - - Remember that curl works and runs on more operating systems than most single - individuals have ever tried. - - 3.14 Does curl support Javascript or PAC (automated proxy config)? - - Many web pages do magic stuff using embedded Javascript. Curl and libcurl - have no built-in support for that, so it will be treated just like any other - contents. - - .pac files are a netscape invention and are sometimes used by organizations - to allow them to differentiate which proxies to use. The .pac contents is - just a Javascript program that gets invoked by the browser and that returns - the name of the proxy to connect to. Since curl doesn't support Javascript, - it can't support .pac proxy configuration either. - - Some workarounds usually suggested to overcome this Javascript dependency: - - Depending on the Javascript complexity, write up a script that translates it - to another language and execute that. - - Read the Javascript code and rewrite the same logic in another language. - - Implement a Javascript interpreter, people have successfully used the - Mozilla Javascript engine in the past. - - Ask your admins to stop this, for a static proxy setup or similar. - - 3.15 Can I do recursive fetches with curl? - - No. curl itself has no code that performs recursive operations, such as - those performed by wget and similar tools. - - There exists wrapper scripts with that functionality (for example the - curlmirror perl script), and you can write programs based on libcurl to do - it, but the command line tool curl itself cannot. - - 3.16 What certificates do I need when I use SSL? - - There are three different kinds of "certificates" to keep track of when we - talk about using SSL-based protocols (HTTPS or FTPS) using curl or libcurl. - - CLIENT CERTIFICATE - - The server you communicate with may require that you can provide this in - order to prove that you actually are who you claim to be. If the server - doesn't require this, you don't need a client certificate. - - A client certificate is always used together with a private key, and the - private key has a pass phrase that protects it. - - SERVER CERTIFICATE - - The server you communicate with has a server certificate. You can and should - verify this certificate to make sure that you are truly talking to the real - server and not a server impersonating it. - - CERTIFICATE AUTHORITY CERTIFICATE ("CA cert") - - You often have several CA certs in a CA cert bundle that can be used to - verify a server certificate that was signed by one of the authorities in the - bundle. curl does not come with a CA cert bundle but most curl installs - provide one. You can also override the default. - - The server certificate verification process is made by using a Certificate - Authority certificate ("CA cert") that was used to sign the server - certificate. Server certificate verification is enabled by default in curl - and libcurl and is often the reason for problems as explained in FAQ entry - 4.12 and the SSLCERTS document - (https://curl.haxx.se/docs/sslcerts.html). Server certificates that are - "self-signed" or otherwise signed by a CA that you do not have a CA cert - for, cannot be verified. If the verification during a connect fails, you are - refused access. You then need to explicitly disable the verification to - connect to the server. - - 3.17 How do I list the root dir of an FTP server? - - There are two ways. The way defined in the RFC is to use an encoded slash - in the first path part. List the "/tmp" dir like this: - - curl ftp://ftp.sunet.se/%2ftmp/ - - or the not-quite-kosher-but-more-readable way, by simply starting the path - section of the URL with a slash: - - curl ftp://ftp.sunet.se//tmp/ - - 3.18 Can I use curl to send a POST/PUT and not wait for a response? - - No. - - But you could easily write your own program using libcurl to do such stunts. - - 3.19 How do I get HTTP from a host using a specific IP address? - - For example, you may be trying out a web site installation that isn't yet in - the DNS. Or you have a site using multiple IP addresses for a given host - name and you want to address a specific one out of the set. - - Set a custom Host: header that identifies the server name you want to reach - but use the target IP address in the URL: - - curl --header "Host: www.example.com" http://127.0.0.1/ - - You can also opt to add faked host name entries to curl with the --resolve - option. That has the added benefit that things like redirects will also work - properly. The above operation would instead be done as: - - curl --resolve www.example.com:80:127.0.0.1 http://www.example.com/ - - 3.20 How to SFTP from my user's home directory? - - Contrary to how FTP works, SFTP and SCP URLs specify the exact directory to - work with. It means that if you don't specify that you want the user's home - directory, you get the actual root directory. - - To specify a file in your user's home directory, you need to use the correct - URL syntax which for sftp might look similar to: - - curl -O -u user:password sftp://example.com/~/file.txt - - and for SCP it is just a different protocol prefix: - - curl -O -u user:password scp://example.com/~/file.txt - - 3.21 Protocol xxx not supported or disabled in libcurl - - When passing on a URL to curl to use, it may respond that the particular - protocol is not supported or disabled. The particular way this error message - is phrased is because curl doesn't make a distinction internally of whether - a particular protocol is not supported (i.e. never got any code added that - knows how to speak that protocol) or if it was explicitly disabled. curl can - be built to only support a given set of protocols, and the rest would then - be disabled or not supported. - - Note that this error will also occur if you pass a wrongly spelled protocol - part as in "htpt://example.com" or as in the less evident case if you prefix - the protocol part with a space as in " http://example.com/". - - 3.22 curl -X gives me HTTP problems - - In normal circumstances, -X should hardly ever be used. - - By default you use curl without explicitly saying which request method to - use when the URL identifies a HTTP transfer. If you just pass in a URL like - "curl http://example.com" it will use GET. If you use -d or -F curl will use - POST, -I will cause a HEAD and -T will make it a PUT. - - If for whatever reason you're not happy with these default choices that curl - does for you, you can override those request methods by specifying -X - [WHATEVER]. This way you can for example send a DELETE by doing "curl -X - DELETE [URL]". - - It is thus pointless to do "curl -XGET [URL]" as GET would be used - anyway. In the same vein it is pointless to do "curl -X POST -d data - [URL]"... But you can make a fun and somewhat rare request that sends a - request-body in a GET request with something like "curl -X GET -d data - [URL]" - - Note that -X doesn't actually change curl's behavior as it only modifies the - actual string sent in the request, but that may of course trigger a - different set of events. - - Accordingly, by using -XPOST on a command line that for example would follow - a 303 redirect, you will effectively prevent curl from behaving - correctly. Be aware. - - -4. Running Problems - - 4.1 Problems connecting to SSL servers. - - It took a very long time before we could sort out why curl had problems to - connect to certain SSL servers when using SSLeay or OpenSSL v0.9+. The - error sometimes showed up similar to: - - 16570:error:1407D071:SSL routines:SSL2_READ:bad mac decode:s2_pkt.c:233: - - It turned out to be because many older SSL servers don't deal with SSLv3 - requests properly. To correct this problem, tell curl to select SSLv2 from - the command line (-2/--sslv2). - - There have also been examples where the remote server didn't like the SSLv2 - request and instead you had to force curl to use SSLv3 with -3/--sslv3. - - 4.2 Why do I get problems when I use & or % in the URL? - - In general unix shells, the & symbol is treated specially and when used, it - runs the specified command in the background. To safely send the & as a part - of a URL, you should quote the entire URL by using single (') or double (") - quotes around it. Similar problems can also occur on some shells with other - characters, including ?*!$~(){}<>\|;`. When in doubt, quote the URL. - - An example that would invoke a remote CGI that uses &-symbols could be: - - curl 'http://www.altavista.com/cgi-bin/query?text=yes&q=curl' - - In Windows, the standard DOS shell treats the percent sign specially and you - need to use TWO percent signs for each single one you want to use in the - URL. - - If you want a literal percent sign to be part of the data you pass in a POST - using -d/--data you must encode it as '%25' (which then also needs the - percent sign doubled on Windows machines). - - 4.3 How can I use {, }, [ or ] to specify multiple URLs? - - Because those letters have a special meaning to the shell, to be used in - a URL specified to curl you must quote them. - - An example that downloads two URLs (sequentially) would be: - - curl '{curl,www}.haxx.se' - - To be able to use those characters as actual parts of the URL (without using - them for the curl URL "globbing" system), use the -g/--globoff option: - - curl -g 'www.site.com/weirdname[].html' - - 4.4 Why do I get downloaded data even though the web page doesn't exist? - - Curl asks remote servers for the page you specify. If the page doesn't exist - at the server, the HTTP protocol defines how the server should respond and - that means that headers and a "page" will be returned. That's simply how - HTTP works. - - By using the --fail option you can tell curl explicitly to not get any data - if the HTTP return code doesn't say success. - - 4.5 Why do I get return code XXX from a HTTP server? - - RFC2616 clearly explains the return codes. This is a short transcript. Go - read the RFC for exact details: - - 4.5.1 "400 Bad Request" - - The request could not be understood by the server due to malformed - syntax. The client SHOULD NOT repeat the request without modifications. - - 4.5.2 "401 Unauthorized" - - The request requires user authentication. - - 4.5.3 "403 Forbidden" - - The server understood the request, but is refusing to fulfil it. - Authorization will not help and the request SHOULD NOT be repeated. - - 4.5.4 "404 Not Found" - - The server has not found anything matching the Request-URI. No indication - is given of whether the condition is temporary or permanent. - - 4.5.5 "405 Method Not Allowed" - - The method specified in the Request-Line is not allowed for the resource - identified by the Request-URI. The response MUST include an Allow header - containing a list of valid methods for the requested resource. - - 4.5.6 "301 Moved Permanently" - - If you get this return code and an HTML output similar to this: - -

Moved Permanently

The document has moved here. - - it might be because you request a directory URL but without the trailing - slash. Try the same operation again _with_ the trailing URL, or use the - -L/--location option to follow the redirection. - - 4.6 Can you tell me what error code 142 means? - - All curl error codes are described at the end of the man page, in the - section called "EXIT CODES". - - Error codes that are larger than the highest documented error code means - that curl has exited due to a crash. This is a serious error, and we - appreciate a detailed bug report from you that describes how we could go - ahead and repeat this! - - 4.7 How do I keep user names and passwords secret in Curl command lines? - - This problem has two sides: - - The first part is to avoid having clear-text passwords in the command line - so that they don't appear in 'ps' outputs and similar. That is easily - avoided by using the "-K" option to tell curl to read parameters from a file - or stdin to which you can pass the secret info. curl itself will also - attempt to "hide" the given password by blanking out the option - this - doesn't work on all platforms. - - To keep the passwords in your account secret from the rest of the world is - not a task that curl addresses. You could of course encrypt them somehow to - at least hide them from being read by human eyes, but that is not what - anyone would call security. - - Also note that regular HTTP (using Basic authentication) and FTP passwords - are sent in clear across the network. All it takes for anyone to fetch them - is to listen on the network. Eavesdropping is very easy. Use more secure - authentication methods (like Digest, Negotiate or even NTLM) or consider the - SSL-based alternatives HTTPS and FTPS. - - 4.8 I found a bug! - - It is not a bug if the behavior is documented. Read the docs first. - Especially check out the KNOWN_BUGS file, it may be a documented bug! - - If it is a problem with a binary you've downloaded or a package for your - particular platform, try contacting the person who built the package/archive - you have. - - If there is a bug, read the BUGS document first. Then report it as described - in there. - - 4.9 Curl can't authenticate to the server that requires NTLM? - - NTLM support requires OpenSSL, GnuTLS, mbedTLS, NSS, Secure Transport, or - Microsoft Windows libraries at build-time to provide this functionality. - - NTLM is a Microsoft proprietary protocol. Proprietary formats are evil. You - should not use such ones. - - 4.10 My HTTP request using HEAD, PUT or DELETE doesn't work! - - Many web servers allow or demand that the administrator configures the - server properly for these requests to work on the web server. - - Some servers seem to support HEAD only on certain kinds of URLs. - - To fully grasp this, try the documentation for the particular server - software you're trying to interact with. This is not anything curl can do - anything about. - - 4.11 Why does my HTTP range requests return the full document? - - Because the range may not be supported by the server, or the server may - choose to ignore it and return the full document anyway. - - 4.12 Why do I get "certificate verify failed" ? - - You invoke curl 7.10 or later to communicate on a https:// URL and get an - error back looking something similar to this: - - curl: (35) SSL: error:14090086:SSL routines: - SSL3_GET_SERVER_CERTIFICATE:certificate verify failed - - Then it means that curl couldn't verify that the server's certificate was - good. Curl verifies the certificate using the CA cert bundle that comes with - the curl installation. - - To disable the verification (which makes it act like curl did before 7.10), - use -k. This does however enable man-in-the-middle attacks. - - If you get this failure but are having a CA cert bundle installed and used, - the server's certificate is not signed by one of the CA's in the bundle. It - might for example be self-signed. You then correct this problem by obtaining - a valid CA cert for the server. Or again, decrease the security by disabling - this check. - - Details are also in the SSLCERTS file in the release archives, found online - here: https://curl.haxx.se/docs/sslcerts.html - - 4.13 Why is curl -R on Windows one hour off? - - Since curl 7.53.0 this issue should be fixed as long as curl was built with - any modern compiler that allows for a 64-bit curl_off_t type. For older - compilers or prior curl versions it may set a time that appears one hour off. - This happens due to a flaw in how Windows stores and uses file modification - times and it is not easily worked around. For more details read this: - http://www.codeproject.com/datetime/dstbugs.asp - - 4.14 Redirects work in browser but not with curl! - - curl supports HTTP redirects well (see item 3.8). Browsers generally support - at least two other ways to perform redirects that curl does not: - - Meta tags. You can write a HTML tag that will cause the browser to redirect - to another given URL after a certain time. - - Javascript. You can write a Javascript program embedded in a HTML page that - redirects the browser to another given URL. - - There is no way to make curl follow these redirects. You must either - manually figure out what the page is set to do, or you write a script that - parses the results and fetches the new URL. - - 4.15 FTPS doesn't work - - curl supports FTPS (sometimes known as FTP-SSL) both implicit and explicit - mode. - - When a URL is used that starts with FTPS://, curl assumes implicit SSL on - the control connection and will therefore immediately connect and try to - speak SSL. FTPS:// connections default to port 990. - - To use explicit FTPS, you use a FTP:// URL and the --ftp-ssl option (or one - of its related flavours). This is the most common method, and the one - mandated by RFC4217. This kind of connection will then of course use the - standard FTP port 21 by default. - - 4.16 My HTTP POST or PUT requests are slow! - - libcurl makes all POST and PUT requests (except for POST requests with a - very tiny request body) use the "Expect: 100-continue" header. This header - allows the server to deny the operation early so that libcurl can bail out - before having to send any data. This is useful in authentication - cases and others. - - However, many servers don't implement the Expect: stuff properly and if the - server doesn't respond (positively) within 1 second libcurl will continue - and send off the data anyway. - - You can disable libcurl's use of the Expect: header the same way you disable - any header, using -H / CURLOPT_HTTPHEADER, or by forcing it to use HTTP 1.0. - - 4.17 Non-functional connect timeouts - - In most Windows setups having a timeout longer than 21 seconds make no - difference, as it will only send 3 TCP SYN packets and no more. The second - packet sent three seconds after the first and the third six seconds after - the second. No more than three packets are sent, no matter how long the - timeout is set. - - See option TcpMaxConnectRetransmissions on this page: - https://support.microsoft.com/en-us/kb/175523/en-us - - Also, even on non-Windows systems there may run a firewall or anti-virus - software or similar that accepts the connection but does not actually do - anything else. This will make (lib)curl to consider the connection connected - and thus the connect timeout won't trigger. - - 4.18 file:// URLs containing drive letters (Windows, NetWare) - - When using curl to try to download a local file, one might use a URL - in this format: - - file://D:/blah.txt - - You'll find that even if D:\blah.txt does exist, curl returns a 'file - not found' error. - - According to RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt), - file:// URLs must contain a host component, but it is ignored by - most implementations. In the above example, 'D:' is treated as the - host component, and is taken away. Thus, curl tries to open '/blah.txt'. - If your system is installed to drive C:, that will resolve to 'C:\blah.txt', - and if that doesn't exist you will get the not found error. - - To fix this problem, use file:// URLs with *three* leading slashes: - - file:///D:/blah.txt - - Alternatively, if it makes more sense, specify 'localhost' as the host - component: - - file://localhost/D:/blah.txt - - In either case, curl should now be looking for the correct file. - - 4.19 Why doesn't curl return an error when the network cable is unplugged? - - Unplugging a cable is not an error situation. The TCP/IP protocol stack - was designed to be fault tolerant, so even though there may be a physical - break somewhere the connection shouldn't be affected, just possibly - delayed. Eventually, the physical break will be fixed or the data will be - re-routed around the physical problem through another path. - - In such cases, the TCP/IP stack is responsible for detecting when the - network connection is irrevocably lost. Since with some protocols it is - perfectly legal for the client to wait indefinitely for data, the stack may - never report a problem, and even when it does, it can take up to 20 minutes - for it to detect an issue. The curl option --keepalive-time enables - keep-alive support in the TCP/IP stack which makes it periodically probe the - connection to make sure it is still available to send data. That should - reliably detect any TCP/IP network failure. - - But even that won't detect the network going down before the TCP/IP - connection is established (e.g. during a DNS lookup) or using protocols that - don't use TCP. To handle those situations, curl offers a number of timeouts - on its own. --speed-limit/--speed-time will abort if the data transfer rate - falls too low, and --connect-timeout and --max-time can be used to put an - overall timeout on the connection phase or the entire transfer. - - A libcurl-using application running in a known physical environment (e.g. - an embedded device with only a single network connection) may want to act - immediately if its lone network connection goes down. That can be achieved - by having the application monitor the network connection on its own using an - OS-specific mechanism, then signalling libcurl to abort (see also item 5.13). - - 4.20 curl doesn't return error for HTTP non-200 responses! - - Correct. Unless you use -f (--fail). - - When doing HTTP transfers, curl will perform exactly what you're asking it - to do and if successful it will not return an error. You can use curl to - test your web server's "file not found" page (that gets 404 back), you can - use it to check your authentication protected web pages (that gets a 401 - back) and so on. - - The specific HTTP response code does not constitute a problem or error for - curl. It simply sends and delivers HTTP as you asked and if that worked, - everything is fine and dandy. The response code is generally providing more - higher level error information that curl doesn't care about. The error was - not in the HTTP transfer. - - If you want your command line to treat error codes in the 400 and up range - as errors and thus return a non-zero value and possibly show an error - message, curl has a dedicated option for that: -f (CURLOPT_FAILONERROR in - libcurl speak). - - You can also use the -w option and the variable %{response_code} to extract - the exact response code that was returned in the response. - - 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? - - If you use verbose to see the HTTP request when you send off a HTTP/2 - request, it will still say 1.1. - - The reason for this is that we first generate the request to send using the - old 1.1 style and show that request in the verbose output, and then we - convert it over to the binary header-compressed HTTP/2 style. The actual - "1.1" part from that request is then not actually used in the transfer. - The binary HTTP/2 headers are not human readable. - -5. libcurl Issues - - 5.1 Is libcurl thread-safe? - - Yes. - - We have written the libcurl code specifically adjusted for multi-threaded - programs. libcurl will use thread-safe functions instead of non-safe ones if - your system has such. Note that you must never share the same handle in - multiple threads. - - There may be some exceptions to thread safety depending on how libcurl was - built. Please review the guidelines for thread safety to learn more: - https://curl.haxx.se/libcurl/c/threadsafe.html - - 5.2 How can I receive all data into a large memory chunk? - - [ See also the examples/getinmemory.c source ] - - You are in full control of the callback function that gets called every time - there is data received from the remote server. You can make that callback do - whatever you want. You do not have to write the received data to a file. - - One solution to this problem could be to have a pointer to a struct that you - pass to the callback function. You set the pointer using the - CURLOPT_WRITEDATA option. Then that pointer will be passed to the callback - instead of a FILE * to a file: - - /* imaginary struct */ - struct MemoryStruct { - char *memory; - size_t size; - }; - - /* imaginary callback function */ - size_t - WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data) - { - size_t realsize = size * nmemb; - struct MemoryStruct *mem = (struct MemoryStruct *)data; - - mem->memory = (char *)realloc(mem->memory, mem->size + realsize + 1); - if (mem->memory) { - memcpy(&(mem->memory[mem->size]), ptr, realsize); - mem->size += realsize; - mem->memory[mem->size] = 0; - } - return realsize; - } - - 5.3 How do I fetch multiple files with libcurl? - - libcurl has excellent support for transferring multiple files. You should - just repeatedly set new URLs with curl_easy_setopt() and then transfer it - with curl_easy_perform(). The handle you get from curl_easy_init() is not - only reusable, but you're even encouraged to reuse it if you can, as that - will enable libcurl to use persistent connections. - - 5.4 Does libcurl do Winsock initialization on win32 systems? - - Yes, if told to in the curl_global_init() call. - - 5.5 Does CURLOPT_WRITEDATA and CURLOPT_READDATA work on win32 ? - - Yes, but you cannot open a FILE * and pass the pointer to a DLL and have - that DLL use the FILE * (as the DLL and the client application cannot access - each others' variable memory areas). If you set CURLOPT_WRITEDATA you must - also use CURLOPT_WRITEFUNCTION as well to set a function that writes the - file, even if that simply writes the data to the specified FILE *. - Similarly, if you use CURLOPT_READDATA you must also specify - CURLOPT_READFUNCTION. - - 5.6 What about Keep-Alive or persistent connections? - - curl and libcurl have excellent support for persistent connections when - transferring several files from the same server. Curl will attempt to reuse - connections for all URLs specified on the same command line/config file, and - libcurl will reuse connections for all transfers that are made using the - same libcurl handle. - - When you use the easy interface the connection cache is kept within the easy - handle. If you instead use the multi interface, the connection cache will be - kept within the multi handle and will be shared among all the easy handles - that are used within the same multi handle. - - 5.7 Link errors when building libcurl on Windows! - - You need to make sure that your project, and all the libraries (both static - and dynamic) that it links against, are compiled/linked against the same run - time library. - - This is determined by the /MD, /ML, /MT (and their corresponding /M?d) - options to the command line compiler. /MD (linking against MSVCRT dll) seems - to be the most commonly used option. - - When building an application that uses the static libcurl library, you must - add -DCURL_STATICLIB to your CFLAGS. Otherwise the linker will look for - dynamic import symbols. If you're using Visual Studio, you need to instead - add CURL_STATICLIB in the "Preprocessor Definitions" section. - - If you get linker error like "unknown symbol __imp__curl_easy_init ..." you - have linked against the wrong (static) library. If you want to use the - libcurl.dll and import lib, you don't need any extra CFLAGS, but use one of - the import libraries below. These are the libraries produced by the various - lib/Makefile.* files: - - Target: static lib. import lib for libcurl*.dll. - ----------------------------------------------------------- - MingW: libcurl.a libcurldll.a - MSVC (release): libcurl.lib libcurl_imp.lib - MSVC (debug): libcurld.lib libcurld_imp.lib - Borland: libcurl.lib libcurl_imp.lib - - 5.8 libcurl.so.X: open failed: No such file or directory - - This is an error message you might get when you try to run a program linked - with a shared version of libcurl and your run-time linker (ld.so) couldn't - find the shared library named libcurl.so.X. (Where X is the number of the - current libcurl ABI, typically 3 or 4). - - You need to make sure that ld.so finds libcurl.so.X. You can do that - multiple ways, and it differs somewhat between different operating systems, - but they are usually: - - * Add an option to the linker command line that specify the hard-coded path - the run-time linker should check for the lib (usually -R) - - * Set an environment variable (LD_LIBRARY_PATH for example) where ld.so - should check for libs - - * Adjust the system's config to check for libs in the directory where you've - put the dir (like Linux's /etc/ld.so.conf) - - 'man ld.so' and 'man ld' will tell you more details - - 5.9 How does libcurl resolve host names? - - libcurl supports a large a number of different name resolve functions. One - of them is picked at build-time and will be used unconditionally. Thus, if - you want to change name resolver function you must rebuild libcurl and tell - it to use a different function. - - - The non-IPv6 resolver that can use one of four different host name resolve - calls (depending on what your system supports): - - A - gethostbyname() - B - gethostbyname_r() with 3 arguments - C - gethostbyname_r() with 5 arguments - D - gethostbyname_r() with 6 arguments - - - The IPv6-resolver that uses getaddrinfo() - - - The c-ares based name resolver that uses the c-ares library for resolves. - Using this offers asynchronous name resolves. - - - The threaded resolver (default option on Windows). It uses: - - A - gethostbyname() on plain IPv4 hosts - B - getaddrinfo() on IPv6 enabled hosts - - Also note that libcurl never resolves or reverse-lookups addresses given as - pure numbers, such as 127.0.0.1 or ::1. - - 5.10 How do I prevent libcurl from writing the response to stdout? - - libcurl provides a default built-in write function that writes received data - to stdout. Set the CURLOPT_WRITEFUNCTION to receive the data, or possibly - set CURLOPT_WRITEDATA to a different FILE * handle. - - 5.11 How do I make libcurl not receive the whole HTTP response? - - You make the write callback (or progress callback) return an error and - libcurl will then abort the transfer. - - 5.12 Can I make libcurl fake or hide my real IP address? - - No. libcurl operates on a higher level. Besides, faking IP address would - imply sending IP packets with a made-up source address, and then you normally - get a problem with receiving the packet sent back as they would then not be - routed to you! - - If you use a proxy to access remote sites, the sites will not see your local - IP address but instead the address of the proxy. - - Also note that on many networks NATs or other IP-munging techniques are used - that makes you see and use a different IP address locally than what the - remote server will see you coming from. You may also consider using - https://www.torproject.org/ . - - 5.13 How do I stop an ongoing transfer? - - With the easy interface you make sure to return the correct error code from - one of the callbacks, but none of them are instant. There is no function you - can call from another thread or similar that will stop it immediately. - Instead, you need to make sure that one of the callbacks you use returns an - appropriate value that will stop the transfer. Suitable callbacks that you - can do this with include the progress callback, the read callback and the - write callback. - - If you're using the multi interface, you can also stop a transfer by - removing the particular easy handle from the multi stack at any moment you - think the transfer is done or when you wish to abort the transfer. - - 5.14 Using C++ non-static functions for callbacks? - - libcurl is a C library, it doesn't know anything about C++ member functions. - - You can overcome this "limitation" with relative ease using a static - member function that is passed a pointer to the class: - - // f is the pointer to your object. - static size_t YourClass::func(void *buffer, size_t sz, size_t n, void *f) - { - // Call non-static member function. - static_cast(f)->nonStaticFunction(); - } - - // This is how you pass pointer to the static function: - curl_easy_setopt(hcurl, CURLOPT_WRITEFUNCTION, YourClass::func); - curl_easy_setopt(hcurl, CURLOPT_WRITEDATA, this); - - 5.15 How do I get an FTP directory listing? - - If you end the FTP URL you request with a slash, libcurl will provide you - with a directory listing of that given directory. You can also set - CURLOPT_CUSTOMREQUEST to alter what exact listing command libcurl would use - to list the files. - - The follow-up question tends to be how is a program supposed to parse the - directory listing. How does it know what's a file and what's a dir and what's - a symlink etc. If the FTP server supports the MLSD command then it will - return data in a machine-readable format that can be parsed for type. The - types are specified by RFC3659 section 7.5.1. If MLSD is not supported then - you have to work with what you're given. The LIST output format is entirely - at the server's own liking and the NLST output doesn't reveal any types and - in many cases doesn't even include all the directory entries. Also, both LIST - and NLST tend to hide unix-style hidden files (those that start with a dot) - by default so you need to do "LIST -a" or similar to see them. - - Example - List only directories. - ftp.funet.fi supports MLSD and ftp.kernel.org does not: - - curl -s ftp.funet.fi/pub/ -X MLSD | \ - perl -lne 'print if s/(?:^|;)type=dir;[^ ]+ (.+)$/$1/' - - curl -s ftp.kernel.org/pub/linux/kernel/ | \ - perl -lne 'print if s/^d[-rwx]{9}(?: +[^ ]+){7} (.+)$/$1/' - - If you need to parse LIST output in libcurl one such existing - list parser is available at https://cr.yp.to/ftpparse.html Versions of - libcurl since 7.21.0 also provide the ability to specify a wildcard to - download multiple files from one FTP directory. - - 5.16 I want a different time-out! - - Time and time again users realize that CURLOPT_TIMEOUT and - CURLOPT_CONNECTIMEOUT are not sufficiently advanced or flexible to cover all - the various use cases and scenarios applications end up with. - - libcurl offers many more ways to time-out operations. A common alternative - is to use the CURLOPT_LOW_SPEED_LIMIT and CURLOPT_LOW_SPEED_TIME options to - specify the lowest possible speed to accept before to consider the transfer - timed out. - - The most flexible way is by writing your own time-out logic and using - CURLOPT_PROGRESSFUNCTION (perhaps in combination with other callbacks) and - use that to figure out exactly when the right condition is met when the - transfer should get stopped. - - 5.17 Can I write a server with libcurl? - - No. libcurl offers no functions or building blocks to build any kind of - internet protocol server. libcurl is only a client-side library. For server - libraries, you need to continue your search elsewhere but there exist many - good open source ones out there for most protocols you could possibly want a - server for. And there are really good stand-alone ones that have been tested - and proven for many years. There's no need for you to reinvent them! - - 5.18 Does libcurl use threads? - - Put simply: no, libcurl will execute in the same thread you call it in. All - callbacks will be called in the same thread as the one you call libcurl in. - - If you want to avoid your thread to be blocked by the libcurl call, you make - sure you use the non-blocking API which will do transfers asynchronously - - but still in the same single thread. - - libcurl will potentially internally use threads for name resolving, if it - was built to work like that, but in those cases it'll create the child - threads by itself and they will only be used and then killed internally by - libcurl and never exposed to the outside. - -6. License Issues - - Curl and libcurl are released under a MIT/X derivate license. The license is - very liberal and should not impose a problem for your project. This section - is just a brief summary for the cases we get the most questions. (Parts of - this section was much enhanced by Bjorn Reese.) - - We are not lawyers and this is not legal advice. You should probably consult - one if you want true and accurate legal insights without our prejudice. Note - especially that this section concerns the libcurl license only; compiling in - features of libcurl that depend on other libraries (e.g. OpenSSL) may affect - the licensing obligations of your application. - - 6.1 I have a GPL program, can I use the libcurl library? - - Yes! - - Since libcurl may be distributed under the MIT/X derivate license, it can be - used together with GPL in any software. - - 6.2 I have a closed-source program, can I use the libcurl library? - - Yes! - - libcurl does not put any restrictions on the program that uses the library. - - 6.3 I have a BSD licensed program, can I use the libcurl library? - - Yes! - - libcurl does not put any restrictions on the program that uses the library. - - 6.4 I have a program that uses LGPL libraries, can I use libcurl? - - Yes! - - The LGPL license doesn't clash with other licenses. - - 6.5 Can I modify curl/libcurl for my program and keep the changes secret? - - Yes! - - The MIT/X derivate license practically allows you to do almost anything with - the sources, on the condition that the copyright texts in the sources are - left intact. - - 6.6 Can you please change the curl/libcurl license to XXXX? - - No. - - We have carefully picked this license after years of development and - discussions and a large amount of people have contributed with source code - knowing that this is the license we use. This license puts the restrictions - we want on curl/libcurl and it does not spread to other programs or - libraries that use it. It should be possible for everyone to use libcurl or - curl in their projects, no matter what license they already have in use. - - 6.7 What are my obligations when using libcurl in my commercial apps? - - Next to none. All you need to adhere to is the MIT-style license (stated in - the COPYING file) which basically says you have to include the copyright - notice in "all copies" and that you may not use the copyright holder's name - when promoting your software. - - You do not have to release any of your source code. - - You do not have to reveal or make public any changes to the libcurl source - code. - - You do not have to broadcast to the world that you are using libcurl within - your app. - - All we ask is that you disclose "the copyright notice and this permission - notice" somewhere. Most probably like in the documentation or in the section - where other third party dependencies already are mentioned and acknowledged. - - As can be seen here: https://curl.haxx.se/docs/companies.html and elsewhere, - more and more companies are discovering the power of libcurl and take - advantage of it even in commercial environments. - - -7. PHP/CURL Issues - - 7.1 What is PHP/CURL? - - The module for PHP that makes it possible for PHP programs to access curl- - functions from within PHP. - - In the cURL project we call this module PHP/CURL to differentiate it from - curl the command line tool and libcurl the library. The PHP team however - does not refer to it like this (for unknown reasons). They call it plain - CURL (often using all caps) or sometimes ext/curl, but both cause much - confusion to users which in turn gives us a higher question load. - - 7.2 Who wrote PHP/CURL? - - PHP/CURL was initially written by Sterling Hughes. - - 7.3 Can I perform multiple requests using the same handle? - - Yes - at least in PHP version 4.3.8 and later (this has been known to not - work in earlier versions, but the exact version when it started to work is - unknown to me). - - After a transfer, you just set new options in the handle and make another - transfer. This will make libcurl re-use the same connection if it can. - - 7.4 Does PHP/CURL have dependencies? - - PHP/CURL is a module that comes with the regular PHP package. It depends on - and uses libcurl, so you need to have libcurl installed properly before - PHP/CURL can be used. DELETED scriptlibs/softwareupdate/curl/docs/FEATURES.txt Index: scriptlibs/softwareupdate/curl/docs/FEATURES.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/FEATURES.txt +++ scriptlibs/softwareupdate/curl/docs/FEATURES.txt @@ -1,206 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -FEATURES - -curl tool - - config file support - - multiple URLs in a single command line - - range "globbing" support: [0-13], {one,two,three} - - multiple file upload on a single command line - - custom maximum transfer rate - - redirectable stderr - - metalink support (*13) - -libcurl - - full URL syntax with no length limit - - custom maximum download time - - custom least download speed acceptable - - custom output result after completion - - guesses protocol from host name unless specified - - uses .netrc - - progress bar with time statistics while downloading - - "standard" proxy environment variables support - - compiles on win32 (reported builds on 40+ operating systems) - - selectable network interface for outgoing traffic - - IPv6 support on unix and Windows - - persistent connections - - socks 4 + 5 support, with or without local name resolving - - supports user name and password in proxy environment variables - - operations through proxy "tunnel" (using CONNECT) - - support for large files (>2GB and >4GB) during upload and download - - replaceable memory functions (malloc, free, realloc, etc) - - asynchronous name resolving (*6) - - both a push and a pull style interface - - international domain names (*11) - -HTTP - - HTTP/1.1 compliant (optionally uses 1.0) - - GET - - PUT - - HEAD - - POST - - Pipelining - - multipart formpost (RFC1867-style) - - authentication: Basic, Digest, NTLM (*9) and Negotiate (SPNEGO) (*3) - to server and proxy - - resume (both GET and PUT) - - follow redirects - - maximum amount of redirects to follow - - custom HTTP request - - cookie get/send fully parsed - - reads/writes the netscape cookie file format - - custom headers (replace/remove internally generated headers) - - custom user-agent string - - custom referrer string - - range - - proxy authentication - - time conditions - - via http-proxy - - retrieve file modification date - - Content-Encoding support for deflate and gzip - - "Transfer-Encoding: chunked" support in uploads - - data compression (*12) - - HTTP/2 (*5) - -HTTPS (*1) - - (all the HTTP features) - - using client certificates - - verify server certificate - - via http-proxy - - select desired encryption - - force usage of a specific SSL version (SSLv2 (*7), SSLv3 (*10) or TLSv1) - -FTP - - download - - authentication - - Kerberos 5 (*14) - - active/passive using PORT, EPRT, PASV or EPSV - - single file size information (compare to HTTP HEAD) - - 'type=' URL support - - dir listing - - dir listing names-only - - upload - - upload append - - upload via http-proxy as HTTP PUT - - download resume - - upload resume - - custom ftp commands (before and/or after the transfer) - - simple "range" support - - via http-proxy - - all operations can be tunneled through a http-proxy - - customizable to retrieve file modification date - - no dir depth limit - -FTPS (*1) - - implicit ftps:// support that use SSL on both connections - - explicit "AUTH TLS" and "AUTH SSL" usage to "upgrade" plain ftp:// - connection to use SSL for both or one of the connections - -SCP (*8) - - both password and public key auth - -SFTP (*8) - - both password and public key auth - - with custom commands sent before/after the transfer - -TFTP - - download - - upload - -TELNET - - connection negotiation - - custom telnet options - - stdin/stdout I/O - -LDAP (*2) - - full LDAP URL support - -DICT - - extended DICT URL support - -FILE - - URL support - - upload - - resume - -SMB - - SMBv1 over TCP and SSL - - download - - upload - - authentication with NTLMv1 - -SMTP - - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), Kerberos 5 - (*4) and External. - - send e-mails - - mail from support - - mail size support - - mail auth support for trusted server-to-server relaying - - multiple recipients - - via http-proxy - -SMTPS (*1) - - implicit smtps:// support - - explicit "STARTTLS" usage to "upgrade" plain smtp:// connections to use SSL - - via http-proxy - -POP3 - - authentication: Clear Text, APOP and SASL - - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), - Kerberos 5 (*4) and External. - - list e-mails - - retrieve e-mails - - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via - custom requests - - via http-proxy - -POP3S (*1) - - implicit pop3s:// support - - explicit "STLS" usage to "upgrade" plain pop3:// connections to use SSL - - via http-proxy - -IMAP - - authentication: Clear Text and SASL - - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), - Kerberos 5 (*4) and External. - - list the folders of a mailbox - - select a mailbox with support for verifying the UIDVALIDITY - - fetch e-mails with support for specifying the UID and SECTION - - upload e-mails via the append command - - enhanced command support for: EXAMINE, CREATE, DELETE, RENAME, STATUS, - STORE, COPY and UID via custom requests - - via http-proxy - -IMAPS (*1) - - implicit imaps:// support - - explicit "STARTTLS" usage to "upgrade" plain imap:// connections to use SSL - - via http-proxy - -FOOTNOTES -========= - - *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL, WinSSL (native - Windows), Secure Transport (native iOS/OS X) or GSKit (native IBM i) - *2 = requires OpenLDAP - *3 = requires a GSS-API implementation (such as Heimdal or MIT Kerberos) or - SSPI (native Windows) - *4 = requires a GSS-API implementation, however, only Windows SSPI is - currently supported - *5 = requires nghttp2 and possibly a recent TLS library - *6 = requires c-ares - *7 = requires OpenSSL, NSS, GSKit, WinSSL or Secure Transport; GnuTLS, for - example, only supports SSLv3 and TLSv1 - *8 = requires libssh2 - *9 = requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI - (native Windows) - *10 = requires any of the SSL libraries in (*1) above other than axTLS, which - does not support SSLv3 - *11 = requires libidn or Windows - *12 = requires libz - *13 = requires libmetalink, and either an Apple or Microsoft operating - system, or OpenSSL, or GnuTLS, or NSS - *14 = requires a GSS-API implementation (such as Heimdal or MIT Kerberos) DELETED scriptlibs/softwareupdate/curl/docs/HISTORY.md Index: scriptlibs/softwareupdate/curl/docs/HISTORY.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/HISTORY.md +++ scriptlibs/softwareupdate/curl/docs/HISTORY.md @@ -1,277 +0,0 @@ -How curl Became Like This -========================= - -Towards the end of 1996, Daniel Stenberg was spending time writing an IRC bot -for an Amiga related channel on EFnet. He then came up with the idea to make -currency-exchange calculations available to Internet Relay Chat (IRC) -users. All the necessary data were published on the Web; he just needed to -automate their retrieval. - -Daniel simply adopted an existing command-line open-source tool, httpget, that -Brazilian Rafael Sagula had written and recently released version 0.1 of. After -a few minor adjustments, it did just what he needed. - -1997 ----- - -HttpGet 1.0 was released on April 8th 1997 with brand new HTTP proxy support. - -We soon found and fixed support for getting currencies over GOPHER. Once FTP -download support was added, the name of the project was changed and urlget 2.0 -was released in August 1997. The http-only days were already passed. - -1998 ----- - -The project slowly grew bigger. When upload capabilities were added and the -name once again was misleading, a second name change was made and on March 20, -1998 curl 4 was released. (The version numbering from the previous names was -kept.) - -(Unrelated to this project a company called Curl Corporation registered a US -trademark on the name "CURL" on May 18 1998. That company had then already -registered the curl.com domain back in November of the previous year. All this -was revealed to us much later.) - -SSL support was added, powered by the SSLeay library. - -August: first announcement of curl on freshmeat.net. - -October: with the curl 4.9 release and the introduction of cookie support, -curl was no longer released under the GPL license. Now we're at 4000 lines of -code, we switched over to the MPL license to restrict the effects of -"copyleft". - -November: configure script and reported successful compiles on several -major operating systems. The never-quite-understood -F option was added and -curl could now simulate quite a lot of a browser. TELNET support was added. - -Curl 5 was released in December 1998 and introduced the first ever curl man -page. People started making Linux RPM packages out of it. - -1999 ----- - -January: DICT support added. - -OpenSSL took over and SSLeay was abandoned. - -May: first Debian package. - -August: LDAP:// and FILE:// support added. The curl web site gets 1300 visits -weekly. Moved site to curl.haxx.nu. - -September: Released curl 6.0. 15000 lines of code. - -December 28: added the project on Sourceforge and started using its services -for managing the project. - -2000 ----- - -Spring: major internal overhaul to provide a suitable library interface. -The first non-beta release was named 7.1 and arrived in August. This offered -the easy interface and turned out to be the beginning of actually getting -other software and programs to be based on and powered by libcurl. Almost -20000 lines of code. - -June: the curl site moves to "curl.haxx.se" - -August, the curl web site gets 4000 visits weekly. - -The PHP guys adopted libcurl already the same month, when the first ever third -party libcurl binding showed up. CURL has been a supported module in PHP since -the release of PHP 4.0.2. This would soon get followers. More than 16 -different bindings exist at the time of this writing. - -September: kerberos4 support was added. - -November: started the work on a test suite for curl. It was later re-written -from scratch again. The libcurl major SONAME number was set to 1. - -2001 ----- - -January: Daniel released curl 7.5.2 under a new license again: MIT (or -MPL). The MIT license is extremely liberal and can be combined with GPL -in other projects. This would finally put an end to the "complaints" from -people involved in GPLed projects that previously were prohibited from using -libcurl while it was released under MPL only. (Due to the fact that MPL is -deemed "GPL incompatible".) - -March 22: curl supports HTTP 1.1 starting with the release of 7.7. This -also introduced libcurl's ability to do persistent connections. 24000 lines of -code. The libcurl major SONAME number was bumped to 2 due to this overhaul. -The first experimental ftps:// support was added. - -August: curl is bundled in Mac OS X, 10.1. It was already becoming more and -more of a standard utility of Linux distributions and a regular in the BSD -ports collections. The curl web site gets 8000 visits weekly. Curl Corporation -contacted Daniel to discuss "the name issue". After Daniel's reply, they have -never since got back in touch again. - -September: libcurl 7.9 introduces cookie jar and curl_formadd(). During the -forthcoming 7.9.x releases, we introduced the multi interface slowly and -without many whistles. - -2002 ----- - -June: the curl web site gets 13000 visits weekly. curl and libcurl is -35000 lines of code. Reported successful compiles on more than 40 combinations -of CPUs and operating systems. - -To estimate number of users of the curl tool or libcurl library is next to -impossible. Around 5000 downloaded packages each week from the main site gives -a hint, but the packages are mirrored extensively, bundled with numerous OS -distributions and otherwise retrieved as part of other software. - -September: with the release of curl 7.10 it is released under the MIT license -only. - -2003 ----- - -January: Started working on the distributed curl tests. The autobuilds. - -February: the curl site averages at 20000 visits weekly. At any given moment, -there's an average of 3 people browsing the curl.haxx.se site. - -Multiple new authentication schemes are supported: Digest (May), NTLM (June) -and Negotiate (June). - -November: curl 7.10.8 is released. 45000 lines of code. ~55000 unique visitors -to the curl.haxx.se site. Five official web mirrors. - -December: full-fledged SSL for FTP is supported. - -2004 ----- - -January: curl 7.11.0 introduced large file support. - -June: curl 7.12.0 introduced IDN support. 10 official web mirrors. - -This release bumped the major SONAME to 3 due to the removal of the -curl_formparse() function - -August: Curl and libcurl 7.12.1 - - Public curl release number: 82 - Releases counted from the very beginning: 109 - Available command line options: 96 - Available curl_easy_setopt() options: 120 - Number of public functions in libcurl: 36 - Amount of public web site mirrors: 12 - Number of known libcurl bindings: 26 - -2005 ----- - -April: GnuTLS can now optionally be used for the secure layer when curl is -built. - -April: Added the multi_socket() API - -September: TFTP support was added. - -More than 100,000 unique visitors of the curl web site. 25 mirrors. - -December: security vulnerability: libcurl URL Buffer Overflow - -2006 ----- - -January: We dropped support for Gopher. We found bugs in the implementation -that turned out to have been introduced years ago, so with the conclusion that -nobody had found out in all this time we removed it instead of fixing it. - -March: security vulnerability: libcurl TFTP Packet Buffer Overflow - -September: The major SONAME number for libcurl was bumped to 4 due to the -removal of ftp third party transfer support. - -November: Added SCP and SFTP support - -2007 ----- - -February: Added support for the Mozilla NSS library to do the SSL/TLS stuff - -July: security vulnerability: libcurl GnuTLS insufficient cert verification - -2008 ----- - -November: - - Command line options: 128 - curl_easy_setopt() options: 158 - Public functions in libcurl: 58 - Known libcurl bindings: 37 - Contributors: 683 - - 145,000 unique visitors. >100 GB downloaded. - -2009 ----- - -March: security vulnerability: libcurl Arbitrary File Access - -August: security vulnerability: libcurl embedded zero in cert name - -December: Added support for IMAP, POP3 and SMTP - -2010 ----- - -January: Added support for RTSP - -February: security vulnerability: libcurl data callback excessive length - -March: The project switched over to use git (hosted by github) instead of CVS -for source code control - -May: Added support for RTMP - -Added support for PolarSSL to do the SSL/TLS stuff - -August: - - Public curl releases: 117 - Command line options: 138 - curl_easy_setopt() options: 180 - Public functions in libcurl: 58 - Known libcurl bindings: 39 - Contributors: 808 - - Gopher support added (re-added actually, see January 2006) - -2012 ----- - - July: Added support for Schannel (native Windows TLS backend) and Darwin SSL - (Native Mac OS X and iOS TLS backend). - - Supports metalink - - October: SSH-agent support. - -2013 ----- - - February: Cleaned up internals to always uses the "multi" non-blocking - approach internally and only expose the blocking API with a wrapper. - - September: First small steps on supporting HTTP/2 with nghttp2. - - October: Removed krb4 support. - - December: Happy eyeballs. - -2014 ----- - - March: first real release supporting HTTP/2 - - September: Web site had 245,000 unique visitors and served 236GB data DELETED scriptlibs/softwareupdate/curl/docs/HTTP-COOKIES.md Index: scriptlibs/softwareupdate/curl/docs/HTTP-COOKIES.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/HTTP-COOKIES.md +++ scriptlibs/softwareupdate/curl/docs/HTTP-COOKIES.md @@ -1,104 +0,0 @@ -# HTTP Cookies - -## Cookie overview - - Cookies are `name=contents` pairs that a HTTP server tells the client to - hold and then the client sends back those to the server on subsequent - requests to the same domains and paths for which the cookies were set. - - Cookies are either "session cookies" which typically are forgotten when the - session is over which is often translated to equal when browser quits, or - the cookies aren't session cookies they have expiration dates after which - the client will throw them away. - - Cookies are set to the client with the Set-Cookie: header and are sent to - servers with the Cookie: header. - - For a very long time, the only spec explaining how to use cookies was the - original [Netscape spec from 1994](https://curl.haxx.se/rfc/cookie_spec.html). - - In 2011, [RFC6265](https://www.ietf.org/rfc/rfc6265.txt) was finally - published and details how cookies work within HTTP. - -## Cookies saved to disk - - Netscape once created a file format for storing cookies on disk so that they - would survive browser restarts. curl adopted that file format to allow - sharing the cookies with browsers, only to see browsers move away from that - format. Modern browsers no longer use it, while curl still does. - - The netscape cookie file format stores one cookie per physical line in the - file with a bunch of associated meta data, each field separated with - TAB. That file is called the cookiejar in curl terminology. - - When libcurl saves a cookiejar, it creates a file header of its own in which - there is a URL mention that will link to the web version of this document. - -## Cookies with curl the command line tool - - curl has a full cookie "engine" built in. If you just activate it, you can - have curl receive and send cookies exactly as mandated in the specs. - - Command line options: - - `-b, --cookie` - - tell curl a file to read cookies from and start the cookie engine, or if it - isn't a file it will pass on the given string. -b name=var works and so does - -b cookiefile. - - `-j, --junk-session-cookies` - - when used in combination with -b, it will skip all "session cookies" on load - so as to appear to start a new cookie session. - - `-c, --cookie-jar` - - tell curl to start the cookie engine and write cookies to the given file - after the request(s) - -## Cookies with libcurl - - libcurl offers several ways to enable and interface the cookie engine. These - options are the ones provided by the native API. libcurl bindings may offer - access to them using other means. - - `CURLOPT_COOKIE` - - Is used when you want to specify the exact contents of a cookie header to - send to the server. - - `CURLOPT_COOKIEFILE` - - Tell libcurl to activate the cookie engine, and to read the initial set of - cookies from the given file. Read-only. - - `CURLOPT_COOKIEJAR` - - Tell libcurl to activate the cookie engine, and when the easy handle is - closed save all known cookies to the given cookiejar file. Write-only. - - `CURLOPT_COOKIELIST` - - Provide detailed information about a single cookie to add to the internal - storage of cookies. Pass in the cookie as a HTTP header with all the details - set, or pass in a line from a netscape cookie file. This option can also be - used to flush the cookies etc. - - `CURLINFO_COOKIELIST` - - Extract cookie information from the internal cookie storage as a linked - list. - -## Cookies with javascript - - These days a lot of the web is built up by javascript. The webbrowser loads - complete programs that render the page you see. These javascript programs - can also set and access cookies. - - Since curl and libcurl are plain HTTP clients without any knowledge of or - capability to handle javascript, such cookies will not be detected or used. - - Often, if you want to mimic what a browser does on such web sites, you can - record web browser HTTP traffic when using such a site and then repeat the - cookie operations using curl or libcurl. DELETED scriptlibs/softwareupdate/curl/docs/HTTP2.md Index: scriptlibs/softwareupdate/curl/docs/HTTP2.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/HTTP2.md +++ scriptlibs/softwareupdate/curl/docs/HTTP2.md @@ -1,126 +0,0 @@ -HTTP/2 with curl -================ - -[HTTP/2 Spec](https://www.rfc-editor.org/rfc/rfc7540.txt) -[http2 explained](https://daniel.haxx.se/http2/) - -Build prerequisites -------------------- - - nghttp2 - - OpenSSL, libressl, BoringSSL, NSS, GnutTLS, mbedTLS, wolfSSL or SChannel - with a new enough version. - -[nghttp2](https://nghttp2.org/) -------------------------------- - -libcurl uses this 3rd party library for the low level protocol handling -parts. The reason for this is that HTTP/2 is much more complex at that layer -than HTTP/1.1 (which we implement on our own) and that nghttp2 is an already -existing and well functional library. - -We require at least version 1.0.0. - -Over an http:// URL -------------------- - -If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will -include an upgrade header in the initial request to the host to allow -upgrading to HTTP/2. - -Possibly we can later introduce an option that will cause libcurl to fail if -not possible to upgrade. Possibly we introduce an option that makes libcurl -use HTTP/2 at once over http:// - -Over an https:// URL --------------------- - -If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will use -ALPN (or NPN) to negotiate which protocol to continue with. Possibly introduce -an option that will cause libcurl to fail if not possible to use HTTP/2. - -`CURL_HTTP_VERSION_2TLS` was added in 7.47.0 as a way to ask libcurl to prefer -HTTP/2 for HTTPS but stick to 1.1 by default for plain old HTTP connections. - -ALPN is the TLS extension that HTTP/2 is expected to use. The NPN extension is -for a similar purpose, was made prior to ALPN and is used for SPDY so early -HTTP/2 servers are implemented using NPN before ALPN support is widespread. - -`CURLOPT_SSL_ENABLE_ALPN` and `CURLOPT_SSL_ENABLE_NPN` are offered to allow -applications to explicitly disable ALPN or NPN. - -SSL libs --------- - -The challenge is the ALPN and NPN support and all our different SSL -backends. You may need a fairly updated SSL library version for it to provide -the necessary TLS features. Right now we support: - - - OpenSSL: ALPN and NPN - - libressl: ALPN and NPN - - BoringSSL: ALPN and NPN - - NSS: ALPN and NPN - - GnuTLS: ALPN - - mbedTLS: ALPN - - SChannel: ALPN - - wolfSSL: ALPN - -Multiplexing ------------- - -Starting in 7.43.0, libcurl fully supports HTTP/2 multiplexing, which is the -term for doing multiple independent transfers over the same physical TCP -connection. - -To take advantage of multiplexing, you need to use the multi interface and set -`CURLMOPT_PIPELINING` to `CURLPIPE_MULTIPLEX`. With that bit set, libcurl will -attempt to re-use existing HTTP/2 connections and just add a new stream over -that when doing subsequent parallel requests. - -While libcurl sets up a connection to a HTTP server there is a period during -which it doesn't know if it can pipeline or do multiplexing and if you add new -transfers in that period, libcurl will default to start new connections for -those transfers. With the new option `CURLOPT_PIPEWAIT` (added in 7.43.0), you -can ask that a transfer should rather wait and see in case there's a -connection for the same host in progress that might end up being possible to -multiplex on. It favours keeping the number of connections low to the cost of -slightly longer time to first byte transferred. - -Applications ------------- - -We hide HTTP/2's binary nature and convert received HTTP/2 traffic to headers -in HTTP 1.1 style. This allows applications to work unmodified. - -curl tool ---------- - -curl offers the `--http2` command line option to enable use of HTTP/2. - -curl offers the `--http2-prior-knowledge` command line option to enable use of -HTTP/2 without HTTP/1.1 Upgrade. - -Since 7.47.0, the curl tool enables HTTP/2 by default for HTTPS connections. - -curl tool limitations ---------------------- - -The command line tool won't do any HTTP/2 multiplexing even though libcurl -supports it, simply because the curl tool is not written to take advantage of -the libcurl API that's necessary for this (the multi interface). We have an -outstanding TODO item for this and **you** can help us make it happen. - -The command line tool also doesn't support HTTP/2 server push for the same -reason it doesn't do multiplexing: it needs to use the multi interface for -that so that multiplexing is supported. - -HTTP Alternative Services -------------------------- - -Alt-Svc is an extension with a corresponding frame (ALTSVC) in HTTP/2 that -tells the client about an alternative "route" to the same content for the same -origin server that you get the response from. A browser or long-living client -can use that hint to create a new connection asynchronously. For libcurl, we -may introduce a way to bring such clues to the application and/or let a -subsequent request use the alternate route automatically. - -[Detailed in RFC 7838](https://tools.ietf.org/html/rfc7838) DELETED scriptlibs/softwareupdate/curl/docs/INSTALL.md Index: scriptlibs/softwareupdate/curl/docs/INSTALL.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/INSTALL.md +++ scriptlibs/softwareupdate/curl/docs/INSTALL.md @@ -1,513 +0,0 @@ -# how to install curl and libcurl - -## Installing Binary Packages - -Lots of people download binary distributions of curl and libcurl. This -document does not describe how to install curl or libcurl using such a binary -package. This document describes how to compile, build and install curl and -libcurl from source code. - -## Building from git - -If you get your code off a git repository instead of a release tarball, see -the `GIT-INFO` file in the root directory for specific instructions on how to -proceed. - -# Unix - -A normal Unix installation is made in three or four steps (after you've -unpacked the source archive): - - ./configure - make - make test (optional) - make install - -You probably need to be root when doing the last command. - -Get a full listing of all available configure options by invoking it like: - - ./configure --help - -If you want to install curl in a different file hierarchy than `/usr/local`, -specify that when running configure: - - ./configure --prefix=/path/to/curl/tree - -If you have write permission in that directory, you can do 'make install' -without being root. An example of this would be to make a local install in -your own home directory: - - ./configure --prefix=$HOME - make - make install - -The configure script always tries to find a working SSL library unless -explicitly told not to. If you have OpenSSL installed in the default search -path for your compiler/linker, you don't need to do anything special. If you -have OpenSSL installed in /usr/local/ssl, you can run configure like: - - ./configure --with-ssl - -If you have OpenSSL installed somewhere else (for example, /opt/OpenSSL) and -you have pkg-config installed, set the pkg-config path first, like this: - - env PKG_CONFIG_PATH=/opt/OpenSSL/lib/pkgconfig ./configure --with-ssl - -Without pkg-config installed, use this: - - ./configure --with-ssl=/opt/OpenSSL - -If you insist on forcing a build without SSL support, even though you may -have OpenSSL installed in your system, you can run configure like this: - - ./configure --without-ssl - -If you have OpenSSL installed, but with the libraries in one place and the -header files somewhere else, you have to set the LDFLAGS and CPPFLAGS -environment variables prior to running configure. Something like this should -work: - - CPPFLAGS="-I/path/to/ssl/include" LDFLAGS="-L/path/to/ssl/lib" ./configure - -If you have shared SSL libs installed in a directory where your run-time -linker doesn't find them (which usually causes configure failures), you can -provide the -R option to ld on some operating systems to set a hard-coded -path to the run-time linker: - - LDFLAGS=-R/usr/local/ssl/lib ./configure --with-ssl - -## More Options - -To force a static library compile, disable the shared library creation by -running configure like: - - ./configure --disable-shared - -To tell the configure script to skip searching for thread-safe functions, add -an option like: - - ./configure --disable-thread - -If you're a curl developer and use gcc, you might want to enable more debug -options with the `--enable-debug` option. - -curl can be built to use a whole range of libraries to provide various useful -services, and configure will try to auto-detect a decent default. But if you -want to alter it, you can select how to deal with each individual library. - -## Select TLS backend - -The default OpenSSL configure check will also detect and use BoringSSL or -libressl. - - - GnuTLS: `--without-ssl --with-gnutls`. - - Cyassl: `--without-ssl --with-cyassl` - - NSS: `--without-ssl --with-nss` - - PolarSSL: `--without-ssl --with-polarssl` - - mbedTLS: `--without-ssl --with-mbedtls` - - axTLS: `--without-ssl --with-axtls` - - schannel: `--without-ssl --with-winssl` - - secure transport: `--with-winssl --with-darwinssl` - -# Windows - -## Building Windows DLLs and C run-time (CRT) linkage issues - - As a general rule, building a DLL with static CRT linkage is highly - discouraged, and intermixing CRTs in the same app is something to avoid at - any cost. - - Reading and comprehending Microsoft Knowledge Base articles KB94248 and - KB140584 is a must for any Windows developer. Especially important is full - understanding if you are not going to follow the advice given above. - - - [How To Use the C Run-Time](https://support.microsoft.com/kb/94248/en-us) - - [How to link with the correct C Run-Time CRT library](https://support.microsoft.com/kb/140584/en-us) - - [Potential Errors Passing CRT Objects Across DLL Boundaries](https://msdn.microsoft.com/en-us/library/ms235460) - -If your app is misbehaving in some strange way, or it is suffering from -memory corruption, before asking for further help, please try first to -rebuild every single library your app uses as well as your app using the -debug multithreaded dynamic C runtime. - - If you get linkage errors read section 5.7 of the FAQ document. - -## MingW32 - -Make sure that MinGW32's bin dir is in the search path, for example: - - set PATH=c:\mingw32\bin;%PATH% - -then run `mingw32-make mingw32` in the root dir. There are other -make targets available to build libcurl with more features, use: - - - `mingw32-make mingw32-zlib` to build with Zlib support; - - `mingw32-make mingw32-ssl-zlib` to build with SSL and Zlib enabled; - - `mingw32-make mingw32-ssh2-ssl-zlib` to build with SSH2, SSL, Zlib; - - `mingw32-make mingw32-ssh2-ssl-sspi-zlib` to build with SSH2, SSL, Zlib - and SSPI support. - -If you have any problems linking libraries or finding header files, be sure -to verify that the provided "Makefile.m32" files use the proper paths, and -adjust as necessary. It is also possible to override these paths with -environment variables, for example: - - set ZLIB_PATH=c:\zlib-1.2.8 - set OPENSSL_PATH=c:\openssl-1.0.2c - set LIBSSH2_PATH=c:\libssh2-1.6.0 - -It is also possible to build with other LDAP SDKs than MS LDAP; currently -it is possible to build with native Win32 OpenLDAP, or with the Novell CLDAP -SDK. If you want to use these you need to set these vars: - - set LDAP_SDK=c:\openldap - set USE_LDAP_OPENLDAP=1 - -or for using the Novell SDK: - - set USE_LDAP_NOVELL=1 - -If you want to enable LDAPS support then set LDAPS=1. - -## Cygwin - -Almost identical to the unix installation. Run the configure script in the -curl source tree root with `sh configure`. Make sure you have the sh -executable in /bin/ or you'll see the configure fail toward the end. - -Run `make` - -## Borland C++ compiler - -Ensure that your build environment is properly set up to use the compiler and -associated tools. PATH environment variable must include the path to bin -subdirectory of your compiler installation, eg: `c:\Borland\BCC55\bin` - -It is advisable to set environment variable BCCDIR to the base path of the -compiler installation. - - set BCCDIR=c:\Borland\BCC55 - -In order to build a plain vanilla version of curl and libcurl run the -following command from curl's root directory: - - make borland - -To build curl and libcurl with zlib and OpenSSL support set environment -variables `ZLIB_PATH` and `OPENSSL_PATH` to the base subdirectories of the -already built zlib and OpenSSL libraries and from curl's root directory run -command: - - make borland-ssl-zlib - -libcurl library will be built in 'lib' subdirectory while curl tool is built -in 'src' subdirectory. In order to use libcurl library it is advisable to -modify compiler's configuration file bcc32.cfg located in -`c:\Borland\BCC55\bin` to reflect the location of libraries include paths for -example the '-I' line could result in something like: - - -I"c:\Borland\BCC55\include;c:\curl\include;c:\openssl\inc32" - -bcc3.cfg `-L` line could also be modified to reflect the location of of -libcurl library resulting for example: - - -L"c:\Borland\BCC55\lib;c:\curl\lib;c:\openssl\out32" - -In order to build sample program `simple.c` from the docs\examples -subdirectory run following command from mentioned subdirectory: - - bcc32 simple.c libcurl.lib cw32mt.lib - -In order to build sample program simplessl.c an SSL enabled libcurl is -required, as well as the OpenSSL libeay32.lib and ssleay32.lib libraries. - -## Disabling Specific Protocols in Windows builds - -The configure utility, unfortunately, is not available for the Windows -environment, therefore, you cannot use the various disable-protocol options of -the configure utility on this platform. - -However, you can use the following defines to disable specific -protocols: - - - `HTTP_ONLY` disables all protocols except HTTP - - `CURL_DISABLE_FTP` disables FTP - - `CURL_DISABLE_LDAP` disables LDAP - - `CURL_DISABLE_TELNET` disables TELNET - - `CURL_DISABLE_DICT` disables DICT - - `CURL_DISABLE_FILE` disables FILE - - `CURL_DISABLE_TFTP` disables TFTP - - `CURL_DISABLE_HTTP` disables HTTP - - `CURL_DISABLE_IMAP` disables IMAP - - `CURL_DISABLE_POP3` disables POP3 - - `CURL_DISABLE_SMTP` disables SMTP - -If you want to set any of these defines you have the following options: - - - Modify lib/config-win32.h - - Modify lib/curl_setup.h - - Modify winbuild/Makefile.vc - - Modify the "Preprocessor Definitions" in the libcurl project - -Note: The pre-processor settings can be found using the Visual Studio IDE -under "Project -> Settings -> C/C++ -> General" in VC6 and "Project -> -Properties -> Configuration Properties -> C/C++ -> Preprocessor" in later -versions. - -## Using BSD-style lwIP instead of Winsock TCP/IP stack in Win32 builds - -In order to compile libcurl and curl using BSD-style lwIP TCP/IP stack it is -necessary to make definition of preprocessor symbol USE_LWIPSOCK visible to -libcurl and curl compilation processes. To set this definition you have the -following alternatives: - - - Modify lib/config-win32.h and src/config-win32.h - - Modify winbuild/Makefile.vc - - Modify the "Preprocessor Definitions" in the libcurl project - -Note: The pre-processor settings can be found using the Visual Studio IDE -under "Project -> Settings -> C/C++ -> General" in VC6 and "Project -> -Properties -> Configuration Properties -> C/C++ -> Preprocessor" in later -versions. - -Once that libcurl has been built with BSD-style lwIP TCP/IP stack support, in -order to use it with your program it is mandatory that your program includes -lwIP header file `` (or another lwIP header that includes this) -before including any libcurl header. Your program does not need the -`USE_LWIPSOCK` preprocessor definition which is for libcurl internals only. - -Compilation has been verified with [lwIP -1.4.0](http://download.savannah.gnu.org/releases/lwip/lwip-1.4.0.zip) and -[contrib-1.4.0](http://download.savannah.gnu.org/releases/lwip/contrib-1.4.0.zip). - -This BSD-style lwIP TCP/IP stack support must be considered experimental given -that it has been verified that lwIP 1.4.0 still needs some polish, and libcurl -might yet need some additional adjustment, caveat emptor. - -## Important static libcurl usage note - -When building an application that uses the static libcurl library on Windows, -you must add `-DCURL_STATICLIB` to your `CFLAGS`. Otherwise the linker will -look for dynamic import symbols. - -## Legacy Windows and SSL - -WinSSL (specifically SChannel from Windows SSPI), is the native SSL library in -Windows. However, WinSSL in Windows <= XP is unable to connect to servers that -no longer support the legacy handshakes and algorithms used by those -versions. If you will be using curl in one of those earlier versions of -Windows you should choose another SSL backend such as OpenSSL. - -# Apple iOS and Mac OS X - -On modern Apple operating systems, curl can be built to use Apple's SSL/TLS -implementation, Secure Transport, instead of OpenSSL. To build with Secure -Transport for SSL/TLS, use the configure option `--with-darwinssl`. (It is not -necessary to use the option `--without-ssl`.) This feature requires iOS 5.0 or -later, or OS X 10.5 ("Leopard") or later. - -When Secure Transport is in use, the curl options `--cacert` and `--capath` -and their libcurl equivalents, will be ignored, because Secure Transport uses -the certificates stored in the Keychain to evaluate whether or not to trust -the server. This, of course, includes the root certificates that ship with the -OS. The `--cert` and `--engine` options, and their libcurl equivalents, are -currently unimplemented in curl with Secure Transport. - -For OS X users: In OS X 10.8 ("Mountain Lion"), Apple made a major overhaul to -the Secure Transport API that, among other things, added support for the newer -TLS 1.1 and 1.2 protocols. To get curl to support TLS 1.1 and 1.2, you must -build curl on Mountain Lion or later, or by using the equivalent SDK. If you -set the `MACOSX_DEPLOYMENT_TARGET` environmental variable to an earlier -version of OS X prior to building curl, then curl will use the new Secure -Transport API on Mountain Lion and later, and fall back on the older API when -the same curl binary is executed on older cats. For example, running these -commands in curl's directory in the shell will build the code such that it -will run on cats as old as OS X 10.6 ("Snow Leopard") (using bash): - - export MACOSX_DEPLOYMENT_TARGET="10.6" - ./configure --with-darwinssl - make - -# Cross compile - -Download and unpack the curl package. - -'cd' to the new directory. (e.g. `cd curl-7.12.3`) - -Set environment variables to point to the cross-compile toolchain and call -configure with any options you need. Be sure and specify the `--host` and -`--build` parameters at configuration time. The following script is an -example of cross-compiling for the IBM 405GP PowerPC processor using the -toolchain from MonteVista for Hardhat Linux. - - #! /bin/sh - - export PATH=$PATH:/opt/hardhat/devkit/ppc/405/bin - export CPPFLAGS="-I/opt/hardhat/devkit/ppc/405/target/usr/include" - export AR=ppc_405-ar - export AS=ppc_405-as - export LD=ppc_405-ld - export RANLIB=ppc_405-ranlib - export CC=ppc_405-gcc - export NM=ppc_405-nm - - ./configure --target=powerpc-hardhat-linux - --host=powerpc-hardhat-linux - --build=i586-pc-linux-gnu - --prefix=/opt/hardhat/devkit/ppc/405/target/usr/local - --exec-prefix=/usr/local - -You may also need to provide a parameter like `--with-random=/dev/urandom` to -configure as it cannot detect the presence of a random number generating -device for a target system. The `--prefix` parameter specifies where curl -will be installed. If `configure` completes successfully, do `make` and `make -install` as usual. - -In some cases, you may be able to simplify the above commands to as little as: - - ./configure --host=ARCH-OS - -# REDUCING SIZE - -There are a number of configure options that can be used to reduce the size of -libcurl for embedded applications where binary size is an important factor. -First, be sure to set the CFLAGS variable when configuring with any relevant -compiler optimization flags to reduce the size of the binary. For gcc, this -would mean at minimum the -Os option, and potentially the `-march=X`, -`-mdynamic-no-pic` and `-flto` options as well, e.g. - - ./configure CFLAGS='-Os' LDFLAGS='-Wl,-Bsymbolic'... - -Note that newer compilers often produce smaller code than older versions -due to improved optimization. - -Be sure to specify as many `--disable-` and `--without-` flags on the -configure command-line as you can to disable all the libcurl features that you -know your application is not going to need. Besides specifying the -`--disable-PROTOCOL` flags for all the types of URLs your application will not -use, here are some other flags that can reduce the size of the library: - - - `--disable-ares` (disables support for the C-ARES DNS library) - - `--disable-cookies` (disables support for HTTP cookies) - - `--disable-crypto-auth` (disables HTTP cryptographic authentication) - - `--disable-ipv6` (disables support for IPv6) - - `--disable-manual` (disables support for the built-in documentation) - - `--disable-proxy` (disables support for HTTP and SOCKS proxies) - - `--disable-unix-sockets` (disables support for UNIX sockets) - - `--disable-verbose` (eliminates debugging strings and error code strings) - - `--disable-versioned-symbols` (disables support for versioned symbols) - - `--enable-hidden-symbols` (eliminates unneeded symbols in the shared library) - - `--without-libidn` (disables support for the libidn DNS library) - - `--without-librtmp` (disables support for RTMP) - - `--without-ssl` (disables support for SSL/TLS) - - `--without-zlib` (disables support for on-the-fly decompression) - -The GNU compiler and linker have a number of options that can reduce the -size of the libcurl dynamic libraries on some platforms even further. -Specify them by providing appropriate CFLAGS and LDFLAGS variables on the -configure command-line, e.g. - - CFLAGS="-Os -ffunction-sections -fdata-sections - -fno-unwind-tables -fno-asynchronous-unwind-tables -flto" - LDFLAGS="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections" - -Be sure also to strip debugging symbols from your binaries after compiling -using 'strip' (or the appropriate variant if cross-compiling). If space is -really tight, you may be able to remove some unneeded sections of the shared -library using the -R option to objcopy (e.g. the .comment section). - -Using these techniques it is possible to create a basic HTTP-only shared -libcurl library for i386 Linux platforms that is only 113 KiB in size, and an -FTP-only library that is 113 KiB in size (as of libcurl version 7.50.3, using -gcc 5.4.0). - -You may find that statically linking libcurl to your application will result -in a lower total size than dynamically linking. - -Note that the curl test harness can detect the use of some, but not all, of -the `--disable` statements suggested above. Use will cause tests relying on -those features to fail. The test harness can be manually forced to skip the -relevant tests by specifying certain key words on the runtests.pl command -line. Following is a list of appropriate key words: - - - `--disable-cookies` !cookies - - `--disable-manual` !--manual - - `--disable-proxy` !HTTP\ proxy !proxytunnel !SOCKS4 !SOCKS5 - -# PORTS - -This is a probably incomplete list of known hardware and operating systems -that curl has been compiled for. If you know a system curl compiles and -runs on, that isn't listed, please let us know! - - - Alpha DEC OSF 4 - - Alpha Digital UNIX v3.2 - - Alpha FreeBSD 4.1, 4.5 - - Alpha Linux 2.2, 2.4 - - Alpha NetBSD 1.5.2 - - Alpha OpenBSD 3.0 - - Alpha OpenVMS V7.1-1H2 - - Alpha Tru64 v5.0 5.1 - - AVR32 Linux - - ARM Android 1.5, 2.1, 2.3, 3.2, 4.x - - ARM INTEGRITY - - ARM iOS - - Cell Linux - - Cell Cell OS - - HP-PA HP-UX 9.X 10.X 11.X - - HP-PA Linux - - HP3000 MPE/iX - - MicroBlaze uClinux - - MIPS IRIX 6.2, 6.5 - - MIPS Linux - - OS/400 - - Pocket PC/Win CE 3.0 - - Power AIX 3.2.5, 4.2, 4.3.1, 4.3.2, 5.1, 5.2 - - PowerPC Darwin 1.0 - - PowerPC INTEGRITY - - PowerPC Linux - - PowerPC Mac OS 9 - - PowerPC Mac OS X - - SH4 Linux 2.6.X - - SH4 OS21 - - SINIX-Z v5 - - Sparc Linux - - Sparc Solaris 2.4, 2.5, 2.5.1, 2.6, 7, 8, 9, 10 - - Sparc SunOS 4.1.X - - StrongARM (and other ARM) RISC OS 3.1, 4.02 - - StrongARM/ARM7/ARM9 Linux 2.4, 2.6 - - StrongARM NetBSD 1.4.1 - - Symbian OS (P.I.P.S.) 9.x - - TPF - - Ultrix 4.3a - - UNICOS 9.0 - - i386 BeOS - - i386 DOS - - i386 eCos 1.3.1 - - i386 Esix 4.1 - - i386 FreeBSD - - i386 HURD - - i386 Haiku OS - - i386 Linux 1.3, 2.0, 2.2, 2.3, 2.4, 2.6 - - i386 Mac OS X - - i386 MINIX 3.1 - - i386 NetBSD - - i386 Novell NetWare - - i386 OS/2 - - i386 OpenBSD - - i386 QNX 6 - - i386 SCO unix - - i386 Solaris 2.7 - - i386 Windows 95, 98, ME, NT, 2000, XP, 2003 - - i486 ncr-sysv4.3.03 (NCR MP-RAS) - - ia64 Linux 2.3.99 - - m68k AmigaOS 3 - - m68k Linux - - m68k uClinux - - m68k OpenBSD - - m88k dg-dgux5.4R3.00 - - s390 Linux - - x86_64 Linux - - XScale/PXA250 Linux 2.4 - - Nios II uClinux DELETED scriptlibs/softwareupdate/curl/docs/INSTALL.txt Index: scriptlibs/softwareupdate/curl/docs/INSTALL.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/INSTALL.txt +++ scriptlibs/softwareupdate/curl/docs/INSTALL.txt @@ -1,9 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - How To Compile - -see INSTALL.md DELETED scriptlibs/softwareupdate/curl/docs/INTERNALS.md Index: scriptlibs/softwareupdate/curl/docs/INTERNALS.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/INTERNALS.md +++ scriptlibs/softwareupdate/curl/docs/INTERNALS.md @@ -1,1093 +0,0 @@ -curl internals -============== - - - [Intro](#intro) - - [git](#git) - - [Portability](#Portability) - - [Windows vs Unix](#winvsunix) - - [Library](#Library) - - [`Curl_connect`](#Curl_connect) - - [`Curl_do`](#Curl_do) - - [`Curl_readwrite`](#Curl_readwrite) - - [`Curl_done`](#Curl_done) - - [`Curl_disconnect`](#Curl_disconnect) - - [HTTP(S)](#http) - - [FTP](#ftp) - - [Kerberos](#kerberos) - - [TELNET](#telnet) - - [FILE](#file) - - [SMB](#smb) - - [LDAP](#ldap) - - [E-mail](#email) - - [General](#general) - - [Persistent Connections](#persistent) - - [multi interface/non-blocking](#multi) - - [SSL libraries](#ssl) - - [Library Symbols](#symbols) - - [Return Codes and Informationals](#returncodes) - - [AP/ABI](#abi) - - [Client](#client) - - [Memory Debugging](#memorydebug) - - [Test Suite](#test) - - [Asynchronous name resolves](#asyncdns) - - [c-ares](#cares) - - [`curl_off_t`](#curl_off_t) - - [curlx](#curlx) - - [Content Encoding](#contentencoding) - - [hostip.c explained](#hostip) - - [Track Down Memory Leaks](#memoryleak) - - [`multi_socket`](#multi_socket) - - [Structs in libcurl](#structs) - - -Intro -===== - - This project is split in two. The library and the client. The client part - uses the library, but the library is designed to allow other applications to - use it. - - The largest amount of code and complexity is in the library part. - - - -git -=== - - All changes to the sources are committed to the git repository as soon as - they're somewhat verified to work. Changes shall be committed as independently - as possible so that individual changes can be easily spotted and tracked - afterwards. - - Tagging shall be used extensively, and by the time we release new archives we - should tag the sources with a name similar to the released version number. - - -Portability -=========== - - We write curl and libcurl to compile with C89 compilers. On 32bit and up - machines. Most of libcurl assumes more or less POSIX compliance but that's - not a requirement. - - We write libcurl to build and work with lots of third party tools, and we - want it to remain functional and buildable with these and later versions - (older versions may still work but is not what we work hard to maintain): - -Dependencies ------------- - - - OpenSSL 0.9.7 - - GnuTLS 1.2 - - zlib 1.1.4 - - libssh2 0.16 - - c-ares 1.6.0 - - libidn 0.4.1 - - cyassl 2.0.0 - - openldap 2.0 - - MIT Kerberos 1.2.4 - - GSKit V5R3M0 - - NSS 3.14.x - - axTLS 2.1.0 - - PolarSSL 1.3.0 - - Heimdal ? - - nghttp2 1.0.0 - -Operating Systems ------------------ - - On systems where configure runs, we aim at working on them all - if they have - a suitable C compiler. On systems that don't run configure, we strive to keep - curl running correctly on: - - - Windows 98 - - AS/400 V5R3M0 - - Symbian 9.1 - - Windows CE ? - - TPF ? - -Build tools ------------ - - When writing code (mostly for generating stuff included in release tarballs) - we use a few "build tools" and we make sure that we remain functional with - these versions: - - - GNU Libtool 1.4.2 - - GNU Autoconf 2.57 - - GNU Automake 1.7 - - GNU M4 1.4 - - perl 5.004 - - roffit 0.5 - - groff ? (any version that supports "groff -Tps -man [in] [out]") - - ps2pdf (gs) ? - - -Windows vs Unix -=============== - - There are a few differences in how to program curl the Unix way compared to - the Windows way. Perhaps the four most notable details are: - - 1. Different function names for socket operations. - - In curl, this is solved with defines and macros, so that the source looks - the same in all places except for the header file that defines them. The - macros in use are sclose(), sread() and swrite(). - - 2. Windows requires a couple of init calls for the socket stuff. - - That's taken care of by the `curl_global_init()` call, but if other libs - also do it etc there might be reasons for applications to alter that - behaviour. - - 3. The file descriptors for network communication and file operations are - not as easily interchangeable as in Unix. - - We avoid this by not trying any funny tricks on file descriptors. - - 4. When writing data to stdout, Windows makes end-of-lines the DOS way, thus - destroying binary data, although you do want that conversion if it is - text coming through... (sigh) - - We set stdout to binary under windows - - Inside the source code, We make an effort to avoid `#ifdef [Your OS]`. All - conditionals that deal with features *should* instead be in the format - `#ifdef HAVE_THAT_WEIRD_FUNCTION`. Since Windows can't run configure scripts, - we maintain a `curl_config-win32.h` file in lib directory that is supposed to - look exactly like a `curl_config.h` file would have looked like on a Windows - machine! - - Generally speaking: always remember that this will be compiled on dozens of - operating systems. Don't walk on the edge! - - -Library -======= - - (See [Structs in libcurl](#structs) for the separate section describing all - major internal structs and their purposes.) - - There are plenty of entry points to the library, namely each publicly defined - function that libcurl offers to applications. All of those functions are - rather small and easy-to-follow. All the ones prefixed with `curl_easy` are - put in the lib/easy.c file. - - `curl_global_init()` and `curl_global_cleanup()` should be called by the - application to initialize and clean up global stuff in the library. As of - today, it can handle the global SSL initing if SSL is enabled and it can init - the socket layer on windows machines. libcurl itself has no "global" scope. - - All printf()-style functions use the supplied clones in lib/mprintf.c. This - makes sure we stay absolutely platform independent. - - [ `curl_easy_init()`][2] allocates an internal struct and makes some - initializations. The returned handle does not reveal internals. This is the - `Curl_easy` struct which works as an "anchor" struct for all `curl_easy` - functions. All connections performed will get connect-specific data allocated - that should be used for things related to particular connections/requests. - - [`curl_easy_setopt()`][1] takes three arguments, where the option stuff must - be passed in pairs: the parameter-ID and the parameter-value. The list of - options is documented in the man page. This function mainly sets things in - the `Curl_easy` struct. - - `curl_easy_perform()` is just a wrapper function that makes use of the multi - API. It basically calls `curl_multi_init()`, `curl_multi_add_handle()`, - `curl_multi_wait()`, and `curl_multi_perform()` until the transfer is done - and then returns. - - Some of the most important key functions in url.c are called from multi.c - when certain key steps are to be made in the transfer operation. - - -Curl_connect() --------------- - - Analyzes the URL, it separates the different components and connects to the - remote host. This may involve using a proxy and/or using SSL. The - `Curl_resolv()` function in lib/hostip.c is used for looking up host names - (it does then use the proper underlying method, which may vary between - platforms and builds). - - When `Curl_connect` is done, we are connected to the remote site. Then it - is time to tell the server to get a document/file. `Curl_do()` arranges - this. - - This function makes sure there's an allocated and initiated 'connectdata' - struct that is used for this particular connection only (although there may - be several requests performed on the same connect). A bunch of things are - inited/inherited from the `Curl_easy` struct. - - -Curl_do() ---------- - - `Curl_do()` makes sure the proper protocol-specific function is called. The - functions are named after the protocols they handle. - - The protocol-specific functions of course deal with protocol-specific - negotiations and setup. They have access to the `Curl_sendf()` (from - lib/sendf.c) function to send printf-style formatted data to the remote - host and when they're ready to make the actual file transfer they call the - `Curl_Transfer()` function (in lib/transfer.c) to setup the transfer and - returns. - - If this DO function fails and the connection is being re-used, libcurl will - then close this connection, setup a new connection and re-issue the DO - request on that. This is because there is no way to be perfectly sure that - we have discovered a dead connection before the DO function and thus we - might wrongly be re-using a connection that was closed by the remote peer. - - Some time during the DO function, the `Curl_setup_transfer()` function must - be called with some basic info about the upcoming transfer: what socket(s) - to read/write and the expected file transfer sizes (if known). - - -Curl_readwrite() ----------------- - - Called during the transfer of the actual protocol payload. - - During transfer, the progress functions in lib/progress.c are called at - frequent intervals (or at the user's choice, a specified callback might get - called). The speedcheck functions in lib/speedcheck.c are also used to - verify that the transfer is as fast as required. - - -Curl_done() ------------ - - Called after a transfer is done. This function takes care of everything - that has to be done after a transfer. This function attempts to leave - matters in a state so that `Curl_do()` should be possible to call again on - the same connection (in a persistent connection case). It might also soon - be closed with `Curl_disconnect()`. - - -Curl_disconnect() ------------------ - - When doing normal connections and transfers, no one ever tries to close any - connections so this is not normally called when `curl_easy_perform()` is - used. This function is only used when we are certain that no more transfers - are going to be made on the connection. It can be also closed by force, or - it can be called to make sure that libcurl doesn't keep too many - connections alive at the same time. - - This function cleans up all resources that are associated with a single - connection. - - -HTTP(S) -======= - - HTTP offers a lot and is the protocol in curl that uses the most lines of - code. There is a special file (lib/formdata.c) that offers all the multipart - post functions. - - base64-functions for user+password stuff (and more) is in (lib/base64.c) and - all functions for parsing and sending cookies are found in (lib/cookie.c). - - HTTPS uses in almost every case the same procedure as HTTP, with only two - exceptions: the connect procedure is different and the function used to read - or write from the socket is different, although the latter fact is hidden in - the source by the use of `Curl_read()` for reading and `Curl_write()` for - writing data to the remote server. - - `http_chunks.c` contains functions that understands HTTP 1.1 chunked transfer - encoding. - - An interesting detail with the HTTP(S) request, is the `Curl_add_buffer()` - series of functions we use. They append data to one single buffer, and when - the building is finished the entire request is sent off in one single write. This is done this way to overcome problems with flawed firewalls and lame servers. - - -FTP -=== - - The `Curl_if2ip()` function can be used for getting the IP number of a - specified network interface, and it resides in lib/if2ip.c. - - `Curl_ftpsendf()` is used for sending FTP commands to the remote server. It - was made a separate function to prevent us programmers from forgetting that - they must be CRLF terminated. They must also be sent in one single write() to - make firewalls and similar happy. - - -Kerberos --------- - - Kerberos support is mainly in lib/krb5.c and lib/security.c but also - `curl_sasl_sspi.c` and `curl_sasl_gssapi.c` for the email protocols and - `socks_gssapi.c` and `socks_sspi.c` for SOCKS5 proxy specifics. - - -TELNET -====== - - Telnet is implemented in lib/telnet.c. - - -FILE -==== - - The file:// protocol is dealt with in lib/file.c. - - -SMB -=== - - The smb:// protocol is dealt with in lib/smb.c. - - -LDAP -==== - - Everything LDAP is in lib/ldap.c and lib/openldap.c - - -E-mail -====== - - The e-mail related source code is in lib/imap.c, lib/pop3.c and lib/smtp.c. - - -General -======= - - URL encoding and decoding, called escaping and unescaping in the source code, - is found in lib/escape.c. - - While transferring data in Transfer() a few functions might get used. - `curl_getdate()` in lib/parsedate.c is for HTTP date comparisons (and more). - - lib/getenv.c offers `curl_getenv()` which is for reading environment - variables in a neat platform independent way. That's used in the client, but - also in lib/url.c when checking the proxy environment variables. Note that - contrary to the normal unix getenv(), this returns an allocated buffer that - must be free()ed after use. - - lib/netrc.c holds the .netrc parser - - lib/timeval.c features replacement functions for systems that don't have - gettimeofday() and a few support functions for timeval conversions. - - A function named `curl_version()` that returns the full curl version string - is found in lib/version.c. - - -Persistent Connections -====================== - - The persistent connection support in libcurl requires some considerations on - how to do things inside of the library. - - - The `Curl_easy` struct returned in the [`curl_easy_init()`][2] call - must never hold connection-oriented data. It is meant to hold the root data - as well as all the options etc that the library-user may choose. - - - The `Curl_easy` struct holds the "connection cache" (an array of - pointers to 'connectdata' structs). - - - This enables the 'curl handle' to be reused on subsequent transfers. - - - When libcurl is told to perform a transfer, it first checks for an already - existing connection in the cache that we can use. Otherwise it creates a - new one and adds that to the cache. If the cache is full already when a new - connection is added, it will first close the oldest unused one. - - - When the transfer operation is complete, the connection is left - open. Particular options may tell libcurl not to, and protocols may signal - closure on connections and then they won't be kept open, of course. - - - When `curl_easy_cleanup()` is called, we close all still opened connections, - unless of course the multi interface "owns" the connections. - - The curl handle must be re-used in order for the persistent connections to - work. - - -multi interface/non-blocking -============================ - - The multi interface is a non-blocking interface to the library. To make that - interface work as well as possible, no low-level functions within libcurl - must be written to work in a blocking manner. (There are still a few spots - violating this rule.) - - One of the primary reasons we introduced c-ares support was to allow the name - resolve phase to be perfectly non-blocking as well. - - The FTP and the SFTP/SCP protocols are examples of how we adapt and adjust - the code to allow non-blocking operations even on multi-stage command- - response protocols. They are built around state machines that return when - they would otherwise block waiting for data. The DICT, LDAP and TELNET - protocols are crappy examples and they are subject for rewrite in the future - to better fit the libcurl protocol family. - - -SSL libraries -============= - - Originally libcurl supported SSLeay for SSL/TLS transports, but that was then - extended to its successor OpenSSL but has since also been extended to several - other SSL/TLS libraries and we expect and hope to further extend the support - in future libcurl versions. - - To deal with this internally in the best way possible, we have a generic SSL - function API as provided by the vtls/vtls.[ch] system, and they are the only - SSL functions we must use from within libcurl. vtls is then crafted to use - the appropriate lower-level function calls to whatever SSL library that is in - use. For example vtls/openssl.[ch] for the OpenSSL library. - - -Library Symbols -=============== - - All symbols used internally in libcurl must use a `Curl_` prefix if they're - used in more than a single file. Single-file symbols must be made static. - Public ("exported") symbols must use a `curl_` prefix. (There are exceptions, - but they are to be changed to follow this pattern in future versions.) Public - API functions are marked with `CURL_EXTERN` in the public header files so - that all others can be hidden on platforms where this is possible. - - -Return Codes and Informationals -=============================== - - I've made things simple. Almost every function in libcurl returns a CURLcode, - that must be `CURLE_OK` if everything is OK or otherwise a suitable error - code as the curl/curl.h include file defines. The very spot that detects an - error must use the `Curl_failf()` function to set the human-readable error - description. - - In aiding the user to understand what's happening and to debug curl usage, we - must supply a fair number of informational messages by using the - `Curl_infof()` function. Those messages are only displayed when the user - explicitly asks for them. They are best used when revealing information that - isn't otherwise obvious. - - -API/ABI -======= - - We make an effort to not export or show internals or how internals work, as - that makes it easier to keep a solid API/ABI over time. See docs/libcurl/ABI - for our promise to users. - - -Client -====== - - main() resides in `src/tool_main.c`. - - `src/tool_hugehelp.c` is automatically generated by the mkhelp.pl perl script - to display the complete "manual" and the `src/tool_urlglob.c` file holds the - functions used for the URL-"globbing" support. Globbing in the sense that the - {} and [] expansion stuff is there. - - The client mostly sets up its 'config' struct properly, then - it calls the `curl_easy_*()` functions of the library and when it gets back - control after the `curl_easy_perform()` it cleans up the library, checks - status and exits. - - When the operation is done, the ourWriteOut() function in src/writeout.c may - be called to report about the operation. That function is using the - `curl_easy_getinfo()` function to extract useful information from the curl - session. - - It may loop and do all this several times if many URLs were specified on the - command line or config file. - - -Memory Debugging -================ - - The file lib/memdebug.c contains debug-versions of a few functions. Functions - such as malloc, free, fopen, fclose, etc that somehow deal with resources - that might give us problems if we "leak" them. The functions in the memdebug - system do nothing fancy, they do their normal function and then log - information about what they just did. The logged data can then be analyzed - after a complete session, - - memanalyze.pl is the perl script present in tests/ that analyzes a log file - generated by the memory tracking system. It detects if resources are - allocated but never freed and other kinds of errors related to resource - management. - - Internally, definition of preprocessor symbol DEBUGBUILD restricts code which - is only compiled for debug enabled builds. And symbol CURLDEBUG is used to - differentiate code which is _only_ used for memory tracking/debugging. - - Use -DCURLDEBUG when compiling to enable memory debugging, this is also - switched on by running configure with --enable-curldebug. Use -DDEBUGBUILD - when compiling to enable a debug build or run configure with --enable-debug. - - curl --version will list 'Debug' feature for debug enabled builds, and - will list 'TrackMemory' feature for curl debug memory tracking capable - builds. These features are independent and can be controlled when running - the configure script. When --enable-debug is given both features will be - enabled, unless some restriction prevents memory tracking from being used. - - -Test Suite -========== - - The test suite is placed in its own subdirectory directly off the root in the - curl archive tree, and it contains a bunch of scripts and a lot of test case - data. - - The main test script is runtests.pl that will invoke test servers like - httpserver.pl and ftpserver.pl before all the test cases are performed. The - test suite currently only runs on Unix-like platforms. - - You'll find a description of the test suite in the tests/README file, and the - test case data files in the tests/FILEFORMAT file. - - The test suite automatically detects if curl was built with the memory - debugging enabled, and if it was, it will detect memory leaks, too. - - -Asynchronous name resolves -========================== - - libcurl can be built to do name resolves asynchronously, using either the - normal resolver in a threaded manner or by using c-ares. - - -[c-ares][3] ------- - -### Build libcurl to use a c-ares - -1. ./configure --enable-ares=/path/to/ares/install -2. make - -### c-ares on win32 - - First I compiled c-ares. I changed the default C runtime library to be the - single-threaded rather than the multi-threaded (this seems to be required to - prevent linking errors later on). Then I simply build the areslib project - (the other projects adig/ahost seem to fail under MSVC). - - Next was libcurl. I opened lib/config-win32.h and I added a: - `#define USE_ARES 1` - - Next thing I did was I added the path for the ares includes to the include - path, and the libares.lib to the libraries. - - Lastly, I also changed libcurl to be single-threaded rather than - multi-threaded, again this was to prevent some duplicate symbol errors. I'm - not sure why I needed to change everything to single-threaded, but when I - didn't I got redefinition errors for several CRT functions (malloc, stricmp, - etc.) - - -`curl_off_t` -========== - - `curl_off_t` is a data type provided by the external libcurl include - headers. It is the type meant to be used for the [`curl_easy_setopt()`][1] - options that end with LARGE. The type is 64bit large on most modern - platforms. - -curlx -===== - - The libcurl source code offers a few functions by source only. They are not - part of the official libcurl API, but the source files might be useful for - others so apps can optionally compile/build with these sources to gain - additional functions. - - We provide them through a single header file for easy access for apps: - "curlx.h" - -`curlx_strtoofft()` -------------------- - A macro that converts a string containing a number to a `curl_off_t` number. - This might use the `curlx_strtoll()` function which is provided as source - code in strtoofft.c. Note that the function is only provided if no - strtoll() (or equivalent) function exist on your platform. If `curl_off_t` - is only a 32 bit number on your platform, this macro uses strtol(). - -`curlx_tvnow()` ---------------- - returns a struct timeval for the current time. - -`curlx_tvdiff()` --------------- - returns the difference between two timeval structs, in number of - milliseconds. - -`curlx_tvdiff_secs()` ---------------------- - returns the same as `curlx_tvdiff` but with full usec resolution (as a - double) - -Future ------- - - Several functions will be removed from the public `curl_` name space in a - future libcurl release. They will then only become available as `curlx_` - functions instead. To make the transition easier, we already today provide - these functions with the `curlx_` prefix to allow sources to be built - properly with the new function names. The concerned functions are: - - - `curlx_getenv` - - `curlx_strequal` - - `curlx_strnequal` - - `curlx_mvsnprintf` - - `curlx_msnprintf` - - `curlx_maprintf` - - `curlx_mvaprintf` - - `curlx_msprintf` - - `curlx_mprintf` - - `curlx_mfprintf` - - `curlx_mvsprintf` - - `curlx_mvprintf` - - `curlx_mvfprintf` - - -Content Encoding -================ - -## About content encodings - - [HTTP/1.1][4] specifies that a client may request that a server encode its - response. This is usually used to compress a response using one of a set of - commonly available compression techniques. These schemes are 'deflate' (the - zlib algorithm), 'gzip' and 'compress'. A client requests that the server - perform an encoding by including an Accept-Encoding header in the request - document. The value of the header should be one of the recognized tokens - 'deflate', ... (there's a way to register new schemes/tokens, see sec 3.5 of - the spec). A server MAY honor the client's encoding request. When a response - is encoded, the server includes a Content-Encoding header in the - response. The value of the Content-Encoding header indicates which scheme was - used to encode the data. - - A client may tell a server that it can understand several different encoding - schemes. In this case the server may choose any one of those and use it to - encode the response (indicating which one using the Content-Encoding header). - It's also possible for a client to attach priorities to different schemes so - that the server knows which it prefers. See sec 14.3 of RFC 2616 for more - information on the Accept-Encoding header. - -## Supported content encodings - - The 'deflate' and 'gzip' content encoding are supported by libcurl. Both - regular and chunked transfers work fine. The zlib library is required for - this feature. - -## The libcurl interface - - To cause libcurl to request a content encoding use: - - [`curl_easy_setopt`][1](curl, [`CURLOPT_ACCEPT_ENCODING`][5], string) - - where string is the intended value of the Accept-Encoding header. - - Currently, libcurl only understands how to process responses that use the - "deflate" or "gzip" Content-Encoding, so the only values for - [`CURLOPT_ACCEPT_ENCODING`][5] that will work (besides "identity," which does - nothing) are "deflate" and "gzip" If a response is encoded using the - "compress" or methods, libcurl will return an error indicating that the - response could not be decoded. If is NULL no Accept-Encoding header - is generated. If is a zero-length string, then an Accept-Encoding - header containing all supported encodings will be generated. - - The [`CURLOPT_ACCEPT_ENCODING`][5] must be set to any non-NULL value for - content to be automatically decoded. If it is not set and the server still - sends encoded content (despite not having been asked), the data is returned - in its raw form and the Content-Encoding type is not checked. - -## The curl interface - - Use the [--compressed][6] option with curl to cause it to ask servers to - compress responses using any format supported by curl. - - -hostip.c explained -================== - - The main compile-time defines to keep in mind when reading the host*.c source - file are these: - -## `CURLRES_IPV6` - - this host has getaddrinfo() and family, and thus we use that. The host may - not be able to resolve IPv6, but we don't really have to take that into - account. Hosts that aren't IPv6-enabled have `CURLRES_IPV4` defined. - -## `CURLRES_ARES` - - is defined if libcurl is built to use c-ares for asynchronous name - resolves. This can be Windows or *nix. - -## `CURLRES_THREADED` - - is defined if libcurl is built to use threading for asynchronous name - resolves. The name resolve will be done in a new thread, and the supported - asynch API will be the same as for ares-builds. This is the default under - (native) Windows. - - If any of the two previous are defined, `CURLRES_ASYNCH` is defined too. If - libcurl is not built to use an asynchronous resolver, `CURLRES_SYNCH` is - defined. - -## host*.c sources - - The host*.c sources files are split up like this: - - - hostip.c - method-independent resolver functions and utility functions - - hostasyn.c - functions for asynchronous name resolves - - hostsyn.c - functions for synchronous name resolves - - asyn-ares.c - functions for asynchronous name resolves using c-ares - - asyn-thread.c - functions for asynchronous name resolves using threads - - hostip4.c - IPv4 specific functions - - hostip6.c - IPv6 specific functions - - The hostip.h is the single united header file for all this. It defines the - `CURLRES_*` defines based on the config*.h and `curl_setup.h` defines. - - -Track Down Memory Leaks -======================= - -## Single-threaded - - Please note that this memory leak system is not adjusted to work in more - than one thread. If you want/need to use it in a multi-threaded app. Please - adjust accordingly. - - -## Build - - Rebuild libcurl with -DCURLDEBUG (usually, rerunning configure with - --enable-debug fixes this). 'make clean' first, then 'make' so that all - files are actually rebuilt properly. It will also make sense to build - libcurl with the debug option (usually -g to the compiler) so that debugging - it will be easier if you actually do find a leak in the library. - - This will create a library that has memory debugging enabled. - -## Modify Your Application - - Add a line in your application code: - - `curl_memdebug("dump");` - - This will make the malloc debug system output a full trace of all resource - using functions to the given file name. Make sure you rebuild your program - and that you link with the same libcurl you built for this purpose as - described above. - -## Run Your Application - - Run your program as usual. Watch the specified memory trace file grow. - - Make your program exit and use the proper libcurl cleanup functions etc. So - that all non-leaks are returned/freed properly. - -## Analyze the Flow - - Use the tests/memanalyze.pl perl script to analyze the dump file: - - tests/memanalyze.pl dump - - This now outputs a report on what resources that were allocated but never - freed etc. This report is very fine for posting to the list! - - If this doesn't produce any output, no leak was detected in libcurl. Then - the leak is mostly likely to be in your code. - - -`multi_socket` -============== - - Implementation of the `curl_multi_socket` API - - The main ideas of this API are simply: - - 1 - The application can use whatever event system it likes as it gets info - from libcurl about what file descriptors libcurl waits for what action - on. (The previous API returns `fd_sets` which is very select()-centric). - - 2 - When the application discovers action on a single socket, it calls - libcurl and informs that there was action on this particular socket and - libcurl can then act on that socket/transfer only and not care about - any other transfers. (The previous API always had to scan through all - the existing transfers.) - - The idea is that [`curl_multi_socket_action()`][7] calls a given callback - with information about what socket to wait for what action on, and the - callback only gets called if the status of that socket has changed. - - We also added a timer callback that makes libcurl call the application when - the timeout value changes, and you set that with [`curl_multi_setopt()`][9] - and the [`CURLMOPT_TIMERFUNCTION`][10] option. To get this to work, - Internally, there's an added struct to each easy handle in which we store - an "expire time" (if any). The structs are then "splay sorted" so that we - can add and remove times from the linked list and yet somewhat swiftly - figure out both how long there is until the next nearest timer expires - and which timer (handle) we should take care of now. Of course, the upside - of all this is that we get a [`curl_multi_timeout()`][8] that should also - work with old-style applications that use [`curl_multi_perform()`][11]. - - We created an internal "socket to easy handles" hash table that given - a socket (file descriptor) returns the easy handle that waits for action on - that socket. This hash is made using the already existing hash code - (previously only used for the DNS cache). - - To make libcurl able to report plain sockets in the socket callback, we had - to re-organize the internals of the [`curl_multi_fdset()`][12] etc so that - the conversion from sockets to `fd_sets` for that function is only done in - the last step before the data is returned. I also had to extend c-ares to - get a function that can return plain sockets, as that library too returned - only `fd_sets` and that is no longer good enough. The changes done to c-ares - are available in c-ares 1.3.1 and later. - - -Structs in libcurl -================== - -This section should cover 7.32.0 pretty accurately, but will make sense even -for older and later versions as things don't change drastically that often. - -## Curl_easy - - The `Curl_easy` struct is the one returned to the outside in the external API - as a "CURL *". This is usually known as an easy handle in API documentations - and examples. - - Information and state that is related to the actual connection is in the - 'connectdata' struct. When a transfer is about to be made, libcurl will - either create a new connection or re-use an existing one. The particular - connectdata that is used by this handle is pointed out by - `Curl_easy->easy_conn`. - - Data and information that regard this particular single transfer is put in - the SingleRequest sub-struct. - - When the `Curl_easy` struct is added to a multi handle, as it must be in - order to do any transfer, the ->multi member will point to the `Curl_multi` - struct it belongs to. The ->prev and ->next members will then be used by the - multi code to keep a linked list of `Curl_easy` structs that are added to - that same multi handle. libcurl always uses multi so ->multi *will* point to - a `Curl_multi` when a transfer is in progress. - - ->mstate is the multi state of this particular `Curl_easy`. When - `multi_runsingle()` is called, it will act on this handle according to which - state it is in. The mstate is also what tells which sockets to return for a - specific `Curl_easy` when [`curl_multi_fdset()`][12] is called etc. - - The libcurl source code generally use the name 'data' for the variable that - points to the `Curl_easy`. - - When doing multiplexed HTTP/2 transfers, each `Curl_easy` is associated with - an individual stream, sharing the same connectdata struct. Multiplexing - makes it even more important to keep things associated with the right thing! - -## connectdata - - A general idea in libcurl is to keep connections around in a connection - "cache" after they have been used in case they will be used again and then - re-use an existing one instead of creating a new as it creates a significant - performance boost. - - Each 'connectdata' identifies a single physical connection to a server. If - the connection can't be kept alive, the connection will be closed after use - and then this struct can be removed from the cache and freed. - - Thus, the same `Curl_easy` can be used multiple times and each time select - another connectdata struct to use for the connection. Keep this in mind, as - it is then important to consider if options or choices are based on the - connection or the `Curl_easy`. - - Functions in libcurl will assume that connectdata->data points to the - `Curl_easy` that uses this connection (for the moment). - - As a special complexity, some protocols supported by libcurl require a - special disconnect procedure that is more than just shutting down the - socket. It can involve sending one or more commands to the server before - doing so. Since connections are kept in the connection cache after use, the - original `Curl_easy` may no longer be around when the time comes to shut down - a particular connection. For this purpose, libcurl holds a special dummy - `closure_handle` `Curl_easy` in the `Curl_multi` struct to use when needed. - - FTP uses two TCP connections for a typical transfer but it keeps both in - this single struct and thus can be considered a single connection for most - internal concerns. - - The libcurl source code generally use the name 'conn' for the variable that - points to the connectdata. - -## Curl_multi - - Internally, the easy interface is implemented as a wrapper around multi - interface functions. This makes everything multi interface. - - `Curl_multi` is the multi handle struct exposed as "CURLM *" in external - APIs. - - This struct holds a list of `Curl_easy` structs that have been added to this - handle with [`curl_multi_add_handle()`][13]. The start of the list is - `->easyp` and `->num_easy` is a counter of added `Curl_easy`s. - - `->msglist` is a linked list of messages to send back when - [`curl_multi_info_read()`][14] is called. Basically a node is added to that - list when an individual `Curl_easy`'s transfer has completed. - - `->hostcache` points to the name cache. It is a hash table for looking up - name to IP. The nodes have a limited life time in there and this cache is - meant to reduce the time for when the same name is wanted within a short - period of time. - - `->timetree` points to a tree of `Curl_easy`s, sorted by the remaining time - until it should be checked - normally some sort of timeout. Each `Curl_easy` - has one node in the tree. - - `->sockhash` is a hash table to allow fast lookups of socket descriptor for - which `Curl_easy` uses that descriptor. This is necessary for the - `multi_socket` API. - - `->conn_cache` points to the connection cache. It keeps track of all - connections that are kept after use. The cache has a maximum size. - - `->closure_handle` is described in the 'connectdata' section. - - The libcurl source code generally use the name 'multi' for the variable that - points to the `Curl_multi` struct. - -## Curl_handler - - Each unique protocol that is supported by libcurl needs to provide at least - one `Curl_handler` struct. It defines what the protocol is called and what - functions the main code should call to deal with protocol specific issues. - In general, there's a source file named [protocol].c in which there's a - "struct `Curl_handler` `Curl_handler_[protocol]`" declared. In url.c there's - then the main array with all individual `Curl_handler` structs pointed to - from a single array which is scanned through when a URL is given to libcurl - to work with. - - `->scheme` is the URL scheme name, usually spelled out in uppercase. That's - "HTTP" or "FTP" etc. SSL versions of the protocol need their own `Curl_handler` setup so HTTPS separate from HTTP. - - `->setup_connection` is called to allow the protocol code to allocate - protocol specific data that then gets associated with that `Curl_easy` for - the rest of this transfer. It gets freed again at the end of the transfer. - It will be called before the 'connectdata' for the transfer has been - selected/created. Most protocols will allocate its private - 'struct [PROTOCOL]' here and assign `Curl_easy->req.protop` to point to it. - - `->connect_it` allows a protocol to do some specific actions after the TCP - connect is done, that can still be considered part of the connection phase. - - Some protocols will alter the `connectdata->recv[]` and - `connectdata->send[]` function pointers in this function. - - `->connecting` is similarly a function that keeps getting called as long as - the protocol considers itself still in the connecting phase. - - `->do_it` is the function called to issue the transfer request. What we call - the DO action internally. If the DO is not enough and things need to be kept - getting done for the entire DO sequence to complete, `->doing` is then - usually also provided. Each protocol that needs to do multiple commands or - similar for do/doing need to implement their own state machines (see SCP, - SFTP, FTP). Some protocols (only FTP and only due to historical reasons) has - a separate piece of the DO state called `DO_MORE`. - - `->doing` keeps getting called while issuing the transfer request command(s) - - `->done` gets called when the transfer is complete and DONE. That's after the - main data has been transferred. - - `->do_more` gets called during the `DO_MORE` state. The FTP protocol uses - this state when setting up the second connection. - - ->`proto_getsock` - ->`doing_getsock` - ->`domore_getsock` - ->`perform_getsock` - Functions that return socket information. Which socket(s) to wait for which - action(s) during the particular multi state. - - ->disconnect is called immediately before the TCP connection is shutdown. - - ->readwrite gets called during transfer to allow the protocol to do extra - reads/writes - - ->defport is the default report TCP or UDP port this protocol uses - - ->protocol is one or more bits in the `CURLPROTO_*` set. The SSL versions - have their "base" protocol set and then the SSL variation. Like - "HTTP|HTTPS". - - ->flags is a bitmask with additional information about the protocol that will - make it get treated differently by the generic engine: - - - `PROTOPT_SSL` - will make it connect and negotiate SSL - - - `PROTOPT_DUAL` - this protocol uses two connections - - - `PROTOPT_CLOSEACTION` - this protocol has actions to do before closing the - connection. This flag is no longer used by code, yet still set for a bunch - of protocol handlers. - - - `PROTOPT_DIRLOCK` - "direction lock". The SSH protocols set this bit to - limit which "direction" of socket actions that the main engine will - concern itself with. - - - `PROTOPT_NONETWORK` - a protocol that doesn't use network (read file:) - - - `PROTOPT_NEEDSPWD` - this protocol needs a password and will use a default - one unless one is provided - - - `PROTOPT_NOURLQUERY` - this protocol can't handle a query part on the URL - (?foo=bar) - -## conncache - - Is a hash table with connections for later re-use. Each `Curl_easy` has a - pointer to its connection cache. Each multi handle sets up a connection - cache that all added `Curl_easy`s share by default. - -## Curl_share - - The libcurl share API allocates a `Curl_share` struct, exposed to the - external API as "CURLSH *". - - The idea is that the struct can have a set of its own versions of caches and - pools and then by providing this struct in the `CURLOPT_SHARE` option, those - specific `Curl_easy`s will use the caches/pools that this share handle - holds. - - Then individual `Curl_easy` structs can be made to share specific things - that they otherwise wouldn't, such as cookies. - - The `Curl_share` struct can currently hold cookies, DNS cache and the SSL - session cache. - -## CookieInfo - - This is the main cookie struct. It holds all known cookies and related - information. Each `Curl_easy` has its own private CookieInfo even when - they are added to a multi handle. They can be made to share cookies by using - the share API. - - -[1]: https://curl.haxx.se/libcurl/c/curl_easy_setopt.html -[2]: https://curl.haxx.se/libcurl/c/curl_easy_init.html -[3]: http://c-ares.haxx.se/ -[4]: https://tools.ietf.org/html/rfc7230 "RFC 7230" -[5]: https://curl.haxx.se/libcurl/c/CURLOPT_ACCEPT_ENCODING.html -[6]: https://curl.haxx.se/docs/manpage.html#--compressed -[7]: https://curl.haxx.se/libcurl/c/curl_multi_socket_action.html -[8]: https://curl.haxx.se/libcurl/c/curl_multi_timeout.html -[9]: https://curl.haxx.se/libcurl/c/curl_multi_setopt.html -[10]: https://curl.haxx.se/libcurl/c/CURLMOPT_TIMERFUNCTION.html -[11]: https://curl.haxx.se/libcurl/c/curl_multi_perform.html -[12]: https://curl.haxx.se/libcurl/c/curl_multi_fdset.html -[13]: https://curl.haxx.se/libcurl/c/curl_multi_add_handle.html -[14]: https://curl.haxx.se/libcurl/c/curl_multi_info_read.html DELETED scriptlibs/softwareupdate/curl/docs/KNOWN_BUGS.txt Index: scriptlibs/softwareupdate/curl/docs/KNOWN_BUGS.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/KNOWN_BUGS.txt +++ scriptlibs/softwareupdate/curl/docs/KNOWN_BUGS.txt @@ -1,604 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - Known Bugs - -These are problems and bugs known to exist at the time of this release. Feel -free to join in and help us correct one or more of these! Also be sure to -check the changelog of the current development status, as one or more of these -problems may have been fixed or changed somewhat since this was written! - - 1. HTTP - 1.1 CURLFORM_CONTENTLEN in an array - 1.2 Disabling HTTP Pipelining - 1.3 STARTTRANSFER time is wrong for HTTP POSTs - 1.4 multipart formposts file name encoding - 1.5 Expect-100 meets 417 - 1.6 Unnecessary close when 401 received waiting for 100 - 1.8 DNS timing is wrong for HTTP redirects - 1.9 HTTP/2 frames while in the connection pool kill reuse - 1.10 Strips trailing dot from host name - 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM - - 2. TLS - 2.1 CURLINFO_SSL_VERIFYRESULT has limited support - 2.2 DER in keychain - 2.3 GnuTLS backend skips really long certificate fields - - 3. Email protocols - 3.1 IMAP SEARCH ALL truncated response - 3.2 No disconnect command - 3.3 SMTP to multiple recipients - 3.4 POP3 expects "CRLF.CRLF" eob for some single-line responses - - 4. Command line - 4.1 -J with %-encoded file nameas - 4.2 -J with -C - fails - 4.3 --retry and transfer timeouts - - 5. Build and portability issues - 5.1 Windows Borland compiler - 5.2 curl-config --libs contains private details - 5.3 libidn and old iconv - 5.4 AIX shared build with c-ares fails - 5.5 can't handle Unicode arguments in Windows - 5.6 cmake support gaps - 5.7 Visual Studio project gaps - 5.8 configure finding libs in wrong directory - 5.9 Utilize Requires.private directives in libcurl.pc - 5.10 Fix the gcc typechecks - - 6. Authentication - 6.1 NTLM authentication and unicode - 6.2 MIT Kerberos for Windows build - 6.3 NTLM in system context uses wrong name - 6.4 Negotiate and Kerberos V5 need a fake user name - - 7. FTP - 7.1 FTP without or slow 220 response - 7.2 FTP with CONNECT and slow server - 7.3 FTP with NOBODY and FAILONERROR - 7.4 FTP with ACCT - 7.5 ASCII FTP - 7.6 FTP with NULs in URL parts - 7.7 FTP and empty path parts in the URL - 7.8 Premature transfer end but healthy control channel - - 8. TELNET - 8.1 TELNET and time limtiations don't work - 8.2 Microsoft telnet server - - 9. SFTP and SCP - 9.1 SFTP doesn't do CURLOPT_POSTQUOTE correct - - 10. SOCKS - 10.1 SOCKS proxy connections are done blocking - 10.2 SOCKS don't support timeouts - 10.3 FTPS over SOCKS - 10.4 active FTP over a SOCKS - - 11. Internals - 11.1 Curl leaks .onion hostnames in DNS - 11.2 error buffer not set if connection to multiple addresses fails - 11.3 c-ares deviates from stock resolver on http://1346569778 - - 12. LDAP and OpenLDAP - 12.1 OpenLDAP hangs after returning results - - 13. TCP/IP - 13.1 --interface for ipv6 binds to unusable IP address - - -============================================================================== - -1. HTTP - -1.1 CURLFORM_CONTENTLEN in an array - - It is not possible to pass a 64-bit value using CURLFORM_CONTENTLEN with - CURLFORM_ARRAY, when compiled on 32-bit platforms that support 64-bit - integers. This is because the underlying structure 'curl_forms' uses a dual - purpose char* for storing these values in via casting. For more information - see the now closed related issue: - https://github.com/curl/curl/issues/608 - -1.2 Disabling HTTP Pipelining - - Disabling HTTP Pipelining when there are ongoing transfers can lead to - heap corruption and crash. https://curl.haxx.se/bug/view.cgi?id=1411 - -1.3 STARTTRANSFER time is wrong for HTTP POSTs - - Wrong STARTTRANSFER timer accounting for POST requests Timer works fine with - GET requests, but while using POST the time for CURLINFO_STARTTRANSFER_TIME - is wrong. While using POST CURLINFO_STARTTRANSFER_TIME minus - CURLINFO_PRETRANSFER_TIME is near to zero every time. - - https://github.com/curl/curl/issues/218 - https://curl.haxx.se/bug/view.cgi?id=1213 - -1.4 multipart formposts file name encoding - - When creating multipart formposts. The file name part can be encoded with - something beyond ascii but currently libcurl will only pass in the verbatim - string the app provides. There are several browsers that already do this - encoding. The key seems to be the updated draft to RFC2231: - https://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02 - -1.5 Expect-100 meets 417 - - If an upload using Expect: 100-continue receives an HTTP 417 response, it - ought to be automatically resent without the Expect:. A workaround is for - the client application to redo the transfer after disabling Expect:. - https://curl.haxx.se/mail/archive-2008-02/0043.html - -1.6 Unnecessary close when 401 received waiting for 100 - - libcurl closes the connection if an HTTP 401 reply is received while it is - waiting for the the 100-continue response. - https://curl.haxx.se/mail/lib-2008-08/0462.html - -1.8 DNS timing is wrong for HTTP redirects - - When extracting timing information after HTTP redirects, only the last - transfer's results are returned and not the totals: - https://github.com/curl/curl/issues/522 - -1.9 HTTP/2 frames while in the connection pool kill reuse - - If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to - curl while the connection is held in curl's connection pool, the socket will - be found readable when considered for reuse and that makes curl think it is - dead and then it will be closed and a new connection gets created instead. - - This is *best* fixed by adding monitoring to connections while they are kept - in the pool so that pings can be responded to appropriately. - -1.10 Strips trailing dot from host name - - When given a URL wit a trailing dot for the host name part: - "https://example.com./", libcurl will strip off the dot and use the name - without a dot internally and send it dot-less in HTTP Host: headers and in - the TLS SNI field. - - The HTTP part violates RFC 7230 section 5.4 but the SNI part is accordance - with RFC 6066 section 3. - - URLs using these trailing dots are very rare in the wild and we have not seen - or gotten any real-world problems with such URLs reported. The popular - browsers seem to have stayed with not stripping the dot for both uses (thus - they violate RFC 6066 instead of RFC 7230). - - Daniel took the discussion to the HTTPbis mailing list in March 2016: - https://lists.w3.org/Archives/Public/ietf-http-wg/2016JanMar/0430.html but - there was not major rush or interest to fix this. The impression I get is - that most HTTP people rather not rock the boat now and instead prioritize web - compatibility rather than to strictly adhere to these RFCs. - - Our current approach allows a knowing client to send a custom HTTP header - with the dot added. - - It can also be noted that while adding a trailing dot to the host name in - most (all?) cases will make the name resolve to the same set of IP addresses, - many HTTP servers will not happily accept the trailing dot there unless that - has been specificly configured to be a fine virtual host. - - If URLs with trailing dots for host names become more popular or even just - used more than for just plain fun experiments, I'm sure we will have reason - to go back and reconsider. - - See https://github.com/curl/curl/issues/716 for the discussion. - -1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM - - I'm using libcurl to POST form data using a FILE* with the CURLFORM_STREAM - option of curl_formadd(). I've noticed that if the connection drops at just - the right time, the POST is reattempted without the data from the file. It - seems like the file stream position isn't getting reset to the beginning of - the file. I found the CURLOPT_SEEKFUNCTION option and set that with a - function that performs an fseek() on the FILE*. However, setting that didn't - seem to fix the issue or even get called. See - https://github.com/curl/curl/issues/768 - - -2. TLS - -2.1 CURLINFO_SSL_VERIFYRESULT has limited support - - CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS - backends, so relying on this information in a generic app is flaky. - -2.2 DER in keychain - - Curl doesn't recognize certificates in DER format in keychain, but it works - with PEM. https://curl.haxx.se/bug/view.cgi?id=1065 - -2.3 GnuTLS backend skips really long certificate fields - - libcurl calls gnutls_x509_crt_get_dn() with a fixed buffer size and if the - field is too long in the cert, it'll just return an error and the field will - be displayed blank. - - -3. Email protocols - -3.1 IMAP SEARCH ALL truncated response - - IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the - code reveals that pingpong.c contains some truncation code, at line 408, when - it deems the server response to be too large truncating it to 40 characters" - https://curl.haxx.se/bug/view.cgi?id=1366 - -3.2 No disconnect command - - The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and - SMTP if a failure occurs during the authentication phase of a connection. - -3.3 SMTP to multiple recipients - - When sending data to multiple recipients, curl will abort and return failure - if one of the recipients indicate failure (on the "RCPT TO" - command). Ordinary mail programs would proceed and still send to the ones - that can receive data. This is subject for change in the future. - https://curl.haxx.se/bug/view.cgi?id=1116 - -3.4 POP3 expects "CRLF.CRLF" eob for some single-line responses - - You have to tell libcurl not to expect a body, when dealing with one line - response commands. Please see the POP3 examples and test cases which show - this for the NOOP and DELE commands. https://curl.haxx.se/bug/?i=740 - - -4. Command line - -4.1 -J with %-encoded file nameas - - -J/--remote-header-name doesn't decode %-encoded file names. RFC6266 details - how it should be done. The can of worm is basically that we have no charset - handling in curl and ascii >=128 is a challenge for us. Not to mention that - decoding also means that we need to check for nastiness that is attempted, - like "../" sequences and the like. Probably everything to the left of any - embedded slashes should be cut off. - https://curl.haxx.se/bug/view.cgi?id=1294 - -4.2 -J with -C - fails - - When using -J (with -O), automatically resumed downloading together with "-C - -" fails. Without -J the same command line works! This happens because the - resume logic is worked out before the target file name (and thus its - pre-transfer size) has been figured out! - https://curl.haxx.se/bug/view.cgi?id=1169 - -4.3 --retry and transfer timeouts - - If using --retry and the transfer timeouts (possibly due to using -m or - -y/-Y) the next attempt doesn't resume the transfer properly from what was - downloaded in the previous attempt but will truncate and restart at the - original position where it was at before the previous failed attempt. See - https://curl.haxx.se/mail/lib-2008-01/0080.html and Mandriva bug report - https://qa.mandriva.com/show_bug.cgi?id=22565 - - -5. Build and portability issues - -5.1 Windows Borland compiler - - When building with the Windows Borland compiler, it fails because the "tlib" - tool doesn't support hyphens (minus signs) in file names and we have such in - the build. https://curl.haxx.se/bug/view.cgi?id=1222 - -5.2 curl-config --libs contains private details - - "curl-config --libs" will include details set in LDFLAGS when configure is - run that might be needed only for building libcurl. Further, curl-config - --cflags suffers from the same effects with CFLAGS/CPPFLAGS. - -5.3 libidn and old iconv - - Test case 165 might fail on a system which has libidn present, but with an - old iconv version (2.1.3 is a known bad version), since it doesn't recognize - the charset when named ISO8859-1. Changing the name to ISO-8859-1 makes the - test pass, but instead makes it fail on Solaris hosts that use its native - iconv. - -5.4 AIX shared build with c-ares fails - - curl version 7.12.2 fails on AIX if compiled with --enable-ares. The - workaround is to combine --enable-ares with --disable-shared - -5.5 can't handle Unicode arguments in Windows - - If a URL or filename can't be encoded using the user's current codepage then - it can only be encoded properly in the Unicode character set. Windows uses - UTF-16 encoding for Unicode and stores it in wide characters, however curl - and libcurl are not equipped for that at the moment. And, except for Cygwin, - Windows can't use UTF-8 as a locale. - - https://curl.haxx.se/bug/?i=345 - https://curl.haxx.se/bug/?i=731 - -5.6 cmake support gaps - - The cmake build setup lacks several features that the autoconf build - offers. This includes: - - - symbol hiding when the shared library is built - - use of correct soname for the shared library build - - support for several TLS backends are missing - - the unit tests cause link failures in regular non-static builds - - no nghttp2 check - -5.7 Visual Studio project gaps - - The Visual Studio projects lack some features that the autoconf and nmake - builds offer, such as the following: - - - support for zlib and nghttp2 - - use of static runtime libraries - - add the test suite components - - In addition to this the following could be implemented: - - - support for other development IDEs - - add PATH environment variables for third-party DLLs - -5.8 configure finding libs in wrong directory - - When the configure script checks for third-party libraries, it adds those - directories to the LDFLAGS variable and then tries linking to see if it - works. When successful, the found directory is kept in the LDFLAGS variable - when the script continues to execute and do more tests and possibly check for - more libraries. - - This can make subsequent checks for libraries wrongly detect another - installation in a directory that was previously added to LDFLAGS by another - library check! - - A possibly better way to do these checks would be to keep the pristine LDFLAGS - even after successful checks and instead add those verified paths to a - separate variable that only after all library checks have been performed gets - appended to LDFLAGS. - -5.9 Utilize Requires.private directives in libcurl.pc - - https://github.com/curl/curl/issues/864 - -5.10 Fix the gcc typechecks - - Issue #846 identifies a problem with the gcc-typechecks and how the types are - documented and checked for CURLINFO_CERTINFO but our attempts to fix the - issue were futile and needs more attention. - - https://github.com/curl/curl/issues/846 - -6. Authentication - -6.1 NTLM authentication and unicode - - NTLM authentication involving unicode user name or password only works - properly if built with UNICODE defined together with the WinSSL/schannel - backend. The original problem was mentioned in: - https://curl.haxx.se/mail/lib-2009-10/0024.html - https://curl.haxx.se/bug/view.cgi?id=896 - - The WinSSL/schannel version verified to work as mentioned in - https://curl.haxx.se/mail/lib-2012-07/0073.html - -6.2 MIT Kerberos for Windows build - - libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's - library header files exporting symbols/macros that should be kept private to - the KfW library. See ticket #5601 at http://krbdev.mit.edu/rt/ - -6.3 NTLM in system context uses wrong name - - NTLM authentication using SSPI (on Windows) when (lib)curl is running in - "system context" will make it use wrong(?) user name - at least when compared - to what winhttp does. See https://curl.haxx.se/bug/view.cgi?id=535 - -6.4 Negotiate and Kerberos V5 need a fake user name - - In order to get Negotiate (SPNEGO) authentication to work in HTTP or Kerberos - V5 in the e-mail protocols, you need to provide a (fake) user name (this - concerns both curl and the lib) because the code wrongly only considers - authentication if there's a user name provided by setting - conn->bits.user_passwd in url.c https://curl.haxx.se/bug/view.cgi?id=440 How? - https://curl.haxx.se/mail/lib-2004-08/0182.html A possible solution is to - either modify this variable to be set or introduce a variable such as - new conn->bits.want_authentication which is set when any of the authentication - options are set. - - -7. FTP - -7.1 FTP without or slow 220 response - - If a connection is made to a FTP server but the server then just never sends - the 220 response or otherwise is dead slow, libcurl will not acknowledge the - connection timeout during that phase but only the "real" timeout - which may - surprise users as it is probably considered to be the connect phase to most - people. Brought up (and is being misunderstood) in: - https://curl.haxx.se/bug/view.cgi?id=856 - -7.2 FTP with CONNECT and slow server - - When doing FTP over a socks proxy or CONNECT through HTTP proxy and the multi - interface is used, libcurl will fail if the (passive) TCP connection for the - data transfer isn't more or less instant as the code does not properly wait - for the connect to be confirmed. See test case 564 for a first shot at a test - case. - -7.3 FTP with NOBODY and FAILONERROR - - It seems sensible to be able to use CURLOPT_NOBODY and CURLOPT_FAILONERROR - with FTP to detect if a file exists or not, but it is not working: - https://curl.haxx.se/mail/lib-2008-07/0295.html - -7.4 FTP with ACCT - - When doing an operation over FTP that requires the ACCT command (but not when - logging in), the operation will fail since libcurl doesn't detect this and - thus fails to issue the correct command: - https://curl.haxx.se/bug/view.cgi?id=635 - -7.5 ASCII FTP - - FTP ASCII transfers do not follow RFC959. They don't convert the data - accordingly (not for sending nor for receiving). RFC 959 section 3.1.1.1 - clearly describes how this should be done: - - The sender converts the data from an internal character representation to - the standard 8-bit NVT-ASCII representation (see the Telnet - specification). The receiver will convert the data from the standard - form to his own internal form. - - Since 7.15.4 at least line endings are converted. - -7.6 FTP with NULs in URL parts - - FTP URLs passed to curl may contain NUL (0x00) in the RFC 1738 , - , and components, encoded as "%00". The problem is that - curl_unescape does not detect this, but instead returns a shortened C string. - From a strict FTP protocol standpoint, NUL is a valid character within RFC - 959 , so the way to handle this correctly in curl would be to use a - data structure other than a plain C string, one that can handle embedded NUL - characters. From a practical standpoint, most FTP servers would not - meaningfully support NUL characters within RFC 959 , anyway (e.g., - Unix pathnames may not contain NUL). - -7.7 FTP and empty path parts in the URL - - libcurl ignores empty path parts in FTP URLs, whereas RFC1738 states that - such parts should be sent to the server as 'CWD ' (without an argument). The - only exception to this rule, is that we knowingly break this if the empty - part is first in the path, as then we use the double slashes to indicate that - the user wants to reach the root dir (this exception SHALL remain even when - this bug is fixed). - -7.8 Premature transfer end but healthy control channel - - When 'multi_done' is called before the transfer has been completed the normal - way, it is considered a "premature" transfer end. In this situation, libcurl - closes the connection assuming it doesn't know the state of the connection so - it can't be reused for subsequent requests. - - With FTP however, this isn't necessarily true but there are a bunch of - situations (listed in the ftp_done code) where it *could* keep the connection - alive even in this situation - but the current code doesn't. Fixing this would - allow libcurl to reuse FTP connections better. - -8. TELNET - -8.1 TELNET and time limtiations don't work - - When using telnet, the time limitation options don't work. - https://curl.haxx.se/bug/view.cgi?id=846 - -8.2 Microsoft telnet server - - There seems to be a problem when connecting to the Microsoft telnet server. - https://curl.haxx.se/bug/view.cgi?id=649 - - -9. SFTP and SCP - -9.1 SFTP doesn't do CURLOPT_POSTQUOTE correct - - When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server - using the multi interface, the commands are not being sent correctly and - instead the connection is "cancelled" (the operation is considered done) - prematurely. There is a half-baked (busy-looping) patch provided in the bug - report but it cannot be accepted as-is. See - https://curl.haxx.se/bug/view.cgi?id=748 - - -10. SOCKS - -10.1 SOCKS proxy connections are done blocking - - Both SOCKS5 and SOCKS4 proxy connections are done blocking, which is very bad - when used with the multi interface. - -10.2 SOCKS don't support timeouts - - The SOCKS4 connection codes don't properly acknowledge (connect) timeouts. - According to bug #1556528, even the SOCKS5 connect code does not do it right: - https://curl.haxx.se/bug/view.cgi?id=604 - - When connecting to a SOCK proxy, the (connect) timeout is not properly - acknowledged after the actual TCP connect (during the SOCKS "negotiate" - phase). - -10.3 FTPS over SOCKS - - libcurl doesn't support FTPS over a SOCKS proxy. - -10.4 active FTP over a SOCKS - - libcurl doesn't support active FTP over a SOCKS proxy - - -11. Internals - -11.1 Curl leaks .onion hostnames in DNS - - Curl sends DNS requests for hostnames with a .onion TLD. This leaks - information about what the user is attempting to access, and violates this - requirement of RFC7686: https://tools.ietf.org/html/rfc7686 - - Issue: https://github.com/curl/curl/issues/543 - -11.2 error buffer not set if connection to multiple addresses fails - - If you ask libcurl to resolve a hostname like example.com to IPv6 addresses - only. But you only have IPv4 connectivity. libcurl will correctly fail with - CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER - remains empty. Issue: https://github.com/curl/curl/issues/544 - -11.3 c-ares deviates from stock resolver on http://1346569778 - - When using the socket resolvers, that URL becomes: - - * Rebuilt URL to: http://1346569778/ - * Trying 80.67.6.50... - - but with c-ares it instead says "Could not resolve: 1346569778 (Domain name - not found)" - - See https://github.com/curl/curl/issues/893 - - -12. LDAP and OpenLDAP - -12.1 OpenLDAP hangs after returning results - - By configuration defaults, openldap automatically chase referrals on - secondary socket descriptors. The OpenLDAP backend is asynchronous and thus - should monitor all socket descriptors involved. Currently, these secondary - descriptors are not monitored, causing openldap library to never receive - data from them. - - As a temporary workaround, disable referrals chasing by configuration. - - The fix is not easy: proper automatic referrals chasing requires a - synchronous bind callback and monitoring an arbitrary number of socket - descriptors for a single easy handle (currently limited to 5). - - Generic LDAP is synchronous: OK. - - See https://github.com/curl/curl/issues/622 and - https://curl.haxx.se/mail/lib-2016-01/0101.html - - -13. TCP/IP - -13.1 --interface for ipv6 binds to unusable IP address - - Since IPv6 provides a lot of addresses with different scope, binding to an - IPv6 address needs to take the proper care so that it doesn't bind to a - locally scoped address as that is bound to fail. - - https://github.com/curl/curl/issues/686 DELETED scriptlibs/softwareupdate/curl/docs/LICENSE-MIXING.md Index: scriptlibs/softwareupdate/curl/docs/LICENSE-MIXING.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/LICENSE-MIXING.md +++ scriptlibs/softwareupdate/curl/docs/LICENSE-MIXING.md @@ -1,127 +0,0 @@ -License Mixing -============== - -libcurl can be built to use a fair amount of various third party libraries, -libraries that are written and provided by other parties that are distributed -using their own licenses. Even libcurl itself contains code that may cause -problems to some. This document attempts to describe what licenses libcurl and -the other libraries use and what possible dilemmas linking and mixing them all -can lead to for end users. - -I am not a lawyer and this is not legal advice! - -One common dilemma is that [GPL](https://www.gnu.org/licenses/gpl.html) -licensed code is not allowed to be linked with code licensed under the -[Original BSD license](https://spdx.org/licenses/BSD-4-Clause.html) (with the -announcement clause). You may still build your own copies that use them all, -but distributing them as binaries would be to violate the GPL license - unless -you accompany your license with an -[exception](https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs). This -particular problem was addressed when the [Modified BSD -license](https://opensource.org/licenses/BSD-3-Clause) was created, which does -not have the announcement clause that collides with GPL. - -## libcurl - - Uses an [MIT style license](https://curl.haxx.se/docs/copyright.html) that is - very liberal. - -## OpenSSL - - (May be used for SSL/TLS support) Uses an Original BSD-style license with an - announcement clause that makes it "incompatible" with GPL. You are not - allowed to ship binaries that link with OpenSSL that includes GPL code - (unless that specific GPL code includes an exception for OpenSSL - a habit - that is growing more and more common). If OpenSSL's licensing is a problem - for you, consider using another TLS library. - -## GnuTLS - - (May be used for SSL/TLS support) Uses the - [LGPL](https://www.gnu.org/licenses/lgpl.html) license. If this is a problem - for you, consider using another TLS library. Also note that GnuTLS itself - depends on and uses other libs (libgcrypt and libgpg-error) and they too are - LGPL- or GPL-licensed. - -## WolfSSL - - (May be used for SSL/TLS support) Uses the GPL license or a proprietary - license. If this is a problem for you, consider using another TLS library. - -## NSS - - (May be used for SSL/TLS support) Is covered by the - [MPL](https://www.mozilla.org/MPL/) license, the GPL license and the LGPL - license. You may choose to license the code under MPL terms, GPL terms, or - LGPL terms. These licenses grant you different permissions and impose - different obligations. You should select the license that best meets your - needs. - -## axTLS - - (May be used for SSL/TLS support) Uses a Modified BSD-style license. - -## mbedTLS - - (May be used for SSL/TLS support) Uses the [Apache 2.0 - license](https://opensource.org/licenses/Apache-2.0) or the GPL license. - You may choose to license the code under Apache 2.0 terms or GPL terms. - These licenses grant you different permissions and impose different - obligations. You should select the license that best meets your needs. - -## BoringSSL - - (May be used for SSL/TLS support) As an OpenSSL fork, it has the same - license as that. - -## libressl - - (May be used for SSL/TLS support) As an OpenSSL fork, it has the same - license as that. - -## c-ares - - (Used for asynchronous name resolves) Uses an MIT license that is very - liberal and imposes no restrictions on any other library or part you may link - with. - -## zlib - - (Used for compressed Transfer-Encoding support) Uses an MIT-style license - that shouldn't collide with any other library. - -## MIT Kerberos - - (May be used for GSS support) MIT licensed, that shouldn't collide with any - other parts. - -## Heimdal - - (May be used for GSS support) Heimdal is Original BSD licensed with the - announcement clause. - -## GNU GSS - - (May be used for GSS support) GNU GSS is GPL licensed. Note that you may not - distribute binary curl packages that uses this if you build curl to also link - and use any Original BSD licensed libraries! - -## libidn - - (Used for IDNA support) Uses the GNU Lesser General Public License [3]. LGPL - is a variation of GPL with slightly less aggressive "copyleft". This license - requires more requirements to be met when distributing binaries, see the - license for details. Also note that if you distribute a binary that includes - this library, you must also include the full LGPL license text. Please - properly point out what parts of the distributed package that the license - addresses. - -## OpenLDAP - - (Used for LDAP support) Uses a Modified BSD-style license. Since libcurl uses - OpenLDAP as a shared library only, I have not heard of anyone that ships - OpenLDAP linked with libcurl in an app. - -## libssh2 - - (Used for scp and sftp support) libssh2 uses a Modified BSD-style license. DELETED scriptlibs/softwareupdate/curl/docs/MAIL-ETIQUETTE.txt Index: scriptlibs/softwareupdate/curl/docs/MAIL-ETIQUETTE.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/MAIL-ETIQUETTE.txt +++ scriptlibs/softwareupdate/curl/docs/MAIL-ETIQUETTE.txt @@ -1,264 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -MAIL ETIQUETTE - - 1. About the lists - 1.1 Mailing Lists - 1.2 Netiquette - 1.3 Do Not Mail a Single Individual - 1.4 Subscription Required - 1.5 Moderation of new posters - 1.6 Handling trolls and spam - 1.7 How to unsubscribe - 1.8 I posted, now what? - - 2. Sending mail - 2.1 Reply or New Mail - 2.2 Reply to the List - 2.3 Use a Sensible Subject - 2.4 Do Not Top-Post - 2.5 HTML is not for mails - 2.6 Quoting - 2.7 Digest - 2.8 Please Tell Us How You Solved The Problem! - -============================================================================== - -1. About the lists - - 1.1 Mailing Lists - - The mailing lists we have are all listed and described at - https://curl.haxx.se/mail/ - - Each mailing list is targeted to a specific set of users and subjects, - please use the one or the ones that suit you the most. - - Each mailing list has hundreds up to thousands of readers, meaning that - each mail sent will be received and read by a very large number of people. - People from various cultures, regions, religions and continents. - - 1.2 Netiquette - - Netiquette is a common term for how to behave on the internet. Of course, in - each particular group and subculture there will be differences in what is - acceptable and what is considered good manners. - - This document outlines what we in the curl project consider to be good - etiquette, and primarily this focus on how to behave on and how to use our - mailing lists. - - 1.3 Do Not Mail a Single Individual - - Many people send one question to one person. One person gets many mails, and - there is only one person who can give you a reply. The question may be - something that other people would also like to ask. These other people have - no way to read the reply, but to ask the one person the question. The one - person consequently gets overloaded with mail. - - If you really want to contact an individual and perhaps pay for his or her - services, by all means go ahead, but if it's just another curl question, - take it to a suitable list instead. - - 1.4 Subscription Required - - All curl mailing lists require that you are subscribed to allow a mail to go - through to all the subscribers. - - If you post without being subscribed (or from a different mail address than - the one you are subscribed with), your mail will simply be silently - discarded. You have to subscribe first, then post. - - The reason for this unfortunate and strict subscription policy is of course - to stop spam from pestering the lists. - - 1.5 Moderation of new posters - - Several of the curl mailing lists automatically make all posts from new - subscribers be moderated. This means that after you've subscribed and - sent your first mail to a list, that mail will not be let through to the - list until a mailing list administrator has verified that it is OK and - permits it to get posted. - - Once a first post has been made that proves the sender is actually talking - about curl-related subjects, the moderation "flag" will be switched off and - future posts will go through without being moderated. - - The reason for this moderation policy is that we do suffer from spammers who - actually subscribe and send spam to our lists. - - 1.6 Handling trolls and spam - - Despite our good intentions and hard work to keep spam off the lists and to - maintain a friendly and positive atmosphere, there will be times when spam - and or trolls get through. - - Troll - "someone who posts inflammatory, extraneous, or off-topic messages - in an online community" - - Spam - "use of electronic messaging systems to send unsolicited bulk - messages" - - No matter what, we NEVER EVER respond to trolls or spammers on the list. If - you believe the list admin should do something in particular, contact him/her - off-list. The subject will be taken care of as much as possible to prevent - repeated offenses, but responding on the list to such messages never leads to - anything good and only puts the light even more on the offender: which was - the entire purpose of it getting sent to the list in the first place. - - Don't feed the trolls! - - 1.7 How to unsubscribe - - You can unsubscribe the same way you subscribed in the first place. You go - to the page for the particular mailing list you're subscribed to and you enter - your email address and password and press the unsubscribe button. - - Also, the instructions to unsubscribe are included in the headers of every - mail that is sent out to all curl related mailing lists and there's a footer - in each mail that links to the "admin" page on which you can unsubscribe and - change other options. - - You NEVER EVER email the mailing list requesting someone else to take you off - the list. - - 1.8 I posted, now what? - - If you aren't subscribed with the exact same email address that you used to - send the email, your post will just be silently discarded. - - If you posted for the first time to the mailing list, you first need to wait - for an administrator to allow your email to go through (moderated). This normally - happens very quickly but in case we're asleep, you may have to wait a few - hours. - - Once your email goes through it is sent out to several hundred or even - thousands of recipients. Your email may cover an area that not that many people - know about or are interested in. Or possibly the person who knows about it - is on vacation or under a very heavy work load right now. You may have to wait - for a response and you should not expect to get a response at all, but - hopefully you get an answer within a couple of days. - - You do yourself and all of us a service when you include as many details as - possible already in your first email. Mention your operating system and - environment. Tell us which curl version you're using and tell us what you - did, what happened and what you expected would happen. Preferably, show us - what you did with details enough to allow others to help point out the problem - or repeat the same steps in their locations. - - Failing to include details will only delay responses and make people respond - and ask for more details and you will have to send a follow-up email that - includes them. - - Expect the responses to primarily help YOU debug the issue, or ask YOU - questions that can lead you or others towards a solution or explanation to - whatever you experience. - - If you are a repeat offender to the guidelines outlined in this document, - chances are that people will ignore you at will and your chances to get - responses in the future will greatly diminish. - - -2. Sending mail - - 2.1 Reply or New Mail - - Please do not reply to an existing message as a short-cut to post a message - to the lists. - - Many mail programs and web archivers use information within mails to keep - them together as "threads", as collections of posts that discuss a certain - subject. If you don't intend to reply on the same or similar subject, don't - just hit reply on an existing mail and change subject, create a new mail. - - 2.2 Reply to the List - - When replying to a message from the list, make sure that you do "group - reply" or "reply to all", and not just reply to the author of the single - mail you reply to. - - We're actively discouraging replying back to the single person by setting - the Reply-To: field in outgoing mails back to the mailing list address, - making it harder for people to mail the author directly, if only by mistake. - - 2.3 Use a Sensible Subject - - Please use a subject of the mail that makes sense and that is related to the - contents of your mail. It makes it a lot easier to find your mail afterwards - and it makes it easier to track mail threads and topics. - - 2.4 Do Not Top-Post - - If you reply to a message, don't use top-posting. Top-posting is when you - write the new text at the top of a mail and you insert the previous quoted - mail conversation below. It forces users to read the mail in a backwards - order to properly understand it. - - This is why top posting is so bad (in top posting order): - - A: Because it messes up the order in which people normally read text. - Q: Why is top-posting such a bad thing? - A: Top-posting. - Q: What is the most annoying thing in e-mail? - - Apart from the screwed up read order (especially when mixed together in a - thread when someone responds using the mandated bottom-posting style), it - also makes it impossible to quote only parts of the original mail. - - When you reply to a mail. You let the mail client insert the previous mail - quoted. Then you put the cursor on the first line of the mail and you move - down through the mail, deleting all parts of the quotes that don't add - context for your comments. When you want to add a comment you do so, inline, - right after the quotes that relate to your comment. Then you continue - downwards again. - - When most of the quotes have been removed and you've added your own words, - you're done! - - 2.5 HTML is not for mails - - Please switch off those HTML encoded messages. You can mail all those funny - mails to your friends. We speak plain text mails. - - 2.6 Quoting - - Quote as little as possible. Just enough to provide the context you cannot - leave out. A lengthy description can be found here: - - https://www.netmeister.org/news/learn2quote.html - - 2.7 Digest - - We allow subscribers to subscribe to the "digest" version of the mailing - lists. A digest is a collection of mails lumped together in one single mail. - - Should you decide to reply to a mail sent out as a digest, there are two - things you MUST consider if you really really cannot subscribe normally - instead: - - Cut off all mails and chatter that is not related to the mail you want to - reply to. - - Change the subject name to something sensible and related to the subject, - preferably even the actual subject of the single mail you wanted to reply to - - 2.8 Please Tell Us How You Solved The Problem! - - Many people mail questions to the list, people spend some of their time and - make an effort in providing good answers to these questions. - - If you are the one who asks, please consider responding once more in case - one of the hints was what solved your problems. The guys who write answers - feel good to know that they provided a good answer and that you fixed the - problem. Far too often, the person who asked the question is never heard from - again, and we never get to know if he/she is gone because the problem was - solved or perhaps because the problem was unsolvable! - - Getting the solution posted also helps other users that experience the same - problem(s). They get to see (possibly in the web archives) that the - suggested fixes actually has helped at least one person. - DELETED scriptlibs/softwareupdate/curl/docs/MANUAL.txt Index: scriptlibs/softwareupdate/curl/docs/MANUAL.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/MANUAL.txt +++ scriptlibs/softwareupdate/curl/docs/MANUAL.txt @@ -1,1038 +0,0 @@ -LATEST VERSION - - You always find news about what's going on as well as the latest versions - from the curl web pages, located at: - - https://curl.haxx.se - -SIMPLE USAGE - - Get the main page from Netscape's web-server: - - curl http://www.netscape.com/ - - Get the README file the user's home directory at funet's ftp-server: - - curl ftp://ftp.funet.fi/README - - Get a web page from a server using port 8000: - - curl http://www.weirdserver.com:8000/ - - Get a directory listing of an FTP site: - - curl ftp://cool.haxx.se/ - - Get the definition of curl from a dictionary: - - curl dict://dict.org/m:curl - - Fetch two documents at once: - - curl ftp://cool.haxx.se/ http://www.weirdserver.com:8000/ - - Get a file off an FTPS server: - - curl ftps://files.are.secure.com/secrets.txt - - or use the more appropriate FTPS way to get the same file: - - curl --ftp-ssl ftp://files.are.secure.com/secrets.txt - - Get a file from an SSH server using SFTP: - - curl -u username sftp://example.com/etc/issue - - Get a file from an SSH server using SCP using a private key - (not password-protected) to authenticate: - - curl -u username: --key ~/.ssh/id_rsa \ - scp://example.com/~/file.txt - - Get a file from an SSH server using SCP using a private key - (password-protected) to authenticate: - - curl -u username: --key ~/.ssh/id_rsa --pass private_key_password \ - scp://example.com/~/file.txt - - Get the main page from an IPv6 web server: - - curl "http://[2001:1890:1112:1::20]/" - - Get a file from an SMB server: - - curl -u "domain\username:passwd" smb://server.example.com/share/file.txt - -DOWNLOAD TO A FILE - - Get a web page and store in a local file with a specific name: - - curl -o thatpage.html http://www.netscape.com/ - - Get a web page and store in a local file, make the local file get the name - of the remote document (if no file name part is specified in the URL, this - will fail): - - curl -O http://www.netscape.com/index.html - - Fetch two files and store them with their remote names: - - curl -O www.haxx.se/index.html -O curl.haxx.se/download.html - -USING PASSWORDS - - FTP - - To ftp files using name+passwd, include them in the URL like: - - curl ftp://name:passwd@machine.domain:port/full/path/to/file - - or specify them with the -u flag like - - curl -u name:passwd ftp://machine.domain:port/full/path/to/file - - FTPS - - It is just like for FTP, but you may also want to specify and use - SSL-specific options for certificates etc. - - Note that using FTPS:// as prefix is the "implicit" way as described in the - standards while the recommended "explicit" way is done by using FTP:// and - the --ftp-ssl option. - - SFTP / SCP - - This is similar to FTP, but you can use the --key option to specify a - private key to use instead of a password. Note that the private key may - itself be protected by a password that is unrelated to the login password - of the remote system; this password is specified using the --pass option. - Typically, curl will automatically extract the public key from the private - key file, but in cases where curl does not have the proper library support, - a matching public key file must be specified using the --pubkey option. - - HTTP - - Curl also supports user and password in HTTP URLs, thus you can pick a file - like: - - curl http://name:passwd@machine.domain/full/path/to/file - - or specify user and password separately like in - - curl -u name:passwd http://machine.domain/full/path/to/file - - HTTP offers many different methods of authentication and curl supports - several: Basic, Digest, NTLM and Negotiate (SPNEGO). Without telling which - method to use, curl defaults to Basic. You can also ask curl to pick the - most secure ones out of the ones that the server accepts for the given URL, - by using --anyauth. - - NOTE! According to the URL specification, HTTP URLs can not contain a user - and password, so that style will not work when using curl via a proxy, even - though curl allows it at other times. When using a proxy, you _must_ use - the -u style for user and password. - - HTTPS - - Probably most commonly used with private certificates, as explained below. - -PROXY - - curl supports both HTTP and SOCKS proxy servers, with optional authentication. - It does not have special support for FTP proxy servers since there are no - standards for those, but it can still be made to work with many of them. You - can also use both HTTP and SOCKS proxies to transfer files to and from FTP - servers. - - Get an ftp file using an HTTP proxy named my-proxy that uses port 888: - - curl -x my-proxy:888 ftp://ftp.leachsite.com/README - - Get a file from an HTTP server that requires user and password, using the - same proxy as above: - - curl -u user:passwd -x my-proxy:888 http://www.get.this/ - - Some proxies require special authentication. Specify by using -U as above: - - curl -U user:passwd -x my-proxy:888 http://www.get.this/ - - A comma-separated list of hosts and domains which do not use the proxy can - be specified as: - - curl --noproxy localhost,get.this -x my-proxy:888 http://www.get.this/ - - If the proxy is specified with --proxy1.0 instead of --proxy or -x, then - curl will use HTTP/1.0 instead of HTTP/1.1 for any CONNECT attempts. - - curl also supports SOCKS4 and SOCKS5 proxies with --socks4 and --socks5. - - See also the environment variables Curl supports that offer further proxy - control. - - Most FTP proxy servers are set up to appear as a normal FTP server from the - client's perspective, with special commands to select the remote FTP server. - curl supports the -u, -Q and --ftp-account options that can be used to - set up transfers through many FTP proxies. For example, a file can be - uploaded to a remote FTP server using a Blue Coat FTP proxy with the - options: - - curl -u "Remote-FTP-Username@remote.ftp.server Proxy-Username:Remote-Pass" \ - --ftp-account Proxy-Password --upload-file local-file \ - ftp://my-ftp.proxy.server:21/remote/upload/path/ - - See the manual for your FTP proxy to determine the form it expects to set up - transfers, and curl's -v option to see exactly what curl is sending. - -RANGES - - HTTP 1.1 introduced byte-ranges. Using this, a client can request - to get only one or more subparts of a specified document. Curl supports - this with the -r flag. - - Get the first 100 bytes of a document: - - curl -r 0-99 http://www.get.this/ - - Get the last 500 bytes of a document: - - curl -r -500 http://www.get.this/ - - Curl also supports simple ranges for FTP files as well. Then you can only - specify start and stop position. - - Get the first 100 bytes of a document using FTP: - - curl -r 0-99 ftp://www.get.this/README - -UPLOADING - - FTP / FTPS / SFTP / SCP - - Upload all data on stdin to a specified server: - - curl -T - ftp://ftp.upload.com/myfile - - Upload data from a specified file, login with user and password: - - curl -T uploadfile -u user:passwd ftp://ftp.upload.com/myfile - - Upload a local file to the remote site, and use the local file name at the remote - site too: - - curl -T uploadfile -u user:passwd ftp://ftp.upload.com/ - - Upload a local file to get appended to the remote file: - - curl -T localfile -a ftp://ftp.upload.com/remotefile - - Curl also supports ftp upload through a proxy, but only if the proxy is - configured to allow that kind of tunneling. If it does, you can run curl in - a fashion similar to: - - curl --proxytunnel -x proxy:port -T localfile ftp.upload.com - -SMB / SMBS - - curl -T file.txt -u "domain\username:passwd" - smb://server.example.com/share/ - - HTTP - - Upload all data on stdin to a specified HTTP site: - - curl -T - http://www.upload.com/myfile - - Note that the HTTP server must have been configured to accept PUT before - this can be done successfully. - - For other ways to do HTTP data upload, see the POST section below. - -VERBOSE / DEBUG - - If curl fails where it isn't supposed to, if the servers don't let you in, - if you can't understand the responses: use the -v flag to get verbose - fetching. Curl will output lots of info and what it sends and receives in - order to let the user see all client-server interaction (but it won't show - you the actual data). - - curl -v ftp://ftp.upload.com/ - - To get even more details and information on what curl does, try using the - --trace or --trace-ascii options with a given file name to log to, like - this: - - curl --trace trace.txt www.haxx.se - - -DETAILED INFORMATION - - Different protocols provide different ways of getting detailed information - about specific files/documents. To get curl to show detailed information - about a single file, you should use -I/--head option. It displays all - available info on a single file for HTTP and FTP. The HTTP information is a - lot more extensive. - - For HTTP, you can get the header information (the same as -I would show) - shown before the data by using -i/--include. Curl understands the - -D/--dump-header option when getting files from both FTP and HTTP, and it - will then store the headers in the specified file. - - Store the HTTP headers in a separate file (headers.txt in the example): - - curl --dump-header headers.txt curl.haxx.se - - Note that headers stored in a separate file can be very useful at a later - time if you want curl to use cookies sent by the server. More about that in - the cookies section. - -POST (HTTP) - - It's easy to post data using curl. This is done using the -d - option. The post data must be urlencoded. - - Post a simple "name" and "phone" guestbook. - - curl -d "name=Rafael%20Sagula&phone=3320780" \ - http://www.where.com/guest.cgi - - How to post a form with curl, lesson #1: - - Dig out all the tags in the form that you want to fill in. (There's - a perl program called formfind.pl on the curl site that helps with this). - - If there's a "normal" post, you use -d to post. -d takes a full "post - string", which is in the format - - =&=&... - - The 'variable' names are the names set with "name=" in the tags, and - the data is the contents you want to fill in for the inputs. The data *must* - be properly URL encoded. That means you replace space with + and that you - replace weird letters with %XX where XX is the hexadecimal representation of - the letter's ASCII code. - - Example: - - (page located at http://www.formpost.com/getthis/ - -
- - - - -
- - We want to enter user 'foobar' with password '12345'. - - To post to this, you enter a curl command line like: - - curl -d "user=foobar&pass=12345&id=blablabla&ding=submit" (continues) - http://www.formpost.com/getthis/post.cgi - - - While -d uses the application/x-www-form-urlencoded mime-type, generally - understood by CGI's and similar, curl also supports the more capable - multipart/form-data type. This latter type supports things like file upload. - - -F accepts parameters like -F "name=contents". If you want the contents to - be read from a file, use <@filename> as contents. When specifying a file, - you can also specify the file content type by appending ';type=' - to the file name. You can also post the contents of several files in one - field. For example, the field name 'coolfiles' is used to send three files, - with different content types using the following syntax: - - curl -F "coolfiles=@fil1.gif;type=image/gif,fil2.txt,fil3.html" \ - http://www.post.com/postit.cgi - - If the content-type is not specified, curl will try to guess from the file - extension (it only knows a few), or use the previously specified type (from - an earlier file if several files are specified in a list) or else it will - use the default type 'application/octet-stream'. - - Emulate a fill-in form with -F. Let's say you fill in three fields in a - form. One field is a file name which to post, one field is your name and one - field is a file description. We want to post the file we have written named - "cooltext.txt". To let curl do the posting of this data instead of your - favourite browser, you have to read the HTML source of the form page and - find the names of the input fields. In our example, the input field names - are 'file', 'yourname' and 'filedescription'. - - curl -F "file=@cooltext.txt" -F "yourname=Daniel" \ - -F "filedescription=Cool text file with cool text inside" \ - http://www.post.com/postit.cgi - - To send two files in one post you can do it in two ways: - - 1. Send multiple files in a single "field" with a single field name: - - curl -F "pictures=@dog.gif,cat.gif" - - 2. Send two fields with two field names: - - curl -F "docpicture=@dog.gif" -F "catpicture=@cat.gif" - - To send a field value literally without interpreting a leading '@' - or '<', or an embedded ';type=', use --form-string instead of - -F. This is recommended when the value is obtained from a user or - some other unpredictable source. Under these circumstances, using - -F instead of --form-string would allow a user to trick curl into - uploading a file. - -REFERRER - - An HTTP request has the option to include information about which address - referred it to the actual page. Curl allows you to specify the - referrer to be used on the command line. It is especially useful to - fool or trick stupid servers or CGI scripts that rely on that information - being available or contain certain data. - - curl -e www.coolsite.com http://www.showme.com/ - - NOTE: The Referer: [sic] field is defined in the HTTP spec to be a full URL. - -USER AGENT - - An HTTP request has the option to include information about the browser - that generated the request. Curl allows it to be specified on the command - line. It is especially useful to fool or trick stupid servers or CGI - scripts that only accept certain browsers. - - Example: - - curl -A 'Mozilla/3.0 (Win95; I)' http://www.nationsbank.com/ - - Other common strings: - 'Mozilla/3.0 (Win95; I)' Netscape Version 3 for Windows 95 - 'Mozilla/3.04 (Win95; U)' Netscape Version 3 for Windows 95 - 'Mozilla/2.02 (OS/2; U)' Netscape Version 2 for OS/2 - 'Mozilla/4.04 [en] (X11; U; AIX 4.2; Nav)' NS for AIX - 'Mozilla/4.05 [en] (X11; U; Linux 2.0.32 i586)' NS for Linux - - Note that Internet Explorer tries hard to be compatible in every way: - 'Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)' MSIE for W95 - - Mozilla is not the only possible User-Agent name: - 'Konqueror/1.0' KDE File Manager desktop client - 'Lynx/2.7.1 libwww-FM/2.14' Lynx command line browser - -COOKIES - - Cookies are generally used by web servers to keep state information at the - client's side. The server sets cookies by sending a response line in the - headers that looks like 'Set-Cookie: ' where the data part then - typically contains a set of NAME=VALUE pairs (separated by semicolons ';' - like "NAME1=VALUE1; NAME2=VALUE2;"). The server can also specify for what - path the "cookie" should be used for (by specifying "path=value"), when the - cookie should expire ("expire=DATE"), for what domain to use it - ("domain=NAME") and if it should be used on secure connections only - ("secure"). - - If you've received a page from a server that contains a header like: - Set-Cookie: sessionid=boo123; path="/foo"; - - it means the server wants that first pair passed on when we get anything in - a path beginning with "/foo". - - Example, get a page that wants my name passed in a cookie: - - curl -b "name=Daniel" www.sillypage.com - - Curl also has the ability to use previously received cookies in following - sessions. If you get cookies from a server and store them in a file in a - manner similar to: - - curl --dump-header headers www.example.com - - ... you can then in a second connect to that (or another) site, use the - cookies from the 'headers' file like: - - curl -b headers www.example.com - - While saving headers to a file is a working way to store cookies, it is - however error-prone and not the preferred way to do this. Instead, make curl - save the incoming cookies using the well-known netscape cookie format like - this: - - curl -c cookies.txt www.example.com - - Note that by specifying -b you enable the "cookie awareness" and with -L - you can make curl follow a location: (which often is used in combination - with cookies). So that if a site sends cookies and a location, you can - use a non-existing file to trigger the cookie awareness like: - - curl -L -b empty.txt www.example.com - - The file to read cookies from must be formatted using plain HTTP headers OR - as netscape's cookie file. Curl will determine what kind it is based on the - file contents. In the above command, curl will parse the header and store - the cookies received from www.example.com. curl will send to the server the - stored cookies which match the request as it follows the location. The - file "empty.txt" may be a nonexistent file. - - To read and write cookies from a netscape cookie file, you can set both -b - and -c to use the same file: - - curl -b cookies.txt -c cookies.txt www.example.com - -PROGRESS METER - - The progress meter exists to show a user that something actually is - happening. The different fields in the output have the following meaning: - - % Total % Received % Xferd Average Speed Time Curr. - Dload Upload Total Current Left Speed - 0 151M 0 38608 0 0 9406 0 4:41:43 0:00:04 4:41:39 9287 - - From left-to-right: - % - percentage completed of the whole transfer - Total - total size of the whole expected transfer - % - percentage completed of the download - Received - currently downloaded amount of bytes - % - percentage completed of the upload - Xferd - currently uploaded amount of bytes - Average Speed - Dload - the average transfer speed of the download - Average Speed - Upload - the average transfer speed of the upload - Time Total - expected time to complete the operation - Time Current - time passed since the invoke - Time Left - expected time left to completion - Curr.Speed - the average transfer speed the last 5 seconds (the first - 5 seconds of a transfer is based on less time of course.) - - The -# option will display a totally different progress bar that doesn't - need much explanation! - -SPEED LIMIT - - Curl allows the user to set the transfer speed conditions that must be met - to let the transfer keep going. By using the switch -y and -Y you - can make curl abort transfers if the transfer speed is below the specified - lowest limit for a specified time. - - To have curl abort the download if the speed is slower than 3000 bytes per - second for 1 minute, run: - - curl -Y 3000 -y 60 www.far-away-site.com - - This can very well be used in combination with the overall time limit, so - that the above operation must be completed in whole within 30 minutes: - - curl -m 1800 -Y 3000 -y 60 www.far-away-site.com - - Forcing curl not to transfer data faster than a given rate is also possible, - which might be useful if you're using a limited bandwidth connection and you - don't want your transfer to use all of it (sometimes referred to as - "bandwidth throttle"). - - Make curl transfer data no faster than 10 kilobytes per second: - - curl --limit-rate 10K www.far-away-site.com - - or - - curl --limit-rate 10240 www.far-away-site.com - - Or prevent curl from uploading data faster than 1 megabyte per second: - - curl -T upload --limit-rate 1M ftp://uploadshereplease.com - - When using the --limit-rate option, the transfer rate is regulated on a - per-second basis, which will cause the total transfer speed to become lower - than the given number. Sometimes of course substantially lower, if your - transfer stalls during periods. - -CONFIG FILE - - Curl automatically tries to read the .curlrc file (or _curlrc file on win32 - systems) from the user's home dir on startup. - - The config file could be made up with normal command line switches, but you - can also specify the long options without the dashes to make it more - readable. You can separate the options and the parameter with spaces, or - with = or :. Comments can be used within the file. If the first letter on a - line is a '#'-symbol the rest of the line is treated as a comment. - - If you want the parameter to contain spaces, you must enclose the entire - parameter within double quotes ("). Within those quotes, you specify a - quote as \". - - NOTE: You must specify options and their arguments on the same line. - - Example, set default time out and proxy in a config file: - - # We want a 30 minute timeout: - -m 1800 - # ... and we use a proxy for all accesses: - proxy = proxy.our.domain.com:8080 - - White spaces ARE significant at the end of lines, but all white spaces - leading up to the first characters of each line are ignored. - - Prevent curl from reading the default file by using -q as the first command - line parameter, like: - - curl -q www.thatsite.com - - Force curl to get and display a local help page in case it is invoked - without URL by making a config file similar to: - - # default url to get - url = "http://help.with.curl.com/curlhelp.html" - - You can specify another config file to be read by using the -K/--config - flag. If you set config file name to "-" it'll read the config from stdin, - which can be handy if you want to hide options from being visible in process - tables etc: - - echo "user = user:passwd" | curl -K - http://that.secret.site.com - -EXTRA HEADERS - - When using curl in your own very special programs, you may end up needing - to pass on your own custom headers when getting a web page. You can do - this by using the -H flag. - - Example, send the header "X-you-and-me: yes" to the server when getting a - page: - - curl -H "X-you-and-me: yes" www.love.com - - This can also be useful in case you want curl to send a different text in a - header than it normally does. The -H header you specify then replaces the - header curl would normally send. If you replace an internal header with an - empty one, you prevent that header from being sent. To prevent the Host: - header from being used: - - curl -H "Host:" www.server.com - -FTP and PATH NAMES - - Do note that when getting files with the ftp:// URL, the given path is - relative the directory you enter. To get the file 'README' from your home - directory at your ftp site, do: - - curl ftp://user:passwd@my.site.com/README - - But if you want the README file from the root directory of that very same - site, you need to specify the absolute file name: - - curl ftp://user:passwd@my.site.com//README - - (I.e with an extra slash in front of the file name.) - -SFTP and SCP and PATH NAMES - - With sftp: and scp: URLs, the path name given is the absolute name on the - server. To access a file relative to the remote user's home directory, - prefix the file with /~/ , such as: - - curl -u $USER sftp://home.example.com/~/.bashrc - -FTP and firewalls - - The FTP protocol requires one of the involved parties to open a second - connection as soon as data is about to get transferred. There are two ways to - do this. - - The default way for curl is to issue the PASV command which causes the - server to open another port and await another connection performed by the - client. This is good if the client is behind a firewall that doesn't allow - incoming connections. - - curl ftp.download.com - - If the server, for example, is behind a firewall that doesn't allow connections - on ports other than 21 (or if it just doesn't support the PASV command), the - other way to do it is to use the PORT command and instruct the server to - connect to the client on the given IP number and port (as parameters to the - PORT command). - - The -P flag to curl supports a few different options. Your machine may have - several IP-addresses and/or network interfaces and curl allows you to select - which of them to use. Default address can also be used: - - curl -P - ftp.download.com - - Download with PORT but use the IP address of our 'le0' interface (this does - not work on windows): - - curl -P le0 ftp.download.com - - Download with PORT but use 192.168.0.10 as our IP address to use: - - curl -P 192.168.0.10 ftp.download.com - -NETWORK INTERFACE - - Get a web page from a server using a specified port for the interface: - - curl --interface eth0:1 http://www.netscape.com/ - - or - - curl --interface 192.168.1.10 http://www.netscape.com/ - -HTTPS - - Secure HTTP requires SSL libraries to be installed and used when curl is - built. If that is done, curl is capable of retrieving and posting documents - using the HTTPS protocol. - - Example: - - curl https://www.secure-site.com - - Curl is also capable of using your personal certificates to get/post files - from sites that require valid certificates. The only drawback is that the - certificate needs to be in PEM-format. PEM is a standard and open format to - store certificates with, but it is not used by the most commonly used - browsers (Netscape and MSIE both use the so called PKCS#12 format). If you - want curl to use the certificates you use with your (favourite) browser, you - may need to download/compile a converter that can convert your browser's - formatted certificates to PEM formatted ones. This kind of converter is - included in recent versions of OpenSSL, and for older versions Dr Stephen - N. Henson has written a patch for SSLeay that adds this functionality. You - can get his patch (that requires an SSLeay installation) from his site at: - http://www.drh-consultancy.demon.co.uk/ - - Example on how to automatically retrieve a document using a certificate with - a personal password: - - curl -E /path/to/cert.pem:password https://secure.site.com/ - - If you neglect to specify the password on the command line, you will be - prompted for the correct password before any data can be received. - - Many older SSL-servers have problems with SSLv3 or TLS, which newer versions - of OpenSSL etc use, therefore it is sometimes useful to specify what - SSL-version curl should use. Use -3, -2 or -1 to specify that exact SSL - version to use (for SSLv3, SSLv2 or TLSv1 respectively): - - curl -2 https://secure.site.com/ - - Otherwise, curl will first attempt to use v3 and then v2. - - To use OpenSSL to convert your favourite browser's certificate into a PEM - formatted one that curl can use, do something like this: - - In Netscape, you start with hitting the 'Security' menu button. - - Select 'certificates->yours' and then pick a certificate in the list - - Press the 'Export' button - - enter your PIN code for the certs - - select a proper place to save it - - Run the 'openssl' application to convert the certificate. If you cd to the - openssl installation, you can do it like: - - # ./apps/openssl pkcs12 -in [file you saved] -clcerts -out [PEMfile] - - In Firefox, select Options, then Advanced, then the Encryption tab, - View Certificates. This opens the Certificate Manager, where you can - Export. Be sure to select PEM for the Save as type. - - In Internet Explorer, select Internet Options, then the Content tab, then - Certificates. Then you can Export, and depending on the format you may - need to convert to PEM. - - In Chrome, select Settings, then Show Advanced Settings. Under HTTPS/SSL - select Manage Certificates. - -RESUMING FILE TRANSFERS - - To continue a file transfer where it was previously aborted, curl supports - resume on HTTP(S) downloads as well as FTP uploads and downloads. - - Continue downloading a document: - - curl -C - -o file ftp://ftp.server.com/path/file - - Continue uploading a document(*1): - - curl -C - -T file ftp://ftp.server.com/path/file - - Continue downloading a document from a web server(*2): - - curl -C - -o file http://www.server.com/ - - (*1) = This requires that the FTP server supports the non-standard command - SIZE. If it doesn't, curl will say so. - - (*2) = This requires that the web server supports at least HTTP/1.1. If it - doesn't, curl will say so. - -TIME CONDITIONS - - HTTP allows a client to specify a time condition for the document it - requests. It is If-Modified-Since or If-Unmodified-Since. Curl allows you to - specify them with the -z/--time-cond flag. - - For example, you can easily make a download that only gets performed if the - remote file is newer than a local copy. It would be made like: - - curl -z local.html http://remote.server.com/remote.html - - Or you can download a file only if the local file is newer than the remote - one. Do this by prepending the date string with a '-', as in: - - curl -z -local.html http://remote.server.com/remote.html - - You can specify a "free text" date as condition. Tell curl to only download - the file if it was updated since January 12, 2012: - - curl -z "Jan 12 2012" http://remote.server.com/remote.html - - Curl will then accept a wide range of date formats. You always make the date - check the other way around by prepending it with a dash '-'. - -DICT - - For fun try - - curl dict://dict.org/m:curl - curl dict://dict.org/d:heisenbug:jargon - curl dict://dict.org/d:daniel:web1913 - - Aliases for 'm' are 'match' and 'find', and aliases for 'd' are 'define' - and 'lookup'. For example, - - curl dict://dict.org/find:curl - - Commands that break the URL description of the RFC (but not the DICT - protocol) are - - curl dict://dict.org/show:db - curl dict://dict.org/show:strat - - Authentication is still missing (but this is not required by the RFC) - -LDAP - - If you have installed the OpenLDAP library, curl can take advantage of it - and offer ldap:// support. - - LDAP is a complex thing and writing an LDAP query is not an easy task. I do - advise you to dig up the syntax description for that elsewhere. One such - place might be: - - RFC 2255, "The LDAP URL Format" https://curl.haxx.se/rfc/rfc2255.txt - - To show you an example, this is how I can get all people from my local LDAP - server that has a certain sub-domain in their email address: - - curl -B "ldap://ldap.frontec.se/o=frontec??sub?mail=*sth.frontec.se" - - If I want the same info in HTML format, I can get it by not using the -B - (enforce ASCII) flag. - -ENVIRONMENT VARIABLES - - Curl reads and understands the following environment variables: - - http_proxy, HTTPS_PROXY, FTP_PROXY - - They should be set for protocol-specific proxies. General proxy should be - set with - - ALL_PROXY - - A comma-separated list of host names that shouldn't go through any proxy is - set in (only an asterisk, '*' matches all hosts) - - NO_PROXY - - If the host name matches one of these strings, or the host is within the - domain of one of these strings, transactions with that node will not be - proxied. - - - The usage of the -x/--proxy flag overrides the environment variables. - -NETRC - - Unix introduced the .netrc concept a long time ago. It is a way for a user - to specify name and password for commonly visited FTP sites in a file so - that you don't have to type them in each time you visit those sites. You - realize this is a big security risk if someone else gets hold of your - passwords, so therefore most unix programs won't read this file unless it is - only readable by yourself (curl doesn't care though). - - Curl supports .netrc files if told to (using the -n/--netrc and - --netrc-optional options). This is not restricted to just FTP, - so curl can use it for all protocols where authentication is used. - - A very simple .netrc file could look something like: - - machine curl.haxx.se login iamdaniel password mysecret - -CUSTOM OUTPUT - - To better allow script programmers to get to know about the progress of - curl, the -w/--write-out option was introduced. Using this, you can specify - what information from the previous transfer you want to extract. - - To display the amount of bytes downloaded together with some text and an - ending newline: - - curl -w 'We downloaded %{size_download} bytes\n' www.download.com - -KERBEROS FTP TRANSFER - - Curl supports kerberos4 and kerberos5/GSSAPI for FTP transfers. You need - the kerberos package installed and used at curl build time for it to be - available. - - First, get the krb-ticket the normal way, like with the kinit/kauth tool. - Then use curl in way similar to: - - curl --krb private ftp://krb4site.com -u username:fakepwd - - There's no use for a password on the -u switch, but a blank one will make - curl ask for one and you already entered the real password to kinit/kauth. - -TELNET - - The curl telnet support is basic and very easy to use. Curl passes all data - passed to it on stdin to the remote server. Connect to a remote telnet - server using a command line similar to: - - curl telnet://remote.server.com - - And enter the data to pass to the server on stdin. The result will be sent - to stdout or to the file you specify with -o. - - You might want the -N/--no-buffer option to switch off the buffered output - for slow connections or similar. - - Pass options to the telnet protocol negotiation, by using the -t option. To - tell the server we use a vt100 terminal, try something like: - - curl -tTTYPE=vt100 telnet://remote.server.com - - Other interesting options for it -t include: - - - XDISPLOC= Sets the X display location. - - - NEW_ENV= Sets an environment variable. - - NOTE: The telnet protocol does not specify any way to login with a specified - user and password so curl can't do that automatically. To do that, you need - to track when the login prompt is received and send the username and - password accordingly. - -PERSISTENT CONNECTIONS - - Specifying multiple files on a single command line will make curl transfer - all of them, one after the other in the specified order. - - libcurl will attempt to use persistent connections for the transfers so that - the second transfer to the same host can use the same connection that was - already initiated and was left open in the previous transfer. This greatly - decreases connection time for all but the first transfer and it makes a far - better use of the network. - - Note that curl cannot use persistent connections for transfers that are used - in subsequence curl invokes. Try to stuff as many URLs as possible on the - same command line if they are using the same host, as that'll make the - transfers faster. If you use an HTTP proxy for file transfers, practically - all transfers will be persistent. - -MULTIPLE TRANSFERS WITH A SINGLE COMMAND LINE - - As is mentioned above, you can download multiple files with one command line - by simply adding more URLs. If you want those to get saved to a local file - instead of just printed to stdout, you need to add one save option for each - URL you specify. Note that this also goes for the -O option (but not - --remote-name-all). - - For example: get two files and use -O for the first and a custom file - name for the second: - - curl -O http://url.com/file.txt ftp://ftp.com/moo.exe -o moo.jpg - - You can also upload multiple files in a similar fashion: - - curl -T local1 ftp://ftp.com/moo.exe -T local2 ftp://ftp.com/moo2.txt - -IPv6 - - curl will connect to a server with IPv6 when a host lookup returns an IPv6 - address and fall back to IPv4 if the connection fails. The --ipv4 and --ipv6 - options can specify which address to use when both are available. IPv6 - addresses can also be specified directly in URLs using the syntax: - - http://[2001:1890:1112:1::20]/overview.html - - When this style is used, the -g option must be given to stop curl from - interpreting the square brackets as special globbing characters. Link local - and site local addresses including a scope identifier, such as fe80::1234%1, - may also be used, but the scope portion must be numeric or match an existing - network interface on Linux and the percent character must be URL escaped. The - previous example in an SFTP URL might look like: - - sftp://[fe80::1234%251]/ - - IPv6 addresses provided other than in URLs (e.g. to the --proxy, --interface - or --ftp-port options) should not be URL encoded. - -METALINK - - Curl supports Metalink (both version 3 and 4 (RFC 5854) are supported), a way - to list multiple URIs and hashes for a file. Curl will make use of the mirrors - listed within for failover if there are errors (such as the file or server not - being available). It will also verify the hash of the file after the download - completes. The Metalink file itself is downloaded and processed in memory and - not stored in the local file system. - - Example to use a remote Metalink file: - - curl --metalink http://www.example.com/example.metalink - - To use a Metalink file in the local file system, use FILE protocol (file://): - - curl --metalink file://example.metalink - - Please note that if FILE protocol is disabled, there is no way to use a local - Metalink file at the time of this writing. Also note that if --metalink and - --include are used together, --include will be ignored. This is because including - headers in the response will break Metalink parser and if the headers are included - in the file described in Metalink file, hash check will fail. - -MAILING LISTS - - For your convenience, we have several open mailing lists to discuss curl, - its development and things relevant to this. Get all info at - https://curl.haxx.se/mail/. Some of the lists available are: - - curl-users - - Users of the command line tool. How to use it, what doesn't work, new - features, related tools, questions, news, installations, compilations, - running, porting etc. - - curl-library - - Developers using or developing libcurl. Bugs, extensions, improvements. - - curl-announce - - Low-traffic. Only receives announcements of new public versions. At worst, - that makes something like one or two mails per month, but usually only one - mail every second month. - - curl-and-php - - Using the curl functions in PHP. Everything curl with a PHP angle. Or PHP - with a curl angle. - - curl-and-python - - Python hackers using curl with or without the python binding pycurl. - - Please direct curl questions, feature requests and trouble reports to one of - these mailing lists instead of mailing any individual. DELETED scriptlibs/softwareupdate/curl/docs/RELEASE-PROCEDURE.txt Index: scriptlibs/softwareupdate/curl/docs/RELEASE-PROCEDURE.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/RELEASE-PROCEDURE.txt +++ scriptlibs/softwareupdate/curl/docs/RELEASE-PROCEDURE.txt @@ -1,91 +0,0 @@ -curl release procedure - how to do a release -============================================ - -in the source code repo ------------------------ - -- edit `RELEASE-NOTES` to be accurate - -- update `docs/THANKS` - -- make sure all relevant changes are committed on the master branch - -- tag the git repo in this style: `git tag -a curl-7_34_0`. -a annotates the - tag and we use underscores instead of dots in the version number. - -- run "./maketgz 7.34.0" to build the release tarballs. It is important that - you run this on a machine with the correct set of autotools etc installed - as this is what then will be shipped and used by most users on *nix like - systems. - -- push the git commits and the new tag - -- gpg sign the 4 tarballs as maketgz suggests - -- upload the 8 resulting files to the primary download directory - -in the curl-www repo --------------------- - -- edit `Makefile` (version number and date), - -- edit `_newslog.html` (announce the new release) and - -- edit `_changes.html` (insert changes+bugfixes from RELEASE-NOTES) - -- commit all local changes - -- tag the repo with the same tag as used for the source repo - -- make sure all relevant changes are committed and pushed on the master branch - - (the web site then updates its contents automatically) - -on github ---------- - -- edit the newly made release tag so that it is listed as the latest release - -inform ------- - -- send an email to curl-users, curl-announce and curl-library. Insert the - RELEASE-NOTES into the mail. - -celebrate ---------- - -- suitable beverage intake is encouraged for the festivities - -curl release scheduling -======================= - -Basics ------- - -We do releases every 8 weeks on Wednesdays. If critical problems arise, we can -insert releases outside of the schedule or we can move the release date - but -this is very rare. - -Each 8 week release cycle is split in two 4-week periods. - -- During the first 4 weeks after a release, we allow new features and changes - to curl and libcurl. If we accept any such changes, we bump the minor number - used for the next release. - -- During the second 4-week period we do not merge any features or changes, we - then only focus on fixing bugs and polishing things to make a solid coming - release. - -Coming dates ------------- - -Based on the description above, here are some planned release dates (at the -time of this writing): - -- February 22, 2017 (version 7.53.0) -- April 19, 2017 -- June 14, 2017 -- August 9, 2017 -- October 4, 2017 -- December 29, 2017 DELETED scriptlibs/softwareupdate/curl/docs/RESOURCES.txt Index: scriptlibs/softwareupdate/curl/docs/RESOURCES.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/RESOURCES.txt +++ scriptlibs/softwareupdate/curl/docs/RESOURCES.txt @@ -1,83 +0,0 @@ - _ _ ____ _ - Project ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - -This document lists documents and standards used by curl. - - RFC 959 - The FTP protocol - - RFC 1635 - How to Use Anonymous FTP - - RFC 1738 - Uniform Resource Locators - - RFC 1777 - defines the LDAP protocol - - RFC 1808 - Relative Uniform Resource Locators - - RFC 1867 - Form-based File Upload in HTML - - RFC 1950 - ZLIB Compressed Data Format Specification - - RFC 1951 - DEFLATE Compressed Data Format Specification - - RFC 1952 - gzip compression format - - RFC 1959 - LDAP URL syntax - - RFC 2045-2049 - Everything you need to know about MIME! (needed for form - based upload) - - RFC 2068 - HTTP 1.1 (obsoleted by RFC 2616) - - RFC 2104 - Keyed-Hashing for Message Authentication - - RFC 2109 - HTTP State Management Mechanism (cookie stuff) - - Also, read Netscape's specification at - https://curl.haxx.se/rfc/cookie_spec.html - - RFC 2183 - The Content-Disposition Header Field - - RFC 2195 - CRAM-MD5 authentication - - RFC 2229 - A Dictionary Server Protocol - - RFC 2255 - Newer LDAP URL syntax document. - - RFC 2231 - MIME Parameter Value and Encoded Word Extensions: - Character Sets, Languages, and Continuations - - RFC 2388 - "Returning Values from Forms: multipart/form-data" - Use this as an addition to the RFC1867 - - RFC 2396 - "Uniform Resource Identifiers: Generic Syntax and Semantics" This - one obsoletes RFC 1738, but since RFC 1738 is often mentioned - I've left it in this list. - - RFC 2428 - FTP Extensions for IPv6 and NATs - - RFC 2577 - FTP Security Considerations - - RFC 2616 - HTTP 1.1, the latest - - RFC 2617 - HTTP Authentication - - RFC 2718 - Guidelines for new URL Schemes - - RFC 2732 - Format for Literal IPv6 Addresses in URL's - - RFC 2818 - HTTP Over TLS (TLS is the successor to SSL) - - RFC 2821 - SMTP protocol - - RFC 2964 - Use of HTTP State Management - - RFC 2965 - HTTP State Management Mechanism. Cookies. Obsoletes RFC2109 - - RFC 3207 - SMTP over TLS - - RFC 4616 - PLAIN authentication - - RFC 4954 - SMTP Authentication DELETED scriptlibs/softwareupdate/curl/docs/ROADMAP.md Index: scriptlibs/softwareupdate/curl/docs/ROADMAP.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/ROADMAP.md +++ scriptlibs/softwareupdate/curl/docs/ROADMAP.md @@ -1,118 +0,0 @@ -curl the next few years - perhaps -================================= - -Roadmap of things Daniel Stenberg and Steve Holme want to work on next. It is -intended to serve as a guideline for others for information, feedback and -possible participation. - -QUIC ----- - -The standardization process of QUIC has been taken to the IETF and can be -followed on the [IETF QUIC Mailing -list](https://www.ietf.org/mailman/listinfo/quic). I'd like us to get on the -bandwagon. Ideally, this would be done with a separate library/project to -handle the binary/framing layer in a similar fashion to how HTTP/2 is -implemented. This, to allow other projects to benefit from the work and to -thus broaden the interest and chance of others to participate. - -HTTP cookies ------------- - -Two cookie drafts have been adopted by the httpwg in IETF and we should -support them as the popular browsers will as well: - -[Deprecate modification of 'secure' cookies from non-secure -origins](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-00) - -[Cookie Prefixes](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00) - -[Firefox bug report about secure cookies](https://bugzilla.mozilla.org/show_bug.cgi?id=976073) - -SRV records ------------ - -How to find services for specific domains/hosts. - -curl_formadd() --------------- - -make sure there's an easy handle passed in to `curl_formadd()`, -`curl_formget()` and `curl_formfree()` by adding replacement functions and -deprecating the old ones to allow custom mallocs and more. - -Or perhaps even better: revamp the formpost API completely while we're at it -and making something that is easier to use and understand: - - https://github.com/curl/curl/wiki/formpost-API-redesigned - -Third-party SASL ----------------- - -Add support for third-party SASL libraries such as Cyrus SASL. - -SASL authentication in LDAP ---------------------------- - -... - -Simplify the SMTP email ------------------------ - -Simplify the SMTP email interface so that programmers don't have to -construct the body of an email that contains all the headers, alternative -content, images and attachments - maintain raw interface so that -programmers that want to do this can - -email capabilities ------------------- - -Allow the email protocols to return the capabilities before -authenticating. This will allow an application to decide on the best -authentication mechanism - -Win32 pthreads --------------- - -Allow Windows threading model to be replaced by Win32 pthreads port - -dynamic buffer size -------------------- - -Implement a dynamic buffer size to allow SFTP to use much larger buffers and -possibly allow the size to be customizable by applications. Use less memory -when handles are not in use? - -New stuff - curl ----------------- - -1. Embed a language interpreter (lua?). For that middle ground where curl - isn’t enough and a libcurl binding feels “too much”. Build-time conditional - of course. - -2. Simplify the SMTP command line so that the headers and multi-part content - don't have to be constructed before calling curl - -Improve -------- - -1. build for windows (considered hard by many users) - -2. curl -h output (considered overwhelming to users) - -3. we have > 200 command line options, is there a way to redo things to - simplify or improve the situation as we are likely to keep adding - features/options in the future too - -4. authentication framework (consider merging HTTP and SASL authentication to - give one API for protocols to call) - -5. Perform some of the clean up from the TODO document, removing old - definitions and such like that are currently earmarked to be removed years - ago - -Remove ------- - -1. makefile.vc files as there is no point in maintaining two sets of Windows - makefiles. Note: These are currently being used by the Windows autobuilds DELETED scriptlibs/softwareupdate/curl/docs/SECURITY.md Index: scriptlibs/softwareupdate/curl/docs/SECURITY.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/SECURITY.md +++ scriptlibs/softwareupdate/curl/docs/SECURITY.md @@ -1,116 +0,0 @@ -curl security for developers -============================ - -This document is intended to provide guidance to curl developers on how -security vulnerabilities should be handled. - -Publishing Information ----------------------- - -All known and public curl or libcurl related vulnerabilities are listed on -[the curl web site security page](https://curl.haxx.se/docs/security.html). - -Security vulnerabilities should not be entered in the project's public bug -tracker unless the necessary configuration is in place to limit access to the -issue to only the reporter and the project's security team. - -Vulnerability Handling ----------------------- - -The typical process for handling a new security vulnerability is as follows. - -No information should be made public about a vulnerability until it is -formally announced at the end of this process. That means, for example that a -bug tracker entry must NOT be created to track the issue since that will make -the issue public and it should not be discussed on any of the project's public -mailing lists. Also messages associated with any commits should not make -any reference to the security nature of the commit if done prior to the public -announcement. - -- The person discovering the issue, the reporter, reports the vulnerability - privately to `curl-security@haxx.se`. That's an email alias that reaches a - handful of selected and trusted people. - -- Messages that do not relate to the reporting or managing of an undisclosed - security vulnerability in curl or libcurl are ignored and no further action - is required. - -- A person in the security team sends an e-mail to the original reporter to - acknowledge the report. - -- The security team investigates the report and either rejects it or accepts - it. - -- If the report is rejected, the team writes to the reporter to explain why. - -- If the report is accepted, the team writes to the reporter to let him/her - know it is accepted and that they are working on a fix. - -- The security team discusses the problem, works out a fix, considers the - impact of the problem and suggests a release schedule. This discussion - should involve the reporter as much as possible. - -- The release of the information should be "as soon as possible" and is most - often synced with an upcoming release that contains the fix. If the - reporter, or anyone else, thinks the next planned release is too far away - then a separate earlier release for security reasons should be considered. - -- Write a security advisory draft about the problem that explains what the - problem is, its impact, which versions it affects, solutions or - workarounds, when the release is out and make sure to credit all - contributors properly. - -- Request a CVE number from - [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros) - when also informing and preparing them for the upcoming public security - vulnerability announcement - attach the advisory draft for information. Note - that 'distros' won't accept an embargo longer than 19 days and they do not - care for Windows-specific flaws. For windows-specific flaws, request CVE - directly from MITRE. - -- Update the "security advisory" with the CVE number. - -- The security team commits the fix in a private branch. The commit message - should ideally contain the CVE number. This fix is usually also distributed - to the 'distros' mailing list to allow them to use the fix prior to the - public announcement. - -- No more than 48 hours before the release, the private branch is merged into - the master branch and pushed. Once pushed, the information is accessible to - the public and the actual release should follow suit immediately afterwards. - The time between the push and the release is used for final tests and - reviews. - -- The project team creates a release that includes the fix. - -- The project team announces the release and the vulnerability to the world in - the same manner we always announce releases. It gets sent to the - curl-announce, curl-library and curl-users mailing lists. - -- The security web page on the web site should get the new vulnerability - mentioned. - -Pre-notification ----------------- - -If you think you are or should be eligible for a pre-notification about -upcoming security announcements for curl, we urge OS distros and similar -vendors to primarily join the distros@openwall list as that is one of the -purposes of that list - and not just for curl of course. - -If you are not a distro or otherwise not suitable for distros@openwall and yet -want pre-notifications from us, contact the curl security team with a detailed -and clear explanation why this is the case. - -curl-security (at haxx dot se) ------------------------------- - -Who is on this list? There are a couple of criteria you must meet, and then we -might ask you to join the list or you can ask to join it. It really isn't very -formal. We basically only require that you have a long-term presence in the -curl project and you have shown an understanding for the project and its way -of working. You must've been around for a good while and you should have no -plans in vanishing in the near future. - -We do not make the list of participants public mostly because it tends to vary -somewhat over time and a list somewhere will only risk getting outdated. DELETED scriptlibs/softwareupdate/curl/docs/SSL-PROBLEMS.md Index: scriptlibs/softwareupdate/curl/docs/SSL-PROBLEMS.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/SSL-PROBLEMS.md +++ scriptlibs/softwareupdate/curl/docs/SSL-PROBLEMS.md @@ -1,87 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -# SSL problems - - First, let's establish that we often refer to TLS and SSL interchangeably as - SSL here. The current protocol is called TLS, it was called SSL a long time - ago. - - There are several known reasons why a connection that involves SSL might - fail. This is a document that attempts to details the most common ones and - how to mitigate them. - -## CA certs - - CA certs are used to digitally verify the server's certificate. You need a - "ca bundle" for this. See lots of more details on this in the SSLCERTS - document. - -## CA bundle missing intermediate certificates - - When using said CA bundle to verify a server cert, you will experience - problems if your CA cert does not have the certificates for the - intermediates in the whole trust chain. - -## Protocol version - - Some broken servers fail to support the protocol negotiation properly that - SSL servers are supposed to handle. This may cause the connection to fail - completely. Sometimes you may need to explicitly select a SSL version to use - when connecting to make the connection succeed. - - An additional complication can be that modern SSL libraries sometimes are - built with support for older SSL and TLS versions disabled! - - All versions of SSL are considered insecure and should be avoided. Use TLS. - -## Ciphers - - Clients give servers a list of ciphers to select from. If the list doesn't - include any ciphers the server wants/can use, the connection handshake - fails. - - curl has recently disabled the user of a whole bunch of seriously insecure - ciphers from its default set (slightly depending on SSL backend in use). - - You may have to explicitly provide an alternative list of ciphers for curl - to use to allow the server to use a WEAK cipher for you. - - Note that these weak ciphers are identified as flawed. For example, this - includes symmetric ciphers with less than 128 bit keys and RC4. - - WinSSL in Windows XP is not able to connect to servers that no longer - support the legacy handshakes and algorithms used by those versions, so we - advice against building curl to use WinSSL on really old Windows versions. - - References: - - https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 - -## Allow BEAST - - BEAST is the name of a TLS 1.0 attack that surfaced 2011. When adding means - to mitigate this attack, it turned out that some broken servers out there in - the wild didn't work properly with the BEAST mitigation in place. - - To make such broken servers work, the --ssl-allow-beast option was - introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability - but on the other hand it allows curl to connect to that kind of strange - servers. - -## Disabling certificate revocation checks - - Some SSL backends may do certificate revocation checks (CRL, OCSP, etc) - depending on the OS or build configuration. The --ssl-no-revoke option was - introduced in 7.44.0 to disable revocation checking but currently is only - supported for WinSSL (the native Windows SSL library), with an exception in - the case of Windows' Untrusted Publishers blacklist which it seems can't be - bypassed. This option may have broader support to accommodate other SSL - backends in the future. - - References: - - https://curl.haxx.se/docs/ssl-compared.html DELETED scriptlibs/softwareupdate/curl/docs/SSLCERTS.md Index: scriptlibs/softwareupdate/curl/docs/SSLCERTS.md ================================================================== --- scriptlibs/softwareupdate/curl/docs/SSLCERTS.md +++ scriptlibs/softwareupdate/curl/docs/SSLCERTS.md @@ -1,163 +0,0 @@ -SSL Certificate Verification -============================ - -SSL is TLS ----------- - -SSL is the old name. It is called TLS these days. - - -Native SSL ----------- - -If libcurl was built with Schannel or Secure Transport support (the native SSL -libraries included in Windows and Mac OS X), then this does not apply to -you. Scroll down for details on how the OS-native engines handle SSL -certificates. If you're not sure, then run "curl -V" and read the results. If -the version string says "WinSSL" in it, then it was built with Schannel -support. - -It is about trust ------------------ - -This system is about trust. In your local CA certificate store you have certs -from *trusted* Certificate Authorities that you then can use to verify that the -server certificates you see are valid. They're signed by one of the CAs you -trust. - -Which CAs do you trust? You can decide to trust the same set of companies your -operating system trusts, or the set one of the known browsers trust. That's -basically trust via someone else you trust. You should just be aware that -modern operating systems and browsers are setup to trust *hundreds* of -companies and recent years several such CAs have been found untrustworthy. - -Certificate Verification ------------------------- - -libcurl performs peer SSL certificate verification by default. This is done -by using a CA certificate store that the SSL library can use to make sure the -peer's server certificate is valid. - -If you communicate with HTTPS, FTPS or other TLS-using servers using -certificates that are signed by CAs present in the store, you can be sure -that the remote server really is the one it claims to be. - -If the remote server uses a self-signed certificate, if you don't install a CA -cert store, if the server uses a certificate signed by a CA that isn't -included in the store you use or if the remote host is an impostor -impersonating your favorite site, and you want to transfer files from this -server, do one of the following: - - 1. Tell libcurl to *not* verify the peer. With libcurl you disable this with - `curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);` - - With the curl command line tool, you disable this with -k/--insecure. - - 2. Get a CA certificate that can verify the remote server and use the proper - option to point out this CA cert for verification when connecting. For - libcurl hackers: `curl_easy_setopt(curl, CURLOPT_CAPATH, capath);` - - With the curl command line tool: --cacert [file] - - 3. Add the CA cert for your server to the existing default CA certificate - store. The default CA certificate store can changed at compile time with the - following configure options: - - --with-ca-bundle=FILE: use the specified file as CA certificate store. CA - certificates need to be concatenated in PEM format into this file. - - --with-ca-path=PATH: use the specified path as CA certificate store. CA - certificates need to be stored as individual PEM files in this directory. - You may need to run c_rehash after adding files there. - - If neither of the two options is specified, configure will try to auto-detect - a setting. It's also possible to explicitly not hardcode any default store - but rely on the built in default the crypto library may provide instead. - You can achieve that by passing both --without-ca-bundle and - --without-ca-path to the configure script. - - If you use Internet Explorer, this is one way to get extract the CA cert - for a particular server: - - - View the certificate by double-clicking the padlock - - Find out where the CA certificate is kept (Certificate> - Authority Information Access>URL) - - Get a copy of the crt file using curl - - Convert it from crt to PEM using the openssl tool: - openssl x509 -inform DES -in yourdownloaded.crt \ - -out outcert.pem -text - - Add the 'outcert.pem' to the CA certificate store or use it stand-alone - as described below. - - If you use the 'openssl' tool, this is one way to get extract the CA cert - for a particular server: - - - `openssl s_client -connect xxxxx.com:443 |tee logfile` - - type "QUIT", followed by the "ENTER" key - - The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE" - markers. - - If you want to see the data in the certificate, you can do: "openssl - x509 -inform PEM -in certfile -text -out certdata" where certfile is - the cert you extracted from logfile. Look in certdata. - - If you want to trust the certificate, you can add it to your CA - certificate store or use it stand-alone as described. Just remember that - the security is no better than the way you obtained the certificate. - - 4. If you're using the curl command line tool, you can specify your own CA - cert path by setting the environment variable `CURL_CA_BUNDLE` to the path - of your choice. - - If you're using the curl command line tool on Windows, curl will search - for a CA cert file named "curl-ca-bundle.crt" in these directories and in - this order: - 1. application's directory - 2. current working directory - 3. Windows System directory (e.g. C:\windows\system32) - 4. Windows Directory (e.g. C:\windows) - 5. all directories along %PATH% - - 5. Get a better/different/newer CA cert bundle! One option is to extract the - one a recent Firefox browser uses by running 'make ca-bundle' in the curl - build tree root, or possibly download a version that was generated this - way for you: [CA Extract](https://curl.haxx.se/docs/caextract.html) - -Neglecting to use one of the above methods when dealing with a server using a -certificate that isn't signed by one of the certificates in the installed CA -certificate store, will cause SSL to report an error ("certificate verify -failed") during the handshake and SSL will then refuse further communication -with that server. - -Certificate Verification with NSS ---------------------------------- - -If libcurl was built with NSS support, then depending on the OS distribution, -it is probably required to take some additional steps to use the system-wide -CA cert db. RedHat ships with an additional module, libnsspem.so, which -enables NSS to read the OpenSSL PEM CA bundle. On openSUSE you can install -p11-kit-nss-trust which makes NSS use the system wide CA certificate store. NSS -also has a new [database format](https://wiki.mozilla.org/NSS_Shared_DB). - -Starting with version 7.19.7, libcurl automatically adds the 'sql:' prefix to -the certdb directory (either the hardcoded default /etc/pki/nssdb or the -directory configured with SSL_DIR environment variable). To check which certdb -format your distribution provides, examine the default certdb location: -/etc/pki/nssdb; the new certdb format can be identified by the filenames -cert9.db, key4.db, pkcs11.txt; filenames of older versions are cert8.db, -key3.db, secmod.db. - -Certificate Verification with Schannel and Secure Transport ------------------------------------------------------------ - -If libcurl was built with Schannel (Microsoft's native TLS engine) or Secure -Transport (Apple's native TLS engine) support, then libcurl will still perform -peer certificate verification, but instead of using a CA cert bundle, it will -use the certificates that are built into the OS. These are the same -certificates that appear in the Internet Options control panel (under Windows) -or Keychain Access application (under OS X). Any custom security rules for -certificates will be honored. - -Schannel will run CRL checks on certificates unless peer verification is -disabled. Secure Transport on iOS will run OCSP checks on certificates unless -peer verification is disabled. Secure Transport on OS X will run either OCSP -or CRL checks on certificates if those features are enabled, and this behavior -can be adjusted in the preferences of Keychain Access. DELETED scriptlibs/softwareupdate/curl/docs/THANKS.txt Index: scriptlibs/softwareupdate/curl/docs/THANKS.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/THANKS.txt +++ scriptlibs/softwareupdate/curl/docs/THANKS.txt @@ -1,1513 +0,0 @@ - This project has been alive for many years. Countless people have provided - feedback that have improved curl. Here follows a list of people that have - contributed (a-z order). - - If you have contributed but are missing here, please let us know! - -"Captain Basil" -"Spoon Man" -Aaro Koskinen -Aaron Oneal -Aaron Orenstein -Abram Pousada -Adam D. Moss -Adam Langley -Adam Light -Adam Piggott -Adam Sampson -Adam Tkac -Adrian Schuur -Adriano Meirelles -Ajit Dhumale -Aki Koskinen -Akos Pasztory -Akshay Vernekar -Alain Danteny -Alan Pinstein -Albert Chin-A-Young -Albert Choy -Ale Vesely -Alejandro Alvarez Ayllon -Aleksandar Milivojevic -Aleksey Tulinov -Ales Novak -Alessandro Ghedini -Alessandro Vesely -Alex Bligh -Alex Chan -Alex Fishman -Alex Gruz -Alex McLellan -Alex Neblett -Alex Rousskov -Alex Suykov -Alex Vinnik -Alex aka WindEagle -Alexander Beedie -Alexander Dyagilev -Alexander Elgert -Alexander Klauer -Alexander Kourakos -Alexander Krasnostavsky -Alexander Lazic -Alexander Pepper -Alexander Peslyak -Alexander Sinditskiy -Alexander Traud -Alexander Zhuravlev -Alexey Borzov -Alexey Pesternikov -Alexey Simak -Alexey Zakhlestin -Alexis Carvalho -Alexis La Goutte -Alfred Gebert -Allen Pulsifer -Alona Rossen -Amol Pattekar -Amr Shahin -Anatol Belski -Anatoli Tubman -Anders Bakken -Anders Gustafsson -Anders Havn -Andi Jahja -Andre Guibert de Bruet -Andre Heinecke -Andreas Damm -Andreas Faerber -Andreas Farber -Andreas Malzahn -Andreas Ntaflos -Andreas Olsson -Andreas Rieke -Andreas Roth -Andreas Schuldei -Andreas Streichardt -Andreas Wurf -Andrei Benea -Andrei Cipu -Andrei Kurushin -Andrei Sedoi -Andrej E Baranov -Andrew Benham -Andrew Biggs -Andrew Bushnell -Andrew Francis -Andrew Fuller -Andrew Kurushin -Andrew Moise -Andrew Robbins -Andrew Wansink -Andrew de los Reyes -Andrey Labunets -Andrii Moiseiev -Andrés García -Andy Cedilnik -Andy Serpa -Andy Tsouladze -Angus Mackay -Anthon Pang -Anthony Avina -Anthony Bryan -Anthony G. Basile -Antoine Aubert -Antoine Calando -Anton Bychkov -Anton Kalmykov -Anton Malov -Anton Yabchinskiy -Antonio Larrosa -Arkadiusz Miskiewicz -Armel Asselin -Arnaud Compan -Arnaud Ebalard -Arthur Murray -Arve Knudsen -Arvid Norberg -Ashish Shukla -Ask Bjørn Hansen -Askar Safin -Ates Goral -Augustus Saunders -Avery Fay -Axel Tillequin -Balaji Parasuram -Balaji Salunke -Balint Szilakszi -Barry Abrahamson -Bart Whiteley -Bas Mevissen -Ben Boeckel -Ben Darnell -Ben Greear -Ben Madsen -Ben Noordhuis -Ben Van Hof -Ben Winslow -Benbuck Nason -Benjamin Gerard -Benjamin Gilbert -Benjamin Johnson -Benjamin Kircher -Benoit Neil -Benoit Sigoure -Bernard Leak -Bernard Spil -Bernhard Reutner-Fischer -Bert Huijben -Bertrand Demiddelaer -Bertrand Simonnet -Bill Doyle -Bill Egert -Bill Hoffman -Bill Middlecamp -Bill Nagel -Bjoern Sikora -Bjorn Augustsson -Bjorn Reese -Björn Stenberg -Blaise Potard -Bob Relyea -Bob Richmond -Bob Schader -Bogdan Nicula -Brad Burdick -Brad Fitzpatrick -Brad Harder -Brad Hards -Brad King -Brad Spencer -Bradford Bruce -Brandon Casey -Brandon Wang -Brendan Jurd -Brent Beardsley -Brian Akins -Brian Chrisman -Brian Dessent -Brian J. Murrell -Brian Prodoehl -Brian R Duffy -Brian Ulm -Brock Noland -Bru Rom -Bruce Mitchener -Bruce Stephens -Bruno Thomsen -Bruno de Carvalho -Bryan Henderson -Bryan Kemp -Byrial Jensen -Cameron Kaiser -Cameron MacMinn -Camille Moncelier -Caolan McNamara -Carlo Wood -Carsten Lange -Casey O'Donnell -Catalin Patulea -Chad Monroe -Chandrakant Bagul -Charles Kerr -Charles Romestant -Chen Prog -Chih-Chung Chang -Chris "Bob Bob" -Chris Araman -Chris Combes -Chris Conlon -Chris Deidun -Chris Flerackers -Chris Gaukroger -Chris Maltby -Chris Mumford -Chris Smowton -Chris Young -Christian Fillion -Christian Grothoff -Christian Heimes -Christian Hägele -Christian Krause -Christian Kurz -Christian Robottom Reis -Christian Schmitz -Christian Stewart -Christian Vogt -Christian Weisgerber -Christophe Demory -Christophe Legry -Christopher Conroy -Christopher Palow -Christopher R. Palmer -Christopher Stone -Chungtsun Li -Ciprian Badescu -Claes Jakobsson -Clarence Gardner -Clemens Gruber -Clifford Wolf -Clint Clayton -Cody Jones -Cody Mack -Colby Ranger -Colin Blair -Colin Hogben -Colin Watson -Colm Buckley -Constantine Sapuntzakis -Cory Benfield -Cory Nelson -Craig A West -Craig Davison -Craig Markwardt -Cris Bailiff -Cristian Rodríguez -Curt Bogmine -Cyrill Osterwalder -Cédric Connes -Cédric Deltheil -D. Flinkmann -Da-Yoon Chung -Dag Ekengren -Dagobert Michelsen -Dambaev Alexander -Damian Dixon -Damien Adant -Damien Vielpeau -Dan Becker -Dan C -Dan Cristian -Dan Donahue -Dan Fandrich -Dan Jacobson -Dan Locks -Dan McNulty -Dan Nelson -Dan Petitt -Dan Torop -Dan Zitter -Daniel Black -Daniel Cater -Daniel Egger -Daniel Gustafsson -Daniel Hwang -Daniel Johnson -Daniel Kahn Gillmor -Daniel Lee Hwang -Daniel Melani -Daniel Mentz -Daniel Romero -Daniel Schauenberg -Daniel Seither -Daniel Shahaf -Daniel Steinberg -Daniel Stenberg -Daniel Theron -Daniel at touchtunes -Darryl House -Darshan Mody -Darío Hereñú -Dave Dribin -Dave Halbakken -Dave Hamilton -Dave May -Dave Reisner -Dave Thompson -Dave Vasilevsky -Davey Shafik -David Bau -David Benjamin -David Binderman -David Blaikie -David Byron -David Cohen -David Eriksson -David Houlder -David Hull -David J Meyer -David James -David Kalnischkies -David Kierznowski -David Kimdon -David Lang -David LeBlanc -David McCreedy -David Meyer -David Odin -David Phillips -David Rosenstrauch -David Ryskalczyk -David Schweikert -David Shaw -David Strauss -David Tarendash -David Thiel -David Walser -David Woodhouse -David Wright -David Yan -Dengminwen -Denis Feklushkin -Dennis Clarke -Derek Higgins -Detlef Schmier -Didier Brisebourg -Diego Bes -Diego Casorran -Dilyan Palauzov -Dima Barsky -Dima Tisnek -Dimitar Boevski -Dimitre Dimitrov -Dimitrios Siganos -Dimitris Sarris -Dinar -Dirk Eddelbuettel -Dirk Manske -Dmitri Shubin -Dmitriy Sergeyev -Dmitry Bartsevich -Dmitry Eremin-Solenikov -Dmitry Falko -Dmitry Kurochkin -Dmitry Popov -Dmitry Rechkin -Dmitry S. Baikov -Dolbneff A.V -Domenico Andreoli -Dominick Meglio -Dominik Hölzl -Dominique Leuenberger -Doug Kaufman -Doug Porter -Douglas Creager -Douglas E. Wegscheid -Douglas Kilpatrick -Douglas R. Horner -Douglas Steinwand -Dov Murik -Drake Arconis -Duane Cathey -Duncan Mac-Vicar Prett -Dustin Boswell -Dusty Mabe -Dylan Ellicott -Dylan Salisbury -Early Ehlinger -Ebenezer Ikonne -Ed Morley -Edin Kadribasic -Eduard Bloch -Edward Rudd -Edward Sheldrake -Eelco Dolstra -Eetu Ojanen -Egon Eckert -Eldar Zaitov -Ellis Pritchard -Elmira A Semenova -Emanuele Bovisio -Emil Lerner -Emil Romanus -Emiliano Ida -Enrico Scholz -Enrik Berkhan -Eramoto Masaya -Eric Cooper -Eric Hu -Eric Landes -Eric Lavigne -Eric Lubin -Eric Melville -Eric Mertens -Eric Rautman -Eric Rescorla -Eric Ridge -Eric S. Raymond -Eric Thelin -Eric Vergnaud -Eric Wong -Eric Young -Erick Nuwendam -Erik Janssen -Erik Johansson -Ernest Beinrohr -Erwan Legrand -Erwin Authried -Ethan Glasser Camp -Eugene Kotlyarov -Evan Jordan -Evgeny Grin -Evgeny Turnaev -Eygene Ryabinkin -Fabian Frank -Fabian Hiernaux -Fabian Keil -Fabian Ruff -Fabrizio Ammollo -Fahim Chandurwala -Fedor Karpelevitch -Feist Josselin -Felix Yan -Felix von Leitner -Feng Tu -Fernando Muñoz -Flavio Medeiros -Florian Schoppmann -Florian Weimer -Forrest Cahoon -Francisco Moraes -Frank Gevaerts -Frank Hempel -Frank Keeney -Frank McGeough -Frank Meier -Frank Ticheler -Frank Van Uffelen -František Kučera -François Charlier -Fred Machado -Fred New -Fred Noz -Fred Stluka -Frederic Lepied -Fredrik Thulin -Gabriel Kuri -Gabriel Sjoberg -Garrett Holmstrom -Gary Maxwell -Gaurav Malhotra -Gautam Kachroo -Gautam Mani -Gavrie Philipson -Gaz Iqbal -Gaël Portay -Geoff Beier -Georg Horn -Georg Huettenegger -Georg Lippitsch -Georg Wicherski -Gerd v. Egidy -Gergely Nagy -Gerhard Herre -Gerrit Bruchhäuser -Ghennadi Procopciuc -Giancarlo Formicuccia -Giaslas Georgios -Gil Weber -Gilad -Gilbert Ramirez Jr. -Gilles Blanc -Gisle Vanem -Giuseppe Attardi -Giuseppe D'Ambrosio -Glen A Johnson Jr. -Glen Nakamura -Glen Scott -Glenn Sheridan -Google Inc. -Gordon Marler -Gorilla Maguila -Gou Lingfeng -Grant Erickson -Grant Pannell -Greg Hewgill -Greg Morse -Greg Onufer -Greg Pratt -Greg Zavertnik -Gregory Szorc -Grigory Entin -Guenole Bescon -Guenter Knauf -Guido Berhoerster -Guillaume Arluison -Gunter Knauf -Gustaf Hui -Gustavo Grieco -Gwenole Beauchesne -Gökhan Şengün -Götz Babin-Ebell -Hamish Mackenzie -Hang Kin Lau -Hang Su -Hanno Böck -Hanno Kranzhoff -Hans Steegers -Hans-Jurgen May -Hardeep Singh -Haris Okanovic -Harold Stuart -Harshal Pradhan -Hauke Duden -He Qin -Heikki Korpela -Heinrich Ko -Heinrich Schaefer -Helwing Lutz -Hendrik Visage -Henrik Gaßmann -Henrik Storner -Henry Ludemann -Herve Amblard -Hidemoto Nakada -Ho-chi Chen -Hoi-Ho Chan -Hongli Lai -Howard Chu -Hubert Kario -Hzhijun -Ian D Allen -Ian Ford -Ian Gulliver -Ian Lynagh -Ian Turner -Ian Wilkes -Ignacio Vazquez-Abrams -Igor Franchuk -Igor Novoseltsev -Igor Polyakov -Iida Yosiaki -Ilguiz Latypov -Ilja van Sprundel -Immanuel Gregoire -Inca R -Ingmar Runge -Ingo Ralf Blum -Ingo Wilken -Irfan Adilovic -Isaac Boukris -Ishan SinghLevett -Ivan Avdeev -Ivo Bellin Salarin -Jack Zhang -Jacky Lam -Jacob Meuser -Jacob Moshenko -Jactry Zeng -Jad Chamcham -Jaime Fullaondo -Jakub Zakrzewski -James Bursa -James Cheng -James Clancy -James Cone -James Dury -James Gallagher -James Griffiths -James Housley -James MacMillan -Jamie Lokier -Jamie Newton -Jamie Wilkinson -Jan Ehrhardt -Jan Koen Annot -Jan Kunder -Jan Schaumann -Jan Van Boghout -Jared Jennings -Jared Lundell -Jari Aalto -Jari Sundell -Jason Glasgow -Jason Liu -Jason McDonald -Jason S. Priebe -Javier Barroso -Javier G. Sogo -Jay Austin -Jayesh A Shah -Jaz Fresh -Jean Gressmann -Jean Jacques Drouin -Jean-Claude Chauve -Jean-Francois Bertrand -Jean-Francois Durand -Jean-Louis Lemaire -Jean-Marc Ranger -Jean-Noël Rouvignac -Jean-Philippe Barrette-LaPierre -Jeff Connelly -Jeff Hodges -Jeff Johnson -Jeff King -Jeff Lawson -Jeff Phillips -Jeff Pohlmeyer -Jeff Weber -Jeffrey Walton -Jens Rantil -Jeremy Friesner -Jeremy Huddleston -Jeremy Lin -Jeremy Pearson -Jeroen Koekkoek -Jeroen Ooms -Jerome Muffat-Meridol -Jerome Robert -Jerome Vouillon -Jerry Krinock -Jerry Wu -Jes Badwal -Jesper Jensen -Jesse Noller -Jesse Tan -Jie He -Jim Drash -Jim Freeman -Jim Hollinger -Jim Meyering -Jiri Dvorak -Jiri Hruska -Jiri Jaburek -Jiří Malák -Jocelyn Jaubert -Joe Halpin -Joe Malicki -Joe Mason -Joel Chen -Joel Depooter -Jofell Gallardo -Johan Anderson -Johan Lantz -Johan Nilsson -Johan van Selst -Johannes Bauer -Johannes Ernst -Johannes Schindelin -John Bradshaw -John Coffey -John Crow -John Dennis -John Dunn -John E. Malmberg -John Gardiner Myers -John Janssen -John Joseph Bachir -John Kelly -John Kohl -John Lask -John Levon -John Lightsey -John Marino -John Marshall -John McGowan -John P. McCaskey -John Suprock -John Wanghui -John Wilkinson -John-Mark Bell -Johnny Luong -Jon Grubbs -Jon Nelson -Jon Sargeant -Jon Seymour -Jon Spencer -Jon Torrey -Jon Travis -Jon Turner -Jonas Forsman -Jonas Minnberg -Jonas Schnelli -Jonatan Lander -Jonatan Vela -Jonathan Cardoso Machado -Jonathan Cardoso Machado Machado -Jonathan Hseu -Jonathan Nieder -Jongki Suwandi -Joonas Kuorilehto -Jose Alf -Jose Kahan -Josef Wolf -Josh Kapell -Joshua Kwan -Josue Andrade Gomes -Juan Barreto -Juan F. Codagnone -Juan Ignacio Hervás -Juan RP -Judson Bishop -Juergen Wilke -Jukka Pihl -Julian Noble -Julian Ospald -Julian Taylor -Julien Chaffraix -Julien Nabet -Julien Royer -Jun-ichiro itojun Hagino -Jurij Smakov -Justin Ehlert -Justin Fletcher -Justin Karneges -Justin Maggard -János Fekete -Jörg Mueller-Tolk -Jörn Hartroth -K. R. Walker -Kai Engert -Kai Noda -Kai Sommerfeld -Kai-Uwe Rommel -Kalle Vahlman -Kamil Dudka -Kang Lin -Kang-Jin Lee -Karl Moerder -Karol Pietrzak -Kaspar Brand -Katie Wang -Kazuho Oku -Kees Cook -Keith MacDonald -Keith McGuigan -Keith Mok -Ken Hirsch -Ken Rastatter -Kenny To -Kent Boortz -Keshav Krity -Kevin Baughman -Kevin Fisk -Kevin Lussier -Kevin Reed -Kevin Roth -Kim Minjoong -Kim Rinnewitz -Kim Vandry -Kimmo Kinnunen -Kjell Ericson -Kjetil Jacobsen -Klevtsov Vadim -Konstantin Isakov -Kris Kennaway -Krishnendu Majumdar -Krister Johansen -Kristian Gunstone -Kristian Köhntopp -Kurt Fankhauser -Kyle J. McKay -Kyle L. Huff -Kyle Sallee -Kyselgov E.N -Lachlan O'Dea -Larry Campbell -Larry Fahnoe -Larry Lin -Larry Stone -Lars Buitinck -Lars Gustafsson -Lars J. Aas -Lars Johannesen -Lars Nilsson -Lars Torben Wilson -Lau Hang Kin -Laurent Rabret -Lauri Kasanen -Legoff Vincent -Lehel Bernadt -Leif W -Leith Bade -Len Krause -Lenaic Lefever -Lenny Rachitsky -Leon Winter -Leonardo Rosati -Liam Healy -Lijo Antony -Linas Vepstas -Lindley French -Ling Thio -Linus Nielsen Feltzing -Linus Nordberg -Lior Kaplan -Lisa Xu -Liviu Chircu -Liza Alenchery -Lluís Batlle i Rossell -Loic Dachary -Loren Kirkby -Luan Cestari -Luca Altea -Lucas Adamski -Lucas Pardue -Ludek Finstrle -Ludovico Cavedon -Ludwig Nussel -Lukas Ruzicka -Lukasz Czekierda -Luke Amery -Luke Call -Luke Dashjr -Luo Jinghua -Luong Dinh Dung -Luật Nguyễn -Lyndon Hill -Maciej Karpiuk -Maciej Puzio -Maciej W. Rozycki -Maks Naumov -Maksim Kuzevanov -Maksim Stsepanenka -Mamoru Tasaka -Mandy Wu -Manfred Schwarb -Manuel Massing -Marc Boucher -Marc Deslauriers -Marc Doughty -Marc Hesse -Marc Hörsken -Marc Kleine-Budde -Marc Renault -Marcel Raad -Marcel Roelofs -Marcelo Echeverria -Marcelo Juchem -Marcin Adamski -Marcin Gryszkalis -Marcin Konicki -Marco Deckel -Marco G. Salvagno -Marco Maggi -Marcus Hoffmann -Marcus Sundberg -Marcus Webster -Mario Schroeder -Mark Brand -Mark Butler -Mark Davies -Mark Eichin -Mark Hamilton -Mark Incley -Mark Karpeles -Mark Lentczner -Mark Nottingham -Mark Salisbury -Mark Snelling -Mark Tully -Markus Duft -Markus Elfring -Markus Koetter -Markus Moeller -Markus Oberhumer -Markus Westerlind -Marquis de Muesli -Martijn Koster -Martin C. Martin -Martin Drasar -Martin Frodl -Martin Hager -Martin Hedenfalk -Martin Jansen -Martin Lemke -Martin Skinner -Martin Storsjö -Martin Vejnár -Marty Kuhrt -Maruko -Massimiliano Ziccardi -Massimo Callegari -Mateusz Loskot -Mathias Axelsson -Mats Lidell -Matt Arsenault -Matt Ford -Matt Kraai -Matt Veenstra -Matt Witherspoon -Matt Wixson -Matteo Rocco -Matthew Blain -Matthew Clarke -Matthew Hall -Matthias Bolte -Maurice Barnum -Mauro Iorio -Mauro Rappa -Max Katsev -Max Khon -Maxim Ivanov -Maxim Perenesenko -Maxim Prohorov -Maxime Larocque -Mehmet Bozkurt -Mekonikum -Melissa Mears -Mettgut Jamalla -Michael Benedict -Michael Calmer -Michael Cronenworth -Michael Curtis -Michael Day -Michael Goffioul -Michael Jahn -Michael Jerris -Michael Kalinin -Michael Kaufmann -Michael König -Michael Mealling -Michael Mueller -Michael Osipov -Michael Smith -Michael Stapelberg -Michael Stillwell -Michael Wallner -Michal Bonino -Michal Marek -Michał Fita -Michał Górny -Michał Kowalczyk -Michał Piechowski -Michel Promonet -Michele Bini -Miguel Angel -Miguel Diaz -Mihai Ionescu -Mikael Johansson -Mikael Sennerholm -Mike Bytnar -Mike Crowe -Mike Dobbs -Mike Giancola -Mike Hasselberg -Mike Henshaw -Mike Hommey -Mike Mio -Mike Power -Mike Protts -Mike Revi -Miklos Nemeth -Miloš Ljumović -Mingliang Zhu -Miroslav Franc -Miroslav Spousta -Mitz Wark -Mohamed Lrhazi -Mohammad AlSaleh -Mohun Biswas -Mostyn Bramley-Moore -Moti Avrahami -Myk Taylor -Nach M. S. -Nagai H -Nathan Coulter -Nathan O'Sullivan -Nathanael Nerode -Nathaniel Waisbrot -Naveen Chandran -Naveen Noel -Neal Poole -Neil Bowers -Neil Dunbar -Neil Spring -Nic Roets -Nicholas Maniscalco -Nick Draffen -Nick Gimbrone -Nick Humfrey -Nick Zitzmann -Nico Baggus -Nicolas Berloquin -Nicolas Croiset -Nicolas François -Niels van Tongeren -Nikita Schmidt -Nikitinskit Dmitriy -Niklas Angebrand -Nikolai Kondrashov -Nikos Mavrogiannopoulos -Ning Dong -Nir Soffer -Nis Jorgensen -Nobuhiro Ban -Nodak Sodak -Norbert Frese -Norbert Kett -Norbert Novotny -Octavio Schroeder -Ofer -Okhin Vasilij -Ola Mork -Olaf Flebbe -Olaf Stüben -Oleg Pudeyev -Oliver Gondža -Oliver Graute -Oliver Kuckertz -Oliver Schindler -Olivier Berger -Olivier Brunel -Orange Tsai -Oren Souroujon -Oren Tirosh -Orgad Shaneh -Ori Avtalion -Oscar Koeroo -Oscar Norlander -P R Schaffner -Paolo Piacentini -Paras Sethia -Pascal Terjan -Pasha Kuznetsov -Pasi Karkkainen -Pat Ray -Patrice Guerin -Patricia Muscalu -Patrick Bihan-Faou -Patrick McManus -Patrick Monnerat -Patrick Rapin -Patrick Scott -Patrick Smith -Patrick Watson -Patrik Thunstrom -Pau Garcia i Quiles -Paul Donohue -Paul Harrington -Paul Howarth -Paul Joyce -Paul Marks -Paul Marquis -Paul Moore -Paul Nolan -Paul Oliver -Paul Querna -Paul Saab -Pavel Cenek -Pavel Orehov -Pavel Raiskup -Pawel A. Gajda -Pawel Kierski -Pedro Larroy -Pedro Neves -Per Malmberg -Peter Bray -Peter Forret -Peter Frühberger -Peter Gal -Peter Heuchert -Peter Hjalmarsson -Peter Korsgaard -Peter Lamberg -Peter Laser -Peter O'Gorman -Peter Pentchev -Peter Silva -Peter Su -Peter Sylvester -Peter Todd -Peter Verhas -Peter Wang -Peter Wu -Peter Wullinger -Peteris Krumins -Petr Bahula -Petr Novak -Petr Pisar -Phil Blundell -Phil Karn -Phil Lisiecki -Phil Pellouchoud -Philip Craig -Philip Gladstone -Philip Langdale -Philippe Hameau -Philippe Raoult -Philippe Vaucher -Pierre -Pierre Brico -Pierre Chapuis -Pierre Joye -Pierre Ynard -Pooyan McSporran -Pramod Sharma -Prash Dush -Praveen Pvs -Priyanka Shah -Puneet Pawaia -Quagmire -Quanah Gibson-Mount -Quinn Slack -R. Dennis Steed -Radu Simionescu -Rafa Muyo -Rafael Antonio -Rafael Sagula -Rafayel Mkrtchyan -Rafaël Carré -Rainer Canavan -Rainer Jung -Rainer Koenig -Rainer Müller -Rajesh Naganathan -Rajkumar Mandal -Ralf S. Engelschall -Ralph Beckmann -Ralph Mitchell -Ramana Mokkapati -Randy Armstrong -Randy McMurchy -Ravi Pratap -Ray Dassen -Ray Pekowski -Ray Satiro -Razvan Cojocaru -Reinhard Max -Reinout van Schouwen -Remi Gacogne -Remo E -Renato Botelho -Renaud Chaillat -Renaud Duhaut -Renaud Guillard -Renaud Lehoux -Rene Bernhardt -Rene Rebe -Reuven Wachtfogel -Reza Arbab -Ricardo Cadime -Rich Burridge -Rich Gray -Rich Rauenzahn -Richard Archer -Richard Atterer -Richard Bramante -Richard Clayton -Richard Cooper -Richard Gorton -Richard Gray -Richard Hosking -Richard Michael -Richard Moore -Richard Prescott -Richard Silverman -Richard van den Berg -Richy Kim -Rick Jones -Rick Richardson -Ricki Hirner -Rider Linden -Rob Crittenden -Rob Davies -Rob Jones -Rob Stanzel -Rob Ward -Robert A. Monat -Robert B. Harris -Robert D. Young -Robert Foreman -Robert Iakobashvili -Robert Olson -Robert Schumann -Robert Weaver -Robert Wruck -Robin Cornelius -Robin Johnson -Robin Kay -Robson Braga Araujo -Rod Widdowson -Rodney Simmons -Rodric Glaser -Rodrigo Silva -Roger Leigh -Roland Blom -Roland Krikava -Roland Zimmermann -Rolland Dudemaine -Romain Coltel -Roman Koifman -Roman Mamedov -Romulo A. Ceccon -Ron Parker -Ron Zapp -Ronnie Mose -Rosimildo da Silva -Roy Shan -Rune Kleveland -Ruslan Gazizov -Rutger Hofman -Ryan Braud -Ryan Chan -Ryan Nelson -Ryan Schmidt -Ryan Scott -Rémy Léone -S. Moonesamy -Salvador Dávila -Salvatore Sorrentino -Sam Deane -Sam Hurst -Sam Roth -Sam Schanken -Sampo Kellomaki -Samuel Díaz García -Samuel Listopad -Samuel Thibault -Sander Gates -Sandor Feldi -Santhana Todatry -Saqib Ali -Sara Golemon -Saran Neti -Sascha Swiercy -Saul good -Saurav Babu -Scott Bailey -Scott Barrett -Scott Cantor -Scott Davis -Scott McCreary -Sean Boudreau -Sean Burford -Sebastian Mundry -Sebastian Pohlschmidt -Sebastian Rasmussen -Senthil Raja Velu -Sergei Kuzmin -Sergei Nikulov -Sergey Tatarincev -Sergii Pylypenko -Sergio Ballestrero -Serj Kalichev -Seshubabu Pasam -Seth Mos -Sh Diao -Shachaf Ben-Kiki -Shao Shuchao -Sharad Gupta -Shard -Shawn Landden -Shawn Poulson -Shine Fan -Shmulik Regev -Siddhartha Prakash Jain -Sidney San Martín -Siegfried Gyuricsko -Simon Dick -Simon H. -Simon Josefsson -Simon Liu -Simon Warta -Song Ma -Sonia Subramanian -Spacen Jasset -Spiridonoff A.V -Spork Schivago -Stadler Stephan -Stan van de Burgt -Stanislav Ivochkin -Stefan Bühler -Stefan Eissing -Stefan Esser -Stefan Kanthak -Stefan Krause -Stefan Neis -Stefan Teleman -Stefan Tomanek -Stefan Ulrich -Steinar H. Gunderson -Stephan Bergmann -Stephen Brokenshire -Stephen Collyer -Stephen Kick -Stephen More -Sterling Hughes -Steve Green -Steve H Truong -Steve Havelka -Steve Holme -Steve Lhomme -Steve Little -Steve Marx -Steve Oliphant -Steve Roskowski -Steven Bazyl -Steven G. Johnson -Steven Gu -Steven M. Schweda -Steven Parkes -Stoned Elipot -Sune Ahlgren -Sven Anders -Sven Neuhaus -Sven Wegener -Svyatoslav Mishyn -Symeon Paraschoudis -Sébastien Willemijns -T. Bharath -T. Yamada -TJ Saunders -Tae Hyoung Ahn -Taneli Vähäkangas -Tanguy Fautre -Tatsuhiro Tsujikawa -Temprimus -Terri Oda -Theodore Dubois -Thomas Braun -Thomas Glanzmann -Thomas J. Moore -Thomas Klausner -Thomas L. Shinnick -Thomas Lopatic -Thomas Ruecker -Thomas Schwinge -Thomas Tonino -Thorsten Schöning -Tiit Pikma -Till Maas -Tim Ansell -Tim Baker -Tim Bartley -Tim Chen -Tim Costello -Tim Harder -Tim Heckman -Tim Newsome -Tim Rühsen -Tim Sneddon -Tim Stack -Tim Starling -Timo Sirainen -Timotej Lazar -Timothy Polich -Tinus van den Berg -Tobias Markus -Tobias Rundström -Tobias Stoeckmann -Toby Peterson -Todd A Ouska -Todd Kulesza -Todd Short -Todd Vierling -Tom Benoist -Tom Donovan -Tom Grace -Tom Lee -Tom Mattison -Tom Moers -Tom Mueller -Tom Regner -Tom Sparrow -Tom Wright -Tom Zerucha -Tomas Hoger -Tomas Jakobsson -Tomas Mlcoch -Tomas Pospisek -Tomas Szepe -Tomas Tomecek -Tomasz Kojm -Tomasz Lacki -Tommie Gannert -Tommy Tam -Ton Voon -Toni Moreno -Tony Kelman -Toon Verwaest -Tor Arntsen -Torben Dannhauer -Torsten Foertsch -Toshio Kuratomi -Toshiyuki Maezawa -Traian Nicolescu -Travis Burtrum -Troels Walsted Hansen -Troy Engel -Tupone Alfredo -Tyler Hall -Török Edwin -Ulf Härnhammar -Ulf Samuelsson -Ulrich Doehner -Ulrich Telle -Ulrich Zadow -Valentin David -Vasy Okhin -Venkat Akella -Victor Snezhko -Vijay Panghal -Vikram Saxena -Viktor Szakáts -Ville Skyttä -Vilmos Nebehaj -Vincent Bronner -Vincent Le Normand -Vincent Penquerc'h -Vincent Sanders -Vincent Torri -Vlad Grachov -Vlad Ureche -Vladimir Grishchenko -Vladimir Lazarenko -Vojtech Janota -Vojtech Minarik -Vojtěch Král -Vsevolod Novikov -W. Mark Kubacki -Waldek Kozba -Walter J. Mack -Ward Willats -Warp Kawada -Warren Menzer -Wayne Haigh -Werner Koch -Wesley Laxton -Wesley Miaw -Wez Furlong -Wilfredo Sanchez -Will Dietz -Willem Sparreboom -William Ahern -Wojciech Zwiefka -Wouter Van Rooy -Wu Yongzheng -Xavier Bouchoux -Xiangbin Li -Yaakov Selkowitz -Yamada Yasuharu -Yang Tse -Yarram Sunil -Yasuharu Yamada -Yehezkel Horowitz -Yehoshua Hershberg -Yi Huang -Yingwei Liu -Yonggang Luo -Yousuke Kimoto -Yukihiro Kawada -Yun SangHo -Yuriy Sosov -Yves Arrouye -Yves Lejeune -Zdenek Pavlas -Zekun Ni -Zmey Petroff -Zvi Har'El -afrind on github -asavah on github -baumanj on github -bsammon on github -dkjjr89 on github -eXeC64 on github -jonrumsey on github -jveazey on github -kreshano on github -lukaszgn on github -marc-groundctl on github -neex on github -nk -nopjmp on github -silveja1 on github -swalkaus at yahoo.com -tarek112 on github -tommink[at]post.pl -vanillajonathan on github -wmsch on github -zelinchen on github -İsmail Dönmez -Štefan Kremeň -Никита Дорохин DELETED scriptlibs/softwareupdate/curl/docs/TODO.txt Index: scriptlibs/softwareupdate/curl/docs/TODO.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/TODO.txt +++ scriptlibs/softwareupdate/curl/docs/TODO.txt @@ -1,1253 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - Things that could be nice to do in the future - - Things to do in project curl. Please tell us what you think, contribute and - send us patches that improve things! - - Be aware that these are things that we could do, or have once been considered - things we could do. If you want to work on any of these areas, please - consider bringing it up for discussions first on the mailing list so that we - all agree it is still a good idea for the project! - - All bugs documented in the KNOWN_BUGS document are subject for fixing! - - 1. libcurl - 1.2 More data sharing - 1.3 struct lifreq - 1.4 signal-based resolver timeouts - 1.5 get rid of PATH_MAX - 1.6 Modified buffer size approach - 1.7 Detect when called from within callbacks - 1.8 CURLOPT_RESOLVE for any port number - 1.9 Cache negative name resolves - 1.11 minimize dependencies with dynamicly loaded modules - 1.12 have form functions use CURL handle argument - 1.14 Typesafe curl_easy_setopt() - 1.15 Monitor connections in the connection pool - 1.16 Try to URL encode given URL - 1.17 Add support for IRIs - 1.18 try next proxy if one doesn't work - 1.19 Timeout idle connections from the pool - 1.20 SRV and URI DNS records - 1.21 API for URL parsing/splitting - 1.23 Offer API to flush the connection pool - 1.24 TCP Fast Open for windows - 1.25 Remove the generated include file - - 2. libcurl - multi interface - 2.1 More non-blocking - 2.2 Better support for same name resolves - 2.3 Non-blocking curl_multi_remove_handle() - 2.4 Split connect and authentication process - 2.5 Edge-triggered sockets should work - - 3. Documentation - 3.1 Update date and version in man pages - 3.2 Provide cmake config-file - - 4. FTP - 4.1 HOST - 4.2 Alter passive/active on failure and retry - 4.3 Earlier bad letter detection - 4.4 REST for large files - 4.5 ASCII support - 4.6 GSSAPI via Windows SSPI - 4.7 STAT for LIST without data connection - - 5. HTTP - 5.1 Better persistency for HTTP 1.0 - 5.2 support FF3 sqlite cookie files - 5.3 Rearrange request header order - 5.4 HTTP Digest using SHA-256 - 5.5 auth= in URLs - 5.6 Refuse "downgrade" redirects - 5.7 Brotli compression - 5.8 QUIC - 5.9 Improve formpost API - 5.10 Leave secure cookies alone - 5.11 Chunked transfer multipart formpost - 5.12 OPTIONS * - - 6. TELNET - 6.1 ditch stdin - 6.2 ditch telnet-specific select - 6.3 feature negotiation debug data - 6.4 send data in chunks - - 7. SMTP - 7.1 Pipelining - 7.2 Enhanced capability support - 7.3 Add CURLOPT_MAIL_CLIENT option - - 8. POP3 - 8.1 Pipelining - 8.2 Enhanced capability support - - 9. IMAP - 9.1 Enhanced capability support - - 10. LDAP - 10.1 SASL based authentication mechanisms - - 11. SMB - 11.1 File listing support - 11.2 Honor file timestamps - 11.3 Use NTLMv2 - 11.4 Create remote directories - - 12. New protocols - 12.1 RSYNC - - 13. SSL - 13.1 Disable specific versions - 13.2 Provide mutex locking API - 13.3 Evaluate SSL patches - 13.4 Cache/share OpenSSL contexts - 13.5 Export session ids - 13.6 Provide callback for cert verification - 13.7 improve configure --with-ssl - 13.8 Support DANE - 13.10 Support SSLKEYLOGFILE - 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY - 13.12 Support HSTS - 13.13 Support HPKP - - 14. GnuTLS - 14.1 SSL engine stuff - 14.2 check connection - - 15. WinSSL/SChannel - 15.1 Add support for client certificate authentication - 15.2 Add support for custom server certificate validation - 15.3 Add support for the --ciphers option - - 16. SASL - 16.1 Other authentication mechanisms - 16.2 Add QOP support to GSSAPI authentication - 16.3 Support binary messages (i.e.: non-base64) - - 17. SSH protocols - 17.1 Multiplexing - 17.2 SFTP performance - 17.3 Support better than MD5 hostkey hash - - 18. Command line tool - 18.1 sync - 18.2 glob posts - 18.3 prevent file overwriting - 18.4 simultaneous parallel transfers - 18.5 provide formpost headers - 18.6 warning when setting an option - 18.7 warning when sending binary output to terminal - 18.8 offer color-coded HTTP header output - 18.9 Choose the name of file in braces for complex URLs - 18.10 improve how curl works in a windows console window - 18.11 -w output to stderr - 18.12 keep running, read instructions from pipe/socket - 18.13 support metalink in http headers - 18.14 --fail without --location should treat 3xx as a failure - 18.15 --retry should resume - 18.16 send only part of --data - 18.17 consider file name from the redirected URL with -O ? - - 19. Build - 19.1 roffit - 19.2 Enable PIE and RELRO by default - - 20. Test suite - 20.1 SSL tunnel - 20.2 nicer lacking perl message - 20.3 more protocols supported - 20.4 more platforms supported - 20.5 Add support for concurrent connections - 20.6 Use the RFC6265 test suite - - 21. Next SONAME bump - 21.1 http-style HEAD output for FTP - 21.2 combine error codes - 21.3 extend CURLOPT_SOCKOPTFUNCTION prototype - - 22. Next major release - 22.1 cleanup return codes - 22.2 remove obsolete defines - 22.3 size_t - 22.4 remove several functions - 22.5 remove CURLOPT_FAILONERROR - 22.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE - 22.7 remove progress meter from libcurl - 22.8 remove 'curl_httppost' from public - -============================================================================== - -1. libcurl - -1.2 More data sharing - - curl_share_* functions already exist and work, and they can be extended to - share more. For example, enable sharing of the ares channel and the - connection cache. - -1.3 struct lifreq - - Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and - SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete. - To support IPv6 interface addresses for network interfaces properly. - -1.4 signal-based resolver timeouts - - libcurl built without an asynchronous resolver library uses alarm() to time - out DNS lookups. When a timeout occurs, this causes libcurl to jump from the - signal handler back into the library with a sigsetjmp, which effectively - causes libcurl to continue running within the signal handler. This is - non-portable and could cause problems on some platforms. A discussion on the - problem is available at https://curl.haxx.se/mail/lib-2008-09/0197.html - - Also, alarm() provides timeout resolution only to the nearest second. alarm - ought to be replaced by setitimer on systems that support it. - -1.5 get rid of PATH_MAX - - Having code use and rely on PATH_MAX is not nice: - http://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html - - Currently the SSH based code uses it a bit, but to remove PATH_MAX from there - we need libssh2 to properly tell us when we pass in a too small buffer and - its current API (as of libssh2 1.2.7) doesn't. - -1.6 Modified buffer size approach - - Current libcurl allocates a fixed 16K size buffer for download and an - additional 16K for upload. They are always unconditionally part of the easy - handle. If CRLF translations are requested, an additional 32K "scratch - buffer" is allocated. A total of 64K transfer buffers in the worst case. - - First, while the handles are not actually in use these buffers could be freed - so that lingering handles just kept in queues or whatever waste less memory. - - Secondly, SFTP is a protocol that needs to handle many ~30K blocks at once - since each need to be individually acked and therefore libssh2 must be - allowed to send (or receive) many separate ones in parallel to achieve high - transfer speeds. A current libcurl build with a 16K buffer makes that - impossible, but one with a 512K buffer will reach MUCH faster transfers. But - allocating 512K unconditionally for all buffers just in case they would like - to do fast SFTP transfers at some point is not a good solution either. - - Dynamically allocate buffer size depending on protocol in use in combination - with freeing it after each individual transfer? Other suggestions? - -1.7 Detect when called from within callbacks - - We should set a state variable before calling callbacks, so that we - subsequently can add code within libcurl that returns error if called within - callbacks for when that's not supported. - -1.8 CURLOPT_RESOLVE for any port number - - This option allows applications to set a replacement IP address for a given - host + port pair. Consider making support for providing a replacement address - for the host name on all port numbers. - - See https://github.com/curl/curl/issues/1264 - -1.9 Cache negative name resolves - - A name resolve that has failed is likely to fail when made again within a - short period of time. Currently we only cache positive responses. - -1.11 minimize dependencies with dynamicly loaded modules - - We can create a system with loadable modules/plug-ins, where these modules - would be the ones that link to 3rd party libs. That would allow us to avoid - having to load ALL dependencies since only the necessary ones for this - app/invoke/used protocols would be necessary to load. See - https://github.com/curl/curl/issues/349 - -1.12 have form functions use CURL handle argument - - curl_formadd() and curl_formget() both currently have no CURL handle - argument, but both can use a callback that is set in the easy handle, and - thus curl_formget() with callback cannot function without first having - curl_easy_perform() (or similar) called - which is hard to grasp and a design - mistake. - - The curl_formadd() design can probably also be reconsidered to make it easier - to use and less error-prone. Probably easiest by splitting it into several - function calls. - -1.14 Typesafe curl_easy_setopt() - - One of the most common problems in libcurl using applications is the lack of - type checks for curl_easy_setopt() which happens because it accepts varargs - and thus can take any type. - - One possible solution to this is to introduce a few different versions of the - setopt version for the different kinds of data you can set. - - curl_easy_set_num() - sets a long value - - curl_easy_set_large() - sets a curl_off_t value - - curl_easy_set_ptr() - sets a pointer - - curl_easy_set_cb() - sets a callback PLUS its callback data - -1.15 Monitor connections in the connection pool - - libcurl's connection cache or pool holds a number of open connections for the - purpose of possible subsequent connection reuse. It may contain a few up to a - significant amount of connections. Currently, libcurl leaves all connections - as they are and first when a connection is iterated over for matching or - reuse purpose it is verified that it is still alive. - - Those connections may get closed by the server side for idleness or they may - get a HTTP/2 ping from the peer to verify that they're still alive. By adding - monitoring of the connections while in the pool, libcurl can detect dead - connections (and close them) better and earlier, and it can handle HTTP/2 - pings to keep such ones alive even when not actively doing transfers on them. - -1.16 Try to URL encode given URL - - Given a URL that for example contains spaces, libcurl could have an option - that would try somewhat harder than it does now and convert spaces to %20 and - perhaps URL encoded byte values over 128 etc (basically do what the redirect - following code already does). - - https://github.com/curl/curl/issues/514 - -1.17 Add support for IRIs - - IRIs (RFC 3987) allow localized, non-ascii, names in the URL. To properly - support this, curl/libcurl would need to translate/encode the given input - from the input string encoding into percent encoded output "over the wire". - - To make that work smoothly for curl users even on Windows, curl would - probably need to be able to convert from several input encodings. - -1.18 try next proxy if one doesn't work - - Allow an application to specify a list of proxies to try, and failing to - connect to the first go on and try the next instead until the list is - exhausted. Browsers support this feature at least when they specify proxies - using PACs. - - https://github.com/curl/curl/issues/896 - -1.19 Timeout idle connections from the pool - - libcurl currently keeps connections in its connection pool for an indefinite - period of time, until it either gets reused, gets noticed that it has been - closed by the server or gets pruned to make room for a new connection. - - To reduce overhead (especially for when we add monitoring of the connections - in the pool), we should introduce a timeout so that connections that have - been idle for N seconds get closed. - -1.20 SRV and URI DNS records - - Offer support for resolving SRV and URI DNS records for libcurl to know which - server to connect to for various protocols (including HTTP!). - -1.21 API for URL parsing/splitting - - libcurl has always parsed URLs internally and never exposed any API or - features to allow applications to do it. Still most or many applications - using libcurl need that ability. In polls to users, we've learned that many - libcurl users would like to see and use such an API. - -1.23 Offer API to flush the connection pool - - Sometimes applications want to flush all the existing connections kept alive. - An API could allow a forced flush or just a forced loop that would properly - close all connections that have been closed by the server already. - -1.24 TCP Fast Open for windows - - libcurl supports the CURLOPT_TCP_FASTOPEN option since 7.49.0 for Linux and - Mac OS. Windows supports TCP Fast Open starting with Windows 10, version 1607 - and we should add support for it. - -1.25 Remove the generated include file - - When curl and libcurl are built, one of the public include files are - generated and is populated with a set of defines that are derevid from sizes - and constants for the particular target architecture that build is made. For - platforms that can select between 32 bit and 64 bit at build time, this - approach makes the libcurl build only create a set of public headers suitable - for one of the architectures and not both. If you build libcurl for such a - platform and you want to allow applications to get built using either 32/64 - version, you must generate the libcurl headers once for each setup and you - must then add a replacement curl header that would itself select the correct - 32 or 64 bit specific header as necessary. - - Your curl/curl.h alternative could then look like (replace with suitable CPP - variable to check): - - #ifdef ARCH_32bit - #include - #else /* ARCH_64bit */ - #include - #endif - - A fix would either (A) fix the 32/64 setup automatically or even better (B) - work away the architecture specific defines from the headers so that they can - be used for all architectures independently of what libcurl was built for. - - -2. libcurl - multi interface - -2.1 More non-blocking - - Make sure we don't ever loop because of non-blocking sockets returning - EWOULDBLOCK or similar. Blocking cases include: - - - Name resolves on non-windows unless c-ares or the threaded resolver is used - - HTTP proxy CONNECT operations - - SOCKS proxy handshakes - - file:// transfers - - TELNET transfers - - The "DONE" operation (post transfer protocol-specific actions) for the - protocols SFTP, SMTP, FTP. Fixing Curl_done() for this is a worthy task. - -2.2 Better support for same name resolves - - If a name resolve has been initiated for name NN and a second easy handle - wants to resolve that name as well, make it wait for the first resolve to end - up in the cache instead of doing a second separate resolve. This is - especially needed when adding many simultaneous handles using the same host - name when the DNS resolver can get flooded. - -2.3 Non-blocking curl_multi_remove_handle() - - The multi interface has a few API calls that assume a blocking behavior, like - add_handle() and remove_handle() which limits what we can do internally. The - multi API need to be moved even more into a single function that "drives" - everything in a non-blocking manner and signals when something is done. A - remove or add would then only ask for the action to get started and then - multi_perform() etc still be called until the add/remove is completed. - -2.4 Split connect and authentication process - - The multi interface treats the authentication process as part of the connect - phase. As such any failures during authentication won't trigger the relevant - QUIT or LOGOFF for protocols such as IMAP, POP3 and SMTP. - -2.5 Edge-triggered sockets should work - - The multi_socket API should work with edge-triggered socket events. One of - the internal actions that need to be improved for this to work perfectly is - the 'maxloops' handling in transfer.c:readwrite_data(). - -3. Documentation - -3.1 Update date and version in man pages - - 'maketgz' or another suitable script could update the .TH sections of the man - pages at release time to use the current date and curl/libcurl version - number. - -3.2 Provide cmake config-file - - A config-file package is a set of files provided by us to allow applications - to write cmake scripts to find and use libcurl easier. See - https://github.com/curl/curl/issues/885 - -4. FTP - -4.1 HOST - - HOST is a command for a client to tell which host name to use, to offer FTP - servers named-based virtual hosting: - - https://tools.ietf.org/html/rfc7151 - -4.2 Alter passive/active on failure and retry - - When trying to connect passively to a server which only supports active - connections, libcurl returns CURLE_FTP_WEIRD_PASV_REPLY and closes the - connection. There could be a way to fallback to an active connection (and - vice versa). https://curl.haxx.se/bug/feature.cgi?id=1754793 - -4.3 Earlier bad letter detection - - Make the detection of (bad) %0d and %0a codes in FTP URL parts earlier in the - process to avoid doing a resolve and connect in vain. - -4.4 REST for large files - - REST fix for servers not behaving well on >2GB requests. This should fail if - the server doesn't set the pointer to the requested index. The tricky - (impossible?) part is to figure out if the server did the right thing or not. - -4.5 ASCII support - - FTP ASCII transfers do not follow RFC959. They don't convert the data - accordingly. - -4.6 GSSAPI via Windows SSPI - -In addition to currently supporting the SASL GSSAPI mechanism (Kerberos V5) -via third-party GSS-API libraries, such as Heimdal or MIT Kerberos, also add -support for GSSAPI authentication via Windows SSPI. - -4.7 STAT for LIST without data connection - -Some FTP servers allow STAT for listing directories instead of using LIST, and -the response is then sent over the control connection instead of as the -otherwise usedw data connection: http://www.nsftools.com/tips/RawFTP.htm#STAT - -This is not detailed in any FTP specification. - -5. HTTP - -5.1 Better persistency for HTTP 1.0 - - "Better" support for persistent connections over HTTP 1.0 - https://curl.haxx.se/bug/feature.cgi?id=1089001 - -5.2 support FF3 sqlite cookie files - - Firefox 3 is changing from its former format to a a sqlite database instead. - We should consider how (lib)curl can/should support this. - https://curl.haxx.se/bug/feature.cgi?id=1871388 - -5.3 Rearrange request header order - - Server implementors often make an effort to detect browser and to reject - clients it can detect to not match. One of the last details we cannot yet - control in libcurl's HTTP requests, which also can be exploited to detect - that libcurl is in fact used even when it tries to impersonate a browser, is - the order of the request headers. I propose that we introduce a new option in - which you give headers a value, and then when the HTTP request is built it - sorts the headers based on that number. We could then have internally created - headers use a default value so only headers that need to be moved have to be - specified. - -5.4 HTTP Digest using SHA-256 - - RFC 7616 introduces an update to the HTTP Digest authentication - specification, which amongst other thing defines how new digest algorithms - can be used instead of MD5 which is considered old and not recommanded. - - See https://tools.ietf.org/html/rfc7616 and - https://github.com/curl/curl/issues/1018 - -5.5 auth= in URLs - - Add the ability to specify the preferred authentication mechanism to use by - using ;auth= in the login part of the URL. - - For example: - - http://test:pass;auth=NTLM@example.com would be equivalent to specifying --user - test:pass;auth=NTLM or --user test:pass --ntlm from the command line. - - Additionally this should be implemented for proxy base URLs as well. - -5.6 Refuse "downgrade" redirects - - See https://github.com/curl/curl/issues/226 - - Consider a way to tell curl to refuse to "downgrade" protocol with a redirect - and/or possibly a bit that refuses redirect to change protocol completely. - -5.7 Brotli compression - - Brotli compression performs better than gzip and is being implemented by - browsers and servers widely. The algorithm: https://github.com/google/brotli - The Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=366559 - -5.8 QUIC - - The standardization process of QUIC has been taken to the IETF and can be - followed on the [IETF QUIC Mailing - list](https://www.ietf.org/mailman/listinfo/quic). I'd like us to get on the - bandwagon. Ideally, this would be done with a separate library/project to - handle the binary/framing layer in a similar fashion to how HTTP/2 is - implemented. This, to allow other projects to benefit from the work and to - thus broaden the interest and chance of others to participate. - -5.9 Improve formpost API - - Revamp the formpost API and making something that is easier to use and - understand: - - https://github.com/curl/curl/wiki/formpost-API-redesigned - -5.10 Leave secure cookies alone - - Non-secure origins (HTTP sites) should not be allowed to set or modify - cookies with the 'secure' property: - - https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01 - -5.11 Chunked transfer multipart formpost - - For a case where the file is being made during the upload is progressing - (like passed on stdin to the curl tool), we cannot know the size before-hand - and we rather not read the entire thing into memory before it can start the - upload. - - https://github.com/curl/curl/issues/1139 - -5.12 OPTIONS * - - HTTP defines an OPTIONS method that can be sent with an asterisk option like - "OPTIONS *" to ask about options from the server and not a specific URL - resource. https://tools.ietf.org/html/rfc7230#section-5.3.4 - - libcurl as it currently works will always sent HTTP methods with a path that - starts with a slash so there's no way for an application to send a proper - "OPTIONS *" using libcurl. This should be fixed. - - I can't think of any other non-slash paths we should support so it will - probably make sense to add a new boolean option for issuign an "OPTIONS *" - request. CURLOPT_OPTIONSASTERISK perhaps (and a corresponding command line - option)? - - See https://github.com/curl/curl/issues/1280 - - -6. TELNET - -6.1 ditch stdin - -Reading input (to send to the remote server) on stdin is a crappy solution for -library purposes. We need to invent a good way for the application to be able -to provide the data to send. - -6.2 ditch telnet-specific select - - Move the telnet support's network select() loop go away and merge the code - into the main transfer loop. Until this is done, the multi interface won't - work for telnet. - -6.3 feature negotiation debug data - - Add telnet feature negotiation data to the debug callback as header data. - -6.4 send data in chunks - - Currently, telnet sends data one byte at a time. This is fine for interactive - use, but inefficient for any other. Sent data should be sent in larger - chunks. - -7. SMTP - -7.1 Pipelining - - Add support for pipelining emails. - -7.2 Enhanced capability support - - Add the ability, for an application that uses libcurl, to obtain the list of - capabilities returned from the EHLO command. - -7.3 Add CURLOPT_MAIL_CLIENT option - - Rather than use the URL to specify the mail client string to present in the - HELO and EHLO commands, libcurl should support a new CURLOPT specifically for - specifying this data as the URL is non-standard and to be honest a bit of a - hack ;-) - - Please see the following thread for more information: - https://curl.haxx.se/mail/lib-2012-05/0178.html - - -8. POP3 - -8.1 Pipelining - - Add support for pipelining commands. - -8.2 Enhanced capability support - - Add the ability, for an application that uses libcurl, to obtain the list of - capabilities returned from the CAPA command. - -9. IMAP - -9.1 Enhanced capability support - - Add the ability, for an application that uses libcurl, to obtain the list of - capabilities returned from the CAPABILITY command. - -10. LDAP - -10.1 SASL based authentication mechanisms - - Currently the LDAP module only supports ldap_simple_bind_s() in order to bind - to an LDAP server. However, this function sends username and password details - using the simple authentication mechanism (as clear text). However, it should - be possible to use ldap_bind_s() instead specifying the security context - information ourselves. - -11. SMB - -11.1 File listing support - -Add support for listing the contents of a SMB share. The output should probably -be the same as/similar to FTP. - -11.2 Honor file timestamps - -The timestamp of the transferred file should reflect that of the original file. - -11.3 Use NTLMv2 - -Currently the SMB authentication uses NTLMv1. - -11.4 Create remote directories - -Support for creating remote directories when uploading a file to a directory -that doesn't exist on the server, just like --ftp-create-dirs. - -12. New protocols - -12.1 RSYNC - - There's no RFC for the protocol or an URI/URL format. An implementation - should most probably use an existing rsync library, such as librsync. - -13. SSL - -13.1 Disable specific versions - - Provide an option that allows for disabling specific SSL versions, such as - SSLv2 https://curl.haxx.se/bug/feature.cgi?id=1767276 - -13.2 Provide mutex locking API - - Provide a libcurl API for setting mutex callbacks in the underlying SSL - library, so that the same application code can use mutex-locking - independently of OpenSSL or GnutTLS being used. - -13.3 Evaluate SSL patches - - Evaluate/apply Gertjan van Wingerde's SSL patches: - https://curl.haxx.se/mail/lib-2004-03/0087.html - -13.4 Cache/share OpenSSL contexts - - "Look at SSL cafile - quick traces look to me like these are done on every - request as well, when they should only be necessary once per SSL context (or - once per handle)". The major improvement we can rather easily do is to make - sure we don't create and kill a new SSL "context" for every request, but - instead make one for every connection and re-use that SSL context in the same - style connections are re-used. It will make us use slightly more memory but - it will libcurl do less creations and deletions of SSL contexts. - - Technically, the "caching" is probably best implemented by getting added to - the share interface so that easy handles who want to and can reuse the - context specify that by sharing with the right properties set. - - https://github.com/curl/curl/issues/1110 - -13.5 Export session ids - - Add an interface to libcurl that enables "session IDs" to get - exported/imported. Cris Bailiff said: "OpenSSL has functions which can - serialise the current SSL state to a buffer of your choice, and recover/reset - the state from such a buffer at a later date - this is used by mod_ssl for - apache to implement and SSL session ID cache". - -13.6 Provide callback for cert verification - - OpenSSL supports a callback for customised verification of the peer - certificate, but this doesn't seem to be exposed in the libcurl APIs. Could - it be? There's so much that could be done if it were! - -13.7 improve configure --with-ssl - - make the configure --with-ssl option first check for OpenSSL, then GnuTLS, - then NSS... - -13.8 Support DANE - - DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL - keys and certs over DNS using DNSSEC as an alternative to the CA model. - https://www.rfc-editor.org/rfc/rfc6698.txt - - An initial patch was posted by Suresh Krishnaswamy on March 7th 2013 - (https://curl.haxx.se/mail/lib-2013-03/0075.html) but it was a too simple - approach. See Daniel's comments: - https://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the - correct library to base this development on. - - Björn Stenberg wrote a separate initial take on DANE that was never - completed. - -13.10 Support SSLKEYLOGFILE - - When used, Firefox and Chrome dumps their master TLS keys to the file name - this environment variable specifies. This allows tools like for example - Wireshark to capture and decipher TLS traffic to/from those clients. libcurl - could be made to support this more widely (presumably this already works when - built with NSS). Peter Wu made a OpenSSL preload to make possible that can be - used as inspiration and guidance - https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c - -13.11 Support intermediate & root pinning for PINNEDPUBLICKEY - - CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root - certificates when comparing the pinned keys. Therefore it is not compatible - with "HTTP Public Key Pinning" as there also intermediate and root certificates - can be pinned. This is very useful as it prevents webadmins from "locking - themself out of their servers". - - Adding this feature would make curls pinning 100% compatible to HPKP and allow - more flexible pinning. - -13.12 Support HSTS - - "HTTP Strict Transport Security" is TOFU (trust on first use), time-based - features indicated by a HTTP header send by the webserver. It is widely used - in browsers and it's purpose is to prevent insecure HTTP connections after - a previous HTTPS connection. It protects against SSLStripping attacks. - - Doc: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security - RFC 6797: https://tools.ietf.org/html/rfc6797 - -13.13 Support HPKP - - "HTTP Public Key Pinning" is TOFU (trust on first use), time-based - features indicated by a HTTP header send by the webserver. It's purpose is - to prevent Man-in-the-middle attacks by trusted CAs by allowing webadmins - to specify which CAs/certificates/public keys to trust when connection to - their websites. - - It can be build based on PINNEDPUBLICKEY. - - Wikipedia: https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning - OWASP: https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning - Doc: https://developer.mozilla.org/de/docs/Web/Security/Public_Key_Pinning - RFC: https://tools.ietf.org/html/draft-ietf-websec-key-pinning-21 - -14. GnuTLS - -14.1 SSL engine stuff - - Is this even possible? - -14.2 check connection - - Add a way to check if the connection seems to be alive, to correspond to the - SSL_peak() way we use with OpenSSL. - -15. WinSSL/SChannel - -15.1 Add support for client certificate authentication - - WinSSL/SChannel currently makes use of the OS-level system and user - certificate and private key stores. This does not allow the application - or the user to supply a custom client certificate using curl or libcurl. - - Therefore support for the existing -E/--cert and --key options should be - implemented by supplying a custom certificate to the SChannel APIs, see: - - Getting a Certificate for Schannel - https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx - -15.2 Add support for custom server certificate validation - - WinSSL/SChannel currently makes use of the OS-level system and user - certificate trust store. This does not allow the application or user to - customize the server certificate validation process using curl or libcurl. - - Therefore support for the existing --cacert or --capath options should be - implemented by supplying a custom certificate to the SChannel APIs, see: - - Getting a Certificate for Schannel - https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx - -15.3 Add support for the --ciphers option - - The cipher suites used by WinSSL/SChannel are configured on an OS-level - instead of an application-level. This does not allow the application or - the user to customize the configured cipher suites using curl or libcurl. - - Therefore support for the existing --ciphers option should be implemented - by mapping the OpenSSL/GnuTLS cipher suites to the SChannel APIs, see - - Specifying Schannel Ciphers and Cipher Strengths - https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx - -16. SASL - -16.1 Other authentication mechanisms - - Add support for other authentication mechanisms such as OLP, - GSS-SPNEGO and others. - -16.2 Add QOP support to GSSAPI authentication - - Currently the GSSAPI authentication only supports the default QOP of auth - (Authentication), whilst Kerberos V5 supports both auth-int (Authentication - with integrity protection) and auth-conf (Authentication with integrity and - privacy protection). - -16.3 Support binary messages (i.e.: non-base64) - - Mandatory to support LDAP SASL authentication. - - -17. SSH protocols - -17.1 Multiplexing - - SSH is a perfectly fine multiplexed protocols which would allow libcurl to do - multiple parallel transfers from the same host using the same connection, - much in the same spirit as HTTP/2 does. libcurl however does not take - advantage of that ability but will instead always create a new connection for - new transfers even if an existing connection already exists to the host. - - To fix this, libcurl would have to detect an existing connection and "attach" - the new transfer to the existing one. - -17.2 SFTP performance - - libcurl's SFTP transfer performance is sub par and can be improved, mostly by - the approach mentioned in "1.6 Modified buffer size approach". - -17.3 Support better than MD5 hostkey hash - - libcurl offers the CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 option for verifying the - server's key. MD5 is generally being deprecated so we should implement - support for stronger hashing algorithms. libssh2 itself is what provides this - underlying functionality and it supports at least SHA-1 as an alternative. - SHA-1 is also being deprecated these days so we should consider workign with - libssh2 to instead offer support for SHA-256 or similar. - - -18. Command line tool - -18.1 sync - - "curl --sync http://example.com/feed[1-100].rss" or - "curl --sync http://example.net/{index,calendar,history}.html" - - Downloads a range or set of URLs using the remote name, but only if the - remote file is newer than the local file. A Last-Modified HTTP date header - should also be used to set the mod date on the downloaded file. - -18.2 glob posts - - Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'. - This is easily scripted though. - -18.3 prevent file overwriting - - Add an option that prevents curl from overwriting existing local files. When - used, and there already is an existing file with the target file name - (either -O or -o), a number should be appended (and increased if already - existing). So that index.html becomes first index.html.1 and then - index.html.2 etc. - -18.4 simultaneous parallel transfers - - The client could be told to use maximum N simultaneous parallel transfers and - then just make sure that happens. It should of course not make more than one - connection to the same remote host. This would require the client to use the - multi interface. https://curl.haxx.se/bug/feature.cgi?id=1558595 - - Using the multi interface would also allow properly using parallel transfers - with HTTP/2 and supporting HTTP/2 server push from the command line. - -18.5 provide formpost headers - - Extending the capabilities of the multipart formposting. How about leaving - the ';type=foo' syntax as it is and adding an extra tag (headers) which - works like this: curl -F "coolfiles=@fil1.txt;headers=@fil1.hdr" where - fil1.hdr contains extra headers like - - Content-Type: text/plain; charset=KOI8-R" - Content-Transfer-Encoding: base64 - X-User-Comment: Please don't use browser specific HTML code - - which should overwrite the program reasonable defaults (plain/text, - 8bit...) - -18.6 warning when setting an option - - Display a warning when libcurl returns an error when setting an option. - This can be useful to tell when support for a particular feature hasn't been - compiled into the library. - -18.7 warning when sending binary output to terminal - - Provide a way that prompts the user for confirmation before binary data is - sent to the terminal, much in the style 'less' does it. - -18.8 offer color-coded HTTP header output - - By offering different color output on the header name and the header - contents, they could be made more readable and thus help users working on - HTTP services. - -18.9 Choose the name of file in braces for complex URLs - - When using braces to download a list of URLs and you use complicated names - in the list of alternatives, it could be handy to allow curl to use other - names when saving. - - Consider a way to offer that. Possibly like - {partURL1:name1,partURL2:name2,partURL3:name3} where the name following the - colon is the output name. - - See https://github.com/curl/curl/issues/221 - -18.10 improve how curl works in a windows console window - - If you pull the scrollbar when transferring with curl in a Windows console - window, the transfer is interrupted and can get disconnected. This can - probably be improved. See https://github.com/curl/curl/issues/322 - -18.11 -w output to stderr - - -w is quite useful, but not to those of us who use curl without -o or -O - (such as for scripting through a higher level language). It would be nice to - have an option that is exactly like -w but sends it to stderr - instead. Proposed name: --write-stderr. See - https://github.com/curl/curl/issues/613 - -18.12 keep running, read instructions from pipe/socket - - Provide an option that makes curl not exit after the last URL (or even work - without a given URL), and then make it read instructions passed on a pipe or - over a socket to make further instructions so that a second subsequent curl - invoke can talk to the still running instance and ask for transfers to get - done, and thus maintain its connection pool, DNS cache and more. - -18.13 support metalink in http headers - - Curl has support for downloading a metalink xml file, processing it, and then - downloading the target of the metalink. This is done via the --metalink option. - It would be nice if metalink also supported downloading via metalink - information that is stored in HTTP headers (RFC 6249). Theoretically this could - also be supported with the --metalink option. - - See https://tools.ietf.org/html/rfc6249 - - See also https://lists.gnu.org/archive/html/bug-wget/2015-06/msg00034.html for - an implematation of this in wget. - -18.14 --fail without --location should treat 3xx as a failure - - To allow a command line like this to detect a redirect and consider it a - failure: - - curl -v --fail -O https://example.com/curl-7.48.0.tar.gz - - ... --fail must treat 3xx responses as failures too. The least problematic - way to implement this is probably to add that new logic in the command line - tool only and not in the underlying CURLOPT_FAILONERROR logic. - -18.15 --retry should resume - - When --retry is used and curl actually retries transfer, it should use the - already transfered data and do a resumed transfer for the rest (when - possible) so that it doesn't have to transfer the same data again that was - already tranfered before the retry. - - See https://github.com/curl/curl/issues/1084 - -18.16 send only part of --data - - When the user only wants to send a small piece of the data provided with - --data or --data-binary, like when that data is a huge file, consider a way - to specify that curl should only send a piece of that. One suggested syntax - would be: "--data-binary @largefile.zip!1073741823-2147483647". - - See https://github.com/curl/curl/issues/1200 - -18.17 consider file name from the redirected URL with -O ? - - When a user gives a URL and uses -O, and curl follows a redirect to a new - URL, the file name is not extracted and used from the newly redirected-to URL - even if the new URL may have a much more sensible file name. - - This is clearly documented and helps for security since there's no surprise - to users which file name that might get overwritten. But maybe a new option - could allow for this or maybe -J should imply such a treatment as well as -J - already allows for the server to decide what file name to use so it already - provides the "may overwrite any file" risk. - - This is extra tricky if the original URL has no file name part at all since - then the current code path will error out with an error message, and we can't - *know* already at that point if curl will be redirected to a URL that has a - file name... - - See https://github.com/curl/curl/issues/1241 - -19. Build - -19.1 roffit - - Consider extending 'roffit' to produce decent ASCII output, and use that - instead of (g)nroff when building src/tool_hugehelp.c - -19.2 Enable PIE and RELRO by default - - Especially when having programs that execute curl via the command line, PIE - renders the exploitation of memory corruption vulnerabilities a lot more - difficult. This can be attributed to the additional information leaks being - required to conduct a successful attack. RELRO, on the other hand, masks - different binary sections like the GOT as read-only and thus kills a handful - of techniques that come in handy when attackers are able to arbitrarily - overwrite memory. A few tests showed that enabling these features had close - to no impact, neither on the performance nor on the general functionality of - curl. - - -20. Test suite - -20.1 SSL tunnel - - Make our own version of stunnel for simple port forwarding to enable HTTPS - and FTP-SSL tests without the stunnel dependency, and it could allow us to - provide test tools built with either OpenSSL or GnuTLS - -20.2 nicer lacking perl message - - If perl wasn't found by the configure script, don't attempt to run the tests - but explain something nice why it doesn't. - -20.3 more protocols supported - - Extend the test suite to include more protocols. The telnet could just do FTP - or http operations (for which we have test servers). - -20.4 more platforms supported - - Make the test suite work on more platforms. OpenBSD and Mac OS. Remove - fork()s and it should become even more portable. - -20.5 Add support for concurrent connections - - Tests 836, 882 and 938 were designed to verify that separate connections aren't - used when using different login credentials in protocols that shouldn't re-use - a connection under such circumstances. - - Unfortunately, ftpserver.pl doesn't appear to support multiple concurrent - connections. The read while() loop seems to loop until it receives a disconnect - from the client, where it then enters the waiting for connections loop. When - the client opens a second connection to the server, the first connection hasn't - been dropped (unless it has been forced - which we shouldn't do in these tests) - and thus the wait for connections loop is never entered to receive the second - connection. - -20.6 Use the RFC6265 test suite - - A test suite made for HTTP cookies (RFC 6265) by Adam Barth is available at - https://github.com/abarth/http-state/tree/master/tests - - It'd be really awesome if someone would write a script/setup that would run - curl with that test suite and detect deviances. Ideally, that would even be - incorporated into our regular test suite. - - -21. Next SONAME bump - -21.1 http-style HEAD output for FTP - - #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers - from being output in NOBODY requests over FTP - -21.2 combine error codes - - Combine some of the error codes to remove duplicates. The original - numbering should not be changed, and the old identifiers would be - macroed to the new ones in an CURL_NO_OLDIES section to help with - backward compatibility. - - Candidates for removal and their replacements: - - CURLE_FILE_COULDNT_READ_FILE => CURLE_REMOTE_FILE_NOT_FOUND - - CURLE_FTP_COULDNT_RETR_FILE => CURLE_REMOTE_FILE_NOT_FOUND - - CURLE_FTP_COULDNT_USE_REST => CURLE_RANGE_ERROR - - CURLE_FUNCTION_NOT_FOUND => CURLE_FAILED_INIT - - CURLE_LDAP_INVALID_URL => CURLE_URL_MALFORMAT - - CURLE_TFTP_NOSUCHUSER => CURLE_TFTP_ILLEGAL - - CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND - - CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED - -21.3 extend CURLOPT_SOCKOPTFUNCTION prototype - - The current prototype only provides 'purpose' that tells what the - connection/socket is for, but not any protocol or similar. It makes it hard - for applications to differentiate on TCP vs UDP and even HTTP vs FTP and - similar. - -22. Next major release - -22.1 cleanup return codes - - curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a - CURLMcode. These should be changed to be the same. - -22.2 remove obsolete defines - - remove obsolete defines from curl/curl.h - -22.3 size_t - - make several functions use size_t instead of int in their APIs - -22.4 remove several functions - - remove the following functions from the public API: - - curl_getenv - - curl_mprintf (and variations) - - curl_strequal - - curl_strnequal - - They will instead become curlx_ - alternatives. That makes the curl app - still capable of using them, by building with them from source. - - These functions have no purpose anymore: - - curl_multi_socket - - curl_multi_socket_all - -22.5 remove CURLOPT_FAILONERROR - - Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird - internally. Let the app judge success or not for itself. - -22.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE - - Remove support for a global DNS cache. Anything global is silly, and we - already offer the share interface for the same functionality but done - "right". - -22.7 remove progress meter from libcurl - - The internally provided progress meter output doesn't belong in the library. - Basically no application wants it (apart from curl) but instead applications - can and should do their own progress meters using the progress callback. - - The progress callback should then be bumped as well to get proper 64bit - variable types passed to it instead of doubles so that big files work - correctly. - -22.8 remove 'curl_httppost' from public - - curl_formadd() was made to fill in a public struct, but the fact that the - struct is public is never really used by application for their own advantage - but instead often restricts how the form functions can or can't be modified. - - Changing them to return a private handle will benefit the implementation and - allow us much greater freedoms while still maintaining a solid API and ABI. DELETED scriptlibs/softwareupdate/curl/docs/TheArtOfHttpScripting.txt Index: scriptlibs/softwareupdate/curl/docs/TheArtOfHttpScripting.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/TheArtOfHttpScripting.txt +++ scriptlibs/softwareupdate/curl/docs/TheArtOfHttpScripting.txt @@ -1,758 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - -The Art Of Scripting HTTP Requests Using Curl - - 1. HTTP Scripting - 1.1 Background - 1.2 The HTTP Protocol - 1.3 See the Protocol - 1.4 See the Timing - 1.5 See the Response - 2. URL - 2.1 Spec - 2.2 Host - 2.3 Port number - 2.4 User name and password - 2.5 Path part - 3. Fetch a page - 3.1 GET - 3.2 HEAD - 3.3 Multiple URLs in a single command line - 3.4 Multiple HTTP methods in a single command line - 4. HTML forms - 4.1 Forms explained - 4.2 GET - 4.3 POST - 4.4 File Upload POST - 4.5 Hidden Fields - 4.6 Figure Out What A POST Looks Like - 5. HTTP upload - 5.1 PUT - 6. HTTP Authentication - 6.1 Basic Authentication - 6.2 Other Authentication - 6.3 Proxy Authentication - 6.4 Hiding credentials - 7. More HTTP Headers - 7.1 Referer - 7.2 User Agent - 8. Redirects - 8.1 Location header - 8.2 Other redirects - 9. Cookies - 9.1 Cookie Basics - 9.2 Cookie options - 10. HTTPS - 10.1 HTTPS is HTTP secure - 10.2 Certificates - 11. Custom Request Elements - 11.1 Modify method and headers - 11.2 More on changed methods - 12. Web Login - 12.1 Some login tricks - 13. Debug - 13.1 Some debug tricks - 14. References - 14.1 Standards - 14.2 Sites - -============================================================================== - -1. HTTP Scripting - - 1.1 Background - - This document assumes that you're familiar with HTML and general networking. - - The increasing amount of applications moving to the web has made "HTTP - Scripting" more frequently requested and wanted. To be able to automatically - extract information from the web, to fake users, to post or upload data to - web servers are all important tasks today. - - Curl is a command line tool for doing all sorts of URL manipulations and - transfers, but this particular document will focus on how to use it when - doing HTTP requests for fun and profit. I'll assume that you know how to - invoke 'curl --help' or 'curl --manual' to get basic information about it. - - Curl is not written to do everything for you. It makes the requests, it gets - the data, it sends data and it retrieves the information. You probably need - to glue everything together using some kind of script language or repeated - manual invokes. - - 1.2 The HTTP Protocol - - HTTP is the protocol used to fetch data from web servers. It is a very simple - protocol that is built upon TCP/IP. The protocol also allows information to - get sent to the server from the client using a few different methods, as will - be shown here. - - HTTP is plain ASCII text lines being sent by the client to a server to - request a particular action, and then the server replies a few text lines - before the actual requested content is sent to the client. - - The client, curl, sends a HTTP request. The request contains a method (like - GET, POST, HEAD etc), a number of request headers and sometimes a request - body. The HTTP server responds with a status line (indicating if things went - well), response headers and most often also a response body. The "body" part - is the plain data you requested, like the actual HTML or the image etc. - - 1.3 See the Protocol - - Using curl's option --verbose (-v as a short option) will display what kind - of commands curl sends to the server, as well as a few other informational - texts. - - --verbose is the single most useful option when it comes to debug or even - understand the curl<->server interaction. - - Sometimes even --verbose is not enough. Then --trace and --trace-ascii offer - even more details as they show EVERYTHING curl sends and receives. Use it - like this: - - curl --trace-ascii debugdump.txt http://www.example.com/ - - 1.4 See the Timing - - Many times you may wonder what exactly is taking all the time, or you just - want to know the amount of milliseconds between two points in a - transfer. For those, and other similar situations, the --trace-time option - is what you need. It'll prepend the time to each trace output line: - - curl --trace-ascii d.txt --trace-time http://example.com/ - - 1.5 See the Response - - By default curl sends the response to stdout. You need to redirect it - somewhere to avoid that, most often that is done with -o or -O. - -2. URL - - 2.1 Spec - - The Uniform Resource Locator format is how you specify the address of a - particular resource on the Internet. You know these, you've seen URLs like - https://curl.haxx.se or https://yourbank.com a million times. RFC 3986 is the - canonical spec. And yeah, the formal name is not URL, it is URI. - - 2.2 Host - - The host name is usually resolved using DNS or your /etc/hosts file to an IP - address and that's what curl will communicate with. Alternatively you specify - the IP address directly in the URL instead of a name. - - For development and other trying out situations, you can point to a different - IP address for a host name than what would otherwise be used, by using curl's - --resolve option: - - curl --resolve www.example.org:80:127.0.0.1 http://www.example.org/ - - 2.3 Port number - - Each protocol curl supports operates on a default port number, be it over TCP - or in some cases UDP. Normally you don't have to take that into - consideration, but at times you run test servers on other ports or - similar. Then you can specify the port number in the URL with a colon and a - number immediately following the host name. Like when doing HTTP to port - 1234: - - curl http://www.example.org:1234/ - - The port number you specify in the URL is the number that the server uses to - offer its services. Sometimes you may use a local proxy, and then you may - need to specify that proxy's port number separately for what curl needs to - connect to locally. Like when using a HTTP proxy on port 4321: - - curl --proxy http://proxy.example.org:4321 http://remote.example.org/ - - 2.4 User name and password - - Some services are setup to require HTTP authentication and then you need to - provide name and password which is then transferred to the remote site in - various ways depending on the exact authentication protocol used. - - You can opt to either insert the user and password in the URL or you can - provide them separately: - - curl http://user:password@example.org/ - - or - - curl -u user:password http://example.org/ - - You need to pay attention that this kind of HTTP authentication is not what - is usually done and requested by user-oriented web sites these days. They - tend to use forms and cookies instead. - - 2.5 Path part - - The path part is just sent off to the server to request that it sends back - the associated response. The path is what is to the right side of the slash - that follows the host name and possibly port number. - -3. Fetch a page - - 3.1 GET - - The simplest and most common request/operation made using HTTP is to GET a - URL. The URL could itself refer to a web page, an image or a file. The client - issues a GET request to the server and receives the document it asked for. - If you issue the command line - - curl https://curl.haxx.se - - you get a web page returned in your terminal window. The entire HTML document - that that URL holds. - - All HTTP replies contain a set of response headers that are normally hidden, - use curl's --include (-i) option to display them as well as the rest of the - document. - - 3.2 HEAD - - You can ask the remote server for ONLY the headers by using the --head (-I) - option which will make curl issue a HEAD request. In some special cases - servers deny the HEAD method while others still work, which is a particular - kind of annoyance. - - The HEAD method is defined and made so that the server returns the headers - exactly the way it would do for a GET, but without a body. It means that you - may see a Content-Length: in the response headers, but there must not be an - actual body in the HEAD response. - - 3.3 Multiple URLs in a single command line - - A single curl command line may involve one or many URLs. The most common case - is probably to just use one, but you can specify any amount of URLs. Yes - any. No limits. You'll then get requests repeated over and over for all the - given URLs. - - Example, send two GETs: - - curl http://url1.example.com http://url2.example.com - - If you use --data to POST to the URL, using multiple URLs means that you send - that same POST to all the given URLs. - - Example, send two POSTs: - - curl --data name=curl http://url1.example.com http://url2.example.com - - - 3.4 Multiple HTTP methods in a single command line - - Sometimes you need to operate on several URLs in a single command line and do - different HTTP methods on each. For this, you'll enjoy the --next option. It - is basically a separator that separates a bunch of options from the next. All - the URLs before --next will get the same method and will get all the POST - data merged into one. - - When curl reaches the --next on the command line, it'll sort of reset the - method and the POST data and allow a new set. - - Perhaps this is best shown with a few examples. To send first a HEAD and then - a GET: - - curl -I http://example.com --next http://example.com - - To first send a POST and then a GET: - - curl -d score=10 http://example.com/post.cgi --next http://example.com/results.html - - -4. HTML forms - - 4.1 Forms explained - - Forms are the general way a web site can present a HTML page with fields for - the user to enter data in, and then press some kind of 'OK' or 'Submit' - button to get that data sent to the server. The server then typically uses - the posted data to decide how to act. Like using the entered words to search - in a database, or to add the info in a bug tracking system, display the entered - address on a map or using the info as a login-prompt verifying that the user - is allowed to see what it is about to see. - - Of course there has to be some kind of program on the server end to receive - the data you send. You cannot just invent something out of the air. - - 4.2 GET - - A GET-form uses the method GET, as specified in HTML like: - -
- - -
- - In your favorite browser, this form will appear with a text box to fill in - and a press-button labeled "OK". If you fill in '1905' and press the OK - button, your browser will then create a new URL to get for you. The URL will - get "junk.cgi?birthyear=1905&press=OK" appended to the path part of the - previous URL. - - If the original form was seen on the page "www.hotmail.com/when/birth.html", - the second page you'll get will become - "www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK". - - Most search engines work this way. - - To make curl do the GET form post for you, just enter the expected created - URL: - - curl "http://www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK" - - 4.3 POST - - The GET method makes all input field names get displayed in the URL field of - your browser. That's generally a good thing when you want to be able to - bookmark that page with your given data, but it is an obvious disadvantage - if you entered secret information in one of the fields or if there are a - large amount of fields creating a very long and unreadable URL. - - The HTTP protocol then offers the POST method. This way the client sends the - data separated from the URL and thus you won't see any of it in the URL - address field. - - The form would look very similar to the previous one: - -
- - -
- - And to use curl to post this form with the same data filled in as before, we - could do it like: - - curl --data "birthyear=1905&press=%20OK%20" \ - http://www.example.com/when.cgi - - This kind of POST will use the Content-Type - application/x-www-form-urlencoded and is the most widely used POST kind. - - The data you send to the server MUST already be properly encoded, curl will - not do that for you. For example, if you want the data to contain a space, - you need to replace that space with %20 etc. Failing to comply with this - will most likely cause your data to be received wrongly and messed up. - - Recent curl versions can in fact url-encode POST data for you, like this: - - curl --data-urlencode "name=I am Daniel" http://www.example.com - - If you repeat --data several times on the command line, curl will - concatenate all the given data pieces - and put a '&' symbol between each - data segment. - - 4.4 File Upload POST - - Back in late 1995 they defined an additional way to post data over HTTP. It - is documented in the RFC 1867, why this method sometimes is referred to as - RFC1867-posting. - - This method is mainly designed to better support file uploads. A form that - allows a user to upload a file could be written like this in HTML: - -
- - -
- - This clearly shows that the Content-Type about to be sent is - multipart/form-data. - - To post to a form like this with curl, you enter a command line like: - - curl --form upload=@localfilename --form press=OK [URL] - - 4.5 Hidden Fields - - A very common way for HTML based applications to pass state information - between pages is to add hidden fields to the forms. Hidden fields are - already filled in, they aren't displayed to the user and they get passed - along just as all the other fields. - - A similar example form with one visible field, one hidden field and one - submit button could look like: - -
- - - -
- - To POST this with curl, you won't have to think about if the fields are - hidden or not. To curl they're all the same: - - curl --data "birthyear=1905&press=OK&person=daniel" [URL] - - 4.6 Figure Out What A POST Looks Like - - When you're about fill in a form and send to a server by using curl instead - of a browser, you're of course very interested in sending a POST exactly the - way your browser does. - - An easy way to get to see this, is to save the HTML page with the form on - your local disk, modify the 'method' to a GET, and press the submit button - (you could also change the action URL if you want to). - - You will then clearly see the data get appended to the URL, separated with a - '?'-letter as GET forms are supposed to. - -5. HTTP upload - - 5.1 PUT - - Perhaps the best way to upload data to a HTTP server is to use PUT. Then - again, this of course requires that someone put a program or script on the - server end that knows how to receive a HTTP PUT stream. - - Put a file to a HTTP server with curl: - - curl --upload-file uploadfile http://www.example.com/receive.cgi - -6. HTTP Authentication - - 6.1 Basic Authentication - - HTTP Authentication is the ability to tell the server your username and - password so that it can verify that you're allowed to do the request you're - doing. The Basic authentication used in HTTP (which is the type curl uses by - default) is *plain* *text* based, which means it sends username and password - only slightly obfuscated, but still fully readable by anyone that sniffs on - the network between you and the remote server. - - To tell curl to use a user and password for authentication: - - curl --user name:password http://www.example.com - - 6.2 Other Authentication - - The site might require a different authentication method (check the headers - returned by the server), and then --ntlm, --digest, --negotiate or even - --anyauth might be options that suit you. - - 6.3 Proxy Authentication - - Sometimes your HTTP access is only available through the use of a HTTP - proxy. This seems to be especially common at various companies. A HTTP proxy - may require its own user and password to allow the client to get through to - the Internet. To specify those with curl, run something like: - - curl --proxy-user proxyuser:proxypassword curl.haxx.se - - If your proxy requires the authentication to be done using the NTLM method, - use --proxy-ntlm, if it requires Digest use --proxy-digest. - - If you use any one of these user+password options but leave out the password - part, curl will prompt for the password interactively. - - 6.4 Hiding credentials - - Do note that when a program is run, its parameters might be possible to see - when listing the running processes of the system. Thus, other users may be - able to watch your passwords if you pass them as plain command line - options. There are ways to circumvent this. - - It is worth noting that while this is how HTTP Authentication works, very - many web sites will not use this concept when they provide logins etc. See - the Web Login chapter further below for more details on that. - -7. More HTTP Headers - - 7.1 Referer - - A HTTP request may include a 'referer' field (yes it is misspelled), which - can be used to tell from which URL the client got to this particular - resource. Some programs/scripts check the referer field of requests to verify - that this wasn't arriving from an external site or an unknown page. While - this is a stupid way to check something so easily forged, many scripts still - do it. Using curl, you can put anything you want in the referer-field and - thus more easily be able to fool the server into serving your request. - - Use curl to set the referer field with: - - curl --referer http://www.example.come http://www.example.com - - 7.2 User Agent - - Very similar to the referer field, all HTTP requests may set the User-Agent - field. It names what user agent (client) that is being used. Many - applications use this information to decide how to display pages. Silly web - programmers try to make different pages for users of different browsers to - make them look the best possible for their particular browsers. They usually - also do different kinds of javascript, vbscript etc. - - At times, you will see that getting a page with curl will not return the same - page that you see when getting the page with your browser. Then you know it - is time to set the User Agent field to fool the server into thinking you're - one of those browsers. - - To make curl look like Internet Explorer 5 on a Windows 2000 box: - - curl --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" [URL] - - Or why not look like you're using Netscape 4.73 on an old Linux box: - - curl --user-agent "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" [URL] - -8. Redirects - - 8.1 Location header - - When a resource is requested from a server, the reply from the server may - include a hint about where the browser should go next to find this page, or a - new page keeping newly generated output. The header that tells the browser - to redirect is Location:. - - Curl does not follow Location: headers by default, but will simply display - such pages in the same manner it displays all HTTP replies. It does however - feature an option that will make it attempt to follow the Location: pointers. - - To tell curl to follow a Location: - - curl --location http://www.example.com - - If you use curl to POST to a site that immediately redirects you to another - page, you can safely use --location (-L) and --data/--form together. Curl will - only use POST in the first request, and then revert to GET in the following - operations. - - 8.2 Other redirects - - Browser typically support at least two other ways of redirects that curl - doesn't: first the html may contain a meta refresh tag that asks the browser - to load a specific URL after a set number of seconds, or it may use - javascript to do it. - -9. Cookies - - 9.1 Cookie Basics - - The way the web browsers do "client side state control" is by using - cookies. Cookies are just names with associated contents. The cookies are - sent to the client by the server. The server tells the client for what path - and host name it wants the cookie sent back, and it also sends an expiration - date and a few more properties. - - When a client communicates with a server with a name and path as previously - specified in a received cookie, the client sends back the cookies and their - contents to the server, unless of course they are expired. - - Many applications and servers use this method to connect a series of requests - into a single logical session. To be able to use curl in such occasions, we - must be able to record and send back cookies the way the web application - expects them. The same way browsers deal with them. - - 9.2 Cookie options - - The simplest way to send a few cookies to the server when getting a page with - curl is to add them on the command line like: - - curl --cookie "name=Daniel" http://www.example.com - - Cookies are sent as common HTTP headers. This is practical as it allows curl - to record cookies simply by recording headers. Record cookies with curl by - using the --dump-header (-D) option like: - - curl --dump-header headers_and_cookies http://www.example.com - - (Take note that the --cookie-jar option described below is a better way to - store cookies.) - - Curl has a full blown cookie parsing engine built-in that comes in use if you - want to reconnect to a server and use cookies that were stored from a - previous connection (or hand-crafted manually to fool the server into - believing you had a previous connection). To use previously stored cookies, - you run curl like: - - curl --cookie stored_cookies_in_file http://www.example.com - - Curl's "cookie engine" gets enabled when you use the --cookie option. If you - only want curl to understand received cookies, use --cookie with a file that - doesn't exist. Example, if you want to let curl understand cookies from a - page and follow a location (and thus possibly send back cookies it received), - you can invoke it like: - - curl --cookie nada --location http://www.example.com - - Curl has the ability to read and write cookie files that use the same file - format that Netscape and Mozilla once used. It is a convenient way to share - cookies between scripts or invokes. The --cookie (-b) switch automatically - detects if a given file is such a cookie file and parses it, and by using the - --cookie-jar (-c) option you'll make curl write a new cookie file at the end - of an operation: - - curl --cookie cookies.txt --cookie-jar newcookies.txt \ - http://www.example.com - -10. HTTPS - - 10.1 HTTPS is HTTP secure - - There are a few ways to do secure HTTP transfers. By far the most common - protocol for doing this is what is generally known as HTTPS, HTTP over - SSL. SSL encrypts all the data that is sent and received over the network and - thus makes it harder for attackers to spy on sensitive information. - - SSL (or TLS as the latest version of the standard is called) offers a - truckload of advanced features to allow all those encryptions and key - infrastructure mechanisms encrypted HTTP requires. - - Curl supports encrypted fetches when built to use a TLS library and it can be - built to use one out of a fairly large set of libraries - "curl -V" will show - which one your curl was built to use (if any!). To get a page from a HTTPS - server, simply run curl like: - - curl https://secure.example.com - - 10.2 Certificates - - In the HTTPS world, you use certificates to validate that you are the one - you claim to be, as an addition to normal passwords. Curl supports client- - side certificates. All certificates are locked with a pass phrase, which you - need to enter before the certificate can be used by curl. The pass phrase - can be specified on the command line or if not, entered interactively when - curl queries for it. Use a certificate with curl on a HTTPS server like: - - curl --cert mycert.pem https://secure.example.com - - curl also tries to verify that the server is who it claims to be, by - verifying the server's certificate against a locally stored CA cert - bundle. Failing the verification will cause curl to deny the connection. You - must then use --insecure (-k) in case you want to tell curl to ignore that - the server can't be verified. - - More about server certificate verification and ca cert bundles can be read - in the SSLCERTS document, available online here: - - https://curl.haxx.se/docs/sslcerts.html - - At times you may end up with your own CA cert store and then you can tell - curl to use that to verify the server's certificate: - - curl --cacert ca-bundle.pem https://example.com/ - - -11. Custom Request Elements - -11.1 Modify method and headers - - Doing fancy stuff, you may need to add or change elements of a single curl - request. - - For example, you can change the POST request to a PROPFIND and send the data - as "Content-Type: text/xml" (instead of the default Content-Type) like this: - - curl --data "" --header "Content-Type: text/xml" \ - --request PROPFIND url.com - - You can delete a default header by providing one without content. Like you - can ruin the request by chopping off the Host: header: - - curl --header "Host:" http://www.example.com - - You can add headers the same way. Your server may want a "Destination:" - header, and you can add it: - - curl --header "Destination: http://nowhere" http://example.com - - 11.2 More on changed methods - - It should be noted that curl selects which methods to use on its own - depending on what action to ask for. -d will do POST, -I will do HEAD and so - on. If you use the --request / -X option you can change the method keyword - curl selects, but you will not modify curl's behavior. This means that if you - for example use -d "data" to do a POST, you can modify the method to a - PROPFIND with -X and curl will still think it sends a POST. You can change - the normal GET to a POST method by simply adding -X POST in a command line - like: - - curl -X POST http://example.org/ - - ... but curl will still think and act as if it sent a GET so it won't send any - request body etc. - - -12. Web Login - - 12.1 Some login tricks - - While not strictly just HTTP related, it still causes a lot of people problems - so here's the executive run-down of how the vast majority of all login forms - work and how to login to them using curl. - - It can also be noted that to do this properly in an automated fashion, you - will most certainly need to script things and do multiple curl invokes etc. - - First, servers mostly use cookies to track the logged-in status of the - client, so you will need to capture the cookies you receive in the - responses. Then, many sites also set a special cookie on the login page (to - make sure you got there through their login page) so you should make a habit - of first getting the login-form page to capture the cookies set there. - - Some web-based login systems feature various amounts of javascript, and - sometimes they use such code to set or modify cookie contents. Possibly they - do that to prevent programmed logins, like this manual describes how to... - Anyway, if reading the code isn't enough to let you repeat the behavior - manually, capturing the HTTP requests done by your browsers and analyzing the - sent cookies is usually a working method to work out how to shortcut the - javascript need. - - In the actual
tag for the login, lots of sites fill-in random/session - or otherwise secretly generated hidden tags and you may need to first capture - the HTML code for the login form and extract all the hidden fields to be able - to do a proper login POST. Remember that the contents need to be URL encoded - when sent in a normal POST. - -13. Debug - - 13.1 Some debug tricks - - Many times when you run curl on a site, you'll notice that the site doesn't - seem to respond the same way to your curl requests as it does to your - browser's. - - Then you need to start making your curl requests more similar to your - browser's requests: - - * Use the --trace-ascii option to store fully detailed logs of the requests - for easier analyzing and better understanding - - * Make sure you check for and use cookies when needed (both reading with - --cookie and writing with --cookie-jar) - - * Set user-agent to one like a recent popular browser does - - * Set referer like it is set by the browser - - * If you use POST, make sure you send all the fields and in the same order as - the browser does it. - - A very good helper to make sure you do this right, is the LiveHTTPHeader tool - that lets you view all headers you send and receive with Mozilla/Firefox - (even when using HTTPS). Chrome features similar functionality out of the box - among the developer's tools. - - A more raw approach is to capture the HTTP traffic on the network with tools - such as ethereal or tcpdump and check what headers that were sent and - received by the browser. (HTTPS makes this technique inefficient.) - -14. References - - 14.1 Standards - - RFC 7230 is a must to read if you want in-depth understanding of the HTTP - protocol - - RFC 3986 explains the URL syntax - - RFC 1867 defines the HTTP post upload format - - RFC 6525 defines how HTTP cookies work - - 14.2 Sites - - https://curl.haxx.se is the home of the curl project DELETED scriptlibs/softwareupdate/curl/docs/VERSIONS.txt Index: scriptlibs/softwareupdate/curl/docs/VERSIONS.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/VERSIONS.txt +++ scriptlibs/softwareupdate/curl/docs/VERSIONS.txt @@ -1,56 +0,0 @@ -Version Numbers and Releases -============================ - - Curl is not only curl. Curl is also libcurl. They're actually individually - versioned, but they mostly follow each other rather closely. - - The version numbering is always built up using the same system: - - X.Y.Z - - - X is main version number - - Y is release number - - Z is patch number - -## Bumping numbers - - One of these numbers will get bumped in each new release. The numbers to the - right of a bumped number will be reset to zero. If Z is zero, it may not be - included in the version number. - - The main version number will get bumped when *really* big, world colliding - changes are made. The release number is bumped when changes are performed or - things/features are added. The patch number is bumped when the changes are - mere bugfixes. - - It means that after release 1.2.3, we can release 2.0 if something really big - has been made, 1.3 if not that big changes were made or 1.2.4 if mostly bugs - were fixed. - - Bumping, as in increasing the number with 1, is unconditionally only - affecting one of the numbers (except the ones to the right of it, that may be - set to zero). 1 becomes 2, 3 becomes 4, 9 becomes 10, 88 becomes 89 and 99 - becomes 100. So, after 1.2.9 comes 1.2.10. After 3.99.3, 3.100 might come. - - All original curl source release archives are named according to the libcurl - version (not according to the curl client version that, as said before, might - differ). - - As a service to any application that might want to support new libcurl - features while still being able to build with older versions, all releases - have the libcurl version stored in the curl/curlver.h file using a static - numbering scheme that can be used for comparison. The version number is - defined as: - - #define LIBCURL_VERSION_NUM 0xXXYYZZ - - Where XX, YY and ZZ are the main version, release and patch numbers in - hexadecimal. All three number fields are always represented using two digits - (eight bits each). 1.2 would appear as "0x010200" while version 9.11.7 - appears as "0x090b07". - - This 6-digit hexadecimal number is always a greater number in a more recent - release. It makes comparisons with greater than and less than work. - - This number is also available as three separate defines: - `LIBCURL_VERSION_MAJOR`, `LIBCURL_VERSION_MINOR` and `LIBCURL_VERSION_PATCH`. DELETED scriptlibs/softwareupdate/curl/docs/libcurl/ABI.txt Index: scriptlibs/softwareupdate/curl/docs/libcurl/ABI.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/libcurl/ABI.txt +++ scriptlibs/softwareupdate/curl/docs/libcurl/ABI.txt @@ -1,68 +0,0 @@ -ABI - Application Binary Interface -================================== - - "ABI" describes the low-level interface between an application program and a - library. Calling conventions, function arguments, return values, struct - sizes/defines and more. - - [Wikipedia has a longer description](https://en.wikipedia.org/wiki/Application_binary_interface) - -Upgrades --------- - - In the vast majority of all cases, a typical libcurl upgrade does not break - the ABI at all. Your application can remain using libcurl just as before, - only with less bugs and possibly with added new features. You need to read - the release notes, and if they mention an ABI break/soname bump, you may have - to verify that your application still builds fine and uses libcurl as it now - is defined to work. - -Version Numbers ---------------- - - In libcurl land, you really can't tell by the libcurl version number if that - libcurl is binary compatible or not with another libcurl version. - -Soname Bumps ------------- - - Whenever there are changes done to the library that will cause an ABI - breakage, that may require your application to get attention or possibly be - changed to adhere to new things, we will bump the soname. Then the library - will get a different output name and thus can in fact be installed in - parallel with an older installed lib (on most systems). Thus, old - applications built against the previous ABI version will remain working and - using the older lib, while newer applications build and use the newer one. - - During the first seven years of libcurl releases, there have only been four - ABI breakages. - - We are determined to bump the SONAME as rarely as possible. Ideally, we - never do it again. - -Downgrades ----------- - - Going to an older libcurl version from one you're currently using can be a - tricky thing. Mostly we add features and options to newer libcurls as that - won't break ABI or hamper existing applications. This has the implication - that going backwards may get you in a situation where you pick a libcurl that - doesn't support the options your application needs. Or possibly you even - downgrade so far so you cross an ABI break border and thus a different - soname, and then your application may need to adapt to the modified ABI. - -History -------- - - The previous major library soname number bumps (breaking backwards - compatibility) have happened the following times: - - 0 - libcurl 7.1, August 2000 - - 1 - libcurl 7.5 December 2000 - - 2 - libcurl 7.7 March 2001 - - 3 - libcurl 7.12.0 June 2004 - - 4 - libcurl 7.16.0 October 2006 DELETED scriptlibs/softwareupdate/curl/docs/libcurl/index.html Index: scriptlibs/softwareupdate/curl/docs/libcurl/index.html ================================================================== --- scriptlibs/softwareupdate/curl/docs/libcurl/index.html +++ scriptlibs/softwareupdate/curl/docs/libcurl/index.html @@ -1,71 +0,0 @@ - - - -Index to libcurl documentation - - - -

Index to libcurl documentation

- -

Programs

-

curl and tools - -

Overviews

-libcurl -
libcurl-easy -
libcurl-multi -
libcurl-share -
libcurl-errors -
libcurl-tutorial -
libcurl-thread - -

Library Functions (A-Z)

-curl_easy_cleanup -
curl_easy_duphandle -
curl_easy_escape -
curl_easy_getinfo -
curl_easy_init -
curl_easy_pause -
curl_easy_perform -
curl_easy_recv -
curl_easy_reset -
curl_easy_send -
curl_easy_setopt -
curl_easy_strerror -
curl_easy_unescape -
curl_escape (deprecated) -
curl_formadd -
curl_formfree -
curl_formget -
curl_free -
curl_getdate -
curl_getenv (deprecated) -
curl_global_cleanup -
curl_global_init -
curl_global_init_mem -
curl_mprintf (deprecated) -
curl_multi_add_handle -
curl_multi_assign -
curl_multi_cleanup -
curl_multi_fdset -
curl_multi_info_read -
curl_multi_init -
curl_multi_perform -
curl_multi_remove_handle -
curl_multi_setopt -
curl_multi_socket (deprecated) -
curl_multi_socket_action -
curl_multi_strerror -
curl_multi_timeout (deprecated) -
curl_share_cleanup -
curl_share_init -
curl_share_setopt -
curl_share_strerror -
curl_slist_append -
curl_slist_free_all -
curl_strequal and curl_strnequal -
curl_unescape (deprecated) -
curl_version -
curl_version_info - - DELETED scriptlibs/softwareupdate/curl/docs/libcurl/symbols-in-versions.txt Index: scriptlibs/softwareupdate/curl/docs/libcurl/symbols-in-versions.txt ================================================================== --- scriptlibs/softwareupdate/curl/docs/libcurl/symbols-in-versions.txt +++ scriptlibs/softwareupdate/curl/docs/libcurl/symbols-in-versions.txt @@ -1,832 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - This document lists defines and other symbols present in libcurl, together - with exact information about the first libcurl version that provides the - symbol, the first version in which the symbol was marked as deprecated and - for a few symbols the last version that featured it. The names appear in - alphabetical order. - - Name Introduced Deprecated Removed - -CURLAUTH_ANY 7.10.6 -CURLAUTH_ANYSAFE 7.10.6 -CURLAUTH_BASIC 7.10.6 -CURLAUTH_DIGEST 7.10.6 -CURLAUTH_DIGEST_IE 7.19.3 -CURLAUTH_GSSNEGOTIATE 7.10.6 7.38.0 -CURLAUTH_NEGOTIATE 7.38.0 -CURLAUTH_NONE 7.10.6 -CURLAUTH_NTLM 7.10.6 -CURLAUTH_NTLM_WB 7.22.0 -CURLAUTH_ONLY 7.21.3 -CURLCLOSEPOLICY_CALLBACK 7.7 -CURLCLOSEPOLICY_LEAST_RECENTLY_USED 7.7 -CURLCLOSEPOLICY_LEAST_TRAFFIC 7.7 -CURLCLOSEPOLICY_NONE 7.7 -CURLCLOSEPOLICY_OLDEST 7.7 -CURLCLOSEPOLICY_SLOWEST 7.7 -CURLE_ABORTED_BY_CALLBACK 7.1 -CURLE_AGAIN 7.18.2 -CURLE_ALREADY_COMPLETE 7.7.2 -CURLE_BAD_CALLING_ORDER 7.1 7.17.0 -CURLE_BAD_CONTENT_ENCODING 7.10 -CURLE_BAD_DOWNLOAD_RESUME 7.10 -CURLE_BAD_FUNCTION_ARGUMENT 7.1 -CURLE_BAD_PASSWORD_ENTERED 7.4.2 7.17.0 -CURLE_CHUNK_FAILED 7.21.0 -CURLE_CONV_FAILED 7.15.4 -CURLE_CONV_REQD 7.15.4 -CURLE_COULDNT_CONNECT 7.1 -CURLE_COULDNT_RESOLVE_HOST 7.1 -CURLE_COULDNT_RESOLVE_PROXY 7.1 -CURLE_FAILED_INIT 7.1 -CURLE_FILESIZE_EXCEEDED 7.10.8 -CURLE_FILE_COULDNT_READ_FILE 7.1 -CURLE_FTP_ACCEPT_FAILED 7.24.0 -CURLE_FTP_ACCEPT_TIMEOUT 7.24.0 -CURLE_FTP_ACCESS_DENIED 7.1 -CURLE_FTP_BAD_DOWNLOAD_RESUME 7.1 7.1 -CURLE_FTP_BAD_FILE_LIST 7.21.0 -CURLE_FTP_CANT_GET_HOST 7.1 -CURLE_FTP_CANT_RECONNECT 7.1 7.17.0 -CURLE_FTP_COULDNT_GET_SIZE 7.1 7.17.0 -CURLE_FTP_COULDNT_RETR_FILE 7.1 -CURLE_FTP_COULDNT_SET_ASCII 7.1 7.17.0 -CURLE_FTP_COULDNT_SET_BINARY 7.1 7.17.0 -CURLE_FTP_COULDNT_SET_TYPE 7.17.0 -CURLE_FTP_COULDNT_STOR_FILE 7.1 -CURLE_FTP_COULDNT_USE_REST 7.1 -CURLE_FTP_PARTIAL_FILE 7.1 7.1 -CURLE_FTP_PORT_FAILED 7.1 -CURLE_FTP_PRET_FAILED 7.20.0 -CURLE_FTP_QUOTE_ERROR 7.1 7.17.0 -CURLE_FTP_SSL_FAILED 7.11.0 7.17.0 -CURLE_FTP_USER_PASSWORD_INCORRECT 7.1 7.17.0 -CURLE_FTP_WEIRD_227_FORMAT 7.1 -CURLE_FTP_WEIRD_PASS_REPLY 7.1 -CURLE_FTP_WEIRD_PASV_REPLY 7.1 -CURLE_FTP_WEIRD_SERVER_REPLY 7.1 -CURLE_FTP_WEIRD_USER_REPLY 7.1 7.17.0 -CURLE_FTP_WRITE_ERROR 7.1 7.17.0 -CURLE_FUNCTION_NOT_FOUND 7.1 -CURLE_GOT_NOTHING 7.9.1 -CURLE_HTTP2 7.38.0 -CURLE_HTTP2_STREAM 7.49.0 -CURLE_HTTP_NOT_FOUND 7.1 -CURLE_HTTP_PORT_FAILED 7.3 7.12.0 -CURLE_HTTP_POST_ERROR 7.1 -CURLE_HTTP_RANGE_ERROR 7.1 7.17.0 -CURLE_HTTP_RETURNED_ERROR 7.10.3 -CURLE_INTERFACE_FAILED 7.12.0 -CURLE_LDAP_CANNOT_BIND 7.1 -CURLE_LDAP_INVALID_URL 7.10.8 -CURLE_LDAP_SEARCH_FAILED 7.1 -CURLE_LIBRARY_NOT_FOUND 7.1 7.17.0 -CURLE_LOGIN_DENIED 7.13.1 -CURLE_MALFORMAT_USER 7.1 7.17.0 -CURLE_NOT_BUILT_IN 7.21.5 -CURLE_NO_CONNECTION_AVAILABLE 7.30.0 -CURLE_OK 7.1 -CURLE_OPERATION_TIMEDOUT 7.10.2 -CURLE_OPERATION_TIMEOUTED 7.1 7.17.0 -CURLE_OUT_OF_MEMORY 7.1 -CURLE_PARTIAL_FILE 7.1 -CURLE_PEER_FAILED_VERIFICATION 7.17.1 -CURLE_QUOTE_ERROR 7.17.0 -CURLE_RANGE_ERROR 7.17.0 -CURLE_READ_ERROR 7.1 -CURLE_RECV_ERROR 7.10 -CURLE_REMOTE_ACCESS_DENIED 7.17.0 -CURLE_REMOTE_DISK_FULL 7.17.0 -CURLE_REMOTE_FILE_EXISTS 7.17.0 -CURLE_REMOTE_FILE_NOT_FOUND 7.16.1 -CURLE_RTSP_CSEQ_ERROR 7.20.0 -CURLE_RTSP_SESSION_ERROR 7.20.0 -CURLE_SEND_ERROR 7.10 -CURLE_SEND_FAIL_REWIND 7.12.3 -CURLE_SHARE_IN_USE 7.9.6 7.17.0 -CURLE_SSH 7.16.1 -CURLE_SSL_CACERT 7.10 -CURLE_SSL_CACERT_BADFILE 7.16.0 -CURLE_SSL_CERTPROBLEM 7.10 -CURLE_SSL_CIPHER 7.10 -CURLE_SSL_CONNECT_ERROR 7.1 -CURLE_SSL_CRL_BADFILE 7.19.0 -CURLE_SSL_ENGINE_INITFAILED 7.12.3 -CURLE_SSL_ENGINE_NOTFOUND 7.9.3 -CURLE_SSL_ENGINE_SETFAILED 7.9.3 -CURLE_SSL_INVALIDCERTSTATUS 7.41.0 -CURLE_SSL_ISSUER_ERROR 7.19.0 -CURLE_SSL_PEER_CERTIFICATE 7.8 7.17.1 -CURLE_SSL_PINNEDPUBKEYNOTMATCH 7.39.0 -CURLE_SSL_SHUTDOWN_FAILED 7.16.1 -CURLE_TELNET_OPTION_SYNTAX 7.7 -CURLE_TFTP_DISKFULL 7.15.0 7.17.0 -CURLE_TFTP_EXISTS 7.15.0 7.17.0 -CURLE_TFTP_ILLEGAL 7.15.0 -CURLE_TFTP_NOSUCHUSER 7.15.0 -CURLE_TFTP_NOTFOUND 7.15.0 -CURLE_TFTP_PERM 7.15.0 -CURLE_TFTP_UNKNOWNID 7.15.0 -CURLE_TOO_MANY_REDIRECTS 7.5 -CURLE_UNKNOWN_OPTION 7.21.5 -CURLE_UNKNOWN_TELNET_OPTION 7.7 -CURLE_UNSUPPORTED_PROTOCOL 7.1 -CURLE_UPLOAD_FAILED 7.16.3 -CURLE_URL_MALFORMAT 7.1 -CURLE_URL_MALFORMAT_USER 7.1 7.17.0 -CURLE_USE_SSL_FAILED 7.17.0 -CURLE_WEIRD_SERVER_REPLY 7.51.0 -CURLE_WRITE_ERROR 7.1 -CURLFILETYPE_DEVICE_BLOCK 7.21.0 -CURLFILETYPE_DEVICE_CHAR 7.21.0 -CURLFILETYPE_DIRECTORY 7.21.0 -CURLFILETYPE_DOOR 7.21.0 -CURLFILETYPE_FILE 7.21.0 -CURLFILETYPE_NAMEDPIPE 7.21.0 -CURLFILETYPE_SOCKET 7.21.0 -CURLFILETYPE_SYMLINK 7.21.0 -CURLFILETYPE_UNKNOWN 7.21.0 -CURLFINFOFLAG_KNOWN_FILENAME 7.21.0 -CURLFINFOFLAG_KNOWN_FILETYPE 7.21.0 -CURLFINFOFLAG_KNOWN_GID 7.21.0 -CURLFINFOFLAG_KNOWN_HLINKCOUNT 7.21.0 -CURLFINFOFLAG_KNOWN_PERM 7.21.0 -CURLFINFOFLAG_KNOWN_SIZE 7.21.0 -CURLFINFOFLAG_KNOWN_TIME 7.21.0 -CURLFINFOFLAG_KNOWN_UID 7.21.0 -CURLFORM_ARRAY 7.9.1 -CURLFORM_ARRAY_END 7.9.1 7.9.5 7.9.6 -CURLFORM_ARRAY_START 7.9.1 7.9.5 7.9.6 -CURLFORM_BUFFER 7.9.8 -CURLFORM_BUFFERLENGTH 7.9.8 -CURLFORM_BUFFERPTR 7.9.8 -CURLFORM_CONTENTHEADER 7.9.3 -CURLFORM_CONTENTLEN 7.46.0 -CURLFORM_CONTENTSLENGTH 7.9 -CURLFORM_CONTENTTYPE 7.9 -CURLFORM_COPYCONTENTS 7.9 -CURLFORM_COPYNAME 7.9 -CURLFORM_END 7.9 -CURLFORM_FILE 7.9 -CURLFORM_FILECONTENT 7.9.1 -CURLFORM_FILENAME 7.9.6 -CURLFORM_NAMELENGTH 7.9 -CURLFORM_NOTHING 7.9 -CURLFORM_PTRCONTENTS 7.9 -CURLFORM_PTRNAME 7.9 -CURLFORM_STREAM 7.18.2 -CURLFTPAUTH_DEFAULT 7.12.2 -CURLFTPAUTH_SSL 7.12.2 -CURLFTPAUTH_TLS 7.12.2 -CURLFTPMETHOD_DEFAULT 7.15.3 -CURLFTPMETHOD_MULTICWD 7.15.3 -CURLFTPMETHOD_NOCWD 7.15.3 -CURLFTPMETHOD_SINGLECWD 7.15.3 -CURLFTPSSL_ALL 7.11.0 7.17.0 -CURLFTPSSL_CCC_ACTIVE 7.16.2 -CURLFTPSSL_CCC_NONE 7.16.2 -CURLFTPSSL_CCC_PASSIVE 7.16.1 -CURLFTPSSL_CONTROL 7.11.0 7.17.0 -CURLFTPSSL_NONE 7.11.0 7.17.0 -CURLFTPSSL_TRY 7.11.0 7.17.0 -CURLFTP_CREATE_DIR 7.19.4 -CURLFTP_CREATE_DIR_NONE 7.19.4 -CURLFTP_CREATE_DIR_RETRY 7.19.4 -CURLGSSAPI_DELEGATION_FLAG 7.22.0 -CURLGSSAPI_DELEGATION_NONE 7.22.0 -CURLGSSAPI_DELEGATION_POLICY_FLAG 7.22.0 -CURLHEADER_SEPARATE 7.37.0 -CURLHEADER_UNIFIED 7.37.0 -CURLINFO_ACTIVESOCKET 7.45.0 -CURLINFO_APPCONNECT_TIME 7.19.0 -CURLINFO_CERTINFO 7.19.1 -CURLINFO_CONDITION_UNMET 7.19.4 -CURLINFO_CONNECT_TIME 7.4.1 -CURLINFO_CONTENT_LENGTH_DOWNLOAD 7.6.1 -CURLINFO_CONTENT_LENGTH_UPLOAD 7.6.1 -CURLINFO_CONTENT_TYPE 7.9.4 -CURLINFO_COOKIELIST 7.14.1 -CURLINFO_DATA_IN 7.9.6 -CURLINFO_DATA_OUT 7.9.6 -CURLINFO_DOUBLE 7.4.1 -CURLINFO_EFFECTIVE_URL 7.4 -CURLINFO_END 7.9.6 -CURLINFO_FILETIME 7.5 -CURLINFO_FTP_ENTRY_PATH 7.15.4 -CURLINFO_HEADER_IN 7.9.6 -CURLINFO_HEADER_OUT 7.9.6 -CURLINFO_HEADER_SIZE 7.4.1 -CURLINFO_HTTPAUTH_AVAIL 7.10.8 -CURLINFO_HTTP_CODE 7.4.1 7.10.8 -CURLINFO_HTTP_CONNECTCODE 7.10.7 -CURLINFO_HTTP_VERSION 7.50.0 -CURLINFO_LASTONE 7.4.1 -CURLINFO_LASTSOCKET 7.15.2 -CURLINFO_LOCAL_IP 7.21.0 -CURLINFO_LOCAL_PORT 7.21.0 -CURLINFO_LONG 7.4.1 -CURLINFO_MASK 7.4.1 -CURLINFO_NAMELOOKUP_TIME 7.4.1 -CURLINFO_NONE 7.4.1 -CURLINFO_NUM_CONNECTS 7.12.3 -CURLINFO_OS_ERRNO 7.12.2 -CURLINFO_PRETRANSFER_TIME 7.4.1 -CURLINFO_PRIMARY_IP 7.19.0 -CURLINFO_PRIMARY_PORT 7.21.0 -CURLINFO_PRIVATE 7.10.3 -CURLINFO_PROTOCOL 7.52.0 -CURLINFO_PROXYAUTH_AVAIL 7.10.8 -CURLINFO_PROXY_SSL_VERIFYRESULT 7.52.0 -CURLINFO_REDIRECT_COUNT 7.9.7 -CURLINFO_REDIRECT_TIME 7.9.7 -CURLINFO_REDIRECT_URL 7.18.2 -CURLINFO_REQUEST_SIZE 7.4.1 -CURLINFO_RESPONSE_CODE 7.10.8 -CURLINFO_RTSP_CLIENT_CSEQ 7.20.0 -CURLINFO_RTSP_CSEQ_RECV 7.20.0 -CURLINFO_RTSP_SERVER_CSEQ 7.20.0 -CURLINFO_RTSP_SESSION_ID 7.20.0 -CURLINFO_SCHEME 7.52.0 -CURLINFO_SIZE_DOWNLOAD 7.4.1 -CURLINFO_SIZE_UPLOAD 7.4.1 -CURLINFO_SLIST 7.12.3 -CURLINFO_SOCKET 7.45.0 -CURLINFO_SPEED_DOWNLOAD 7.4.1 -CURLINFO_SPEED_UPLOAD 7.4.1 -CURLINFO_SSL_DATA_IN 7.12.1 -CURLINFO_SSL_DATA_OUT 7.12.1 -CURLINFO_SSL_ENGINES 7.12.3 -CURLINFO_SSL_VERIFYRESULT 7.5 -CURLINFO_STARTTRANSFER_TIME 7.9.2 -CURLINFO_STRING 7.4.1 -CURLINFO_TEXT 7.9.6 -CURLINFO_TLS_SESSION 7.34.0 7.48.0 -CURLINFO_TLS_SSL_PTR 7.48.0 -CURLINFO_TOTAL_TIME 7.4.1 -CURLINFO_TYPEMASK 7.4.1 -CURLIOCMD_NOP 7.12.3 -CURLIOCMD_RESTARTREAD 7.12.3 -CURLIOE_FAILRESTART 7.12.3 -CURLIOE_OK 7.12.3 -CURLIOE_UNKNOWNCMD 7.12.3 -CURLKHMATCH_MISMATCH 7.19.6 -CURLKHMATCH_MISSING 7.19.6 -CURLKHMATCH_OK 7.19.6 -CURLKHSTAT_DEFER 7.19.6 -CURLKHSTAT_FINE 7.19.6 -CURLKHSTAT_FINE_ADD_TO_FILE 7.19.6 -CURLKHSTAT_REJECT 7.19.6 -CURLKHTYPE_DSS 7.19.6 -CURLKHTYPE_RSA 7.19.6 -CURLKHTYPE_RSA1 7.19.6 -CURLKHTYPE_UNKNOWN 7.19.6 -CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE 7.30.0 -CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE 7.30.0 -CURLMOPT_MAXCONNECTS 7.16.3 -CURLMOPT_MAX_HOST_CONNECTIONS 7.30.0 -CURLMOPT_MAX_PIPELINE_LENGTH 7.30.0 -CURLMOPT_MAX_TOTAL_CONNECTIONS 7.30.0 -CURLMOPT_PIPELINING 7.16.0 -CURLMOPT_PIPELINING_SERVER_BL 7.30.0 -CURLMOPT_PIPELINING_SITE_BL 7.30.0 -CURLMOPT_PUSHDATA 7.44.0 -CURLMOPT_PUSHFUNCTION 7.44.0 -CURLMOPT_SOCKETDATA 7.15.4 -CURLMOPT_SOCKETFUNCTION 7.15.4 -CURLMOPT_TIMERDATA 7.16.0 -CURLMOPT_TIMERFUNCTION 7.16.0 -CURLMSG_DONE 7.9.6 -CURLMSG_NONE 7.9.6 -CURLM_ADDED_ALREADY 7.32.1 -CURLM_BAD_EASY_HANDLE 7.9.6 -CURLM_BAD_HANDLE 7.9.6 -CURLM_BAD_SOCKET 7.15.4 -CURLM_CALL_MULTI_PERFORM 7.9.6 -CURLM_CALL_MULTI_SOCKET 7.15.5 -CURLM_INTERNAL_ERROR 7.9.6 -CURLM_OK 7.9.6 -CURLM_OUT_OF_MEMORY 7.9.6 -CURLM_UNKNOWN_OPTION 7.15.4 -CURLOPTTYPE_FUNCTIONPOINT 7.1 -CURLOPTTYPE_LONG 7.1 -CURLOPTTYPE_OBJECTPOINT 7.1 -CURLOPTTYPE_OFF_T 7.11.0 -CURLOPTTYPE_STRINGPOINT 7.46.0 -CURLOPT_ABSTRACT_UNIX_SOCKET 7.53.0 -CURLOPT_ACCEPTTIMEOUT_MS 7.24.0 -CURLOPT_ACCEPT_ENCODING 7.21.6 -CURLOPT_ADDRESS_SCOPE 7.19.0 -CURLOPT_APPEND 7.17.0 -CURLOPT_AUTOREFERER 7.1 -CURLOPT_BUFFERSIZE 7.10 -CURLOPT_CAINFO 7.4.2 -CURLOPT_CAPATH 7.9.8 -CURLOPT_CERTINFO 7.19.1 -CURLOPT_CHUNK_BGN_FUNCTION 7.21.0 -CURLOPT_CHUNK_DATA 7.21.0 -CURLOPT_CHUNK_END_FUNCTION 7.21.0 -CURLOPT_CLOSEFUNCTION 7.7 7.11.1 7.15.5 -CURLOPT_CLOSEPOLICY 7.7 7.16.1 -CURLOPT_CLOSESOCKETDATA 7.21.7 -CURLOPT_CLOSESOCKETFUNCTION 7.21.7 -CURLOPT_CONNECTTIMEOUT 7.7 -CURLOPT_CONNECTTIMEOUT_MS 7.16.2 -CURLOPT_CONNECT_ONLY 7.15.2 -CURLOPT_CONNECT_TO 7.49.0 -CURLOPT_CONV_FROM_NETWORK_FUNCTION 7.15.4 -CURLOPT_CONV_FROM_UTF8_FUNCTION 7.15.4 -CURLOPT_CONV_TO_NETWORK_FUNCTION 7.15.4 -CURLOPT_COOKIE 7.1 -CURLOPT_COOKIEFILE 7.1 -CURLOPT_COOKIEJAR 7.9 -CURLOPT_COOKIELIST 7.14.1 -CURLOPT_COOKIESESSION 7.9.7 -CURLOPT_COPYPOSTFIELDS 7.17.1 -CURLOPT_CRLF 7.1 -CURLOPT_CRLFILE 7.19.0 -CURLOPT_CUSTOMREQUEST 7.1 -CURLOPT_DEBUGDATA 7.9.6 -CURLOPT_DEBUGFUNCTION 7.9.6 -CURLOPT_DEFAULT_PROTOCOL 7.45.0 -CURLOPT_DIRLISTONLY 7.17.0 -CURLOPT_DNS_CACHE_TIMEOUT 7.9.3 -CURLOPT_DNS_INTERFACE 7.33.0 -CURLOPT_DNS_LOCAL_IP4 7.33.0 -CURLOPT_DNS_LOCAL_IP6 7.33.0 -CURLOPT_DNS_SERVERS 7.24.0 -CURLOPT_DNS_USE_GLOBAL_CACHE 7.9.3 7.11.1 -CURLOPT_EGDSOCKET 7.7 -CURLOPT_ENCODING 7.10 -CURLOPT_ERRORBUFFER 7.1 -CURLOPT_EXPECT_100_TIMEOUT_MS 7.36.0 -CURLOPT_FAILONERROR 7.1 -CURLOPT_FILE 7.1 7.9.7 -CURLOPT_FILETIME 7.5 -CURLOPT_FNMATCH_DATA 7.21.0 -CURLOPT_FNMATCH_FUNCTION 7.21.0 -CURLOPT_FOLLOWLOCATION 7.1 -CURLOPT_FORBID_REUSE 7.7 -CURLOPT_FRESH_CONNECT 7.7 -CURLOPT_FTPAPPEND 7.1 7.16.4 -CURLOPT_FTPASCII 7.1 7.11.1 7.15.5 -CURLOPT_FTPLISTONLY 7.1 7.16.4 -CURLOPT_FTPPORT 7.1 -CURLOPT_FTPSSLAUTH 7.12.2 -CURLOPT_FTP_ACCOUNT 7.13.0 -CURLOPT_FTP_ALTERNATIVE_TO_USER 7.15.5 -CURLOPT_FTP_CREATE_MISSING_DIRS 7.10.7 -CURLOPT_FTP_FILEMETHOD 7.15.1 -CURLOPT_FTP_RESPONSE_TIMEOUT 7.10.8 -CURLOPT_FTP_SKIP_PASV_IP 7.15.0 -CURLOPT_FTP_SSL 7.11.0 7.16.4 -CURLOPT_FTP_SSL_CCC 7.16.1 -CURLOPT_FTP_USE_EPRT 7.10.5 -CURLOPT_FTP_USE_EPSV 7.9.2 -CURLOPT_FTP_USE_PRET 7.20.0 -CURLOPT_GSSAPI_DELEGATION 7.22.0 -CURLOPT_HEADER 7.1 -CURLOPT_HEADERDATA 7.10 -CURLOPT_HEADERFUNCTION 7.7.2 -CURLOPT_HEADEROPT 7.37.0 -CURLOPT_HTTP200ALIASES 7.10.3 -CURLOPT_HTTPAUTH 7.10.6 -CURLOPT_HTTPGET 7.8.1 -CURLOPT_HTTPHEADER 7.1 -CURLOPT_HTTPPOST 7.1 -CURLOPT_HTTPPROXYTUNNEL 7.3 -CURLOPT_HTTPREQUEST 7.1 - 7.15.5 -CURLOPT_HTTP_CONTENT_DECODING 7.16.2 -CURLOPT_HTTP_TRANSFER_DECODING 7.16.2 -CURLOPT_HTTP_VERSION 7.9.1 -CURLOPT_IGNORE_CONTENT_LENGTH 7.14.1 -CURLOPT_INFILE 7.1 7.9.7 -CURLOPT_INFILESIZE 7.1 -CURLOPT_INFILESIZE_LARGE 7.11.0 -CURLOPT_INTERFACE 7.3 -CURLOPT_INTERLEAVEDATA 7.20.0 -CURLOPT_INTERLEAVEFUNCTION 7.20.0 -CURLOPT_IOCTLDATA 7.12.3 -CURLOPT_IOCTLFUNCTION 7.12.3 -CURLOPT_IPRESOLVE 7.10.8 -CURLOPT_ISSUERCERT 7.19.0 -CURLOPT_KEYPASSWD 7.17.0 -CURLOPT_KEEP_SENDING_ON_ERROR 7.51.0 -CURLOPT_KRB4LEVEL 7.3 7.17.0 -CURLOPT_KRBLEVEL 7.16.4 -CURLOPT_LOCALPORT 7.15.2 -CURLOPT_LOCALPORTRANGE 7.15.2 -CURLOPT_LOGIN_OPTIONS 7.34.0 -CURLOPT_LOW_SPEED_LIMIT 7.1 -CURLOPT_LOW_SPEED_TIME 7.1 -CURLOPT_MAIL_AUTH 7.25.0 -CURLOPT_MAIL_FROM 7.20.0 -CURLOPT_MAIL_RCPT 7.20.0 -CURLOPT_MAXCONNECTS 7.7 -CURLOPT_MAXFILESIZE 7.10.8 -CURLOPT_MAXFILESIZE_LARGE 7.11.0 -CURLOPT_MAXREDIRS 7.5 -CURLOPT_MAX_RECV_SPEED_LARGE 7.15.5 -CURLOPT_MAX_SEND_SPEED_LARGE 7.15.5 -CURLOPT_MUTE 7.1 7.8 7.15.5 -CURLOPT_NETRC 7.1 -CURLOPT_NETRC_FILE 7.11.0 -CURLOPT_NEW_DIRECTORY_PERMS 7.16.4 -CURLOPT_NEW_FILE_PERMS 7.16.4 -CURLOPT_NOBODY 7.1 -CURLOPT_NOPROGRESS 7.1 -CURLOPT_NOPROXY 7.19.4 -CURLOPT_NOSIGNAL 7.10 -CURLOPT_NOTHING 7.1.1 7.11.1 7.11.0 -CURLOPT_OPENSOCKETDATA 7.17.1 -CURLOPT_OPENSOCKETFUNCTION 7.17.1 -CURLOPT_PASSWDDATA 7.4.2 7.11.1 7.15.5 -CURLOPT_PASSWDFUNCTION 7.4.2 7.11.1 7.15.5 -CURLOPT_PASSWORD 7.19.1 -CURLOPT_PASV_HOST 7.12.1 7.16.0 7.15.5 -CURLOPT_PATH_AS_IS 7.42.0 -CURLOPT_PINNEDPUBLICKEY 7.39.0 -CURLOPT_PIPEWAIT 7.43.0 -CURLOPT_PORT 7.1 -CURLOPT_POST 7.1 -CURLOPT_POST301 7.17.1 7.19.1 -CURLOPT_POSTFIELDS 7.1 -CURLOPT_POSTFIELDSIZE 7.2 -CURLOPT_POSTFIELDSIZE_LARGE 7.11.1 -CURLOPT_POSTQUOTE 7.1 -CURLOPT_POSTREDIR 7.19.1 -CURLOPT_PREQUOTE 7.9.5 -CURLOPT_PRE_PROXY 7.52.0 -CURLOPT_PRIVATE 7.10.3 -CURLOPT_PROGRESSDATA 7.1 -CURLOPT_PROGRESSFUNCTION 7.1 7.32.0 -CURLOPT_PROTOCOLS 7.19.4 -CURLOPT_PROXY 7.1 -CURLOPT_PROXYAUTH 7.10.7 -CURLOPT_PROXYHEADER 7.37.0 -CURLOPT_PROXYPASSWORD 7.19.1 -CURLOPT_PROXYPORT 7.1 -CURLOPT_PROXYTYPE 7.10 -CURLOPT_PROXYUSERNAME 7.19.1 -CURLOPT_PROXYUSERPWD 7.1 -CURLOPT_PROXY_CAINFO 7.52.0 -CURLOPT_PROXY_CAPATH 7.52.0 -CURLOPT_PROXY_CRLFILE 7.52.0 -CURLOPT_PROXY_KEYPASSWD 7.52.0 -CURLOPT_PROXY_PINNEDPUBLICKEY 7.52.0 -CURLOPT_PROXY_SERVICE_NAME 7.43.0 -CURLOPT_PROXY_SSLCERT 7.52.0 -CURLOPT_PROXY_SSLCERTTYPE 7.52.0 -CURLOPT_PROXY_SSLKEY 7.52.0 -CURLOPT_PROXY_SSLKEYTYPE 7.52.0 -CURLOPT_PROXY_SSLVERSION 7.52.0 -CURLOPT_PROXY_SSL_CIPHER_LIST 7.52.0 -CURLOPT_PROXY_SSL_OPTIONS 7.52.0 -CURLOPT_PROXY_SSL_VERIFYHOST 7.52.0 -CURLOPT_PROXY_SSL_VERIFYPEER 7.52.0 -CURLOPT_PROXY_TLSAUTH_PASSWORD 7.52.0 -CURLOPT_PROXY_TLSAUTH_TYPE 7.52.0 -CURLOPT_PROXY_TLSAUTH_USERNAME 7.52.0 -CURLOPT_PROXY_TRANSFER_MODE 7.18.0 -CURLOPT_PUT 7.1 -CURLOPT_QUOTE 7.1 -CURLOPT_RANDOM_FILE 7.7 -CURLOPT_RANGE 7.1 -CURLOPT_READDATA 7.9.7 -CURLOPT_READFUNCTION 7.1 -CURLOPT_REDIR_PROTOCOLS 7.19.4 -CURLOPT_REFERER 7.1 -CURLOPT_RESOLVE 7.21.3 -CURLOPT_RESUME_FROM 7.1 -CURLOPT_RESUME_FROM_LARGE 7.11.0 -CURLOPT_RTSPHEADER 7.20.0 -CURLOPT_RTSP_CLIENT_CSEQ 7.20.0 -CURLOPT_RTSP_REQUEST 7.20.0 -CURLOPT_RTSP_SERVER_CSEQ 7.20.0 -CURLOPT_RTSP_SESSION_ID 7.20.0 -CURLOPT_RTSP_STREAM_URI 7.20.0 -CURLOPT_RTSP_TRANSPORT 7.20.0 -CURLOPT_SASL_IR 7.31.0 -CURLOPT_SEEKDATA 7.18.0 -CURLOPT_SEEKFUNCTION 7.18.0 -CURLOPT_SERVER_RESPONSE_TIMEOUT 7.20.0 -CURLOPT_SERVICE_NAME 7.43.0 -CURLOPT_SHARE 7.10 -CURLOPT_SOCKOPTDATA 7.16.0 -CURLOPT_SOCKOPTFUNCTION 7.16.0 -CURLOPT_SOCKS5_GSSAPI_NEC 7.19.4 -CURLOPT_SOCKS5_GSSAPI_SERVICE 7.19.4 7.49.0 -CURLOPT_SOURCE_HOST 7.12.1 - 7.15.5 -CURLOPT_SOURCE_PATH 7.12.1 - 7.15.5 -CURLOPT_SOURCE_PORT 7.12.1 - 7.15.5 -CURLOPT_SOURCE_POSTQUOTE 7.12.1 - 7.15.5 -CURLOPT_SOURCE_PREQUOTE 7.12.1 - 7.15.5 -CURLOPT_SOURCE_QUOTE 7.13.0 - 7.15.5 -CURLOPT_SOURCE_URL 7.13.0 - 7.15.5 -CURLOPT_SOURCE_USERPWD 7.12.1 - 7.15.5 -CURLOPT_SSH_AUTH_TYPES 7.16.1 -CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 7.17.1 -CURLOPT_SSH_KEYDATA 7.19.6 -CURLOPT_SSH_KEYFUNCTION 7.19.6 -CURLOPT_SSH_KNOWNHOSTS 7.19.6 -CURLOPT_SSH_PRIVATE_KEYFILE 7.16.1 -CURLOPT_SSH_PUBLIC_KEYFILE 7.16.1 -CURLOPT_SSLCERT 7.1 -CURLOPT_SSLCERTPASSWD 7.1.1 7.17.0 -CURLOPT_SSLCERTTYPE 7.9.3 -CURLOPT_SSLENGINE 7.9.3 -CURLOPT_SSLENGINE_DEFAULT 7.9.3 -CURLOPT_SSLKEY 7.9.3 -CURLOPT_SSLKEYPASSWD 7.9.3 7.17.0 -CURLOPT_SSLKEYTYPE 7.9.3 -CURLOPT_SSLVERSION 7.1 -CURLOPT_SSL_CIPHER_LIST 7.9 -CURLOPT_SSL_CTX_DATA 7.10.6 -CURLOPT_SSL_CTX_FUNCTION 7.10.6 -CURLOPT_SSL_ENABLE_ALPN 7.36.0 -CURLOPT_SSL_ENABLE_NPN 7.36.0 -CURLOPT_SSL_FALSESTART 7.42.0 -CURLOPT_SSL_OPTIONS 7.25.0 -CURLOPT_SSL_SESSIONID_CACHE 7.16.0 -CURLOPT_SSL_VERIFYHOST 7.8.1 -CURLOPT_SSL_VERIFYPEER 7.4.2 -CURLOPT_SSL_VERIFYSTATUS 7.41.0 -CURLOPT_STDERR 7.1 -CURLOPT_STREAM_DEPENDS 7.46.0 -CURLOPT_STREAM_DEPENDS_E 7.46.0 -CURLOPT_STREAM_WEIGHT 7.46.0 -CURLOPT_TCP_KEEPALIVE 7.25.0 -CURLOPT_TCP_KEEPIDLE 7.25.0 -CURLOPT_TCP_KEEPINTVL 7.25.0 -CURLOPT_TCP_NODELAY 7.11.2 -CURLOPT_TCP_FASTOPEN 7.49.0 -CURLOPT_TELNETOPTIONS 7.7 -CURLOPT_TFTP_BLKSIZE 7.19.4 -CURLOPT_TFTP_NO_OPTIONS 7.48.0 -CURLOPT_TIMECONDITION 7.1 -CURLOPT_TIMEOUT 7.1 -CURLOPT_TIMEOUT_MS 7.16.2 -CURLOPT_TIMEVALUE 7.1 -CURLOPT_TLSAUTH_PASSWORD 7.21.4 -CURLOPT_TLSAUTH_TYPE 7.21.4 -CURLOPT_TLSAUTH_USERNAME 7.21.4 -CURLOPT_TRANSFERTEXT 7.1.1 -CURLOPT_TRANSFER_ENCODING 7.21.6 -CURLOPT_UNIX_SOCKET_PATH 7.40.0 -CURLOPT_UNRESTRICTED_AUTH 7.10.4 -CURLOPT_UPLOAD 7.1 -CURLOPT_URL 7.1 -CURLOPT_USERAGENT 7.1 -CURLOPT_USERNAME 7.19.1 -CURLOPT_USERPWD 7.1 -CURLOPT_USE_SSL 7.17.0 -CURLOPT_VERBOSE 7.1 -CURLOPT_WILDCARDMATCH 7.21.0 -CURLOPT_WRITEDATA 7.9.7 -CURLOPT_WRITEFUNCTION 7.1 -CURLOPT_WRITEHEADER 7.1 -CURLOPT_WRITEINFO 7.1 -CURLOPT_XFERINFODATA 7.32.0 -CURLOPT_XFERINFOFUNCTION 7.32.0 -CURLOPT_XOAUTH2_BEARER 7.33.0 -CURLPAUSE_ALL 7.18.0 -CURLPAUSE_CONT 7.18.0 -CURLPAUSE_RECV 7.18.0 -CURLPAUSE_RECV_CONT 7.18.0 -CURLPAUSE_SEND 7.18.0 -CURLPAUSE_SEND_CONT 7.18.0 -CURLPIPE_HTTP1 7.43.0 -CURLPIPE_MULTIPLEX 7.43.0 -CURLPIPE_NOTHING 7.43.0 -CURLPROTO_ALL 7.19.4 -CURLPROTO_DICT 7.19.4 -CURLPROTO_FILE 7.19.4 -CURLPROTO_FTP 7.19.4 -CURLPROTO_FTPS 7.19.4 -CURLPROTO_GOPHER 7.21.2 -CURLPROTO_HTTP 7.19.4 -CURLPROTO_HTTPS 7.19.4 -CURLPROTO_IMAP 7.20.0 -CURLPROTO_IMAPS 7.20.0 -CURLPROTO_LDAP 7.19.4 -CURLPROTO_LDAPS 7.19.4 -CURLPROTO_POP3 7.20.0 -CURLPROTO_POP3S 7.20.0 -CURLPROTO_RTMP 7.21.0 -CURLPROTO_RTMPE 7.21.0 -CURLPROTO_RTMPS 7.21.0 -CURLPROTO_RTMPT 7.21.0 -CURLPROTO_RTMPTE 7.21.0 -CURLPROTO_RTMPTS 7.21.0 -CURLPROTO_RTSP 7.20.0 -CURLPROTO_SCP 7.19.4 -CURLPROTO_SFTP 7.19.4 -CURLPROTO_SMB 7.40.0 -CURLPROTO_SMBS 7.40.0 -CURLPROTO_SMTP 7.20.0 -CURLPROTO_SMTPS 7.20.0 -CURLPROTO_TELNET 7.19.4 -CURLPROTO_TFTP 7.19.4 -CURLPROXY_HTTP 7.10 -CURLPROXY_HTTP_1_0 7.19.4 -CURLPROXY_HTTPS 7.52.0 -CURLPROXY_SOCKS4 7.10 -CURLPROXY_SOCKS4A 7.18.0 -CURLPROXY_SOCKS5 7.10 -CURLPROXY_SOCKS5_HOSTNAME 7.18.0 -CURLSHE_BAD_OPTION 7.10.3 -CURLSHE_INVALID 7.10.3 -CURLSHE_IN_USE 7.10.3 -CURLSHE_NOMEM 7.12.0 -CURLSHE_NOT_BUILT_IN 7.23.0 -CURLSHE_OK 7.10.3 -CURLSHOPT_LOCKFUNC 7.10.3 -CURLSHOPT_NONE 7.10.3 -CURLSHOPT_SHARE 7.10.3 -CURLSHOPT_UNLOCKFUNC 7.10.3 -CURLSHOPT_UNSHARE 7.10.3 -CURLSHOPT_USERDATA 7.10.3 -CURLSOCKTYPE_ACCEPT 7.28.0 -CURLSOCKTYPE_IPCXN 7.16.0 -CURLSSH_AUTH_AGENT 7.28.0 -CURLSSH_AUTH_ANY 7.16.1 -CURLSSH_AUTH_DEFAULT 7.16.1 -CURLSSH_AUTH_HOST 7.16.1 -CURLSSH_AUTH_KEYBOARD 7.16.1 -CURLSSH_AUTH_NONE 7.16.1 -CURLSSH_AUTH_PASSWORD 7.16.1 -CURLSSH_AUTH_PUBLICKEY 7.16.1 -CURLSSLBACKEND_AXTLS 7.38.0 -CURLSSLBACKEND_BORINGSSL 7.49.0 -CURLSSLBACKEND_CYASSL 7.34.0 -CURLSSLBACKEND_DARWINSSL 7.34.0 -CURLSSLBACKEND_GNUTLS 7.34.0 -CURLSSLBACKEND_GSKIT 7.34.0 -CURLSSLBACKEND_LIBRESSL 7.49.0 -CURLSSLBACKEND_MBEDTLS 7.46.0 -CURLSSLBACKEND_NONE 7.34.0 -CURLSSLBACKEND_NSS 7.34.0 -CURLSSLBACKEND_OPENSSL 7.34.0 -CURLSSLBACKEND_POLARSSL 7.34.0 -CURLSSLBACKEND_QSOSSL 7.34.0 - 7.38.1 -CURLSSLBACKEND_SCHANNEL 7.34.0 -CURLSSLBACKEND_WOLFSSL 7.49.0 -CURLSSLOPT_ALLOW_BEAST 7.25.0 -CURLSSLOPT_NO_REVOKE 7.44.0 -CURLUSESSL_ALL 7.17.0 -CURLUSESSL_CONTROL 7.17.0 -CURLUSESSL_NONE 7.17.0 -CURLUSESSL_TRY 7.17.0 -CURLVERSION_FIRST 7.10 -CURLVERSION_FOURTH 7.16.1 -CURLVERSION_NOW 7.10 -CURLVERSION_SECOND 7.11.1 -CURLVERSION_THIRD 7.12.0 -CURL_CHUNK_BGN_FUNC_FAIL 7.21.0 -CURL_CHUNK_BGN_FUNC_OK 7.21.0 -CURL_CHUNK_BGN_FUNC_SKIP 7.21.0 -CURL_CHUNK_END_FUNC_FAIL 7.21.0 -CURL_CHUNK_END_FUNC_OK 7.21.0 -CURL_CSELECT_ERR 7.16.3 -CURL_CSELECT_IN 7.16.3 -CURL_CSELECT_OUT 7.16.3 -CURL_DID_MEMORY_FUNC_TYPEDEFS 7.49.0 -CURL_EASY_NONE 7.14.0 - 7.15.4 -CURL_EASY_TIMEOUT 7.14.0 - 7.15.4 -CURL_ERROR_SIZE 7.1 -CURL_FNMATCHFUNC_FAIL 7.21.0 -CURL_FNMATCHFUNC_MATCH 7.21.0 -CURL_FNMATCHFUNC_NOMATCH 7.21.0 -CURL_FORMADD_DISABLED 7.12.1 -CURL_FORMADD_ILLEGAL_ARRAY 7.9.8 -CURL_FORMADD_INCOMPLETE 7.9.8 -CURL_FORMADD_MEMORY 7.9.8 -CURL_FORMADD_NULL 7.9.8 -CURL_FORMADD_OK 7.9.8 -CURL_FORMADD_OPTION_TWICE 7.9.8 -CURL_FORMADD_UNKNOWN_OPTION 7.9.8 -CURL_GLOBAL_ACK_EINTR 7.30.0 -CURL_GLOBAL_ALL 7.8 -CURL_GLOBAL_DEFAULT 7.8 -CURL_GLOBAL_NOTHING 7.8 -CURL_GLOBAL_SSL 7.8 -CURL_GLOBAL_WIN32 7.8.1 -CURL_HTTPPOST_BUFFER 7.46.0 -CURL_HTTPPOST_CALLBACK 7.46.0 -CURL_HTTPPOST_FILENAME 7.46.0 -CURL_HTTPPOST_LARGE 7.46.0 -CURL_HTTPPOST_PTRBUFFER 7.46.0 -CURL_HTTPPOST_PTRCONTENTS 7.46.0 -CURL_HTTPPOST_PTRNAME 7.46.0 -CURL_HTTPPOST_READFILE 7.46.0 -CURL_HTTP_VERSION_1_0 7.9.1 -CURL_HTTP_VERSION_1_1 7.9.1 -CURL_HTTP_VERSION_2 7.43.0 -CURL_HTTP_VERSION_2_0 7.33.0 -CURL_HTTP_VERSION_2TLS 7.47.0 -CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE 7.49.0 -CURL_HTTP_VERSION_NONE 7.9.1 -CURL_IPRESOLVE_V4 7.10.8 -CURL_IPRESOLVE_V6 7.10.8 -CURL_IPRESOLVE_WHATEVER 7.10.8 -CURL_LOCK_ACCESS_NONE 7.10.3 -CURL_LOCK_ACCESS_SHARED 7.10.3 -CURL_LOCK_ACCESS_SINGLE 7.10.3 -CURL_LOCK_DATA_CONNECT 7.10.3 -CURL_LOCK_DATA_COOKIE 7.10.3 -CURL_LOCK_DATA_DNS 7.10.3 -CURL_LOCK_DATA_NONE 7.10.3 -CURL_LOCK_DATA_SHARE 7.10.4 -CURL_LOCK_DATA_SSL_SESSION 7.10.3 -CURL_LOCK_TYPE_CONNECT 7.10 - 7.10.2 -CURL_LOCK_TYPE_COOKIE 7.10 - 7.10.2 -CURL_LOCK_TYPE_DNS 7.10 - 7.10.2 -CURL_LOCK_TYPE_NONE 7.10 - 7.10.2 -CURL_LOCK_TYPE_SSL_SESSION 7.10 - 7.10.2 -CURL_MAX_HTTP_HEADER 7.19.7 -CURL_MAX_READ_SIZE 7.53.0 -CURL_MAX_WRITE_SIZE 7.9.7 -CURL_NETRC_IGNORED 7.9.8 -CURL_NETRC_OPTIONAL 7.9.8 -CURL_NETRC_REQUIRED 7.9.8 -CURL_POLL_IN 7.14.0 -CURL_POLL_INOUT 7.14.0 -CURL_POLL_NONE 7.14.0 -CURL_POLL_OUT 7.14.0 -CURL_POLL_REMOVE 7.14.0 -CURL_PROGRESS_BAR 7.1.1 - 7.4.1 -CURL_PROGRESS_STATS 7.1.1 - 7.4.1 -CURL_PUSH_DENY 7.44.0 -CURL_PUSH_OK 7.44.0 -CURL_READFUNC_ABORT 7.12.1 -CURL_READFUNC_PAUSE 7.18.0 -CURL_REDIR_GET_ALL 7.19.1 -CURL_REDIR_POST_301 7.19.1 -CURL_REDIR_POST_302 7.19.1 -CURL_REDIR_POST_303 7.25.1 -CURL_REDIR_POST_ALL 7.19.1 -CURL_RTSPREQ_ANNOUNCE 7.20.0 -CURL_RTSPREQ_DESCRIBE 7.20.0 -CURL_RTSPREQ_GET_PARAMETER 7.20.0 -CURL_RTSPREQ_NONE 7.20.0 -CURL_RTSPREQ_OPTIONS 7.20.0 -CURL_RTSPREQ_PAUSE 7.20.0 -CURL_RTSPREQ_PLAY 7.20.0 -CURL_RTSPREQ_RECEIVE 7.20.0 -CURL_RTSPREQ_RECORD 7.20.0 -CURL_RTSPREQ_SETUP 7.20.0 -CURL_RTSPREQ_SET_PARAMETER 7.20.0 -CURL_RTSPREQ_TEARDOWN 7.20.0 -CURL_SEEKFUNC_CANTSEEK 7.19.5 -CURL_SEEKFUNC_FAIL 7.19.5 -CURL_SEEKFUNC_OK 7.19.5 -CURL_SOCKET_BAD 7.14.0 -CURL_SOCKET_TIMEOUT 7.14.0 -CURL_SOCKOPT_ALREADY_CONNECTED 7.21.5 -CURL_SOCKOPT_ERROR 7.21.5 -CURL_SOCKOPT_OK 7.21.5 -CURL_STRICTER 7.50.2 -CURL_SSLVERSION_DEFAULT 7.9.2 -CURL_SSLVERSION_SSLv2 7.9.2 -CURL_SSLVERSION_SSLv3 7.9.2 -CURL_SSLVERSION_TLSv1 7.9.2 -CURL_SSLVERSION_TLSv1_0 7.34.0 -CURL_SSLVERSION_TLSv1_1 7.34.0 -CURL_SSLVERSION_TLSv1_2 7.34.0 -CURL_SSLVERSION_TLSv1_3 7.52.0 -CURL_TIMECOND_IFMODSINCE 7.9.7 -CURL_TIMECOND_IFUNMODSINCE 7.9.7 -CURL_TIMECOND_LASTMOD 7.9.7 -CURL_TIMECOND_NONE 7.9.7 -CURL_TLSAUTH_NONE 7.21.4 -CURL_TLSAUTH_SRP 7.21.4 -CURL_VERSION_ASYNCHDNS 7.10.7 -CURL_VERSION_CONV 7.15.4 -CURL_VERSION_CURLDEBUG 7.19.6 -CURL_VERSION_DEBUG 7.10.6 -CURL_VERSION_GSSAPI 7.38.0 -CURL_VERSION_GSSNEGOTIATE 7.10.6 7.38.0 -CURL_VERSION_HTTP2 7.33.0 -CURL_VERSION_HTTPS_PROXY 7.52.0 -CURL_VERSION_IDN 7.12.0 -CURL_VERSION_IPV6 7.10 -CURL_VERSION_KERBEROS4 7.10 7.33.0 -CURL_VERSION_KERBEROS5 7.40.0 -CURL_VERSION_LARGEFILE 7.11.1 -CURL_VERSION_LIBZ 7.10 -CURL_VERSION_NTLM 7.10.6 -CURL_VERSION_NTLM_WB 7.22.0 -CURL_VERSION_PSL 7.47.0 -CURL_VERSION_SPNEGO 7.10.8 -CURL_VERSION_SSL 7.10 -CURL_VERSION_SSPI 7.13.2 -CURL_VERSION_TLSAUTH_SRP 7.21.4 -CURL_VERSION_UNIX_SOCKETS 7.40.0 -CURL_WAIT_POLLIN 7.28.0 -CURL_WAIT_POLLOUT 7.28.0 -CURL_WAIT_POLLPRI 7.28.0 -CURL_WRITEFUNC_PAUSE 7.18.0 DELETED scriptlibs/softwareupdate/curl/include/curl/curl.h Index: scriptlibs/softwareupdate/curl/include/curl/curl.h ================================================================== --- scriptlibs/softwareupdate/curl/include/curl/curl.h +++ scriptlibs/softwareupdate/curl/include/curl/curl.h @@ -1,2536 +0,0 @@ -#ifndef __CURL_CURL_H -#define __CURL_CURL_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -/* - * If you have libcurl problems, all docs and details are found here: - * https://curl.haxx.se/libcurl/ - * - * curl-library mailing list subscription and unsubscription web interface: - * https://cool.haxx.se/mailman/listinfo/curl-library/ - */ - -#ifdef CURL_NO_OLDIES -#define CURL_STRICTER -#endif - -#include "curlver.h" /* libcurl version defines */ -#include "curlbuild.h" /* libcurl build definitions */ -#include "curlrules.h" /* libcurl rules enforcement */ - -/* - * Define WIN32 when build target is Win32 API - */ - -#if (defined(_WIN32) || defined(__WIN32__)) && \ - !defined(WIN32) && !defined(__SYMBIAN32__) -#define WIN32 -#endif - -#include -#include - -#if defined(__FreeBSD__) && (__FreeBSD__ >= 2) -/* Needed for __FreeBSD_version symbol definition */ -#include -#endif - -/* The include stuff here below is mainly for time_t! */ -#include -#include - -#if defined(WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__) -#if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || \ - defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H)) -/* The check above prevents the winsock2 inclusion if winsock.h already was - included, since they can't co-exist without problems */ -#include -#include -#endif -#endif - -/* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish - libc5-based Linux systems. Only include it on systems that are known to - require it! */ -#if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \ - defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \ - defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \ - (defined(__FreeBSD_version) && (__FreeBSD_version < 800000)) -#include -#endif - -#if !defined(WIN32) && !defined(_WIN32_WCE) -#include -#endif - -#if !defined(WIN32) && !defined(__WATCOMC__) && !defined(__VXWORKS__) -#include -#endif - -#ifdef __BEOS__ -#include -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(BUILDING_LIBCURL) || defined(CURL_STRICTER) -typedef struct Curl_easy CURL; -typedef struct Curl_share CURLSH; -#else -typedef void CURL; -typedef void CURLSH; -#endif - -/* - * libcurl external API function linkage decorations. - */ - -#ifdef CURL_STATICLIB -# define CURL_EXTERN -#elif defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__) -# if defined(BUILDING_LIBCURL) -# define CURL_EXTERN __declspec(dllexport) -# else -# define CURL_EXTERN __declspec(dllimport) -# endif -#elif defined(BUILDING_LIBCURL) && defined(CURL_HIDDEN_SYMBOLS) -# define CURL_EXTERN CURL_EXTERN_SYMBOL -#else -# define CURL_EXTERN -#endif - -#ifndef curl_socket_typedef -/* socket typedef */ -#if defined(WIN32) && !defined(__LWIP_OPT_H__) && !defined(LWIP_HDR_OPT_H) -typedef SOCKET curl_socket_t; -#define CURL_SOCKET_BAD INVALID_SOCKET -#else -typedef int curl_socket_t; -#define CURL_SOCKET_BAD -1 -#endif -#define curl_socket_typedef -#endif /* curl_socket_typedef */ - -struct curl_httppost { - struct curl_httppost *next; /* next entry in the list */ - char *name; /* pointer to allocated name */ - long namelength; /* length of name length */ - char *contents; /* pointer to allocated data contents */ - long contentslength; /* length of contents field, see also - CURL_HTTPPOST_LARGE */ - char *buffer; /* pointer to allocated buffer contents */ - long bufferlength; /* length of buffer field */ - char *contenttype; /* Content-Type */ - struct curl_slist *contentheader; /* list of extra headers for this form */ - struct curl_httppost *more; /* if one field name has more than one - file, this link should link to following - files */ - long flags; /* as defined below */ - -/* specified content is a file name */ -#define CURL_HTTPPOST_FILENAME (1<<0) -/* specified content is a file name */ -#define CURL_HTTPPOST_READFILE (1<<1) -/* name is only stored pointer do not free in formfree */ -#define CURL_HTTPPOST_PTRNAME (1<<2) -/* contents is only stored pointer do not free in formfree */ -#define CURL_HTTPPOST_PTRCONTENTS (1<<3) -/* upload file from buffer */ -#define CURL_HTTPPOST_BUFFER (1<<4) -/* upload file from pointer contents */ -#define CURL_HTTPPOST_PTRBUFFER (1<<5) -/* upload file contents by using the regular read callback to get the data and - pass the given pointer as custom pointer */ -#define CURL_HTTPPOST_CALLBACK (1<<6) -/* use size in 'contentlen', added in 7.46.0 */ -#define CURL_HTTPPOST_LARGE (1<<7) - - char *showfilename; /* The file name to show. If not set, the - actual file name will be used (if this - is a file part) */ - void *userp; /* custom pointer used for - HTTPPOST_CALLBACK posts */ - curl_off_t contentlen; /* alternative length of contents - field. Used if CURL_HTTPPOST_LARGE is - set. Added in 7.46.0 */ -}; - -/* This is the CURLOPT_PROGRESSFUNCTION callback proto. It is now considered - deprecated but was the only choice up until 7.31.0 */ -typedef int (*curl_progress_callback)(void *clientp, - double dltotal, - double dlnow, - double ultotal, - double ulnow); - -/* This is the CURLOPT_XFERINFOFUNCTION callback proto. It was introduced in - 7.32.0, it avoids floating point and provides more detailed information. */ -typedef int (*curl_xferinfo_callback)(void *clientp, - curl_off_t dltotal, - curl_off_t dlnow, - curl_off_t ultotal, - curl_off_t ulnow); - -#ifndef CURL_MAX_READ_SIZE - /* The maximum receive buffer size configurable via CURLOPT_BUFFERSIZE. */ -#define CURL_MAX_READ_SIZE 524288 -#endif - -#ifndef CURL_MAX_WRITE_SIZE - /* Tests have proven that 20K is a very bad buffer size for uploads on - Windows, while 16K for some odd reason performed a lot better. - We do the ifndef check to allow this value to easier be changed at build - time for those who feel adventurous. The practical minimum is about - 400 bytes since libcurl uses a buffer of this size as a scratch area - (unrelated to network send operations). */ -#define CURL_MAX_WRITE_SIZE 16384 -#endif - -#ifndef CURL_MAX_HTTP_HEADER -/* The only reason to have a max limit for this is to avoid the risk of a bad - server feeding libcurl with a never-ending header that will cause reallocs - infinitely */ -#define CURL_MAX_HTTP_HEADER (100*1024) -#endif - -/* This is a magic return code for the write callback that, when returned, - will signal libcurl to pause receiving on the current transfer. */ -#define CURL_WRITEFUNC_PAUSE 0x10000001 - -typedef size_t (*curl_write_callback)(char *buffer, - size_t size, - size_t nitems, - void *outstream); - - - -/* enumeration of file types */ -typedef enum { - CURLFILETYPE_FILE = 0, - CURLFILETYPE_DIRECTORY, - CURLFILETYPE_SYMLINK, - CURLFILETYPE_DEVICE_BLOCK, - CURLFILETYPE_DEVICE_CHAR, - CURLFILETYPE_NAMEDPIPE, - CURLFILETYPE_SOCKET, - CURLFILETYPE_DOOR, /* is possible only on Sun Solaris now */ - - CURLFILETYPE_UNKNOWN /* should never occur */ -} curlfiletype; - -#define CURLFINFOFLAG_KNOWN_FILENAME (1<<0) -#define CURLFINFOFLAG_KNOWN_FILETYPE (1<<1) -#define CURLFINFOFLAG_KNOWN_TIME (1<<2) -#define CURLFINFOFLAG_KNOWN_PERM (1<<3) -#define CURLFINFOFLAG_KNOWN_UID (1<<4) -#define CURLFINFOFLAG_KNOWN_GID (1<<5) -#define CURLFINFOFLAG_KNOWN_SIZE (1<<6) -#define CURLFINFOFLAG_KNOWN_HLINKCOUNT (1<<7) - -/* Content of this structure depends on information which is known and is - achievable (e.g. by FTP LIST parsing). Please see the url_easy_setopt(3) man - page for callbacks returning this structure -- some fields are mandatory, - some others are optional. The FLAG field has special meaning. */ -struct curl_fileinfo { - char *filename; - curlfiletype filetype; - time_t time; - unsigned int perm; - int uid; - int gid; - curl_off_t size; - long int hardlinks; - - struct { - /* If some of these fields is not NULL, it is a pointer to b_data. */ - char *time; - char *perm; - char *user; - char *group; - char *target; /* pointer to the target filename of a symlink */ - } strings; - - unsigned int flags; - - /* used internally */ - char *b_data; - size_t b_size; - size_t b_used; -}; - -/* return codes for CURLOPT_CHUNK_BGN_FUNCTION */ -#define CURL_CHUNK_BGN_FUNC_OK 0 -#define CURL_CHUNK_BGN_FUNC_FAIL 1 /* tell the lib to end the task */ -#define CURL_CHUNK_BGN_FUNC_SKIP 2 /* skip this chunk over */ - -/* if splitting of data transfer is enabled, this callback is called before - download of an individual chunk started. Note that parameter "remains" works - only for FTP wildcard downloading (for now), otherwise is not used */ -typedef long (*curl_chunk_bgn_callback)(const void *transfer_info, - void *ptr, - int remains); - -/* return codes for CURLOPT_CHUNK_END_FUNCTION */ -#define CURL_CHUNK_END_FUNC_OK 0 -#define CURL_CHUNK_END_FUNC_FAIL 1 /* tell the lib to end the task */ - -/* If splitting of data transfer is enabled this callback is called after - download of an individual chunk finished. - Note! After this callback was set then it have to be called FOR ALL chunks. - Even if downloading of this chunk was skipped in CHUNK_BGN_FUNC. - This is the reason why we don't need "transfer_info" parameter in this - callback and we are not interested in "remains" parameter too. */ -typedef long (*curl_chunk_end_callback)(void *ptr); - -/* return codes for FNMATCHFUNCTION */ -#define CURL_FNMATCHFUNC_MATCH 0 /* string corresponds to the pattern */ -#define CURL_FNMATCHFUNC_NOMATCH 1 /* pattern doesn't match the string */ -#define CURL_FNMATCHFUNC_FAIL 2 /* an error occurred */ - -/* callback type for wildcard downloading pattern matching. If the - string matches the pattern, return CURL_FNMATCHFUNC_MATCH value, etc. */ -typedef int (*curl_fnmatch_callback)(void *ptr, - const char *pattern, - const char *string); - -/* These are the return codes for the seek callbacks */ -#define CURL_SEEKFUNC_OK 0 -#define CURL_SEEKFUNC_FAIL 1 /* fail the entire transfer */ -#define CURL_SEEKFUNC_CANTSEEK 2 /* tell libcurl seeking can't be done, so - libcurl might try other means instead */ -typedef int (*curl_seek_callback)(void *instream, - curl_off_t offset, - int origin); /* 'whence' */ - -/* This is a return code for the read callback that, when returned, will - signal libcurl to immediately abort the current transfer. */ -#define CURL_READFUNC_ABORT 0x10000000 -/* This is a return code for the read callback that, when returned, will - signal libcurl to pause sending data on the current transfer. */ -#define CURL_READFUNC_PAUSE 0x10000001 - -typedef size_t (*curl_read_callback)(char *buffer, - size_t size, - size_t nitems, - void *instream); - -typedef enum { - CURLSOCKTYPE_IPCXN, /* socket created for a specific IP connection */ - CURLSOCKTYPE_ACCEPT, /* socket created by accept() call */ - CURLSOCKTYPE_LAST /* never use */ -} curlsocktype; - -/* The return code from the sockopt_callback can signal information back - to libcurl: */ -#define CURL_SOCKOPT_OK 0 -#define CURL_SOCKOPT_ERROR 1 /* causes libcurl to abort and return - CURLE_ABORTED_BY_CALLBACK */ -#define CURL_SOCKOPT_ALREADY_CONNECTED 2 - -typedef int (*curl_sockopt_callback)(void *clientp, - curl_socket_t curlfd, - curlsocktype purpose); - -struct curl_sockaddr { - int family; - int socktype; - int protocol; - unsigned int addrlen; /* addrlen was a socklen_t type before 7.18.0 but it - turned really ugly and painful on the systems that - lack this type */ - struct sockaddr addr; -}; - -typedef curl_socket_t -(*curl_opensocket_callback)(void *clientp, - curlsocktype purpose, - struct curl_sockaddr *address); - -typedef int -(*curl_closesocket_callback)(void *clientp, curl_socket_t item); - -typedef enum { - CURLIOE_OK, /* I/O operation successful */ - CURLIOE_UNKNOWNCMD, /* command was unknown to callback */ - CURLIOE_FAILRESTART, /* failed to restart the read */ - CURLIOE_LAST /* never use */ -} curlioerr; - -typedef enum { - CURLIOCMD_NOP, /* no operation */ - CURLIOCMD_RESTARTREAD, /* restart the read stream from start */ - CURLIOCMD_LAST /* never use */ -} curliocmd; - -typedef curlioerr (*curl_ioctl_callback)(CURL *handle, - int cmd, - void *clientp); - -#ifndef CURL_DID_MEMORY_FUNC_TYPEDEFS -/* - * The following typedef's are signatures of malloc, free, realloc, strdup and - * calloc respectively. Function pointers of these types can be passed to the - * curl_global_init_mem() function to set user defined memory management - * callback routines. - */ -typedef void *(*curl_malloc_callback)(size_t size); -typedef void (*curl_free_callback)(void *ptr); -typedef void *(*curl_realloc_callback)(void *ptr, size_t size); -typedef char *(*curl_strdup_callback)(const char *str); -typedef void *(*curl_calloc_callback)(size_t nmemb, size_t size); - -#define CURL_DID_MEMORY_FUNC_TYPEDEFS -#endif - -/* the kind of data that is passed to information_callback*/ -typedef enum { - CURLINFO_TEXT = 0, - CURLINFO_HEADER_IN, /* 1 */ - CURLINFO_HEADER_OUT, /* 2 */ - CURLINFO_DATA_IN, /* 3 */ - CURLINFO_DATA_OUT, /* 4 */ - CURLINFO_SSL_DATA_IN, /* 5 */ - CURLINFO_SSL_DATA_OUT, /* 6 */ - CURLINFO_END -} curl_infotype; - -typedef int (*curl_debug_callback) - (CURL *handle, /* the handle/transfer this concerns */ - curl_infotype type, /* what kind of data */ - char *data, /* points to the data */ - size_t size, /* size of the data pointed to */ - void *userptr); /* whatever the user please */ - -/* All possible error codes from all sorts of curl functions. Future versions - may return other values, stay prepared. - - Always add new return codes last. Never *EVER* remove any. The return - codes must remain the same! - */ - -typedef enum { - CURLE_OK = 0, - CURLE_UNSUPPORTED_PROTOCOL, /* 1 */ - CURLE_FAILED_INIT, /* 2 */ - CURLE_URL_MALFORMAT, /* 3 */ - CURLE_NOT_BUILT_IN, /* 4 - [was obsoleted in August 2007 for - 7.17.0, reused in April 2011 for 7.21.5] */ - CURLE_COULDNT_RESOLVE_PROXY, /* 5 */ - CURLE_COULDNT_RESOLVE_HOST, /* 6 */ - CURLE_COULDNT_CONNECT, /* 7 */ - CURLE_WEIRD_SERVER_REPLY, /* 8 */ - CURLE_REMOTE_ACCESS_DENIED, /* 9 a service was denied by the server - due to lack of access - when login fails - this is not returned. */ - CURLE_FTP_ACCEPT_FAILED, /* 10 - [was obsoleted in April 2006 for - 7.15.4, reused in Dec 2011 for 7.24.0]*/ - CURLE_FTP_WEIRD_PASS_REPLY, /* 11 */ - CURLE_FTP_ACCEPT_TIMEOUT, /* 12 - timeout occurred accepting server - [was obsoleted in August 2007 for 7.17.0, - reused in Dec 2011 for 7.24.0]*/ - CURLE_FTP_WEIRD_PASV_REPLY, /* 13 */ - CURLE_FTP_WEIRD_227_FORMAT, /* 14 */ - CURLE_FTP_CANT_GET_HOST, /* 15 */ - CURLE_HTTP2, /* 16 - A problem in the http2 framing layer. - [was obsoleted in August 2007 for 7.17.0, - reused in July 2014 for 7.38.0] */ - CURLE_FTP_COULDNT_SET_TYPE, /* 17 */ - CURLE_PARTIAL_FILE, /* 18 */ - CURLE_FTP_COULDNT_RETR_FILE, /* 19 */ - CURLE_OBSOLETE20, /* 20 - NOT USED */ - CURLE_QUOTE_ERROR, /* 21 - quote command failure */ - CURLE_HTTP_RETURNED_ERROR, /* 22 */ - CURLE_WRITE_ERROR, /* 23 */ - CURLE_OBSOLETE24, /* 24 - NOT USED */ - CURLE_UPLOAD_FAILED, /* 25 - failed upload "command" */ - CURLE_READ_ERROR, /* 26 - couldn't open/read from file */ - CURLE_OUT_OF_MEMORY, /* 27 */ - /* Note: CURLE_OUT_OF_MEMORY may sometimes indicate a conversion error - instead of a memory allocation error if CURL_DOES_CONVERSIONS - is defined - */ - CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was reached */ - CURLE_OBSOLETE29, /* 29 - NOT USED */ - CURLE_FTP_PORT_FAILED, /* 30 - FTP PORT operation failed */ - CURLE_FTP_COULDNT_USE_REST, /* 31 - the REST command failed */ - CURLE_OBSOLETE32, /* 32 - NOT USED */ - CURLE_RANGE_ERROR, /* 33 - RANGE "command" didn't work */ - CURLE_HTTP_POST_ERROR, /* 34 */ - CURLE_SSL_CONNECT_ERROR, /* 35 - wrong when connecting with SSL */ - CURLE_BAD_DOWNLOAD_RESUME, /* 36 - couldn't resume download */ - CURLE_FILE_COULDNT_READ_FILE, /* 37 */ - CURLE_LDAP_CANNOT_BIND, /* 38 */ - CURLE_LDAP_SEARCH_FAILED, /* 39 */ - CURLE_OBSOLETE40, /* 40 - NOT USED */ - CURLE_FUNCTION_NOT_FOUND, /* 41 - NOT USED starting with 7.53.0 */ - CURLE_ABORTED_BY_CALLBACK, /* 42 */ - CURLE_BAD_FUNCTION_ARGUMENT, /* 43 */ - CURLE_OBSOLETE44, /* 44 - NOT USED */ - CURLE_INTERFACE_FAILED, /* 45 - CURLOPT_INTERFACE failed */ - CURLE_OBSOLETE46, /* 46 - NOT USED */ - CURLE_TOO_MANY_REDIRECTS, /* 47 - catch endless re-direct loops */ - CURLE_UNKNOWN_OPTION, /* 48 - User specified an unknown option */ - CURLE_TELNET_OPTION_SYNTAX, /* 49 - Malformed telnet option */ - CURLE_OBSOLETE50, /* 50 - NOT USED */ - CURLE_PEER_FAILED_VERIFICATION, /* 51 - peer's certificate or fingerprint - wasn't verified fine */ - CURLE_GOT_NOTHING, /* 52 - when this is a specific error */ - CURLE_SSL_ENGINE_NOTFOUND, /* 53 - SSL crypto engine not found */ - CURLE_SSL_ENGINE_SETFAILED, /* 54 - can not set SSL crypto engine as - default */ - CURLE_SEND_ERROR, /* 55 - failed sending network data */ - CURLE_RECV_ERROR, /* 56 - failure in receiving network data */ - CURLE_OBSOLETE57, /* 57 - NOT IN USE */ - CURLE_SSL_CERTPROBLEM, /* 58 - problem with the local certificate */ - CURLE_SSL_CIPHER, /* 59 - couldn't use specified cipher */ - CURLE_SSL_CACERT, /* 60 - problem with the CA cert (path?) */ - CURLE_BAD_CONTENT_ENCODING, /* 61 - Unrecognized/bad encoding */ - CURLE_LDAP_INVALID_URL, /* 62 - Invalid LDAP URL */ - CURLE_FILESIZE_EXCEEDED, /* 63 - Maximum file size exceeded */ - CURLE_USE_SSL_FAILED, /* 64 - Requested FTP SSL level failed */ - CURLE_SEND_FAIL_REWIND, /* 65 - Sending the data requires a rewind - that failed */ - CURLE_SSL_ENGINE_INITFAILED, /* 66 - failed to initialise ENGINE */ - CURLE_LOGIN_DENIED, /* 67 - user, password or similar was not - accepted and we failed to login */ - CURLE_TFTP_NOTFOUND, /* 68 - file not found on server */ - CURLE_TFTP_PERM, /* 69 - permission problem on server */ - CURLE_REMOTE_DISK_FULL, /* 70 - out of disk space on server */ - CURLE_TFTP_ILLEGAL, /* 71 - Illegal TFTP operation */ - CURLE_TFTP_UNKNOWNID, /* 72 - Unknown transfer ID */ - CURLE_REMOTE_FILE_EXISTS, /* 73 - File already exists */ - CURLE_TFTP_NOSUCHUSER, /* 74 - No such user */ - CURLE_CONV_FAILED, /* 75 - conversion failed */ - CURLE_CONV_REQD, /* 76 - caller must register conversion - callbacks using curl_easy_setopt options - CURLOPT_CONV_FROM_NETWORK_FUNCTION, - CURLOPT_CONV_TO_NETWORK_FUNCTION, and - CURLOPT_CONV_FROM_UTF8_FUNCTION */ - CURLE_SSL_CACERT_BADFILE, /* 77 - could not load CACERT file, missing - or wrong format */ - CURLE_REMOTE_FILE_NOT_FOUND, /* 78 - remote file not found */ - CURLE_SSH, /* 79 - error from the SSH layer, somewhat - generic so the error message will be of - interest when this has happened */ - - CURLE_SSL_SHUTDOWN_FAILED, /* 80 - Failed to shut down the SSL - connection */ - CURLE_AGAIN, /* 81 - socket is not ready for send/recv, - wait till it's ready and try again (Added - in 7.18.2) */ - CURLE_SSL_CRL_BADFILE, /* 82 - could not load CRL file, missing or - wrong format (Added in 7.19.0) */ - CURLE_SSL_ISSUER_ERROR, /* 83 - Issuer check failed. (Added in - 7.19.0) */ - CURLE_FTP_PRET_FAILED, /* 84 - a PRET command failed */ - CURLE_RTSP_CSEQ_ERROR, /* 85 - mismatch of RTSP CSeq numbers */ - CURLE_RTSP_SESSION_ERROR, /* 86 - mismatch of RTSP Session Ids */ - CURLE_FTP_BAD_FILE_LIST, /* 87 - unable to parse FTP file list */ - CURLE_CHUNK_FAILED, /* 88 - chunk callback reported error */ - CURLE_NO_CONNECTION_AVAILABLE, /* 89 - No connection available, the - session will be queued */ - CURLE_SSL_PINNEDPUBKEYNOTMATCH, /* 90 - specified pinned public key did not - match */ - CURLE_SSL_INVALIDCERTSTATUS, /* 91 - invalid certificate status */ - CURLE_HTTP2_STREAM, /* 92 - stream error in HTTP/2 framing layer - */ - CURL_LAST /* never use! */ -} CURLcode; - -#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all - the obsolete stuff removed! */ - -/* Previously obsolete error code re-used in 7.38.0 */ -#define CURLE_OBSOLETE16 CURLE_HTTP2 - -/* Previously obsolete error codes re-used in 7.24.0 */ -#define CURLE_OBSOLETE10 CURLE_FTP_ACCEPT_FAILED -#define CURLE_OBSOLETE12 CURLE_FTP_ACCEPT_TIMEOUT - -/* compatibility with older names */ -#define CURLOPT_ENCODING CURLOPT_ACCEPT_ENCODING -#define CURLE_FTP_WEIRD_SERVER_REPLY CURLE_WEIRD_SERVER_REPLY - -/* The following were added in 7.21.5, April 2011 */ -#define CURLE_UNKNOWN_TELNET_OPTION CURLE_UNKNOWN_OPTION - -/* The following were added in 7.17.1 */ -/* These are scheduled to disappear by 2009 */ -#define CURLE_SSL_PEER_CERTIFICATE CURLE_PEER_FAILED_VERIFICATION - -/* The following were added in 7.17.0 */ -/* These are scheduled to disappear by 2009 */ -#define CURLE_OBSOLETE CURLE_OBSOLETE50 /* no one should be using this! */ -#define CURLE_BAD_PASSWORD_ENTERED CURLE_OBSOLETE46 -#define CURLE_BAD_CALLING_ORDER CURLE_OBSOLETE44 -#define CURLE_FTP_USER_PASSWORD_INCORRECT CURLE_OBSOLETE10 -#define CURLE_FTP_CANT_RECONNECT CURLE_OBSOLETE16 -#define CURLE_FTP_COULDNT_GET_SIZE CURLE_OBSOLETE32 -#define CURLE_FTP_COULDNT_SET_ASCII CURLE_OBSOLETE29 -#define CURLE_FTP_WEIRD_USER_REPLY CURLE_OBSOLETE12 -#define CURLE_FTP_WRITE_ERROR CURLE_OBSOLETE20 -#define CURLE_LIBRARY_NOT_FOUND CURLE_OBSOLETE40 -#define CURLE_MALFORMAT_USER CURLE_OBSOLETE24 -#define CURLE_SHARE_IN_USE CURLE_OBSOLETE57 -#define CURLE_URL_MALFORMAT_USER CURLE_NOT_BUILT_IN - -#define CURLE_FTP_ACCESS_DENIED CURLE_REMOTE_ACCESS_DENIED -#define CURLE_FTP_COULDNT_SET_BINARY CURLE_FTP_COULDNT_SET_TYPE -#define CURLE_FTP_QUOTE_ERROR CURLE_QUOTE_ERROR -#define CURLE_TFTP_DISKFULL CURLE_REMOTE_DISK_FULL -#define CURLE_TFTP_EXISTS CURLE_REMOTE_FILE_EXISTS -#define CURLE_HTTP_RANGE_ERROR CURLE_RANGE_ERROR -#define CURLE_FTP_SSL_FAILED CURLE_USE_SSL_FAILED - -/* The following were added earlier */ - -#define CURLE_OPERATION_TIMEOUTED CURLE_OPERATION_TIMEDOUT - -#define CURLE_HTTP_NOT_FOUND CURLE_HTTP_RETURNED_ERROR -#define CURLE_HTTP_PORT_FAILED CURLE_INTERFACE_FAILED -#define CURLE_FTP_COULDNT_STOR_FILE CURLE_UPLOAD_FAILED - -#define CURLE_FTP_PARTIAL_FILE CURLE_PARTIAL_FILE -#define CURLE_FTP_BAD_DOWNLOAD_RESUME CURLE_BAD_DOWNLOAD_RESUME - -/* This was the error code 50 in 7.7.3 and a few earlier versions, this - is no longer used by libcurl but is instead #defined here only to not - make programs break */ -#define CURLE_ALREADY_COMPLETE 99999 - -/* Provide defines for really old option names */ -#define CURLOPT_FILE CURLOPT_WRITEDATA /* name changed in 7.9.7 */ -#define CURLOPT_INFILE CURLOPT_READDATA /* name changed in 7.9.7 */ -#define CURLOPT_WRITEHEADER CURLOPT_HEADERDATA - -/* Since long deprecated options with no code in the lib that does anything - with them. */ -#define CURLOPT_WRITEINFO CURLOPT_OBSOLETE40 -#define CURLOPT_CLOSEPOLICY CURLOPT_OBSOLETE72 - -#endif /*!CURL_NO_OLDIES*/ - -/* This prototype applies to all conversion callbacks */ -typedef CURLcode (*curl_conv_callback)(char *buffer, size_t length); - -typedef CURLcode (*curl_ssl_ctx_callback)(CURL *curl, /* easy handle */ - void *ssl_ctx, /* actually an - OpenSSL SSL_CTX */ - void *userptr); - -typedef enum { - CURLPROXY_HTTP = 0, /* added in 7.10, new in 7.19.4 default is to use - CONNECT HTTP/1.1 */ - CURLPROXY_HTTP_1_0 = 1, /* added in 7.19.4, force to use CONNECT - HTTP/1.0 */ - CURLPROXY_HTTPS = 2, /* added in 7.52.0 */ - CURLPROXY_SOCKS4 = 4, /* support added in 7.15.2, enum existed already - in 7.10 */ - CURLPROXY_SOCKS5 = 5, /* added in 7.10 */ - CURLPROXY_SOCKS4A = 6, /* added in 7.18.0 */ - CURLPROXY_SOCKS5_HOSTNAME = 7 /* Use the SOCKS5 protocol but pass along the - host name rather than the IP address. added - in 7.18.0 */ -} curl_proxytype; /* this enum was added in 7.10 */ - -/* - * Bitmasks for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH options: - * - * CURLAUTH_NONE - No HTTP authentication - * CURLAUTH_BASIC - HTTP Basic authentication (default) - * CURLAUTH_DIGEST - HTTP Digest authentication - * CURLAUTH_NEGOTIATE - HTTP Negotiate (SPNEGO) authentication - * CURLAUTH_GSSNEGOTIATE - Alias for CURLAUTH_NEGOTIATE (deprecated) - * CURLAUTH_NTLM - HTTP NTLM authentication - * CURLAUTH_DIGEST_IE - HTTP Digest authentication with IE flavour - * CURLAUTH_NTLM_WB - HTTP NTLM authentication delegated to winbind helper - * CURLAUTH_ONLY - Use together with a single other type to force no - * authentication or just that single type - * CURLAUTH_ANY - All fine types set - * CURLAUTH_ANYSAFE - All fine types except Basic - */ - -#define CURLAUTH_NONE ((unsigned long)0) -#define CURLAUTH_BASIC (((unsigned long)1)<<0) -#define CURLAUTH_DIGEST (((unsigned long)1)<<1) -#define CURLAUTH_NEGOTIATE (((unsigned long)1)<<2) -/* Deprecated since the advent of CURLAUTH_NEGOTIATE */ -#define CURLAUTH_GSSNEGOTIATE CURLAUTH_NEGOTIATE -#define CURLAUTH_NTLM (((unsigned long)1)<<3) -#define CURLAUTH_DIGEST_IE (((unsigned long)1)<<4) -#define CURLAUTH_NTLM_WB (((unsigned long)1)<<5) -#define CURLAUTH_ONLY (((unsigned long)1)<<31) -#define CURLAUTH_ANY (~CURLAUTH_DIGEST_IE) -#define CURLAUTH_ANYSAFE (~(CURLAUTH_BASIC|CURLAUTH_DIGEST_IE)) - -#define CURLSSH_AUTH_ANY ~0 /* all types supported by the server */ -#define CURLSSH_AUTH_NONE 0 /* none allowed, silly but complete */ -#define CURLSSH_AUTH_PUBLICKEY (1<<0) /* public/private key files */ -#define CURLSSH_AUTH_PASSWORD (1<<1) /* password */ -#define CURLSSH_AUTH_HOST (1<<2) /* host key files */ -#define CURLSSH_AUTH_KEYBOARD (1<<3) /* keyboard interactive */ -#define CURLSSH_AUTH_AGENT (1<<4) /* agent (ssh-agent, pageant...) */ -#define CURLSSH_AUTH_DEFAULT CURLSSH_AUTH_ANY - -#define CURLGSSAPI_DELEGATION_NONE 0 /* no delegation (default) */ -#define CURLGSSAPI_DELEGATION_POLICY_FLAG (1<<0) /* if permitted by policy */ -#define CURLGSSAPI_DELEGATION_FLAG (1<<1) /* delegate always */ - -#define CURL_ERROR_SIZE 256 - -enum curl_khtype { - CURLKHTYPE_UNKNOWN, - CURLKHTYPE_RSA1, - CURLKHTYPE_RSA, - CURLKHTYPE_DSS -}; - -struct curl_khkey { - const char *key; /* points to a zero-terminated string encoded with base64 - if len is zero, otherwise to the "raw" data */ - size_t len; - enum curl_khtype keytype; -}; - -/* this is the set of return values expected from the curl_sshkeycallback - callback */ -enum curl_khstat { - CURLKHSTAT_FINE_ADD_TO_FILE, - CURLKHSTAT_FINE, - CURLKHSTAT_REJECT, /* reject the connection, return an error */ - CURLKHSTAT_DEFER, /* do not accept it, but we can't answer right now so - this causes a CURLE_DEFER error but otherwise the - connection will be left intact etc */ - CURLKHSTAT_LAST /* not for use, only a marker for last-in-list */ -}; - -/* this is the set of status codes pass in to the callback */ -enum curl_khmatch { - CURLKHMATCH_OK, /* match */ - CURLKHMATCH_MISMATCH, /* host found, key mismatch! */ - CURLKHMATCH_MISSING, /* no matching host/key found */ - CURLKHMATCH_LAST /* not for use, only a marker for last-in-list */ -}; - -typedef int - (*curl_sshkeycallback) (CURL *easy, /* easy handle */ - const struct curl_khkey *knownkey, /* known */ - const struct curl_khkey *foundkey, /* found */ - enum curl_khmatch, /* libcurl's view on the keys */ - void *clientp); /* custom pointer passed from app */ - -/* parameter for the CURLOPT_USE_SSL option */ -typedef enum { - CURLUSESSL_NONE, /* do not attempt to use SSL */ - CURLUSESSL_TRY, /* try using SSL, proceed anyway otherwise */ - CURLUSESSL_CONTROL, /* SSL for the control connection or fail */ - CURLUSESSL_ALL, /* SSL for all communication or fail */ - CURLUSESSL_LAST /* not an option, never use */ -} curl_usessl; - -/* Definition of bits for the CURLOPT_SSL_OPTIONS argument: */ - -/* - ALLOW_BEAST tells libcurl to allow the BEAST SSL vulnerability in the - name of improving interoperability with older servers. Some SSL libraries - have introduced work-arounds for this flaw but those work-arounds sometimes - make the SSL communication fail. To regain functionality with those broken - servers, a user can this way allow the vulnerability back. */ -#define CURLSSLOPT_ALLOW_BEAST (1<<0) - -/* - NO_REVOKE tells libcurl to disable certificate revocation checks for those - SSL backends where such behavior is present. */ -#define CURLSSLOPT_NO_REVOKE (1<<1) - -#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all - the obsolete stuff removed! */ - -/* Backwards compatibility with older names */ -/* These are scheduled to disappear by 2009 */ - -#define CURLFTPSSL_NONE CURLUSESSL_NONE -#define CURLFTPSSL_TRY CURLUSESSL_TRY -#define CURLFTPSSL_CONTROL CURLUSESSL_CONTROL -#define CURLFTPSSL_ALL CURLUSESSL_ALL -#define CURLFTPSSL_LAST CURLUSESSL_LAST -#define curl_ftpssl curl_usessl -#endif /*!CURL_NO_OLDIES*/ - -/* parameter for the CURLOPT_FTP_SSL_CCC option */ -typedef enum { - CURLFTPSSL_CCC_NONE, /* do not send CCC */ - CURLFTPSSL_CCC_PASSIVE, /* Let the server initiate the shutdown */ - CURLFTPSSL_CCC_ACTIVE, /* Initiate the shutdown */ - CURLFTPSSL_CCC_LAST /* not an option, never use */ -} curl_ftpccc; - -/* parameter for the CURLOPT_FTPSSLAUTH option */ -typedef enum { - CURLFTPAUTH_DEFAULT, /* let libcurl decide */ - CURLFTPAUTH_SSL, /* use "AUTH SSL" */ - CURLFTPAUTH_TLS, /* use "AUTH TLS" */ - CURLFTPAUTH_LAST /* not an option, never use */ -} curl_ftpauth; - -/* parameter for the CURLOPT_FTP_CREATE_MISSING_DIRS option */ -typedef enum { - CURLFTP_CREATE_DIR_NONE, /* do NOT create missing dirs! */ - CURLFTP_CREATE_DIR, /* (FTP/SFTP) if CWD fails, try MKD and then CWD - again if MKD succeeded, for SFTP this does - similar magic */ - CURLFTP_CREATE_DIR_RETRY, /* (FTP only) if CWD fails, try MKD and then CWD - again even if MKD failed! */ - CURLFTP_CREATE_DIR_LAST /* not an option, never use */ -} curl_ftpcreatedir; - -/* parameter for the CURLOPT_FTP_FILEMETHOD option */ -typedef enum { - CURLFTPMETHOD_DEFAULT, /* let libcurl pick */ - CURLFTPMETHOD_MULTICWD, /* single CWD operation for each path part */ - CURLFTPMETHOD_NOCWD, /* no CWD at all */ - CURLFTPMETHOD_SINGLECWD, /* one CWD to full dir, then work on file */ - CURLFTPMETHOD_LAST /* not an option, never use */ -} curl_ftpmethod; - -/* bitmask defines for CURLOPT_HEADEROPT */ -#define CURLHEADER_UNIFIED 0 -#define CURLHEADER_SEPARATE (1<<0) - -/* CURLPROTO_ defines are for the CURLOPT_*PROTOCOLS options */ -#define CURLPROTO_HTTP (1<<0) -#define CURLPROTO_HTTPS (1<<1) -#define CURLPROTO_FTP (1<<2) -#define CURLPROTO_FTPS (1<<3) -#define CURLPROTO_SCP (1<<4) -#define CURLPROTO_SFTP (1<<5) -#define CURLPROTO_TELNET (1<<6) -#define CURLPROTO_LDAP (1<<7) -#define CURLPROTO_LDAPS (1<<8) -#define CURLPROTO_DICT (1<<9) -#define CURLPROTO_FILE (1<<10) -#define CURLPROTO_TFTP (1<<11) -#define CURLPROTO_IMAP (1<<12) -#define CURLPROTO_IMAPS (1<<13) -#define CURLPROTO_POP3 (1<<14) -#define CURLPROTO_POP3S (1<<15) -#define CURLPROTO_SMTP (1<<16) -#define CURLPROTO_SMTPS (1<<17) -#define CURLPROTO_RTSP (1<<18) -#define CURLPROTO_RTMP (1<<19) -#define CURLPROTO_RTMPT (1<<20) -#define CURLPROTO_RTMPE (1<<21) -#define CURLPROTO_RTMPTE (1<<22) -#define CURLPROTO_RTMPS (1<<23) -#define CURLPROTO_RTMPTS (1<<24) -#define CURLPROTO_GOPHER (1<<25) -#define CURLPROTO_SMB (1<<26) -#define CURLPROTO_SMBS (1<<27) -#define CURLPROTO_ALL (~0) /* enable everything */ - -/* long may be 32 or 64 bits, but we should never depend on anything else - but 32 */ -#define CURLOPTTYPE_LONG 0 -#define CURLOPTTYPE_OBJECTPOINT 10000 -#define CURLOPTTYPE_STRINGPOINT 10000 -#define CURLOPTTYPE_FUNCTIONPOINT 20000 -#define CURLOPTTYPE_OFF_T 30000 - -/* *STRINGPOINT is an alias for OBJECTPOINT to allow tools to extract the - string options from the header file */ - -/* name is uppercase CURLOPT_, - type is one of the defined CURLOPTTYPE_ - number is unique identifier */ -#ifdef CINIT -#undef CINIT -#endif - -#ifdef CURL_ISOCPP -#define CINIT(na,t,nu) CURLOPT_ ## na = CURLOPTTYPE_ ## t + nu -#else -/* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */ -#define LONG CURLOPTTYPE_LONG -#define OBJECTPOINT CURLOPTTYPE_OBJECTPOINT -#define STRINGPOINT CURLOPTTYPE_OBJECTPOINT -#define FUNCTIONPOINT CURLOPTTYPE_FUNCTIONPOINT -#define OFF_T CURLOPTTYPE_OFF_T -#define CINIT(name,type,number) CURLOPT_/**/name = type + number -#endif - -/* - * This macro-mania below setups the CURLOPT_[what] enum, to be used with - * curl_easy_setopt(). The first argument in the CINIT() macro is the [what] - * word. - */ - -typedef enum { - /* This is the FILE * or void * the regular output should be written to. */ - CINIT(WRITEDATA, OBJECTPOINT, 1), - - /* The full URL to get/put */ - CINIT(URL, STRINGPOINT, 2), - - /* Port number to connect to, if other than default. */ - CINIT(PORT, LONG, 3), - - /* Name of proxy to use. */ - CINIT(PROXY, STRINGPOINT, 4), - - /* "user:password;options" to use when fetching. */ - CINIT(USERPWD, STRINGPOINT, 5), - - /* "user:password" to use with proxy. */ - CINIT(PROXYUSERPWD, STRINGPOINT, 6), - - /* Range to get, specified as an ASCII string. */ - CINIT(RANGE, STRINGPOINT, 7), - - /* not used */ - - /* Specified file stream to upload from (use as input): */ - CINIT(READDATA, OBJECTPOINT, 9), - - /* Buffer to receive error messages in, must be at least CURL_ERROR_SIZE - * bytes big. If this is not used, error messages go to stderr instead: */ - CINIT(ERRORBUFFER, OBJECTPOINT, 10), - - /* Function that will be called to store the output (instead of fwrite). The - * parameters will use fwrite() syntax, make sure to follow them. */ - CINIT(WRITEFUNCTION, FUNCTIONPOINT, 11), - - /* Function that will be called to read the input (instead of fread). The - * parameters will use fread() syntax, make sure to follow them. */ - CINIT(READFUNCTION, FUNCTIONPOINT, 12), - - /* Time-out the read operation after this amount of seconds */ - CINIT(TIMEOUT, LONG, 13), - - /* If the CURLOPT_INFILE is used, this can be used to inform libcurl about - * how large the file being sent really is. That allows better error - * checking and better verifies that the upload was successful. -1 means - * unknown size. - * - * For large file support, there is also a _LARGE version of the key - * which takes an off_t type, allowing platforms with larger off_t - * sizes to handle larger files. See below for INFILESIZE_LARGE. - */ - CINIT(INFILESIZE, LONG, 14), - - /* POST static input fields. */ - CINIT(POSTFIELDS, OBJECTPOINT, 15), - - /* Set the referrer page (needed by some CGIs) */ - CINIT(REFERER, STRINGPOINT, 16), - - /* Set the FTP PORT string (interface name, named or numerical IP address) - Use i.e '-' to use default address. */ - CINIT(FTPPORT, STRINGPOINT, 17), - - /* Set the User-Agent string (examined by some CGIs) */ - CINIT(USERAGENT, STRINGPOINT, 18), - - /* If the download receives less than "low speed limit" bytes/second - * during "low speed time" seconds, the operations is aborted. - * You could i.e if you have a pretty high speed connection, abort if - * it is less than 2000 bytes/sec during 20 seconds. - */ - - /* Set the "low speed limit" */ - CINIT(LOW_SPEED_LIMIT, LONG, 19), - - /* Set the "low speed time" */ - CINIT(LOW_SPEED_TIME, LONG, 20), - - /* Set the continuation offset. - * - * Note there is also a _LARGE version of this key which uses - * off_t types, allowing for large file offsets on platforms which - * use larger-than-32-bit off_t's. Look below for RESUME_FROM_LARGE. - */ - CINIT(RESUME_FROM, LONG, 21), - - /* Set cookie in request: */ - CINIT(COOKIE, STRINGPOINT, 22), - - /* This points to a linked list of headers, struct curl_slist kind. This - list is also used for RTSP (in spite of its name) */ - CINIT(HTTPHEADER, OBJECTPOINT, 23), - - /* This points to a linked list of post entries, struct curl_httppost */ - CINIT(HTTPPOST, OBJECTPOINT, 24), - - /* name of the file keeping your private SSL-certificate */ - CINIT(SSLCERT, STRINGPOINT, 25), - - /* password for the SSL or SSH private key */ - CINIT(KEYPASSWD, STRINGPOINT, 26), - - /* send TYPE parameter? */ - CINIT(CRLF, LONG, 27), - - /* send linked-list of QUOTE commands */ - CINIT(QUOTE, OBJECTPOINT, 28), - - /* send FILE * or void * to store headers to, if you use a callback it - is simply passed to the callback unmodified */ - CINIT(HEADERDATA, OBJECTPOINT, 29), - - /* point to a file to read the initial cookies from, also enables - "cookie awareness" */ - CINIT(COOKIEFILE, STRINGPOINT, 31), - - /* What version to specifically try to use. - See CURL_SSLVERSION defines below. */ - CINIT(SSLVERSION, LONG, 32), - - /* What kind of HTTP time condition to use, see defines */ - CINIT(TIMECONDITION, LONG, 33), - - /* Time to use with the above condition. Specified in number of seconds - since 1 Jan 1970 */ - CINIT(TIMEVALUE, LONG, 34), - - /* 35 = OBSOLETE */ - - /* Custom request, for customizing the get command like - HTTP: DELETE, TRACE and others - FTP: to use a different list command - */ - CINIT(CUSTOMREQUEST, STRINGPOINT, 36), - - /* FILE handle to use instead of stderr */ - CINIT(STDERR, OBJECTPOINT, 37), - - /* 38 is not used */ - - /* send linked-list of post-transfer QUOTE commands */ - CINIT(POSTQUOTE, OBJECTPOINT, 39), - - CINIT(OBSOLETE40, OBJECTPOINT, 40), /* OBSOLETE, do not use! */ - - CINIT(VERBOSE, LONG, 41), /* talk a lot */ - CINIT(HEADER, LONG, 42), /* throw the header out too */ - CINIT(NOPROGRESS, LONG, 43), /* shut off the progress meter */ - CINIT(NOBODY, LONG, 44), /* use HEAD to get http document */ - CINIT(FAILONERROR, LONG, 45), /* no output on http error codes >= 400 */ - CINIT(UPLOAD, LONG, 46), /* this is an upload */ - CINIT(POST, LONG, 47), /* HTTP POST method */ - CINIT(DIRLISTONLY, LONG, 48), /* bare names when listing directories */ - - CINIT(APPEND, LONG, 50), /* Append instead of overwrite on upload! */ - - /* Specify whether to read the user+password from the .netrc or the URL. - * This must be one of the CURL_NETRC_* enums below. */ - CINIT(NETRC, LONG, 51), - - CINIT(FOLLOWLOCATION, LONG, 52), /* use Location: Luke! */ - - CINIT(TRANSFERTEXT, LONG, 53), /* transfer data in text/ASCII format */ - CINIT(PUT, LONG, 54), /* HTTP PUT */ - - /* 55 = OBSOLETE */ - - /* DEPRECATED - * Function that will be called instead of the internal progress display - * function. This function should be defined as the curl_progress_callback - * prototype defines. */ - CINIT(PROGRESSFUNCTION, FUNCTIONPOINT, 56), - - /* Data passed to the CURLOPT_PROGRESSFUNCTION and CURLOPT_XFERINFOFUNCTION - callbacks */ - CINIT(PROGRESSDATA, OBJECTPOINT, 57), -#define CURLOPT_XFERINFODATA CURLOPT_PROGRESSDATA - - /* We want the referrer field set automatically when following locations */ - CINIT(AUTOREFERER, LONG, 58), - - /* Port of the proxy, can be set in the proxy string as well with: - "[host]:[port]" */ - CINIT(PROXYPORT, LONG, 59), - - /* size of the POST input data, if strlen() is not good to use */ - CINIT(POSTFIELDSIZE, LONG, 60), - - /* tunnel non-http operations through a HTTP proxy */ - CINIT(HTTPPROXYTUNNEL, LONG, 61), - - /* Set the interface string to use as outgoing network interface */ - CINIT(INTERFACE, STRINGPOINT, 62), - - /* Set the krb4/5 security level, this also enables krb4/5 awareness. This - * is a string, 'clear', 'safe', 'confidential' or 'private'. If the string - * is set but doesn't match one of these, 'private' will be used. */ - CINIT(KRBLEVEL, STRINGPOINT, 63), - - /* Set if we should verify the peer in ssl handshake, set 1 to verify. */ - CINIT(SSL_VERIFYPEER, LONG, 64), - - /* The CApath or CAfile used to validate the peer certificate - this option is used only if SSL_VERIFYPEER is true */ - CINIT(CAINFO, STRINGPOINT, 65), - - /* 66 = OBSOLETE */ - /* 67 = OBSOLETE */ - - /* Maximum number of http redirects to follow */ - CINIT(MAXREDIRS, LONG, 68), - - /* Pass a long set to 1 to get the date of the requested document (if - possible)! Pass a zero to shut it off. */ - CINIT(FILETIME, LONG, 69), - - /* This points to a linked list of telnet options */ - CINIT(TELNETOPTIONS, OBJECTPOINT, 70), - - /* Max amount of cached alive connections */ - CINIT(MAXCONNECTS, LONG, 71), - - CINIT(OBSOLETE72, LONG, 72), /* OBSOLETE, do not use! */ - - /* 73 = OBSOLETE */ - - /* Set to explicitly use a new connection for the upcoming transfer. - Do not use this unless you're absolutely sure of this, as it makes the - operation slower and is less friendly for the network. */ - CINIT(FRESH_CONNECT, LONG, 74), - - /* Set to explicitly forbid the upcoming transfer's connection to be re-used - when done. Do not use this unless you're absolutely sure of this, as it - makes the operation slower and is less friendly for the network. */ - CINIT(FORBID_REUSE, LONG, 75), - - /* Set to a file name that contains random data for libcurl to use to - seed the random engine when doing SSL connects. */ - CINIT(RANDOM_FILE, STRINGPOINT, 76), - - /* Set to the Entropy Gathering Daemon socket pathname */ - CINIT(EGDSOCKET, STRINGPOINT, 77), - - /* Time-out connect operations after this amount of seconds, if connects are - OK within this time, then fine... This only aborts the connect phase. */ - CINIT(CONNECTTIMEOUT, LONG, 78), - - /* Function that will be called to store headers (instead of fwrite). The - * parameters will use fwrite() syntax, make sure to follow them. */ - CINIT(HEADERFUNCTION, FUNCTIONPOINT, 79), - - /* Set this to force the HTTP request to get back to GET. Only really usable - if POST, PUT or a custom request have been used first. - */ - CINIT(HTTPGET, LONG, 80), - - /* Set if we should verify the Common name from the peer certificate in ssl - * handshake, set 1 to check existence, 2 to ensure that it matches the - * provided hostname. */ - CINIT(SSL_VERIFYHOST, LONG, 81), - - /* Specify which file name to write all known cookies in after completed - operation. Set file name to "-" (dash) to make it go to stdout. */ - CINIT(COOKIEJAR, STRINGPOINT, 82), - - /* Specify which SSL ciphers to use */ - CINIT(SSL_CIPHER_LIST, STRINGPOINT, 83), - - /* Specify which HTTP version to use! This must be set to one of the - CURL_HTTP_VERSION* enums set below. */ - CINIT(HTTP_VERSION, LONG, 84), - - /* Specifically switch on or off the FTP engine's use of the EPSV command. By - default, that one will always be attempted before the more traditional - PASV command. */ - CINIT(FTP_USE_EPSV, LONG, 85), - - /* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") */ - CINIT(SSLCERTTYPE, STRINGPOINT, 86), - - /* name of the file keeping your private SSL-key */ - CINIT(SSLKEY, STRINGPOINT, 87), - - /* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") */ - CINIT(SSLKEYTYPE, STRINGPOINT, 88), - - /* crypto engine for the SSL-sub system */ - CINIT(SSLENGINE, STRINGPOINT, 89), - - /* set the crypto engine for the SSL-sub system as default - the param has no meaning... - */ - CINIT(SSLENGINE_DEFAULT, LONG, 90), - - /* Non-zero value means to use the global dns cache */ - CINIT(DNS_USE_GLOBAL_CACHE, LONG, 91), /* DEPRECATED, do not use! */ - - /* DNS cache timeout */ - CINIT(DNS_CACHE_TIMEOUT, LONG, 92), - - /* send linked-list of pre-transfer QUOTE commands */ - CINIT(PREQUOTE, OBJECTPOINT, 93), - - /* set the debug function */ - CINIT(DEBUGFUNCTION, FUNCTIONPOINT, 94), - - /* set the data for the debug function */ - CINIT(DEBUGDATA, OBJECTPOINT, 95), - - /* mark this as start of a cookie session */ - CINIT(COOKIESESSION, LONG, 96), - - /* The CApath directory used to validate the peer certificate - this option is used only if SSL_VERIFYPEER is true */ - CINIT(CAPATH, STRINGPOINT, 97), - - /* Instruct libcurl to use a smaller receive buffer */ - CINIT(BUFFERSIZE, LONG, 98), - - /* Instruct libcurl to not use any signal/alarm handlers, even when using - timeouts. This option is useful for multi-threaded applications. - See libcurl-the-guide for more background information. */ - CINIT(NOSIGNAL, LONG, 99), - - /* Provide a CURLShare for mutexing non-ts data */ - CINIT(SHARE, OBJECTPOINT, 100), - - /* indicates type of proxy. accepted values are CURLPROXY_HTTP (default), - CURLPROXY_HTTPS, CURLPROXY_SOCKS4, CURLPROXY_SOCKS4A and - CURLPROXY_SOCKS5. */ - CINIT(PROXYTYPE, LONG, 101), - - /* Set the Accept-Encoding string. Use this to tell a server you would like - the response to be compressed. Before 7.21.6, this was known as - CURLOPT_ENCODING */ - CINIT(ACCEPT_ENCODING, STRINGPOINT, 102), - - /* Set pointer to private data */ - CINIT(PRIVATE, OBJECTPOINT, 103), - - /* Set aliases for HTTP 200 in the HTTP Response header */ - CINIT(HTTP200ALIASES, OBJECTPOINT, 104), - - /* Continue to send authentication (user+password) when following locations, - even when hostname changed. This can potentially send off the name - and password to whatever host the server decides. */ - CINIT(UNRESTRICTED_AUTH, LONG, 105), - - /* Specifically switch on or off the FTP engine's use of the EPRT command ( - it also disables the LPRT attempt). By default, those ones will always be - attempted before the good old traditional PORT command. */ - CINIT(FTP_USE_EPRT, LONG, 106), - - /* Set this to a bitmask value to enable the particular authentications - methods you like. Use this in combination with CURLOPT_USERPWD. - Note that setting multiple bits may cause extra network round-trips. */ - CINIT(HTTPAUTH, LONG, 107), - - /* Set the ssl context callback function, currently only for OpenSSL ssl_ctx - in second argument. The function must be matching the - curl_ssl_ctx_callback proto. */ - CINIT(SSL_CTX_FUNCTION, FUNCTIONPOINT, 108), - - /* Set the userdata for the ssl context callback function's third - argument */ - CINIT(SSL_CTX_DATA, OBJECTPOINT, 109), - - /* FTP Option that causes missing dirs to be created on the remote server. - In 7.19.4 we introduced the convenience enums for this option using the - CURLFTP_CREATE_DIR prefix. - */ - CINIT(FTP_CREATE_MISSING_DIRS, LONG, 110), - - /* Set this to a bitmask value to enable the particular authentications - methods you like. Use this in combination with CURLOPT_PROXYUSERPWD. - Note that setting multiple bits may cause extra network round-trips. */ - CINIT(PROXYAUTH, LONG, 111), - - /* FTP option that changes the timeout, in seconds, associated with - getting a response. This is different from transfer timeout time and - essentially places a demand on the FTP server to acknowledge commands - in a timely manner. */ - CINIT(FTP_RESPONSE_TIMEOUT, LONG, 112), -#define CURLOPT_SERVER_RESPONSE_TIMEOUT CURLOPT_FTP_RESPONSE_TIMEOUT - - /* Set this option to one of the CURL_IPRESOLVE_* defines (see below) to - tell libcurl to resolve names to those IP versions only. This only has - affect on systems with support for more than one, i.e IPv4 _and_ IPv6. */ - CINIT(IPRESOLVE, LONG, 113), - - /* Set this option to limit the size of a file that will be downloaded from - an HTTP or FTP server. - - Note there is also _LARGE version which adds large file support for - platforms which have larger off_t sizes. See MAXFILESIZE_LARGE below. */ - CINIT(MAXFILESIZE, LONG, 114), - - /* See the comment for INFILESIZE above, but in short, specifies - * the size of the file being uploaded. -1 means unknown. - */ - CINIT(INFILESIZE_LARGE, OFF_T, 115), - - /* Sets the continuation offset. There is also a LONG version of this; - * look above for RESUME_FROM. - */ - CINIT(RESUME_FROM_LARGE, OFF_T, 116), - - /* Sets the maximum size of data that will be downloaded from - * an HTTP or FTP server. See MAXFILESIZE above for the LONG version. - */ - CINIT(MAXFILESIZE_LARGE, OFF_T, 117), - - /* Set this option to the file name of your .netrc file you want libcurl - to parse (using the CURLOPT_NETRC option). If not set, libcurl will do - a poor attempt to find the user's home directory and check for a .netrc - file in there. */ - CINIT(NETRC_FILE, STRINGPOINT, 118), - - /* Enable SSL/TLS for FTP, pick one of: - CURLUSESSL_TRY - try using SSL, proceed anyway otherwise - CURLUSESSL_CONTROL - SSL for the control connection or fail - CURLUSESSL_ALL - SSL for all communication or fail - */ - CINIT(USE_SSL, LONG, 119), - - /* The _LARGE version of the standard POSTFIELDSIZE option */ - CINIT(POSTFIELDSIZE_LARGE, OFF_T, 120), - - /* Enable/disable the TCP Nagle algorithm */ - CINIT(TCP_NODELAY, LONG, 121), - - /* 122 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ - /* 123 OBSOLETE. Gone in 7.16.0 */ - /* 124 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ - /* 125 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ - /* 126 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ - /* 127 OBSOLETE. Gone in 7.16.0 */ - /* 128 OBSOLETE. Gone in 7.16.0 */ - - /* When FTP over SSL/TLS is selected (with CURLOPT_USE_SSL), this option - can be used to change libcurl's default action which is to first try - "AUTH SSL" and then "AUTH TLS" in this order, and proceed when a OK - response has been received. - - Available parameters are: - CURLFTPAUTH_DEFAULT - let libcurl decide - CURLFTPAUTH_SSL - try "AUTH SSL" first, then TLS - CURLFTPAUTH_TLS - try "AUTH TLS" first, then SSL - */ - CINIT(FTPSSLAUTH, LONG, 129), - - CINIT(IOCTLFUNCTION, FUNCTIONPOINT, 130), - CINIT(IOCTLDATA, OBJECTPOINT, 131), - - /* 132 OBSOLETE. Gone in 7.16.0 */ - /* 133 OBSOLETE. Gone in 7.16.0 */ - - /* zero terminated string for pass on to the FTP server when asked for - "account" info */ - CINIT(FTP_ACCOUNT, STRINGPOINT, 134), - - /* feed cookie into cookie engine */ - CINIT(COOKIELIST, STRINGPOINT, 135), - - /* ignore Content-Length */ - CINIT(IGNORE_CONTENT_LENGTH, LONG, 136), - - /* Set to non-zero to skip the IP address received in a 227 PASV FTP server - response. Typically used for FTP-SSL purposes but is not restricted to - that. libcurl will then instead use the same IP address it used for the - control connection. */ - CINIT(FTP_SKIP_PASV_IP, LONG, 137), - - /* Select "file method" to use when doing FTP, see the curl_ftpmethod - above. */ - CINIT(FTP_FILEMETHOD, LONG, 138), - - /* Local port number to bind the socket to */ - CINIT(LOCALPORT, LONG, 139), - - /* Number of ports to try, including the first one set with LOCALPORT. - Thus, setting it to 1 will make no additional attempts but the first. - */ - CINIT(LOCALPORTRANGE, LONG, 140), - - /* no transfer, set up connection and let application use the socket by - extracting it with CURLINFO_LASTSOCKET */ - CINIT(CONNECT_ONLY, LONG, 141), - - /* Function that will be called to convert from the - network encoding (instead of using the iconv calls in libcurl) */ - CINIT(CONV_FROM_NETWORK_FUNCTION, FUNCTIONPOINT, 142), - - /* Function that will be called to convert to the - network encoding (instead of using the iconv calls in libcurl) */ - CINIT(CONV_TO_NETWORK_FUNCTION, FUNCTIONPOINT, 143), - - /* Function that will be called to convert from UTF8 - (instead of using the iconv calls in libcurl) - Note that this is used only for SSL certificate processing */ - CINIT(CONV_FROM_UTF8_FUNCTION, FUNCTIONPOINT, 144), - - /* if the connection proceeds too quickly then need to slow it down */ - /* limit-rate: maximum number of bytes per second to send or receive */ - CINIT(MAX_SEND_SPEED_LARGE, OFF_T, 145), - CINIT(MAX_RECV_SPEED_LARGE, OFF_T, 146), - - /* Pointer to command string to send if USER/PASS fails. */ - CINIT(FTP_ALTERNATIVE_TO_USER, STRINGPOINT, 147), - - /* callback function for setting socket options */ - CINIT(SOCKOPTFUNCTION, FUNCTIONPOINT, 148), - CINIT(SOCKOPTDATA, OBJECTPOINT, 149), - - /* set to 0 to disable session ID re-use for this transfer, default is - enabled (== 1) */ - CINIT(SSL_SESSIONID_CACHE, LONG, 150), - - /* allowed SSH authentication methods */ - CINIT(SSH_AUTH_TYPES, LONG, 151), - - /* Used by scp/sftp to do public/private key authentication */ - CINIT(SSH_PUBLIC_KEYFILE, STRINGPOINT, 152), - CINIT(SSH_PRIVATE_KEYFILE, STRINGPOINT, 153), - - /* Send CCC (Clear Command Channel) after authentication */ - CINIT(FTP_SSL_CCC, LONG, 154), - - /* Same as TIMEOUT and CONNECTTIMEOUT, but with ms resolution */ - CINIT(TIMEOUT_MS, LONG, 155), - CINIT(CONNECTTIMEOUT_MS, LONG, 156), - - /* set to zero to disable the libcurl's decoding and thus pass the raw body - data to the application even when it is encoded/compressed */ - CINIT(HTTP_TRANSFER_DECODING, LONG, 157), - CINIT(HTTP_CONTENT_DECODING, LONG, 158), - - /* Permission used when creating new files and directories on the remote - server for protocols that support it, SFTP/SCP/FILE */ - CINIT(NEW_FILE_PERMS, LONG, 159), - CINIT(NEW_DIRECTORY_PERMS, LONG, 160), - - /* Set the behaviour of POST when redirecting. Values must be set to one - of CURL_REDIR* defines below. This used to be called CURLOPT_POST301 */ - CINIT(POSTREDIR, LONG, 161), - - /* used by scp/sftp to verify the host's public key */ - CINIT(SSH_HOST_PUBLIC_KEY_MD5, STRINGPOINT, 162), - - /* Callback function for opening socket (instead of socket(2)). Optionally, - callback is able change the address or refuse to connect returning - CURL_SOCKET_BAD. The callback should have type - curl_opensocket_callback */ - CINIT(OPENSOCKETFUNCTION, FUNCTIONPOINT, 163), - CINIT(OPENSOCKETDATA, OBJECTPOINT, 164), - - /* POST volatile input fields. */ - CINIT(COPYPOSTFIELDS, OBJECTPOINT, 165), - - /* set transfer mode (;type=) when doing FTP via an HTTP proxy */ - CINIT(PROXY_TRANSFER_MODE, LONG, 166), - - /* Callback function for seeking in the input stream */ - CINIT(SEEKFUNCTION, FUNCTIONPOINT, 167), - CINIT(SEEKDATA, OBJECTPOINT, 168), - - /* CRL file */ - CINIT(CRLFILE, STRINGPOINT, 169), - - /* Issuer certificate */ - CINIT(ISSUERCERT, STRINGPOINT, 170), - - /* (IPv6) Address scope */ - CINIT(ADDRESS_SCOPE, LONG, 171), - - /* Collect certificate chain info and allow it to get retrievable with - CURLINFO_CERTINFO after the transfer is complete. */ - CINIT(CERTINFO, LONG, 172), - - /* "name" and "pwd" to use when fetching. */ - CINIT(USERNAME, STRINGPOINT, 173), - CINIT(PASSWORD, STRINGPOINT, 174), - - /* "name" and "pwd" to use with Proxy when fetching. */ - CINIT(PROXYUSERNAME, STRINGPOINT, 175), - CINIT(PROXYPASSWORD, STRINGPOINT, 176), - - /* Comma separated list of hostnames defining no-proxy zones. These should - match both hostnames directly, and hostnames within a domain. For - example, local.com will match local.com and www.local.com, but NOT - notlocal.com or www.notlocal.com. For compatibility with other - implementations of this, .local.com will be considered to be the same as - local.com. A single * is the only valid wildcard, and effectively - disables the use of proxy. */ - CINIT(NOPROXY, STRINGPOINT, 177), - - /* block size for TFTP transfers */ - CINIT(TFTP_BLKSIZE, LONG, 178), - - /* Socks Service */ - CINIT(SOCKS5_GSSAPI_SERVICE, STRINGPOINT, 179), /* DEPRECATED, do not use! */ - - /* Socks Service */ - CINIT(SOCKS5_GSSAPI_NEC, LONG, 180), - - /* set the bitmask for the protocols that are allowed to be used for the - transfer, which thus helps the app which takes URLs from users or other - external inputs and want to restrict what protocol(s) to deal - with. Defaults to CURLPROTO_ALL. */ - CINIT(PROTOCOLS, LONG, 181), - - /* set the bitmask for the protocols that libcurl is allowed to follow to, - as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs - to be set in both bitmasks to be allowed to get redirected to. Defaults - to all protocols except FILE and SCP. */ - CINIT(REDIR_PROTOCOLS, LONG, 182), - - /* set the SSH knownhost file name to use */ - CINIT(SSH_KNOWNHOSTS, STRINGPOINT, 183), - - /* set the SSH host key callback, must point to a curl_sshkeycallback - function */ - CINIT(SSH_KEYFUNCTION, FUNCTIONPOINT, 184), - - /* set the SSH host key callback custom pointer */ - CINIT(SSH_KEYDATA, OBJECTPOINT, 185), - - /* set the SMTP mail originator */ - CINIT(MAIL_FROM, STRINGPOINT, 186), - - /* set the list of SMTP mail receiver(s) */ - CINIT(MAIL_RCPT, OBJECTPOINT, 187), - - /* FTP: send PRET before PASV */ - CINIT(FTP_USE_PRET, LONG, 188), - - /* RTSP request method (OPTIONS, SETUP, PLAY, etc...) */ - CINIT(RTSP_REQUEST, LONG, 189), - - /* The RTSP session identifier */ - CINIT(RTSP_SESSION_ID, STRINGPOINT, 190), - - /* The RTSP stream URI */ - CINIT(RTSP_STREAM_URI, STRINGPOINT, 191), - - /* The Transport: header to use in RTSP requests */ - CINIT(RTSP_TRANSPORT, STRINGPOINT, 192), - - /* Manually initialize the client RTSP CSeq for this handle */ - CINIT(RTSP_CLIENT_CSEQ, LONG, 193), - - /* Manually initialize the server RTSP CSeq for this handle */ - CINIT(RTSP_SERVER_CSEQ, LONG, 194), - - /* The stream to pass to INTERLEAVEFUNCTION. */ - CINIT(INTERLEAVEDATA, OBJECTPOINT, 195), - - /* Let the application define a custom write method for RTP data */ - CINIT(INTERLEAVEFUNCTION, FUNCTIONPOINT, 196), - - /* Turn on wildcard matching */ - CINIT(WILDCARDMATCH, LONG, 197), - - /* Directory matching callback called before downloading of an - individual file (chunk) started */ - CINIT(CHUNK_BGN_FUNCTION, FUNCTIONPOINT, 198), - - /* Directory matching callback called after the file (chunk) - was downloaded, or skipped */ - CINIT(CHUNK_END_FUNCTION, FUNCTIONPOINT, 199), - - /* Change match (fnmatch-like) callback for wildcard matching */ - CINIT(FNMATCH_FUNCTION, FUNCTIONPOINT, 200), - - /* Let the application define custom chunk data pointer */ - CINIT(CHUNK_DATA, OBJECTPOINT, 201), - - /* FNMATCH_FUNCTION user pointer */ - CINIT(FNMATCH_DATA, OBJECTPOINT, 202), - - /* send linked-list of name:port:address sets */ - CINIT(RESOLVE, OBJECTPOINT, 203), - - /* Set a username for authenticated TLS */ - CINIT(TLSAUTH_USERNAME, STRINGPOINT, 204), - - /* Set a password for authenticated TLS */ - CINIT(TLSAUTH_PASSWORD, STRINGPOINT, 205), - - /* Set authentication type for authenticated TLS */ - CINIT(TLSAUTH_TYPE, STRINGPOINT, 206), - - /* Set to 1 to enable the "TE:" header in HTTP requests to ask for - compressed transfer-encoded responses. Set to 0 to disable the use of TE: - in outgoing requests. The current default is 0, but it might change in a - future libcurl release. - - libcurl will ask for the compressed methods it knows of, and if that - isn't any, it will not ask for transfer-encoding at all even if this - option is set to 1. - - */ - CINIT(TRANSFER_ENCODING, LONG, 207), - - /* Callback function for closing socket (instead of close(2)). The callback - should have type curl_closesocket_callback */ - CINIT(CLOSESOCKETFUNCTION, FUNCTIONPOINT, 208), - CINIT(CLOSESOCKETDATA, OBJECTPOINT, 209), - - /* allow GSSAPI credential delegation */ - CINIT(GSSAPI_DELEGATION, LONG, 210), - - /* Set the name servers to use for DNS resolution */ - CINIT(DNS_SERVERS, STRINGPOINT, 211), - - /* Time-out accept operations (currently for FTP only) after this amount - of miliseconds. */ - CINIT(ACCEPTTIMEOUT_MS, LONG, 212), - - /* Set TCP keepalive */ - CINIT(TCP_KEEPALIVE, LONG, 213), - - /* non-universal keepalive knobs (Linux, AIX, HP-UX, more) */ - CINIT(TCP_KEEPIDLE, LONG, 214), - CINIT(TCP_KEEPINTVL, LONG, 215), - - /* Enable/disable specific SSL features with a bitmask, see CURLSSLOPT_* */ - CINIT(SSL_OPTIONS, LONG, 216), - - /* Set the SMTP auth originator */ - CINIT(MAIL_AUTH, STRINGPOINT, 217), - - /* Enable/disable SASL initial response */ - CINIT(SASL_IR, LONG, 218), - - /* Function that will be called instead of the internal progress display - * function. This function should be defined as the curl_xferinfo_callback - * prototype defines. (Deprecates CURLOPT_PROGRESSFUNCTION) */ - CINIT(XFERINFOFUNCTION, FUNCTIONPOINT, 219), - - /* The XOAUTH2 bearer token */ - CINIT(XOAUTH2_BEARER, STRINGPOINT, 220), - - /* Set the interface string to use as outgoing network - * interface for DNS requests. - * Only supported by the c-ares DNS backend */ - CINIT(DNS_INTERFACE, STRINGPOINT, 221), - - /* Set the local IPv4 address to use for outgoing DNS requests. - * Only supported by the c-ares DNS backend */ - CINIT(DNS_LOCAL_IP4, STRINGPOINT, 222), - - /* Set the local IPv4 address to use for outgoing DNS requests. - * Only supported by the c-ares DNS backend */ - CINIT(DNS_LOCAL_IP6, STRINGPOINT, 223), - - /* Set authentication options directly */ - CINIT(LOGIN_OPTIONS, STRINGPOINT, 224), - - /* Enable/disable TLS NPN extension (http2 over ssl might fail without) */ - CINIT(SSL_ENABLE_NPN, LONG, 225), - - /* Enable/disable TLS ALPN extension (http2 over ssl might fail without) */ - CINIT(SSL_ENABLE_ALPN, LONG, 226), - - /* Time to wait for a response to a HTTP request containing an - * Expect: 100-continue header before sending the data anyway. */ - CINIT(EXPECT_100_TIMEOUT_MS, LONG, 227), - - /* This points to a linked list of headers used for proxy requests only, - struct curl_slist kind */ - CINIT(PROXYHEADER, OBJECTPOINT, 228), - - /* Pass in a bitmask of "header options" */ - CINIT(HEADEROPT, LONG, 229), - - /* The public key in DER form used to validate the peer public key - this option is used only if SSL_VERIFYPEER is true */ - CINIT(PINNEDPUBLICKEY, STRINGPOINT, 230), - - /* Path to Unix domain socket */ - CINIT(UNIX_SOCKET_PATH, STRINGPOINT, 231), - - /* Set if we should verify the certificate status. */ - CINIT(SSL_VERIFYSTATUS, LONG, 232), - - /* Set if we should enable TLS false start. */ - CINIT(SSL_FALSESTART, LONG, 233), - - /* Do not squash dot-dot sequences */ - CINIT(PATH_AS_IS, LONG, 234), - - /* Proxy Service Name */ - CINIT(PROXY_SERVICE_NAME, STRINGPOINT, 235), - - /* Service Name */ - CINIT(SERVICE_NAME, STRINGPOINT, 236), - - /* Wait/don't wait for pipe/mutex to clarify */ - CINIT(PIPEWAIT, LONG, 237), - - /* Set the protocol used when curl is given a URL without a protocol */ - CINIT(DEFAULT_PROTOCOL, STRINGPOINT, 238), - - /* Set stream weight, 1 - 256 (default is 16) */ - CINIT(STREAM_WEIGHT, LONG, 239), - - /* Set stream dependency on another CURL handle */ - CINIT(STREAM_DEPENDS, OBJECTPOINT, 240), - - /* Set E-xclusive stream dependency on another CURL handle */ - CINIT(STREAM_DEPENDS_E, OBJECTPOINT, 241), - - /* Do not send any tftp option requests to the server */ - CINIT(TFTP_NO_OPTIONS, LONG, 242), - - /* Linked-list of host:port:connect-to-host:connect-to-port, - overrides the URL's host:port (only for the network layer) */ - CINIT(CONNECT_TO, OBJECTPOINT, 243), - - /* Set TCP Fast Open */ - CINIT(TCP_FASTOPEN, LONG, 244), - - /* Continue to send data if the server responds early with an - * HTTP status code >= 300 */ - CINIT(KEEP_SENDING_ON_ERROR, LONG, 245), - - /* The CApath or CAfile used to validate the proxy certificate - this option is used only if PROXY_SSL_VERIFYPEER is true */ - CINIT(PROXY_CAINFO, STRINGPOINT, 246), - - /* The CApath directory used to validate the proxy certificate - this option is used only if PROXY_SSL_VERIFYPEER is true */ - CINIT(PROXY_CAPATH, STRINGPOINT, 247), - - /* Set if we should verify the proxy in ssl handshake, - set 1 to verify. */ - CINIT(PROXY_SSL_VERIFYPEER, LONG, 248), - - /* Set if we should verify the Common name from the proxy certificate in ssl - * handshake, set 1 to check existence, 2 to ensure that it matches - * the provided hostname. */ - CINIT(PROXY_SSL_VERIFYHOST, LONG, 249), - - /* What version to specifically try to use for proxy. - See CURL_SSLVERSION defines below. */ - CINIT(PROXY_SSLVERSION, LONG, 250), - - /* Set a username for authenticated TLS for proxy */ - CINIT(PROXY_TLSAUTH_USERNAME, STRINGPOINT, 251), - - /* Set a password for authenticated TLS for proxy */ - CINIT(PROXY_TLSAUTH_PASSWORD, STRINGPOINT, 252), - - /* Set authentication type for authenticated TLS for proxy */ - CINIT(PROXY_TLSAUTH_TYPE, STRINGPOINT, 253), - - /* name of the file keeping your private SSL-certificate for proxy */ - CINIT(PROXY_SSLCERT, STRINGPOINT, 254), - - /* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") for - proxy */ - CINIT(PROXY_SSLCERTTYPE, STRINGPOINT, 255), - - /* name of the file keeping your private SSL-key for proxy */ - CINIT(PROXY_SSLKEY, STRINGPOINT, 256), - - /* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") for - proxy */ - CINIT(PROXY_SSLKEYTYPE, STRINGPOINT, 257), - - /* password for the SSL private key for proxy */ - CINIT(PROXY_KEYPASSWD, STRINGPOINT, 258), - - /* Specify which SSL ciphers to use for proxy */ - CINIT(PROXY_SSL_CIPHER_LIST, STRINGPOINT, 259), - - /* CRL file for proxy */ - CINIT(PROXY_CRLFILE, STRINGPOINT, 260), - - /* Enable/disable specific SSL features with a bitmask for proxy, see - CURLSSLOPT_* */ - CINIT(PROXY_SSL_OPTIONS, LONG, 261), - - /* Name of pre proxy to use. */ - CINIT(PRE_PROXY, STRINGPOINT, 262), - - /* The public key in DER form used to validate the proxy public key - this option is used only if PROXY_SSL_VERIFYPEER is true */ - CINIT(PROXY_PINNEDPUBLICKEY, STRINGPOINT, 263), - - /* Path to an abstract Unix domain socket */ - CINIT(ABSTRACT_UNIX_SOCKET, STRINGPOINT, 264), - - CURLOPT_LASTENTRY /* the last unused */ -} CURLoption; - -#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all - the obsolete stuff removed! */ - -/* Backwards compatibility with older names */ -/* These are scheduled to disappear by 2011 */ - -/* This was added in version 7.19.1 */ -#define CURLOPT_POST301 CURLOPT_POSTREDIR - -/* These are scheduled to disappear by 2009 */ - -/* The following were added in 7.17.0 */ -#define CURLOPT_SSLKEYPASSWD CURLOPT_KEYPASSWD -#define CURLOPT_FTPAPPEND CURLOPT_APPEND -#define CURLOPT_FTPLISTONLY CURLOPT_DIRLISTONLY -#define CURLOPT_FTP_SSL CURLOPT_USE_SSL - -/* The following were added earlier */ - -#define CURLOPT_SSLCERTPASSWD CURLOPT_KEYPASSWD -#define CURLOPT_KRB4LEVEL CURLOPT_KRBLEVEL - -#else -/* This is set if CURL_NO_OLDIES is defined at compile-time */ -#undef CURLOPT_DNS_USE_GLOBAL_CACHE /* soon obsolete */ -#endif - - - /* Below here follows defines for the CURLOPT_IPRESOLVE option. If a host - name resolves addresses using more than one IP protocol version, this - option might be handy to force libcurl to use a specific IP version. */ -#define CURL_IPRESOLVE_WHATEVER 0 /* default, resolves addresses to all IP - versions that your system allows */ -#define CURL_IPRESOLVE_V4 1 /* resolve to IPv4 addresses */ -#define CURL_IPRESOLVE_V6 2 /* resolve to IPv6 addresses */ - - /* three convenient "aliases" that follow the name scheme better */ -#define CURLOPT_RTSPHEADER CURLOPT_HTTPHEADER - - /* These enums are for use with the CURLOPT_HTTP_VERSION option. */ -enum { - CURL_HTTP_VERSION_NONE, /* setting this means we don't care, and that we'd - like the library to choose the best possible - for us! */ - CURL_HTTP_VERSION_1_0, /* please use HTTP 1.0 in the request */ - CURL_HTTP_VERSION_1_1, /* please use HTTP 1.1 in the request */ - CURL_HTTP_VERSION_2_0, /* please use HTTP 2 in the request */ - CURL_HTTP_VERSION_2TLS, /* use version 2 for HTTPS, version 1.1 for HTTP */ - CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE, /* please use HTTP 2 without HTTP/1.1 - Upgrade */ - - CURL_HTTP_VERSION_LAST /* *ILLEGAL* http version */ -}; - -/* Convenience definition simple because the name of the version is HTTP/2 and - not 2.0. The 2_0 version of the enum name was set while the version was - still planned to be 2.0 and we stick to it for compatibility. */ -#define CURL_HTTP_VERSION_2 CURL_HTTP_VERSION_2_0 - -/* - * Public API enums for RTSP requests - */ -enum { - CURL_RTSPREQ_NONE, /* first in list */ - CURL_RTSPREQ_OPTIONS, - CURL_RTSPREQ_DESCRIBE, - CURL_RTSPREQ_ANNOUNCE, - CURL_RTSPREQ_SETUP, - CURL_RTSPREQ_PLAY, - CURL_RTSPREQ_PAUSE, - CURL_RTSPREQ_TEARDOWN, - CURL_RTSPREQ_GET_PARAMETER, - CURL_RTSPREQ_SET_PARAMETER, - CURL_RTSPREQ_RECORD, - CURL_RTSPREQ_RECEIVE, - CURL_RTSPREQ_LAST /* last in list */ -}; - - /* These enums are for use with the CURLOPT_NETRC option. */ -enum CURL_NETRC_OPTION { - CURL_NETRC_IGNORED, /* The .netrc will never be read. - * This is the default. */ - CURL_NETRC_OPTIONAL, /* A user:password in the URL will be preferred - * to one in the .netrc. */ - CURL_NETRC_REQUIRED, /* A user:password in the URL will be ignored. - * Unless one is set programmatically, the .netrc - * will be queried. */ - CURL_NETRC_LAST -}; - -enum { - CURL_SSLVERSION_DEFAULT, - CURL_SSLVERSION_TLSv1, /* TLS 1.x */ - CURL_SSLVERSION_SSLv2, - CURL_SSLVERSION_SSLv3, - CURL_SSLVERSION_TLSv1_0, - CURL_SSLVERSION_TLSv1_1, - CURL_SSLVERSION_TLSv1_2, - CURL_SSLVERSION_TLSv1_3, - - CURL_SSLVERSION_LAST /* never use, keep last */ -}; - -enum CURL_TLSAUTH { - CURL_TLSAUTH_NONE, - CURL_TLSAUTH_SRP, - CURL_TLSAUTH_LAST /* never use, keep last */ -}; - -/* symbols to use with CURLOPT_POSTREDIR. - CURL_REDIR_POST_301, CURL_REDIR_POST_302 and CURL_REDIR_POST_303 - can be bitwise ORed so that CURL_REDIR_POST_301 | CURL_REDIR_POST_302 - | CURL_REDIR_POST_303 == CURL_REDIR_POST_ALL */ - -#define CURL_REDIR_GET_ALL 0 -#define CURL_REDIR_POST_301 1 -#define CURL_REDIR_POST_302 2 -#define CURL_REDIR_POST_303 4 -#define CURL_REDIR_POST_ALL \ - (CURL_REDIR_POST_301|CURL_REDIR_POST_302|CURL_REDIR_POST_303) - -typedef enum { - CURL_TIMECOND_NONE, - - CURL_TIMECOND_IFMODSINCE, - CURL_TIMECOND_IFUNMODSINCE, - CURL_TIMECOND_LASTMOD, - - CURL_TIMECOND_LAST -} curl_TimeCond; - - -/* curl_strequal() and curl_strnequal() are subject for removal in a future - libcurl, see lib/README.curlx for details - - !checksrc! disable SPACEBEFOREPAREN 2 -*/ -CURL_EXTERN int (curl_strequal)(const char *s1, const char *s2); -CURL_EXTERN int (curl_strnequal)(const char *s1, const char *s2, size_t n); - -/* name is uppercase CURLFORM_ */ -#ifdef CFINIT -#undef CFINIT -#endif - -#ifdef CURL_ISOCPP -#define CFINIT(name) CURLFORM_ ## name -#else -/* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */ -#define CFINIT(name) CURLFORM_/**/name -#endif - -typedef enum { - CFINIT(NOTHING), /********* the first one is unused ************/ - - /* */ - CFINIT(COPYNAME), - CFINIT(PTRNAME), - CFINIT(NAMELENGTH), - CFINIT(COPYCONTENTS), - CFINIT(PTRCONTENTS), - CFINIT(CONTENTSLENGTH), - CFINIT(FILECONTENT), - CFINIT(ARRAY), - CFINIT(OBSOLETE), - CFINIT(FILE), - - CFINIT(BUFFER), - CFINIT(BUFFERPTR), - CFINIT(BUFFERLENGTH), - - CFINIT(CONTENTTYPE), - CFINIT(CONTENTHEADER), - CFINIT(FILENAME), - CFINIT(END), - CFINIT(OBSOLETE2), - - CFINIT(STREAM), - CFINIT(CONTENTLEN), /* added in 7.46.0, provide a curl_off_t length */ - - CURLFORM_LASTENTRY /* the last unused */ -} CURLformoption; - -#undef CFINIT /* done */ - -/* structure to be used as parameter for CURLFORM_ARRAY */ -struct curl_forms { - CURLformoption option; - const char *value; -}; - -/* use this for multipart formpost building */ -/* Returns code for curl_formadd() - * - * Returns: - * CURL_FORMADD_OK on success - * CURL_FORMADD_MEMORY if the FormInfo allocation fails - * CURL_FORMADD_OPTION_TWICE if one option is given twice for one Form - * CURL_FORMADD_NULL if a null pointer was given for a char - * CURL_FORMADD_MEMORY if the allocation of a FormInfo struct failed - * CURL_FORMADD_UNKNOWN_OPTION if an unknown option was used - * CURL_FORMADD_INCOMPLETE if the some FormInfo is not complete (or error) - * CURL_FORMADD_MEMORY if a curl_httppost struct cannot be allocated - * CURL_FORMADD_MEMORY if some allocation for string copying failed. - * CURL_FORMADD_ILLEGAL_ARRAY if an illegal option is used in an array - * - ***************************************************************************/ -typedef enum { - CURL_FORMADD_OK, /* first, no error */ - - CURL_FORMADD_MEMORY, - CURL_FORMADD_OPTION_TWICE, - CURL_FORMADD_NULL, - CURL_FORMADD_UNKNOWN_OPTION, - CURL_FORMADD_INCOMPLETE, - CURL_FORMADD_ILLEGAL_ARRAY, - CURL_FORMADD_DISABLED, /* libcurl was built with this disabled */ - - CURL_FORMADD_LAST /* last */ -} CURLFORMcode; - -/* - * NAME curl_formadd() - * - * DESCRIPTION - * - * Pretty advanced function for building multi-part formposts. Each invoke - * adds one part that together construct a full post. Then use - * CURLOPT_HTTPPOST to send it off to libcurl. - */ -CURL_EXTERN CURLFORMcode curl_formadd(struct curl_httppost **httppost, - struct curl_httppost **last_post, - ...); - -/* - * callback function for curl_formget() - * The void *arg pointer will be the one passed as second argument to - * curl_formget(). - * The character buffer passed to it must not be freed. - * Should return the buffer length passed to it as the argument "len" on - * success. - */ -typedef size_t (*curl_formget_callback)(void *arg, const char *buf, - size_t len); - -/* - * NAME curl_formget() - * - * DESCRIPTION - * - * Serialize a curl_httppost struct built with curl_formadd(). - * Accepts a void pointer as second argument which will be passed to - * the curl_formget_callback function. - * Returns 0 on success. - */ -CURL_EXTERN int curl_formget(struct curl_httppost *form, void *arg, - curl_formget_callback append); -/* - * NAME curl_formfree() - * - * DESCRIPTION - * - * Free a multipart formpost previously built with curl_formadd(). - */ -CURL_EXTERN void curl_formfree(struct curl_httppost *form); - -/* - * NAME curl_getenv() - * - * DESCRIPTION - * - * Returns a malloc()'ed string that MUST be curl_free()ed after usage is - * complete. DEPRECATED - see lib/README.curlx - */ -CURL_EXTERN char *curl_getenv(const char *variable); - -/* - * NAME curl_version() - * - * DESCRIPTION - * - * Returns a static ascii string of the libcurl version. - */ -CURL_EXTERN char *curl_version(void); - -/* - * NAME curl_easy_escape() - * - * DESCRIPTION - * - * Escapes URL strings (converts all letters consider illegal in URLs to their - * %XX versions). This function returns a new allocated string or NULL if an - * error occurred. - */ -CURL_EXTERN char *curl_easy_escape(CURL *handle, - const char *string, - int length); - -/* the previous version: */ -CURL_EXTERN char *curl_escape(const char *string, - int length); - - -/* - * NAME curl_easy_unescape() - * - * DESCRIPTION - * - * Unescapes URL encoding in strings (converts all %XX codes to their 8bit - * versions). This function returns a new allocated string or NULL if an error - * occurred. - * Conversion Note: On non-ASCII platforms the ASCII %XX codes are - * converted into the host encoding. - */ -CURL_EXTERN char *curl_easy_unescape(CURL *handle, - const char *string, - int length, - int *outlength); - -/* the previous version */ -CURL_EXTERN char *curl_unescape(const char *string, - int length); - -/* - * NAME curl_free() - * - * DESCRIPTION - * - * Provided for de-allocation in the same translation unit that did the - * allocation. Added in libcurl 7.10 - */ -CURL_EXTERN void curl_free(void *p); - -/* - * NAME curl_global_init() - * - * DESCRIPTION - * - * curl_global_init() should be invoked exactly once for each application that - * uses libcurl and before any call of other libcurl functions. - * - * This function is not thread-safe! - */ -CURL_EXTERN CURLcode curl_global_init(long flags); - -/* - * NAME curl_global_init_mem() - * - * DESCRIPTION - * - * curl_global_init() or curl_global_init_mem() should be invoked exactly once - * for each application that uses libcurl. This function can be used to - * initialize libcurl and set user defined memory management callback - * functions. Users can implement memory management routines to check for - * memory leaks, check for mis-use of the curl library etc. User registered - * callback routines with be invoked by this library instead of the system - * memory management routines like malloc, free etc. - */ -CURL_EXTERN CURLcode curl_global_init_mem(long flags, - curl_malloc_callback m, - curl_free_callback f, - curl_realloc_callback r, - curl_strdup_callback s, - curl_calloc_callback c); - -/* - * NAME curl_global_cleanup() - * - * DESCRIPTION - * - * curl_global_cleanup() should be invoked exactly once for each application - * that uses libcurl - */ -CURL_EXTERN void curl_global_cleanup(void); - -/* linked-list structure for the CURLOPT_QUOTE option (and other) */ -struct curl_slist { - char *data; - struct curl_slist *next; -}; - -/* - * NAME curl_slist_append() - * - * DESCRIPTION - * - * Appends a string to a linked list. If no list exists, it will be created - * first. Returns the new list, after appending. - */ -CURL_EXTERN struct curl_slist *curl_slist_append(struct curl_slist *, - const char *); - -/* - * NAME curl_slist_free_all() - * - * DESCRIPTION - * - * free a previously built curl_slist. - */ -CURL_EXTERN void curl_slist_free_all(struct curl_slist *); - -/* - * NAME curl_getdate() - * - * DESCRIPTION - * - * Returns the time, in seconds since 1 Jan 1970 of the time string given in - * the first argument. The time argument in the second parameter is unused - * and should be set to NULL. - */ -CURL_EXTERN time_t curl_getdate(const char *p, const time_t *unused); - -/* info about the certificate chain, only for OpenSSL builds. Asked - for with CURLOPT_CERTINFO / CURLINFO_CERTINFO */ -struct curl_certinfo { - int num_of_certs; /* number of certificates with information */ - struct curl_slist **certinfo; /* for each index in this array, there's a - linked list with textual information in the - format "name: value" */ -}; - -/* enum for the different supported SSL backends */ -typedef enum { - CURLSSLBACKEND_NONE = 0, - CURLSSLBACKEND_OPENSSL = 1, - CURLSSLBACKEND_GNUTLS = 2, - CURLSSLBACKEND_NSS = 3, - CURLSSLBACKEND_OBSOLETE4 = 4, /* Was QSOSSL. */ - CURLSSLBACKEND_GSKIT = 5, - CURLSSLBACKEND_POLARSSL = 6, - CURLSSLBACKEND_CYASSL = 7, - CURLSSLBACKEND_SCHANNEL = 8, - CURLSSLBACKEND_DARWINSSL = 9, - CURLSSLBACKEND_AXTLS = 10, - CURLSSLBACKEND_MBEDTLS = 11 -} curl_sslbackend; - -/* aliases for library clones and renames */ -#define CURLSSLBACKEND_LIBRESSL 1 -#define CURLSSLBACKEND_BORINGSSL 1 -#define CURLSSLBACKEND_WOLFSSL 6 - -/* Information about the SSL library used and the respective internal SSL - handle, which can be used to obtain further information regarding the - connection. Asked for with CURLINFO_TLS_SSL_PTR or CURLINFO_TLS_SESSION. */ -struct curl_tlssessioninfo { - curl_sslbackend backend; - void *internals; -}; - -#define CURLINFO_STRING 0x100000 -#define CURLINFO_LONG 0x200000 -#define CURLINFO_DOUBLE 0x300000 -#define CURLINFO_SLIST 0x400000 -#define CURLINFO_SOCKET 0x500000 -#define CURLINFO_MASK 0x0fffff -#define CURLINFO_TYPEMASK 0xf00000 - -typedef enum { - CURLINFO_NONE, /* first, never use this */ - CURLINFO_EFFECTIVE_URL = CURLINFO_STRING + 1, - CURLINFO_RESPONSE_CODE = CURLINFO_LONG + 2, - CURLINFO_TOTAL_TIME = CURLINFO_DOUBLE + 3, - CURLINFO_NAMELOOKUP_TIME = CURLINFO_DOUBLE + 4, - CURLINFO_CONNECT_TIME = CURLINFO_DOUBLE + 5, - CURLINFO_PRETRANSFER_TIME = CURLINFO_DOUBLE + 6, - CURLINFO_SIZE_UPLOAD = CURLINFO_DOUBLE + 7, - CURLINFO_SIZE_DOWNLOAD = CURLINFO_DOUBLE + 8, - CURLINFO_SPEED_DOWNLOAD = CURLINFO_DOUBLE + 9, - CURLINFO_SPEED_UPLOAD = CURLINFO_DOUBLE + 10, - CURLINFO_HEADER_SIZE = CURLINFO_LONG + 11, - CURLINFO_REQUEST_SIZE = CURLINFO_LONG + 12, - CURLINFO_SSL_VERIFYRESULT = CURLINFO_LONG + 13, - CURLINFO_FILETIME = CURLINFO_LONG + 14, - CURLINFO_CONTENT_LENGTH_DOWNLOAD = CURLINFO_DOUBLE + 15, - CURLINFO_CONTENT_LENGTH_UPLOAD = CURLINFO_DOUBLE + 16, - CURLINFO_STARTTRANSFER_TIME = CURLINFO_DOUBLE + 17, - CURLINFO_CONTENT_TYPE = CURLINFO_STRING + 18, - CURLINFO_REDIRECT_TIME = CURLINFO_DOUBLE + 19, - CURLINFO_REDIRECT_COUNT = CURLINFO_LONG + 20, - CURLINFO_PRIVATE = CURLINFO_STRING + 21, - CURLINFO_HTTP_CONNECTCODE = CURLINFO_LONG + 22, - CURLINFO_HTTPAUTH_AVAIL = CURLINFO_LONG + 23, - CURLINFO_PROXYAUTH_AVAIL = CURLINFO_LONG + 24, - CURLINFO_OS_ERRNO = CURLINFO_LONG + 25, - CURLINFO_NUM_CONNECTS = CURLINFO_LONG + 26, - CURLINFO_SSL_ENGINES = CURLINFO_SLIST + 27, - CURLINFO_COOKIELIST = CURLINFO_SLIST + 28, - CURLINFO_LASTSOCKET = CURLINFO_LONG + 29, - CURLINFO_FTP_ENTRY_PATH = CURLINFO_STRING + 30, - CURLINFO_REDIRECT_URL = CURLINFO_STRING + 31, - CURLINFO_PRIMARY_IP = CURLINFO_STRING + 32, - CURLINFO_APPCONNECT_TIME = CURLINFO_DOUBLE + 33, - CURLINFO_CERTINFO = CURLINFO_SLIST + 34, - CURLINFO_CONDITION_UNMET = CURLINFO_LONG + 35, - CURLINFO_RTSP_SESSION_ID = CURLINFO_STRING + 36, - CURLINFO_RTSP_CLIENT_CSEQ = CURLINFO_LONG + 37, - CURLINFO_RTSP_SERVER_CSEQ = CURLINFO_LONG + 38, - CURLINFO_RTSP_CSEQ_RECV = CURLINFO_LONG + 39, - CURLINFO_PRIMARY_PORT = CURLINFO_LONG + 40, - CURLINFO_LOCAL_IP = CURLINFO_STRING + 41, - CURLINFO_LOCAL_PORT = CURLINFO_LONG + 42, - CURLINFO_TLS_SESSION = CURLINFO_SLIST + 43, - CURLINFO_ACTIVESOCKET = CURLINFO_SOCKET + 44, - CURLINFO_TLS_SSL_PTR = CURLINFO_SLIST + 45, - CURLINFO_HTTP_VERSION = CURLINFO_LONG + 46, - CURLINFO_PROXY_SSL_VERIFYRESULT = CURLINFO_LONG + 47, - CURLINFO_PROTOCOL = CURLINFO_LONG + 48, - CURLINFO_SCHEME = CURLINFO_STRING + 49, - /* Fill in new entries below here! */ - - CURLINFO_LASTONE = 49 -} CURLINFO; - -/* CURLINFO_RESPONSE_CODE is the new name for the option previously known as - CURLINFO_HTTP_CODE */ -#define CURLINFO_HTTP_CODE CURLINFO_RESPONSE_CODE - -typedef enum { - CURLCLOSEPOLICY_NONE, /* first, never use this */ - - CURLCLOSEPOLICY_OLDEST, - CURLCLOSEPOLICY_LEAST_RECENTLY_USED, - CURLCLOSEPOLICY_LEAST_TRAFFIC, - CURLCLOSEPOLICY_SLOWEST, - CURLCLOSEPOLICY_CALLBACK, - - CURLCLOSEPOLICY_LAST /* last, never use this */ -} curl_closepolicy; - -#define CURL_GLOBAL_SSL (1<<0) -#define CURL_GLOBAL_WIN32 (1<<1) -#define CURL_GLOBAL_ALL (CURL_GLOBAL_SSL|CURL_GLOBAL_WIN32) -#define CURL_GLOBAL_NOTHING 0 -#define CURL_GLOBAL_DEFAULT CURL_GLOBAL_ALL -#define CURL_GLOBAL_ACK_EINTR (1<<2) - - -/***************************************************************************** - * Setup defines, protos etc for the sharing stuff. - */ - -/* Different data locks for a single share */ -typedef enum { - CURL_LOCK_DATA_NONE = 0, - /* CURL_LOCK_DATA_SHARE is used internally to say that - * the locking is just made to change the internal state of the share - * itself. - */ - CURL_LOCK_DATA_SHARE, - CURL_LOCK_DATA_COOKIE, - CURL_LOCK_DATA_DNS, - CURL_LOCK_DATA_SSL_SESSION, - CURL_LOCK_DATA_CONNECT, - CURL_LOCK_DATA_LAST -} curl_lock_data; - -/* Different lock access types */ -typedef enum { - CURL_LOCK_ACCESS_NONE = 0, /* unspecified action */ - CURL_LOCK_ACCESS_SHARED = 1, /* for read perhaps */ - CURL_LOCK_ACCESS_SINGLE = 2, /* for write perhaps */ - CURL_LOCK_ACCESS_LAST /* never use */ -} curl_lock_access; - -typedef void (*curl_lock_function)(CURL *handle, - curl_lock_data data, - curl_lock_access locktype, - void *userptr); -typedef void (*curl_unlock_function)(CURL *handle, - curl_lock_data data, - void *userptr); - - -typedef enum { - CURLSHE_OK, /* all is fine */ - CURLSHE_BAD_OPTION, /* 1 */ - CURLSHE_IN_USE, /* 2 */ - CURLSHE_INVALID, /* 3 */ - CURLSHE_NOMEM, /* 4 out of memory */ - CURLSHE_NOT_BUILT_IN, /* 5 feature not present in lib */ - CURLSHE_LAST /* never use */ -} CURLSHcode; - -typedef enum { - CURLSHOPT_NONE, /* don't use */ - CURLSHOPT_SHARE, /* specify a data type to share */ - CURLSHOPT_UNSHARE, /* specify which data type to stop sharing */ - CURLSHOPT_LOCKFUNC, /* pass in a 'curl_lock_function' pointer */ - CURLSHOPT_UNLOCKFUNC, /* pass in a 'curl_unlock_function' pointer */ - CURLSHOPT_USERDATA, /* pass in a user data pointer used in the lock/unlock - callback functions */ - CURLSHOPT_LAST /* never use */ -} CURLSHoption; - -CURL_EXTERN CURLSH *curl_share_init(void); -CURL_EXTERN CURLSHcode curl_share_setopt(CURLSH *, CURLSHoption option, ...); -CURL_EXTERN CURLSHcode curl_share_cleanup(CURLSH *); - -/**************************************************************************** - * Structures for querying information about the curl library at runtime. - */ - -typedef enum { - CURLVERSION_FIRST, - CURLVERSION_SECOND, - CURLVERSION_THIRD, - CURLVERSION_FOURTH, - CURLVERSION_LAST /* never actually use this */ -} CURLversion; - -/* The 'CURLVERSION_NOW' is the symbolic name meant to be used by - basically all programs ever that want to get version information. It is - meant to be a built-in version number for what kind of struct the caller - expects. If the struct ever changes, we redefine the NOW to another enum - from above. */ -#define CURLVERSION_NOW CURLVERSION_FOURTH - -typedef struct { - CURLversion age; /* age of the returned struct */ - const char *version; /* LIBCURL_VERSION */ - unsigned int version_num; /* LIBCURL_VERSION_NUM */ - const char *host; /* OS/host/cpu/machine when configured */ - int features; /* bitmask, see defines below */ - const char *ssl_version; /* human readable string */ - long ssl_version_num; /* not used anymore, always 0 */ - const char *libz_version; /* human readable string */ - /* protocols is terminated by an entry with a NULL protoname */ - const char * const *protocols; - - /* The fields below this were added in CURLVERSION_SECOND */ - const char *ares; - int ares_num; - - /* This field was added in CURLVERSION_THIRD */ - const char *libidn; - - /* These field were added in CURLVERSION_FOURTH */ - - /* Same as '_libiconv_version' if built with HAVE_ICONV */ - int iconv_ver_num; - - const char *libssh_version; /* human readable string */ - -} curl_version_info_data; - -#define CURL_VERSION_IPV6 (1<<0) /* IPv6-enabled */ -#define CURL_VERSION_KERBEROS4 (1<<1) /* Kerberos V4 auth is supported - (deprecated) */ -#define CURL_VERSION_SSL (1<<2) /* SSL options are present */ -#define CURL_VERSION_LIBZ (1<<3) /* libz features are present */ -#define CURL_VERSION_NTLM (1<<4) /* NTLM auth is supported */ -#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth is supported - (deprecated) */ -#define CURL_VERSION_DEBUG (1<<6) /* Built with debug capabilities */ -#define CURL_VERSION_ASYNCHDNS (1<<7) /* Asynchronous DNS resolves */ -#define CURL_VERSION_SPNEGO (1<<8) /* SPNEGO auth is supported */ -#define CURL_VERSION_LARGEFILE (1<<9) /* Supports files larger than 2GB */ -#define CURL_VERSION_IDN (1<<10) /* Internationized Domain Names are - supported */ -#define CURL_VERSION_SSPI (1<<11) /* Built against Windows SSPI */ -#define CURL_VERSION_CONV (1<<12) /* Character conversions supported */ -#define CURL_VERSION_CURLDEBUG (1<<13) /* Debug memory tracking supported */ -#define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */ -#define CURL_VERSION_NTLM_WB (1<<15) /* NTLM delegation to winbind helper - is suported */ -#define CURL_VERSION_HTTP2 (1<<16) /* HTTP2 support built-in */ -#define CURL_VERSION_GSSAPI (1<<17) /* Built against a GSS-API library */ -#define CURL_VERSION_KERBEROS5 (1<<18) /* Kerberos V5 auth is supported */ -#define CURL_VERSION_UNIX_SOCKETS (1<<19) /* Unix domain sockets support */ -#define CURL_VERSION_PSL (1<<20) /* Mozilla's Public Suffix List, used - for cookie domain verification */ -#define CURL_VERSION_HTTPS_PROXY (1<<21) /* HTTPS-proxy support built-in */ - - /* - * NAME curl_version_info() - * - * DESCRIPTION - * - * This function returns a pointer to a static copy of the version info - * struct. See above. - */ -CURL_EXTERN curl_version_info_data *curl_version_info(CURLversion); - -/* - * NAME curl_easy_strerror() - * - * DESCRIPTION - * - * The curl_easy_strerror function may be used to turn a CURLcode value - * into the equivalent human readable error string. This is useful - * for printing meaningful error messages. - */ -CURL_EXTERN const char *curl_easy_strerror(CURLcode); - -/* - * NAME curl_share_strerror() - * - * DESCRIPTION - * - * The curl_share_strerror function may be used to turn a CURLSHcode value - * into the equivalent human readable error string. This is useful - * for printing meaningful error messages. - */ -CURL_EXTERN const char *curl_share_strerror(CURLSHcode); - -/* - * NAME curl_easy_pause() - * - * DESCRIPTION - * - * The curl_easy_pause function pauses or unpauses transfers. Select the new - * state by setting the bitmask, use the convenience defines below. - * - */ -CURL_EXTERN CURLcode curl_easy_pause(CURL *handle, int bitmask); - -#define CURLPAUSE_RECV (1<<0) -#define CURLPAUSE_RECV_CONT (0) - -#define CURLPAUSE_SEND (1<<2) -#define CURLPAUSE_SEND_CONT (0) - -#define CURLPAUSE_ALL (CURLPAUSE_RECV|CURLPAUSE_SEND) -#define CURLPAUSE_CONT (CURLPAUSE_RECV_CONT|CURLPAUSE_SEND_CONT) - -#ifdef __cplusplus -} -#endif - -/* unfortunately, the easy.h and multi.h include files need options and info - stuff before they can be included! */ -#include "easy.h" /* nothing in curl is fun without the easy stuff */ -#include "multi.h" - -/* the typechecker doesn't work in C++ (yet) */ -#if defined(__GNUC__) && defined(__GNUC_MINOR__) && \ - ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)) && \ - !defined(__cplusplus) && !defined(CURL_DISABLE_TYPECHECK) -#include "typecheck-gcc.h" -#else -#if defined(__STDC__) && (__STDC__ >= 1) -/* This preprocessor magic that replaces a call with the exact same call is - only done to make sure application authors pass exactly three arguments - to these functions. */ -#define curl_easy_setopt(handle,opt,param) curl_easy_setopt(handle,opt,param) -#define curl_easy_getinfo(handle,info,arg) curl_easy_getinfo(handle,info,arg) -#define curl_share_setopt(share,opt,param) curl_share_setopt(share,opt,param) -#define curl_multi_setopt(handle,opt,param) curl_multi_setopt(handle,opt,param) -#endif /* __STDC__ >= 1 */ -#endif /* gcc >= 4.3 && !__cplusplus */ - -#endif /* __CURL_CURL_H */ DELETED scriptlibs/softwareupdate/curl/include/curl/curlbuild.h Index: scriptlibs/softwareupdate/curl/include/curl/curlbuild.h ================================================================== --- scriptlibs/softwareupdate/curl/include/curl/curlbuild.h +++ scriptlibs/softwareupdate/curl/include/curl/curlbuild.h @@ -1,586 +0,0 @@ -#ifndef __CURL_CURLBUILD_H -#define __CURL_CURLBUILD_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -/* ================================================================ */ -/* NOTES FOR CONFIGURE CAPABLE SYSTEMS */ -/* ================================================================ */ - -/* - * NOTE 1: - * ------- - * - * See file include/curl/curlbuild.h.in, run configure, and forget - * that this file exists it is only used for non-configure systems. - * But you can keep reading if you want ;-) - * - */ - -/* ================================================================ */ -/* NOTES FOR NON-CONFIGURE SYSTEMS */ -/* ================================================================ */ - -/* - * NOTE 1: - * ------- - * - * Nothing in this file is intended to be modified or adjusted by the - * curl library user nor by the curl library builder. - * - * If you think that something actually needs to be changed, adjusted - * or fixed in this file, then, report it on the libcurl development - * mailing list: https://cool.haxx.se/mailman/listinfo/curl-library/ - * - * Try to keep one section per platform, compiler and architecture, - * otherwise, if an existing section is reused for a different one and - * later on the original is adjusted, probably the piggybacking one can - * be adversely changed. - * - * In order to differentiate between platforms/compilers/architectures - * use only compiler built in predefined preprocessor symbols. - * - * This header file shall only export symbols which are 'curl' or 'CURL' - * prefixed, otherwise public name space would be polluted. - * - * NOTE 2: - * ------- - * - * For any given platform/compiler curl_off_t must be typedef'ed to a - * 64-bit wide signed integral data type. The width of this data type - * must remain constant and independent of any possible large file - * support settings. - * - * As an exception to the above, curl_off_t shall be typedef'ed to a - * 32-bit wide signed integral data type if there is no 64-bit type. - * - * As a general rule, curl_off_t shall not be mapped to off_t. This - * rule shall only be violated if off_t is the only 64-bit data type - * available and the size of off_t is independent of large file support - * settings. Keep your build on the safe side avoiding an off_t gating. - * If you have a 64-bit off_t then take for sure that another 64-bit - * data type exists, dig deeper and you will find it. - * - * NOTE 3: - * ------- - * - * Right now you might be staring at file include/curl/curlbuild.h.dist or - * at file include/curl/curlbuild.h, this is due to the following reason: - * file include/curl/curlbuild.h.dist is renamed to include/curl/curlbuild.h - * when the libcurl source code distribution archive file is created. - * - * File include/curl/curlbuild.h.dist is not included in the distribution - * archive. File include/curl/curlbuild.h is not present in the git tree. - * - * The distributed include/curl/curlbuild.h file is only intended to be used - * on systems which can not run the also distributed configure script. - * - * On systems capable of running the configure script, the configure process - * will overwrite the distributed include/curl/curlbuild.h file with one that - * is suitable and specific to the library being configured and built, which - * is generated from the include/curl/curlbuild.h.in template file. - * - * If you check out from git on a non-configure platform, you must run the - * appropriate buildconf* script to set up curlbuild.h and other local files. - * - */ - -/* ================================================================ */ -/* DEFINITION OF THESE SYMBOLS SHALL NOT TAKE PLACE ANYWHERE ELSE */ -/* ================================================================ */ - -#ifdef CURL_SIZEOF_LONG -# error "CURL_SIZEOF_LONG shall not be defined except in curlbuild.h" - Error Compilation_aborted_CURL_SIZEOF_LONG_already_defined -#endif - -#ifdef CURL_TYPEOF_CURL_SOCKLEN_T -# error "CURL_TYPEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h" - Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_already_defined -#endif - -#ifdef CURL_SIZEOF_CURL_SOCKLEN_T -# error "CURL_SIZEOF_CURL_SOCKLEN_T shall not be defined except in curlbuild.h" - Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_already_defined -#endif - -#ifdef CURL_TYPEOF_CURL_OFF_T -# error "CURL_TYPEOF_CURL_OFF_T shall not be defined except in curlbuild.h" - Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_already_defined -#endif - -#ifdef CURL_FORMAT_CURL_OFF_T -# error "CURL_FORMAT_CURL_OFF_T shall not be defined except in curlbuild.h" - Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_already_defined -#endif - -#ifdef CURL_FORMAT_CURL_OFF_TU -# error "CURL_FORMAT_CURL_OFF_TU shall not be defined except in curlbuild.h" - Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_already_defined -#endif - -#ifdef CURL_FORMAT_OFF_T -# error "CURL_FORMAT_OFF_T shall not be defined except in curlbuild.h" - Error Compilation_aborted_CURL_FORMAT_OFF_T_already_defined -#endif - -#ifdef CURL_SIZEOF_CURL_OFF_T -# error "CURL_SIZEOF_CURL_OFF_T shall not be defined except in curlbuild.h" - Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_already_defined -#endif - -#ifdef CURL_SUFFIX_CURL_OFF_T -# error "CURL_SUFFIX_CURL_OFF_T shall not be defined except in curlbuild.h" - Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_already_defined -#endif - -#ifdef CURL_SUFFIX_CURL_OFF_TU -# error "CURL_SUFFIX_CURL_OFF_TU shall not be defined except in curlbuild.h" - Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_already_defined -#endif - -/* ================================================================ */ -/* EXTERNAL INTERFACE SETTINGS FOR NON-CONFIGURE SYSTEMS ONLY */ -/* ================================================================ */ - -#if defined(__DJGPP__) || defined(__GO32__) -# if defined(__DJGPP__) && (__DJGPP__ > 1) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_FORMAT_OFF_T "%lld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# else -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 4 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -#elif defined(__SALFORDC__) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 4 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -#elif defined(__BORLANDC__) -# if (__BORLANDC__ < 0x520) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 4 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# else -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T __int64 -# define CURL_FORMAT_CURL_OFF_T "I64d" -# define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_FORMAT_OFF_T "%I64d" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T i64 -# define CURL_SUFFIX_CURL_OFF_TU ui64 -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -#elif defined(__TURBOC__) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 4 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -#elif defined(__WATCOMC__) -# if defined(__386__) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T __int64 -# define CURL_FORMAT_CURL_OFF_T "I64d" -# define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_FORMAT_OFF_T "%I64d" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T i64 -# define CURL_SUFFIX_CURL_OFF_TU ui64 -# else -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 4 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -#elif defined(__POCC__) -# if (__POCC__ < 280) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 4 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# elif defined(_MSC_VER) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T __int64 -# define CURL_FORMAT_CURL_OFF_T "I64d" -# define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_FORMAT_OFF_T "%I64d" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T i64 -# define CURL_SUFFIX_CURL_OFF_TU ui64 -# else -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_FORMAT_OFF_T "%lld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -#elif defined(__LCC__) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 4 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -#elif defined(__SYMBIAN32__) -# if defined(__EABI__) /* Treat all ARM compilers equally */ -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_FORMAT_OFF_T "%lld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# elif defined(__CW32__) -# pragma longlong on -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_FORMAT_OFF_T "%lld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# elif defined(__VC32__) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T __int64 -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_FORMAT_OFF_T "%lld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -#elif defined(__MWERKS__) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_FORMAT_OFF_T "%lld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -#elif defined(_WIN32_WCE) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T __int64 -# define CURL_FORMAT_CURL_OFF_T "I64d" -# define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_FORMAT_OFF_T "%I64d" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T i64 -# define CURL_SUFFIX_CURL_OFF_TU ui64 -# define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -#elif defined(__MINGW32__) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "I64d" -# define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_FORMAT_OFF_T "%I64d" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -#elif defined(__VMS) -# if defined(__VAX) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 4 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# else -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_FORMAT_OFF_T "%lld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -#elif defined(__OS400__) -# if defined(__ILEC400__) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_FORMAT_OFF_T "%lld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 -# define CURL_PULL_SYS_TYPES_H 1 -# define CURL_PULL_SYS_SOCKET_H 1 -# endif - -#elif defined(__MVS__) -# if defined(__IBMC__) || defined(__IBMCPP__) -# if defined(_ILP32) -# define CURL_SIZEOF_LONG 4 -# elif defined(_LP64) -# define CURL_SIZEOF_LONG 8 -# endif -# if defined(_LONG_LONG) -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_FORMAT_OFF_T "%lld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# elif defined(_LP64) -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# else -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 4 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 -# define CURL_PULL_SYS_TYPES_H 1 -# define CURL_PULL_SYS_SOCKET_H 1 -# endif - -#elif defined(__370__) -# if defined(__IBMC__) || defined(__IBMCPP__) -# if defined(_ILP32) -# define CURL_SIZEOF_LONG 4 -# elif defined(_LP64) -# define CURL_SIZEOF_LONG 8 -# endif -# if defined(_LONG_LONG) -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_FORMAT_OFF_T "%lld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# elif defined(_LP64) -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# else -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 4 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 -# define CURL_PULL_SYS_TYPES_H 1 -# define CURL_PULL_SYS_SOCKET_H 1 -# endif - -#elif defined(TPF) -# define CURL_SIZEOF_LONG 8 -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -/* ===================================== */ -/* KEEP MSVC THE PENULTIMATE ENTRY */ -/* ===================================== */ - -#elif defined(_MSC_VER) -# if (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T __int64 -# define CURL_FORMAT_CURL_OFF_T "I64d" -# define CURL_FORMAT_CURL_OFF_TU "I64u" -# define CURL_FORMAT_OFF_T "%I64d" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T i64 -# define CURL_SUFFIX_CURL_OFF_TU ui64 -# else -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 4 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T int -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 - -/* ===================================== */ -/* KEEP GENERIC GCC THE LAST ENTRY */ -/* ===================================== */ - -#elif defined(__GNUC__) -# if !defined(__LP64__) && (defined(__ILP32__) || \ - defined(__i386__) || defined(__ppc__) || defined(__arm__) || \ - defined(__sparc__) || defined(__mips__) || defined(__sh__)) -# define CURL_SIZEOF_LONG 4 -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_FORMAT_OFF_T "%lld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# elif defined(__LP64__) || \ - defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__) -# define CURL_SIZEOF_LONG 8 -# define CURL_TYPEOF_CURL_OFF_T long -# define CURL_FORMAT_CURL_OFF_T "ld" -# define CURL_FORMAT_CURL_OFF_TU "lu" -# define CURL_FORMAT_OFF_T "%ld" -# define CURL_SIZEOF_CURL_OFF_T 8 -# define CURL_SUFFIX_CURL_OFF_T L -# define CURL_SUFFIX_CURL_OFF_TU UL -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t -# define CURL_SIZEOF_CURL_SOCKLEN_T 4 -# define CURL_PULL_SYS_TYPES_H 1 -# define CURL_PULL_SYS_SOCKET_H 1 - -#else -# error "Unknown non-configure build target!" - Error Compilation_aborted_Unknown_non_configure_build_target -#endif - -/* CURL_PULL_SYS_TYPES_H is defined above when inclusion of header file */ -/* sys/types.h is required here to properly make type definitions below. */ -#ifdef CURL_PULL_SYS_TYPES_H -# include -#endif - -/* CURL_PULL_SYS_SOCKET_H is defined above when inclusion of header file */ -/* sys/socket.h is required here to properly make type definitions below. */ -#ifdef CURL_PULL_SYS_SOCKET_H -# include -#endif - -/* Data type definition of curl_socklen_t. */ - -#ifdef CURL_TYPEOF_CURL_SOCKLEN_T - typedef CURL_TYPEOF_CURL_SOCKLEN_T curl_socklen_t; -#endif - -/* Data type definition of curl_off_t. */ - -#ifdef CURL_TYPEOF_CURL_OFF_T - typedef CURL_TYPEOF_CURL_OFF_T curl_off_t; -#endif - -#endif /* __CURL_CURLBUILD_H */ DELETED scriptlibs/softwareupdate/curl/include/curl/curlrules.h Index: scriptlibs/softwareupdate/curl/include/curl/curlrules.h ================================================================== --- scriptlibs/softwareupdate/curl/include/curl/curlrules.h +++ scriptlibs/softwareupdate/curl/include/curl/curlrules.h @@ -1,262 +0,0 @@ -#ifndef __CURL_CURLRULES_H -#define __CURL_CURLRULES_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -/* ================================================================ */ -/* COMPILE TIME SANITY CHECKS */ -/* ================================================================ */ - -/* - * NOTE 1: - * ------- - * - * All checks done in this file are intentionally placed in a public - * header file which is pulled by curl/curl.h when an application is - * being built using an already built libcurl library. Additionally - * this file is also included and used when building the library. - * - * If compilation fails on this file it is certainly sure that the - * problem is elsewhere. It could be a problem in the curlbuild.h - * header file, or simply that you are using different compilation - * settings than those used to build the library. - * - * Nothing in this file is intended to be modified or adjusted by the - * curl library user nor by the curl library builder. - * - * Do not deactivate any check, these are done to make sure that the - * library is properly built and used. - * - * You can find further help on the libcurl development mailing list: - * https://cool.haxx.se/mailman/listinfo/curl-library/ - * - * NOTE 2 - * ------ - * - * Some of the following compile time checks are based on the fact - * that the dimension of a constant array can not be a negative one. - * In this way if the compile time verification fails, the compilation - * will fail issuing an error. The error description wording is compiler - * dependent but it will be quite similar to one of the following: - * - * "negative subscript or subscript is too large" - * "array must have at least one element" - * "-1 is an illegal array size" - * "size of array is negative" - * - * If you are building an application which tries to use an already - * built libcurl library and you are getting this kind of errors on - * this file, it is a clear indication that there is a mismatch between - * how the library was built and how you are trying to use it for your - * application. Your already compiled or binary library provider is the - * only one who can give you the details you need to properly use it. - */ - -/* - * Verify that some macros are actually defined. - */ - -#ifndef CURL_SIZEOF_LONG -# error "CURL_SIZEOF_LONG definition is missing!" - Error Compilation_aborted_CURL_SIZEOF_LONG_is_missing -#endif - -#ifndef CURL_TYPEOF_CURL_SOCKLEN_T -# error "CURL_TYPEOF_CURL_SOCKLEN_T definition is missing!" - Error Compilation_aborted_CURL_TYPEOF_CURL_SOCKLEN_T_is_missing -#endif - -#ifndef CURL_SIZEOF_CURL_SOCKLEN_T -# error "CURL_SIZEOF_CURL_SOCKLEN_T definition is missing!" - Error Compilation_aborted_CURL_SIZEOF_CURL_SOCKLEN_T_is_missing -#endif - -#ifndef CURL_TYPEOF_CURL_OFF_T -# error "CURL_TYPEOF_CURL_OFF_T definition is missing!" - Error Compilation_aborted_CURL_TYPEOF_CURL_OFF_T_is_missing -#endif - -#ifndef CURL_FORMAT_CURL_OFF_T -# error "CURL_FORMAT_CURL_OFF_T definition is missing!" - Error Compilation_aborted_CURL_FORMAT_CURL_OFF_T_is_missing -#endif - -#ifndef CURL_FORMAT_CURL_OFF_TU -# error "CURL_FORMAT_CURL_OFF_TU definition is missing!" - Error Compilation_aborted_CURL_FORMAT_CURL_OFF_TU_is_missing -#endif - -#ifndef CURL_FORMAT_OFF_T -# error "CURL_FORMAT_OFF_T definition is missing!" - Error Compilation_aborted_CURL_FORMAT_OFF_T_is_missing -#endif - -#ifndef CURL_SIZEOF_CURL_OFF_T -# error "CURL_SIZEOF_CURL_OFF_T definition is missing!" - Error Compilation_aborted_CURL_SIZEOF_CURL_OFF_T_is_missing -#endif - -#ifndef CURL_SUFFIX_CURL_OFF_T -# error "CURL_SUFFIX_CURL_OFF_T definition is missing!" - Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_T_is_missing -#endif - -#ifndef CURL_SUFFIX_CURL_OFF_TU -# error "CURL_SUFFIX_CURL_OFF_TU definition is missing!" - Error Compilation_aborted_CURL_SUFFIX_CURL_OFF_TU_is_missing -#endif - -/* - * Macros private to this header file. - */ - -#define CurlchkszEQ(t, s) sizeof(t) == s ? 1 : -1 - -#define CurlchkszGE(t1, t2) sizeof(t1) >= sizeof(t2) ? 1 : -1 - -/* - * Verify that the size previously defined and expected for long - * is the same as the one reported by sizeof() at compile time. - */ - -typedef char - __curl_rule_01__ - [CurlchkszEQ(long, CURL_SIZEOF_LONG)]; - -/* - * Verify that the size previously defined and expected for - * curl_off_t is actually the the same as the one reported - * by sizeof() at compile time. - */ - -typedef char - __curl_rule_02__ - [CurlchkszEQ(curl_off_t, CURL_SIZEOF_CURL_OFF_T)]; - -/* - * Verify at compile time that the size of curl_off_t as reported - * by sizeof() is greater or equal than the one reported for long - * for the current compilation. - */ - -typedef char - __curl_rule_03__ - [CurlchkszGE(curl_off_t, long)]; - -/* - * Verify that the size previously defined and expected for - * curl_socklen_t is actually the the same as the one reported - * by sizeof() at compile time. - */ - -typedef char - __curl_rule_04__ - [CurlchkszEQ(curl_socklen_t, CURL_SIZEOF_CURL_SOCKLEN_T)]; - -/* - * Verify at compile time that the size of curl_socklen_t as reported - * by sizeof() is greater or equal than the one reported for int for - * the current compilation. - */ - -typedef char - __curl_rule_05__ - [CurlchkszGE(curl_socklen_t, int)]; - -/* ================================================================ */ -/* EXTERNALLY AND INTERNALLY VISIBLE DEFINITIONS */ -/* ================================================================ */ - -/* - * CURL_ISOCPP and CURL_OFF_T_C definitions are done here in order to allow - * these to be visible and exported by the external libcurl interface API, - * while also making them visible to the library internals, simply including - * curl_setup.h, without actually needing to include curl.h internally. - * If some day this section would grow big enough, all this should be moved - * to its own header file. - */ - -/* - * Figure out if we can use the ## preprocessor operator, which is supported - * by ISO/ANSI C and C++. Some compilers support it without setting __STDC__ - * or __cplusplus so we need to carefully check for them too. - */ - -#if defined(__STDC__) || defined(_MSC_VER) || defined(__cplusplus) || \ - defined(__HP_aCC) || defined(__BORLANDC__) || defined(__LCC__) || \ - defined(__POCC__) || defined(__SALFORDC__) || defined(__HIGHC__) || \ - defined(__ILEC400__) - /* This compiler is believed to have an ISO compatible preprocessor */ -#define CURL_ISOCPP -#else - /* This compiler is believed NOT to have an ISO compatible preprocessor */ -#undef CURL_ISOCPP -#endif - -/* - * Macros for minimum-width signed and unsigned curl_off_t integer constants. - */ - -#if defined(__BORLANDC__) && (__BORLANDC__ == 0x0551) -# define __CURL_OFF_T_C_HLPR2(x) x -# define __CURL_OFF_T_C_HLPR1(x) __CURL_OFF_T_C_HLPR2(x) -# define CURL_OFF_T_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \ - __CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_T) -# define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val) ## \ - __CURL_OFF_T_C_HLPR1(CURL_SUFFIX_CURL_OFF_TU) -#else -# ifdef CURL_ISOCPP -# define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val ## Suffix -# else -# define __CURL_OFF_T_C_HLPR2(Val,Suffix) Val/**/Suffix -# endif -# define __CURL_OFF_T_C_HLPR1(Val,Suffix) __CURL_OFF_T_C_HLPR2(Val,Suffix) -# define CURL_OFF_T_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_T) -# define CURL_OFF_TU_C(Val) __CURL_OFF_T_C_HLPR1(Val,CURL_SUFFIX_CURL_OFF_TU) -#endif - -/* - * Get rid of macros private to this header file. - */ - -#undef CurlchkszEQ -#undef CurlchkszGE - -/* - * Get rid of macros not intended to exist beyond this point. - */ - -#undef CURL_PULL_WS2TCPIP_H -#undef CURL_PULL_SYS_TYPES_H -#undef CURL_PULL_SYS_SOCKET_H -#undef CURL_PULL_SYS_POLL_H -#undef CURL_PULL_STDINT_H -#undef CURL_PULL_INTTYPES_H - -#undef CURL_TYPEOF_CURL_SOCKLEN_T -#undef CURL_TYPEOF_CURL_OFF_T - -#ifdef CURL_NO_OLDIES -#undef CURL_FORMAT_OFF_T /* not required since 7.19.0 - obsoleted in 7.20.0 */ -#endif - -#endif /* __CURL_CURLRULES_H */ DELETED scriptlibs/softwareupdate/curl/include/curl/curlver.h Index: scriptlibs/softwareupdate/curl/include/curl/curlver.h ================================================================== --- scriptlibs/softwareupdate/curl/include/curl/curlver.h +++ scriptlibs/softwareupdate/curl/include/curl/curlver.h @@ -1,77 +0,0 @@ -#ifndef __CURL_CURLVER_H -#define __CURL_CURLVER_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -/* This header file contains nothing but libcurl version info, generated by - a script at release-time. This was made its own header file in 7.11.2 */ - -/* This is the global package copyright */ -#define LIBCURL_COPYRIGHT "1996 - 2017 Daniel Stenberg, ." - -/* This is the version number of the libcurl package from which this header - file origins: */ -#define LIBCURL_VERSION "7.53.1" - -/* The numeric version number is also available "in parts" by using these - defines: */ -#define LIBCURL_VERSION_MAJOR 7 -#define LIBCURL_VERSION_MINOR 53 -#define LIBCURL_VERSION_PATCH 1 - -/* This is the numeric version of the libcurl version number, meant for easier - parsing and comparions by programs. The LIBCURL_VERSION_NUM define will - always follow this syntax: - - 0xXXYYZZ - - Where XX, YY and ZZ are the main version, release and patch numbers in - hexadecimal (using 8 bits each). All three numbers are always represented - using two digits. 1.2 would appear as "0x010200" while version 9.11.7 - appears as "0x090b07". - - This 6-digit (24 bits) hexadecimal number does not show pre-release number, - and it is always a greater number in a more recent release. It makes - comparisons with greater than and less than work. - - Note: This define is the full hex number and _does not_ use the - CURL_VERSION_BITS() macro since curl's own configure script greps for it - and needs it to contain the full number. -*/ -#define LIBCURL_VERSION_NUM 0x073501 - -/* - * This is the date and time when the full source package was created. The - * timestamp is not stored in git, as the timestamp is properly set in the - * tarballs by the maketgz script. - * - * The format of the date should follow this template: - * - * "Mon Feb 12 11:35:33 UTC 2007" - */ -#define LIBCURL_TIMESTAMP "Fri Feb 24 07:49:42 UTC 2017" - -#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|z) -#define CURL_AT_LEAST_VERSION(x,y,z) \ - (LIBCURL_VERSION_NUM >= CURL_VERSION_BITS(x, y, z)) - -#endif /* __CURL_CURLVER_H */ DELETED scriptlibs/softwareupdate/curl/include/curl/easy.h Index: scriptlibs/softwareupdate/curl/include/curl/easy.h ================================================================== --- scriptlibs/softwareupdate/curl/include/curl/easy.h +++ scriptlibs/softwareupdate/curl/include/curl/easy.h @@ -1,102 +0,0 @@ -#ifndef __CURL_EASY_H -#define __CURL_EASY_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ -#ifdef __cplusplus -extern "C" { -#endif - -CURL_EXTERN CURL *curl_easy_init(void); -CURL_EXTERN CURLcode curl_easy_setopt(CURL *curl, CURLoption option, ...); -CURL_EXTERN CURLcode curl_easy_perform(CURL *curl); -CURL_EXTERN void curl_easy_cleanup(CURL *curl); - -/* - * NAME curl_easy_getinfo() - * - * DESCRIPTION - * - * Request internal information from the curl session with this function. The - * third argument MUST be a pointer to a long, a pointer to a char * or a - * pointer to a double (as the documentation describes elsewhere). The data - * pointed to will be filled in accordingly and can be relied upon only if the - * function returns CURLE_OK. This function is intended to get used *AFTER* a - * performed transfer, all results from this function are undefined until the - * transfer is completed. - */ -CURL_EXTERN CURLcode curl_easy_getinfo(CURL *curl, CURLINFO info, ...); - - -/* - * NAME curl_easy_duphandle() - * - * DESCRIPTION - * - * Creates a new curl session handle with the same options set for the handle - * passed in. Duplicating a handle could only be a matter of cloning data and - * options, internal state info and things like persistent connections cannot - * be transferred. It is useful in multithreaded applications when you can run - * curl_easy_duphandle() for each new thread to avoid a series of identical - * curl_easy_setopt() invokes in every thread. - */ -CURL_EXTERN CURL *curl_easy_duphandle(CURL *curl); - -/* - * NAME curl_easy_reset() - * - * DESCRIPTION - * - * Re-initializes a CURL handle to the default values. This puts back the - * handle to the same state as it was in when it was just created. - * - * It does keep: live connections, the Session ID cache, the DNS cache and the - * cookies. - */ -CURL_EXTERN void curl_easy_reset(CURL *curl); - -/* - * NAME curl_easy_recv() - * - * DESCRIPTION - * - * Receives data from the connected socket. Use after successful - * curl_easy_perform() with CURLOPT_CONNECT_ONLY option. - */ -CURL_EXTERN CURLcode curl_easy_recv(CURL *curl, void *buffer, size_t buflen, - size_t *n); - -/* - * NAME curl_easy_send() - * - * DESCRIPTION - * - * Sends data over the connected socket. Use after successful - * curl_easy_perform() with CURLOPT_CONNECT_ONLY option. - */ -CURL_EXTERN CURLcode curl_easy_send(CURL *curl, const void *buffer, - size_t buflen, size_t *n); - -#ifdef __cplusplus -} -#endif - -#endif DELETED scriptlibs/softwareupdate/curl/include/curl/mprintf.h Index: scriptlibs/softwareupdate/curl/include/curl/mprintf.h ================================================================== --- scriptlibs/softwareupdate/curl/include/curl/mprintf.h +++ scriptlibs/softwareupdate/curl/include/curl/mprintf.h @@ -1,50 +0,0 @@ -#ifndef __CURL_MPRINTF_H -#define __CURL_MPRINTF_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -#include -#include /* needed for FILE */ -#include "curl.h" /* for CURL_EXTERN */ - -#ifdef __cplusplus -extern "C" { -#endif - -CURL_EXTERN int curl_mprintf(const char *format, ...); -CURL_EXTERN int curl_mfprintf(FILE *fd, const char *format, ...); -CURL_EXTERN int curl_msprintf(char *buffer, const char *format, ...); -CURL_EXTERN int curl_msnprintf(char *buffer, size_t maxlength, - const char *format, ...); -CURL_EXTERN int curl_mvprintf(const char *format, va_list args); -CURL_EXTERN int curl_mvfprintf(FILE *fd, const char *format, va_list args); -CURL_EXTERN int curl_mvsprintf(char *buffer, const char *format, va_list args); -CURL_EXTERN int curl_mvsnprintf(char *buffer, size_t maxlength, - const char *format, va_list args); -CURL_EXTERN char *curl_maprintf(const char *format, ...); -CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args); - -#ifdef __cplusplus -} -#endif - -#endif /* __CURL_MPRINTF_H */ DELETED scriptlibs/softwareupdate/curl/include/curl/multi.h Index: scriptlibs/softwareupdate/curl/include/curl/multi.h ================================================================== --- scriptlibs/softwareupdate/curl/include/curl/multi.h +++ scriptlibs/softwareupdate/curl/include/curl/multi.h @@ -1,439 +0,0 @@ -#ifndef __CURL_MULTI_H -#define __CURL_MULTI_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ -/* - This is an "external" header file. Don't give away any internals here! - - GOALS - - o Enable a "pull" interface. The application that uses libcurl decides where - and when to ask libcurl to get/send data. - - o Enable multiple simultaneous transfers in the same thread without making it - complicated for the application. - - o Enable the application to select() on its own file descriptors and curl's - file descriptors simultaneous easily. - -*/ - -/* - * This header file should not really need to include "curl.h" since curl.h - * itself includes this file and we expect user applications to do #include - * without the need for especially including multi.h. - * - * For some reason we added this include here at one point, and rather than to - * break existing (wrongly written) libcurl applications, we leave it as-is - * but with this warning attached. - */ -#include "curl.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#if defined(BUILDING_LIBCURL) || defined(CURL_STRICTER) -typedef struct Curl_multi CURLM; -#else -typedef void CURLM; -#endif - -typedef enum { - CURLM_CALL_MULTI_PERFORM = -1, /* please call curl_multi_perform() or - curl_multi_socket*() soon */ - CURLM_OK, - CURLM_BAD_HANDLE, /* the passed-in handle is not a valid CURLM handle */ - CURLM_BAD_EASY_HANDLE, /* an easy handle was not good/valid */ - CURLM_OUT_OF_MEMORY, /* if you ever get this, you're in deep sh*t */ - CURLM_INTERNAL_ERROR, /* this is a libcurl bug */ - CURLM_BAD_SOCKET, /* the passed in socket argument did not match */ - CURLM_UNKNOWN_OPTION, /* curl_multi_setopt() with unsupported option */ - CURLM_ADDED_ALREADY, /* an easy handle already added to a multi handle was - attempted to get added - again */ - CURLM_LAST -} CURLMcode; - -/* just to make code nicer when using curl_multi_socket() you can now check - for CURLM_CALL_MULTI_SOCKET too in the same style it works for - curl_multi_perform() and CURLM_CALL_MULTI_PERFORM */ -#define CURLM_CALL_MULTI_SOCKET CURLM_CALL_MULTI_PERFORM - -/* bitmask bits for CURLMOPT_PIPELINING */ -#define CURLPIPE_NOTHING 0L -#define CURLPIPE_HTTP1 1L -#define CURLPIPE_MULTIPLEX 2L - -typedef enum { - CURLMSG_NONE, /* first, not used */ - CURLMSG_DONE, /* This easy handle has completed. 'result' contains - the CURLcode of the transfer */ - CURLMSG_LAST /* last, not used */ -} CURLMSG; - -struct CURLMsg { - CURLMSG msg; /* what this message means */ - CURL *easy_handle; /* the handle it concerns */ - union { - void *whatever; /* message-specific data */ - CURLcode result; /* return code for transfer */ - } data; -}; -typedef struct CURLMsg CURLMsg; - -/* Based on poll(2) structure and values. - * We don't use pollfd and POLL* constants explicitly - * to cover platforms without poll(). */ -#define CURL_WAIT_POLLIN 0x0001 -#define CURL_WAIT_POLLPRI 0x0002 -#define CURL_WAIT_POLLOUT 0x0004 - -struct curl_waitfd { - curl_socket_t fd; - short events; - short revents; /* not supported yet */ -}; - -/* - * Name: curl_multi_init() - * - * Desc: inititalize multi-style curl usage - * - * Returns: a new CURLM handle to use in all 'curl_multi' functions. - */ -CURL_EXTERN CURLM *curl_multi_init(void); - -/* - * Name: curl_multi_add_handle() - * - * Desc: add a standard curl handle to the multi stack - * - * Returns: CURLMcode type, general multi error code. - */ -CURL_EXTERN CURLMcode curl_multi_add_handle(CURLM *multi_handle, - CURL *curl_handle); - - /* - * Name: curl_multi_remove_handle() - * - * Desc: removes a curl handle from the multi stack again - * - * Returns: CURLMcode type, general multi error code. - */ -CURL_EXTERN CURLMcode curl_multi_remove_handle(CURLM *multi_handle, - CURL *curl_handle); - - /* - * Name: curl_multi_fdset() - * - * Desc: Ask curl for its fd_set sets. The app can use these to select() or - * poll() on. We want curl_multi_perform() called as soon as one of - * them are ready. - * - * Returns: CURLMcode type, general multi error code. - */ -CURL_EXTERN CURLMcode curl_multi_fdset(CURLM *multi_handle, - fd_set *read_fd_set, - fd_set *write_fd_set, - fd_set *exc_fd_set, - int *max_fd); - -/* - * Name: curl_multi_wait() - * - * Desc: Poll on all fds within a CURLM set as well as any - * additional fds passed to the function. - * - * Returns: CURLMcode type, general multi error code. - */ -CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle, - struct curl_waitfd extra_fds[], - unsigned int extra_nfds, - int timeout_ms, - int *ret); - - /* - * Name: curl_multi_perform() - * - * Desc: When the app thinks there's data available for curl it calls this - * function to read/write whatever there is right now. This returns - * as soon as the reads and writes are done. This function does not - * require that there actually is data available for reading or that - * data can be written, it can be called just in case. It returns - * the number of handles that still transfer data in the second - * argument's integer-pointer. - * - * Returns: CURLMcode type, general multi error code. *NOTE* that this only - * returns errors etc regarding the whole multi stack. There might - * still have occurred problems on invidual transfers even when this - * returns OK. - */ -CURL_EXTERN CURLMcode curl_multi_perform(CURLM *multi_handle, - int *running_handles); - - /* - * Name: curl_multi_cleanup() - * - * Desc: Cleans up and removes a whole multi stack. It does not free or - * touch any individual easy handles in any way. We need to define - * in what state those handles will be if this function is called - * in the middle of a transfer. - * - * Returns: CURLMcode type, general multi error code. - */ -CURL_EXTERN CURLMcode curl_multi_cleanup(CURLM *multi_handle); - -/* - * Name: curl_multi_info_read() - * - * Desc: Ask the multi handle if there's any messages/informationals from - * the individual transfers. Messages include informationals such as - * error code from the transfer or just the fact that a transfer is - * completed. More details on these should be written down as well. - * - * Repeated calls to this function will return a new struct each - * time, until a special "end of msgs" struct is returned as a signal - * that there is no more to get at this point. - * - * The data the returned pointer points to will not survive calling - * curl_multi_cleanup(). - * - * The 'CURLMsg' struct is meant to be very simple and only contain - * very basic informations. If more involved information is wanted, - * we will provide the particular "transfer handle" in that struct - * and that should/could/would be used in subsequent - * curl_easy_getinfo() calls (or similar). The point being that we - * must never expose complex structs to applications, as then we'll - * undoubtably get backwards compatibility problems in the future. - * - * Returns: A pointer to a filled-in struct, or NULL if it failed or ran out - * of structs. It also writes the number of messages left in the - * queue (after this read) in the integer the second argument points - * to. - */ -CURL_EXTERN CURLMsg *curl_multi_info_read(CURLM *multi_handle, - int *msgs_in_queue); - -/* - * Name: curl_multi_strerror() - * - * Desc: The curl_multi_strerror function may be used to turn a CURLMcode - * value into the equivalent human readable error string. This is - * useful for printing meaningful error messages. - * - * Returns: A pointer to a zero-terminated error message. - */ -CURL_EXTERN const char *curl_multi_strerror(CURLMcode); - -/* - * Name: curl_multi_socket() and - * curl_multi_socket_all() - * - * Desc: An alternative version of curl_multi_perform() that allows the - * application to pass in one of the file descriptors that have been - * detected to have "action" on them and let libcurl perform. - * See man page for details. - */ -#define CURL_POLL_NONE 0 -#define CURL_POLL_IN 1 -#define CURL_POLL_OUT 2 -#define CURL_POLL_INOUT 3 -#define CURL_POLL_REMOVE 4 - -#define CURL_SOCKET_TIMEOUT CURL_SOCKET_BAD - -#define CURL_CSELECT_IN 0x01 -#define CURL_CSELECT_OUT 0x02 -#define CURL_CSELECT_ERR 0x04 - -typedef int (*curl_socket_callback)(CURL *easy, /* easy handle */ - curl_socket_t s, /* socket */ - int what, /* see above */ - void *userp, /* private callback - pointer */ - void *socketp); /* private socket - pointer */ -/* - * Name: curl_multi_timer_callback - * - * Desc: Called by libcurl whenever the library detects a change in the - * maximum number of milliseconds the app is allowed to wait before - * curl_multi_socket() or curl_multi_perform() must be called - * (to allow libcurl's timed events to take place). - * - * Returns: The callback should return zero. - */ -typedef int (*curl_multi_timer_callback)(CURLM *multi, /* multi handle */ - long timeout_ms, /* see above */ - void *userp); /* private callback - pointer */ - -CURL_EXTERN CURLMcode curl_multi_socket(CURLM *multi_handle, curl_socket_t s, - int *running_handles); - -CURL_EXTERN CURLMcode curl_multi_socket_action(CURLM *multi_handle, - curl_socket_t s, - int ev_bitmask, - int *running_handles); - -CURL_EXTERN CURLMcode curl_multi_socket_all(CURLM *multi_handle, - int *running_handles); - -#ifndef CURL_ALLOW_OLD_MULTI_SOCKET -/* This macro below was added in 7.16.3 to push users who recompile to use - the new curl_multi_socket_action() instead of the old curl_multi_socket() -*/ -#define curl_multi_socket(x,y,z) curl_multi_socket_action(x,y,0,z) -#endif - -/* - * Name: curl_multi_timeout() - * - * Desc: Returns the maximum number of milliseconds the app is allowed to - * wait before curl_multi_socket() or curl_multi_perform() must be - * called (to allow libcurl's timed events to take place). - * - * Returns: CURLM error code. - */ -CURL_EXTERN CURLMcode curl_multi_timeout(CURLM *multi_handle, - long *milliseconds); - -#undef CINIT /* re-using the same name as in curl.h */ - -#ifdef CURL_ISOCPP -#define CINIT(name,type,num) CURLMOPT_ ## name = CURLOPTTYPE_ ## type + num -#else -/* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */ -#define LONG CURLOPTTYPE_LONG -#define OBJECTPOINT CURLOPTTYPE_OBJECTPOINT -#define FUNCTIONPOINT CURLOPTTYPE_FUNCTIONPOINT -#define OFF_T CURLOPTTYPE_OFF_T -#define CINIT(name,type,number) CURLMOPT_/**/name = type + number -#endif - -typedef enum { - /* This is the socket callback function pointer */ - CINIT(SOCKETFUNCTION, FUNCTIONPOINT, 1), - - /* This is the argument passed to the socket callback */ - CINIT(SOCKETDATA, OBJECTPOINT, 2), - - /* set to 1 to enable pipelining for this multi handle */ - CINIT(PIPELINING, LONG, 3), - - /* This is the timer callback function pointer */ - CINIT(TIMERFUNCTION, FUNCTIONPOINT, 4), - - /* This is the argument passed to the timer callback */ - CINIT(TIMERDATA, OBJECTPOINT, 5), - - /* maximum number of entries in the connection cache */ - CINIT(MAXCONNECTS, LONG, 6), - - /* maximum number of (pipelining) connections to one host */ - CINIT(MAX_HOST_CONNECTIONS, LONG, 7), - - /* maximum number of requests in a pipeline */ - CINIT(MAX_PIPELINE_LENGTH, LONG, 8), - - /* a connection with a content-length longer than this - will not be considered for pipelining */ - CINIT(CONTENT_LENGTH_PENALTY_SIZE, OFF_T, 9), - - /* a connection with a chunk length longer than this - will not be considered for pipelining */ - CINIT(CHUNK_LENGTH_PENALTY_SIZE, OFF_T, 10), - - /* a list of site names(+port) that are blacklisted from - pipelining */ - CINIT(PIPELINING_SITE_BL, OBJECTPOINT, 11), - - /* a list of server types that are blacklisted from - pipelining */ - CINIT(PIPELINING_SERVER_BL, OBJECTPOINT, 12), - - /* maximum number of open connections in total */ - CINIT(MAX_TOTAL_CONNECTIONS, LONG, 13), - - /* This is the server push callback function pointer */ - CINIT(PUSHFUNCTION, FUNCTIONPOINT, 14), - - /* This is the argument passed to the server push callback */ - CINIT(PUSHDATA, OBJECTPOINT, 15), - - CURLMOPT_LASTENTRY /* the last unused */ -} CURLMoption; - - -/* - * Name: curl_multi_setopt() - * - * Desc: Sets options for the multi handle. - * - * Returns: CURLM error code. - */ -CURL_EXTERN CURLMcode curl_multi_setopt(CURLM *multi_handle, - CURLMoption option, ...); - - -/* - * Name: curl_multi_assign() - * - * Desc: This function sets an association in the multi handle between the - * given socket and a private pointer of the application. This is - * (only) useful for curl_multi_socket uses. - * - * Returns: CURLM error code. - */ -CURL_EXTERN CURLMcode curl_multi_assign(CURLM *multi_handle, - curl_socket_t sockfd, void *sockp); - - -/* - * Name: curl_push_callback - * - * Desc: This callback gets called when a new stream is being pushed by the - * server. It approves or denies the new stream. - * - * Returns: CURL_PUSH_OK or CURL_PUSH_DENY. - */ -#define CURL_PUSH_OK 0 -#define CURL_PUSH_DENY 1 - -struct curl_pushheaders; /* forward declaration only */ - -CURL_EXTERN char *curl_pushheader_bynum(struct curl_pushheaders *h, - size_t num); -CURL_EXTERN char *curl_pushheader_byname(struct curl_pushheaders *h, - const char *name); - -typedef int (*curl_push_callback)(CURL *parent, - CURL *easy, - size_t num_headers, - struct curl_pushheaders *headers, - void *userp); - -#ifdef __cplusplus -} /* end of extern "C" */ -#endif - -#endif DELETED scriptlibs/softwareupdate/curl/include/curl/stdcheaders.h Index: scriptlibs/softwareupdate/curl/include/curl/stdcheaders.h ================================================================== --- scriptlibs/softwareupdate/curl/include/curl/stdcheaders.h +++ scriptlibs/softwareupdate/curl/include/curl/stdcheaders.h @@ -1,33 +0,0 @@ -#ifndef __STDC_HEADERS_H -#define __STDC_HEADERS_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -#include - -size_t fread(void *, size_t, size_t, FILE *); -size_t fwrite(const void *, size_t, size_t, FILE *); - -int strcasecmp(const char *, const char *); -int strncasecmp(const char *, const char *, size_t); - -#endif /* __STDC_HEADERS_H */ DELETED scriptlibs/softwareupdate/curl/include/curl/typecheck-gcc.h Index: scriptlibs/softwareupdate/curl/include/curl/typecheck-gcc.h ================================================================== --- scriptlibs/softwareupdate/curl/include/curl/typecheck-gcc.h +++ scriptlibs/softwareupdate/curl/include/curl/typecheck-gcc.h @@ -1,624 +0,0 @@ -#ifndef __CURL_TYPECHECK_GCC_H -#define __CURL_TYPECHECK_GCC_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -/* wraps curl_easy_setopt() with typechecking */ - -/* To add a new kind of warning, add an - * if(_curl_is_sometype_option(_curl_opt)) - * if(!_curl_is_sometype(value)) - * _curl_easy_setopt_err_sometype(); - * block and define _curl_is_sometype_option, _curl_is_sometype and - * _curl_easy_setopt_err_sometype below - * - * NOTE: We use two nested 'if' statements here instead of the && operator, in - * order to work around gcc bug #32061. It affects only gcc 4.3.x/4.4.x - * when compiling with -Wlogical-op. - * - * To add an option that uses the same type as an existing option, you'll just - * need to extend the appropriate _curl_*_option macro - */ -#define curl_easy_setopt(handle, option, value) \ -__extension__ ({ \ - __typeof__(option) _curl_opt = option; \ - if(__builtin_constant_p(_curl_opt)) { \ - if(_curl_is_long_option(_curl_opt)) \ - if(!_curl_is_long(value)) \ - _curl_easy_setopt_err_long(); \ - if(_curl_is_off_t_option(_curl_opt)) \ - if(!_curl_is_off_t(value)) \ - _curl_easy_setopt_err_curl_off_t(); \ - if(_curl_is_string_option(_curl_opt)) \ - if(!_curl_is_string(value)) \ - _curl_easy_setopt_err_string(); \ - if(_curl_is_write_cb_option(_curl_opt)) \ - if(!_curl_is_write_cb(value)) \ - _curl_easy_setopt_err_write_callback(); \ - if((_curl_opt) == CURLOPT_READFUNCTION) \ - if(!_curl_is_read_cb(value)) \ - _curl_easy_setopt_err_read_cb(); \ - if((_curl_opt) == CURLOPT_IOCTLFUNCTION) \ - if(!_curl_is_ioctl_cb(value)) \ - _curl_easy_setopt_err_ioctl_cb(); \ - if((_curl_opt) == CURLOPT_SOCKOPTFUNCTION) \ - if(!_curl_is_sockopt_cb(value)) \ - _curl_easy_setopt_err_sockopt_cb(); \ - if((_curl_opt) == CURLOPT_OPENSOCKETFUNCTION) \ - if(!_curl_is_opensocket_cb(value)) \ - _curl_easy_setopt_err_opensocket_cb(); \ - if((_curl_opt) == CURLOPT_PROGRESSFUNCTION) \ - if(!_curl_is_progress_cb(value)) \ - _curl_easy_setopt_err_progress_cb(); \ - if((_curl_opt) == CURLOPT_DEBUGFUNCTION) \ - if(!_curl_is_debug_cb(value)) \ - _curl_easy_setopt_err_debug_cb(); \ - if((_curl_opt) == CURLOPT_SSL_CTX_FUNCTION) \ - if(!_curl_is_ssl_ctx_cb(value)) \ - _curl_easy_setopt_err_ssl_ctx_cb(); \ - if(_curl_is_conv_cb_option(_curl_opt)) \ - if(!_curl_is_conv_cb(value)) \ - _curl_easy_setopt_err_conv_cb(); \ - if((_curl_opt) == CURLOPT_SEEKFUNCTION) \ - if(!_curl_is_seek_cb(value)) \ - _curl_easy_setopt_err_seek_cb(); \ - if(_curl_is_cb_data_option(_curl_opt)) \ - if(!_curl_is_cb_data(value)) \ - _curl_easy_setopt_err_cb_data(); \ - if((_curl_opt) == CURLOPT_ERRORBUFFER) \ - if(!_curl_is_error_buffer(value)) \ - _curl_easy_setopt_err_error_buffer(); \ - if((_curl_opt) == CURLOPT_STDERR) \ - if(!_curl_is_FILE(value)) \ - _curl_easy_setopt_err_FILE(); \ - if(_curl_is_postfields_option(_curl_opt)) \ - if(!_curl_is_postfields(value)) \ - _curl_easy_setopt_err_postfields(); \ - if((_curl_opt) == CURLOPT_HTTPPOST) \ - if(!_curl_is_arr((value), struct curl_httppost)) \ - _curl_easy_setopt_err_curl_httpost(); \ - if(_curl_is_slist_option(_curl_opt)) \ - if(!_curl_is_arr((value), struct curl_slist)) \ - _curl_easy_setopt_err_curl_slist(); \ - if((_curl_opt) == CURLOPT_SHARE) \ - if(!_curl_is_ptr((value), CURLSH)) \ - _curl_easy_setopt_err_CURLSH(); \ - } \ - curl_easy_setopt(handle, _curl_opt, value); \ -}) - -/* wraps curl_easy_getinfo() with typechecking */ -/* FIXME: don't allow const pointers */ -#define curl_easy_getinfo(handle, info, arg) \ -__extension__ ({ \ - __typeof__(info) _curl_info = info; \ - if(__builtin_constant_p(_curl_info)) { \ - if(_curl_is_string_info(_curl_info)) \ - if(!_curl_is_arr((arg), char *)) \ - _curl_easy_getinfo_err_string(); \ - if(_curl_is_long_info(_curl_info)) \ - if(!_curl_is_arr((arg), long)) \ - _curl_easy_getinfo_err_long(); \ - if(_curl_is_double_info(_curl_info)) \ - if(!_curl_is_arr((arg), double)) \ - _curl_easy_getinfo_err_double(); \ - if(_curl_is_slist_info(_curl_info)) \ - if(!_curl_is_arr((arg), struct curl_slist *)) \ - _curl_easy_getinfo_err_curl_slist(); \ - } \ - curl_easy_getinfo(handle, _curl_info, arg); \ -}) - -/* TODO: typechecking for curl_share_setopt() and curl_multi_setopt(), - * for now just make sure that the functions are called with three - * arguments - */ -#define curl_share_setopt(share,opt,param) curl_share_setopt(share,opt,param) -#define curl_multi_setopt(handle,opt,param) curl_multi_setopt(handle,opt,param) - - -/* the actual warnings, triggered by calling the _curl_easy_setopt_err* - * functions */ - -/* To define a new warning, use _CURL_WARNING(identifier, "message") */ -#define _CURL_WARNING(id, message) \ - static void __attribute__((__warning__(message))) \ - __attribute__((__unused__)) __attribute__((__noinline__)) \ - id(void) { __asm__(""); } - -_CURL_WARNING(_curl_easy_setopt_err_long, - "curl_easy_setopt expects a long argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_curl_off_t, - "curl_easy_setopt expects a curl_off_t argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_string, - "curl_easy_setopt expects a " - "string ('char *' or char[]) argument for this option" - ) -_CURL_WARNING(_curl_easy_setopt_err_write_callback, - "curl_easy_setopt expects a curl_write_callback argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_read_cb, - "curl_easy_setopt expects a curl_read_callback argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_ioctl_cb, - "curl_easy_setopt expects a curl_ioctl_callback argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_sockopt_cb, - "curl_easy_setopt expects a curl_sockopt_callback argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_opensocket_cb, - "curl_easy_setopt expects a " - "curl_opensocket_callback argument for this option" - ) -_CURL_WARNING(_curl_easy_setopt_err_progress_cb, - "curl_easy_setopt expects a curl_progress_callback argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_debug_cb, - "curl_easy_setopt expects a curl_debug_callback argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_ssl_ctx_cb, - "curl_easy_setopt expects a curl_ssl_ctx_callback argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_conv_cb, - "curl_easy_setopt expects a curl_conv_callback argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_seek_cb, - "curl_easy_setopt expects a curl_seek_callback argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_cb_data, - "curl_easy_setopt expects a " - "private data pointer as argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_error_buffer, - "curl_easy_setopt expects a " - "char buffer of CURL_ERROR_SIZE as argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_FILE, - "curl_easy_setopt expects a 'FILE *' argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_postfields, - "curl_easy_setopt expects a 'void *' or 'char *' argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_curl_httpost, - "curl_easy_setopt expects a 'struct curl_httppost *' " - "argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_curl_slist, - "curl_easy_setopt expects a 'struct curl_slist *' argument for this option") -_CURL_WARNING(_curl_easy_setopt_err_CURLSH, - "curl_easy_setopt expects a CURLSH* argument for this option") - -_CURL_WARNING(_curl_easy_getinfo_err_string, - "curl_easy_getinfo expects a pointer to 'char *' for this info") -_CURL_WARNING(_curl_easy_getinfo_err_long, - "curl_easy_getinfo expects a pointer to long for this info") -_CURL_WARNING(_curl_easy_getinfo_err_double, - "curl_easy_getinfo expects a pointer to double for this info") -_CURL_WARNING(_curl_easy_getinfo_err_curl_slist, - "curl_easy_getinfo expects a pointer to 'struct curl_slist *' for this info") - -/* groups of curl_easy_setops options that take the same type of argument */ - -/* To add a new option to one of the groups, just add - * (option) == CURLOPT_SOMETHING - * to the or-expression. If the option takes a long or curl_off_t, you don't - * have to do anything - */ - -/* evaluates to true if option takes a long argument */ -#define _curl_is_long_option(option) \ - (0 < (option) && (option) < CURLOPTTYPE_OBJECTPOINT) - -#define _curl_is_off_t_option(option) \ - ((option) > CURLOPTTYPE_OFF_T) - -/* evaluates to true if option takes a char* argument */ -#define _curl_is_string_option(option) \ - ((option) == CURLOPT_ABSTRACT_UNIX_SOCKET || \ - (option) == CURLOPT_ACCEPT_ENCODING || \ - (option) == CURLOPT_CAINFO || \ - (option) == CURLOPT_CAPATH || \ - (option) == CURLOPT_COOKIE || \ - (option) == CURLOPT_COOKIEFILE || \ - (option) == CURLOPT_COOKIEJAR || \ - (option) == CURLOPT_COOKIELIST || \ - (option) == CURLOPT_CRLFILE || \ - (option) == CURLOPT_CUSTOMREQUEST || \ - (option) == CURLOPT_DEFAULT_PROTOCOL || \ - (option) == CURLOPT_DNS_INTERFACE || \ - (option) == CURLOPT_DNS_LOCAL_IP4 || \ - (option) == CURLOPT_DNS_LOCAL_IP6 || \ - (option) == CURLOPT_DNS_SERVERS || \ - (option) == CURLOPT_EGDSOCKET || \ - (option) == CURLOPT_FTPPORT || \ - (option) == CURLOPT_FTP_ACCOUNT || \ - (option) == CURLOPT_FTP_ALTERNATIVE_TO_USER || \ - (option) == CURLOPT_INTERFACE || \ - (option) == CURLOPT_ISSUERCERT || \ - (option) == CURLOPT_KEYPASSWD || \ - (option) == CURLOPT_KRBLEVEL || \ - (option) == CURLOPT_LOGIN_OPTIONS || \ - (option) == CURLOPT_MAIL_AUTH || \ - (option) == CURLOPT_MAIL_FROM || \ - (option) == CURLOPT_NETRC_FILE || \ - (option) == CURLOPT_NOPROXY || \ - (option) == CURLOPT_PASSWORD || \ - (option) == CURLOPT_PINNEDPUBLICKEY || \ - (option) == CURLOPT_PROXY || \ - (option) == CURLOPT_PROXYPASSWORD || \ - (option) == CURLOPT_PROXYUSERNAME || \ - (option) == CURLOPT_PROXYUSERPWD || \ - (option) == CURLOPT_PROXY_SERVICE_NAME || \ - (option) == CURLOPT_RANDOM_FILE || \ - (option) == CURLOPT_RANGE || \ - (option) == CURLOPT_REFERER || \ - (option) == CURLOPT_RTSP_SESSION_ID || \ - (option) == CURLOPT_RTSP_STREAM_URI || \ - (option) == CURLOPT_RTSP_TRANSPORT || \ - (option) == CURLOPT_SERVICE_NAME || \ - (option) == CURLOPT_SOCKS5_GSSAPI_SERVICE || \ - (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 || \ - (option) == CURLOPT_SSH_KNOWNHOSTS || \ - (option) == CURLOPT_SSH_PRIVATE_KEYFILE || \ - (option) == CURLOPT_SSH_PUBLIC_KEYFILE || \ - (option) == CURLOPT_SSLCERT || \ - (option) == CURLOPT_SSLCERTTYPE || \ - (option) == CURLOPT_SSLENGINE || \ - (option) == CURLOPT_SSLKEY || \ - (option) == CURLOPT_SSLKEYTYPE || \ - (option) == CURLOPT_SSL_CIPHER_LIST || \ - (option) == CURLOPT_TLSAUTH_PASSWORD || \ - (option) == CURLOPT_TLSAUTH_TYPE || \ - (option) == CURLOPT_TLSAUTH_USERNAME || \ - (option) == CURLOPT_UNIX_SOCKET_PATH || \ - (option) == CURLOPT_URL || \ - (option) == CURLOPT_USERAGENT || \ - (option) == CURLOPT_USERNAME || \ - (option) == CURLOPT_USERPWD || \ - (option) == CURLOPT_XOAUTH2_BEARER || \ - 0) - -/* evaluates to true if option takes a curl_write_callback argument */ -#define _curl_is_write_cb_option(option) \ - ((option) == CURLOPT_HEADERFUNCTION || \ - (option) == CURLOPT_WRITEFUNCTION) - -/* evaluates to true if option takes a curl_conv_callback argument */ -#define _curl_is_conv_cb_option(option) \ - ((option) == CURLOPT_CONV_TO_NETWORK_FUNCTION || \ - (option) == CURLOPT_CONV_FROM_NETWORK_FUNCTION || \ - (option) == CURLOPT_CONV_FROM_UTF8_FUNCTION) - -/* evaluates to true if option takes a data argument to pass to a callback */ -#define _curl_is_cb_data_option(option) \ - ((option) == CURLOPT_CHUNK_DATA || \ - (option) == CURLOPT_CLOSESOCKETDATA || \ - (option) == CURLOPT_DEBUGDATA || \ - (option) == CURLOPT_FNMATCH_DATA || \ - (option) == CURLOPT_HEADERDATA || \ - (option) == CURLOPT_INTERLEAVEDATA || \ - (option) == CURLOPT_IOCTLDATA || \ - (option) == CURLOPT_OPENSOCKETDATA || \ - (option) == CURLOPT_PRIVATE || \ - (option) == CURLOPT_PROGRESSDATA || \ - (option) == CURLOPT_READDATA || \ - (option) == CURLOPT_SEEKDATA || \ - (option) == CURLOPT_SOCKOPTDATA || \ - (option) == CURLOPT_SSH_KEYDATA || \ - (option) == CURLOPT_SSL_CTX_DATA || \ - (option) == CURLOPT_WRITEDATA || \ - 0) - -/* evaluates to true if option takes a POST data argument (void* or char*) */ -#define _curl_is_postfields_option(option) \ - ((option) == CURLOPT_POSTFIELDS || \ - (option) == CURLOPT_COPYPOSTFIELDS || \ - 0) - -/* evaluates to true if option takes a struct curl_slist * argument */ -#define _curl_is_slist_option(option) \ - ((option) == CURLOPT_HTTP200ALIASES || \ - (option) == CURLOPT_HTTPHEADER || \ - (option) == CURLOPT_MAIL_RCPT || \ - (option) == CURLOPT_POSTQUOTE || \ - (option) == CURLOPT_PREQUOTE || \ - (option) == CURLOPT_PROXYHEADER || \ - (option) == CURLOPT_QUOTE || \ - (option) == CURLOPT_RESOLVE || \ - (option) == CURLOPT_TELNETOPTIONS || \ - 0) - -/* groups of curl_easy_getinfo infos that take the same type of argument */ - -/* evaluates to true if info expects a pointer to char * argument */ -#define _curl_is_string_info(info) \ - (CURLINFO_STRING < (info) && (info) < CURLINFO_LONG) - -/* evaluates to true if info expects a pointer to long argument */ -#define _curl_is_long_info(info) \ - (CURLINFO_LONG < (info) && (info) < CURLINFO_DOUBLE) - -/* evaluates to true if info expects a pointer to double argument */ -#define _curl_is_double_info(info) \ - (CURLINFO_DOUBLE < (info) && (info) < CURLINFO_SLIST) - -/* true if info expects a pointer to struct curl_slist * argument */ -#define _curl_is_slist_info(info) \ - (CURLINFO_SLIST < (info)) - - -/* typecheck helpers -- check whether given expression has requested type*/ - -/* For pointers, you can use the _curl_is_ptr/_curl_is_arr macros, - * otherwise define a new macro. Search for __builtin_types_compatible_p - * in the GCC manual. - * NOTE: these macros MUST NOT EVALUATE their arguments! The argument is - * the actual expression passed to the curl_easy_setopt macro. This - * means that you can only apply the sizeof and __typeof__ operators, no - * == or whatsoever. - */ - -/* XXX: should evaluate to true iff expr is a pointer */ -#define _curl_is_any_ptr(expr) \ - (sizeof(expr) == sizeof(void *)) - -/* evaluates to true if expr is NULL */ -/* XXX: must not evaluate expr, so this check is not accurate */ -#define _curl_is_NULL(expr) \ - (__builtin_types_compatible_p(__typeof__(expr), __typeof__(NULL))) - -/* evaluates to true if expr is type*, const type* or NULL */ -#define _curl_is_ptr(expr, type) \ - (_curl_is_NULL(expr) || \ - __builtin_types_compatible_p(__typeof__(expr), type *) || \ - __builtin_types_compatible_p(__typeof__(expr), const type *)) - -/* evaluates to true if expr is one of type[], type*, NULL or const type* */ -#define _curl_is_arr(expr, type) \ - (_curl_is_ptr((expr), type) || \ - __builtin_types_compatible_p(__typeof__(expr), type [])) - -/* evaluates to true if expr is a string */ -#define _curl_is_string(expr) \ - (_curl_is_arr((expr), char) || \ - _curl_is_arr((expr), signed char) || \ - _curl_is_arr((expr), unsigned char)) - -/* evaluates to true if expr is a long (no matter the signedness) - * XXX: for now, int is also accepted (and therefore short and char, which - * are promoted to int when passed to a variadic function) */ -#define _curl_is_long(expr) \ - (__builtin_types_compatible_p(__typeof__(expr), long) || \ - __builtin_types_compatible_p(__typeof__(expr), signed long) || \ - __builtin_types_compatible_p(__typeof__(expr), unsigned long) || \ - __builtin_types_compatible_p(__typeof__(expr), int) || \ - __builtin_types_compatible_p(__typeof__(expr), signed int) || \ - __builtin_types_compatible_p(__typeof__(expr), unsigned int) || \ - __builtin_types_compatible_p(__typeof__(expr), short) || \ - __builtin_types_compatible_p(__typeof__(expr), signed short) || \ - __builtin_types_compatible_p(__typeof__(expr), unsigned short) || \ - __builtin_types_compatible_p(__typeof__(expr), char) || \ - __builtin_types_compatible_p(__typeof__(expr), signed char) || \ - __builtin_types_compatible_p(__typeof__(expr), unsigned char)) - -/* evaluates to true if expr is of type curl_off_t */ -#define _curl_is_off_t(expr) \ - (__builtin_types_compatible_p(__typeof__(expr), curl_off_t)) - -/* evaluates to true if expr is abuffer suitable for CURLOPT_ERRORBUFFER */ -/* XXX: also check size of an char[] array? */ -#define _curl_is_error_buffer(expr) \ - (_curl_is_NULL(expr) || \ - __builtin_types_compatible_p(__typeof__(expr), char *) || \ - __builtin_types_compatible_p(__typeof__(expr), char[])) - -/* evaluates to true if expr is of type (const) void* or (const) FILE* */ -#if 0 -#define _curl_is_cb_data(expr) \ - (_curl_is_ptr((expr), void) || \ - _curl_is_ptr((expr), FILE)) -#else /* be less strict */ -#define _curl_is_cb_data(expr) \ - _curl_is_any_ptr(expr) -#endif - -/* evaluates to true if expr is of type FILE* */ -#define _curl_is_FILE(expr) \ - (__builtin_types_compatible_p(__typeof__(expr), FILE *)) - -/* evaluates to true if expr can be passed as POST data (void* or char*) */ -#define _curl_is_postfields(expr) \ - (_curl_is_ptr((expr), void) || \ - _curl_is_arr((expr), char)) - -/* FIXME: the whole callback checking is messy... - * The idea is to tolerate char vs. void and const vs. not const - * pointers in arguments at least - */ -/* helper: __builtin_types_compatible_p distinguishes between functions and - * function pointers, hide it */ -#define _curl_callback_compatible(func, type) \ - (__builtin_types_compatible_p(__typeof__(func), type) || \ - __builtin_types_compatible_p(__typeof__(func), type*)) - -/* evaluates to true if expr is of type curl_read_callback or "similar" */ -#define _curl_is_read_cb(expr) \ - (_curl_is_NULL(expr) || \ - __builtin_types_compatible_p(__typeof__(expr), __typeof__(fread)) || \ - __builtin_types_compatible_p(__typeof__(expr), curl_read_callback) || \ - _curl_callback_compatible((expr), _curl_read_callback1) || \ - _curl_callback_compatible((expr), _curl_read_callback2) || \ - _curl_callback_compatible((expr), _curl_read_callback3) || \ - _curl_callback_compatible((expr), _curl_read_callback4) || \ - _curl_callback_compatible((expr), _curl_read_callback5) || \ - _curl_callback_compatible((expr), _curl_read_callback6)) -typedef size_t (_curl_read_callback1)(char *, size_t, size_t, void *); -typedef size_t (_curl_read_callback2)(char *, size_t, size_t, const void *); -typedef size_t (_curl_read_callback3)(char *, size_t, size_t, FILE *); -typedef size_t (_curl_read_callback4)(void *, size_t, size_t, void *); -typedef size_t (_curl_read_callback5)(void *, size_t, size_t, const void *); -typedef size_t (_curl_read_callback6)(void *, size_t, size_t, FILE *); - -/* evaluates to true if expr is of type curl_write_callback or "similar" */ -#define _curl_is_write_cb(expr) \ - (_curl_is_read_cb(expr) || \ - __builtin_types_compatible_p(__typeof__(expr), __typeof__(fwrite)) || \ - __builtin_types_compatible_p(__typeof__(expr), curl_write_callback) || \ - _curl_callback_compatible((expr), _curl_write_callback1) || \ - _curl_callback_compatible((expr), _curl_write_callback2) || \ - _curl_callback_compatible((expr), _curl_write_callback3) || \ - _curl_callback_compatible((expr), _curl_write_callback4) || \ - _curl_callback_compatible((expr), _curl_write_callback5) || \ - _curl_callback_compatible((expr), _curl_write_callback6)) -typedef size_t (_curl_write_callback1)(const char *, size_t, size_t, void *); -typedef size_t (_curl_write_callback2)(const char *, size_t, size_t, - const void *); -typedef size_t (_curl_write_callback3)(const char *, size_t, size_t, FILE *); -typedef size_t (_curl_write_callback4)(const void *, size_t, size_t, void *); -typedef size_t (_curl_write_callback5)(const void *, size_t, size_t, - const void *); -typedef size_t (_curl_write_callback6)(const void *, size_t, size_t, FILE *); - -/* evaluates to true if expr is of type curl_ioctl_callback or "similar" */ -#define _curl_is_ioctl_cb(expr) \ - (_curl_is_NULL(expr) || \ - __builtin_types_compatible_p(__typeof__(expr), curl_ioctl_callback) || \ - _curl_callback_compatible((expr), _curl_ioctl_callback1) || \ - _curl_callback_compatible((expr), _curl_ioctl_callback2) || \ - _curl_callback_compatible((expr), _curl_ioctl_callback3) || \ - _curl_callback_compatible((expr), _curl_ioctl_callback4)) -typedef curlioerr (_curl_ioctl_callback1)(CURL *, int, void *); -typedef curlioerr (_curl_ioctl_callback2)(CURL *, int, const void *); -typedef curlioerr (_curl_ioctl_callback3)(CURL *, curliocmd, void *); -typedef curlioerr (_curl_ioctl_callback4)(CURL *, curliocmd, const void *); - -/* evaluates to true if expr is of type curl_sockopt_callback or "similar" */ -#define _curl_is_sockopt_cb(expr) \ - (_curl_is_NULL(expr) || \ - __builtin_types_compatible_p(__typeof__(expr), curl_sockopt_callback) || \ - _curl_callback_compatible((expr), _curl_sockopt_callback1) || \ - _curl_callback_compatible((expr), _curl_sockopt_callback2)) -typedef int (_curl_sockopt_callback1)(void *, curl_socket_t, curlsocktype); -typedef int (_curl_sockopt_callback2)(const void *, curl_socket_t, - curlsocktype); - -/* evaluates to true if expr is of type curl_opensocket_callback or - "similar" */ -#define _curl_is_opensocket_cb(expr) \ - (_curl_is_NULL(expr) || \ - __builtin_types_compatible_p(__typeof__(expr), curl_opensocket_callback) ||\ - _curl_callback_compatible((expr), _curl_opensocket_callback1) || \ - _curl_callback_compatible((expr), _curl_opensocket_callback2) || \ - _curl_callback_compatible((expr), _curl_opensocket_callback3) || \ - _curl_callback_compatible((expr), _curl_opensocket_callback4)) -typedef curl_socket_t (_curl_opensocket_callback1) - (void *, curlsocktype, struct curl_sockaddr *); -typedef curl_socket_t (_curl_opensocket_callback2) - (void *, curlsocktype, const struct curl_sockaddr *); -typedef curl_socket_t (_curl_opensocket_callback3) - (const void *, curlsocktype, struct curl_sockaddr *); -typedef curl_socket_t (_curl_opensocket_callback4) - (const void *, curlsocktype, const struct curl_sockaddr *); - -/* evaluates to true if expr is of type curl_progress_callback or "similar" */ -#define _curl_is_progress_cb(expr) \ - (_curl_is_NULL(expr) || \ - __builtin_types_compatible_p(__typeof__(expr), curl_progress_callback) || \ - _curl_callback_compatible((expr), _curl_progress_callback1) || \ - _curl_callback_compatible((expr), _curl_progress_callback2)) -typedef int (_curl_progress_callback1)(void *, - double, double, double, double); -typedef int (_curl_progress_callback2)(const void *, - double, double, double, double); - -/* evaluates to true if expr is of type curl_debug_callback or "similar" */ -#define _curl_is_debug_cb(expr) \ - (_curl_is_NULL(expr) || \ - __builtin_types_compatible_p(__typeof__(expr), curl_debug_callback) || \ - _curl_callback_compatible((expr), _curl_debug_callback1) || \ - _curl_callback_compatible((expr), _curl_debug_callback2) || \ - _curl_callback_compatible((expr), _curl_debug_callback3) || \ - _curl_callback_compatible((expr), _curl_debug_callback4) || \ - _curl_callback_compatible((expr), _curl_debug_callback5) || \ - _curl_callback_compatible((expr), _curl_debug_callback6) || \ - _curl_callback_compatible((expr), _curl_debug_callback7) || \ - _curl_callback_compatible((expr), _curl_debug_callback8)) -typedef int (_curl_debug_callback1) (CURL *, - curl_infotype, char *, size_t, void *); -typedef int (_curl_debug_callback2) (CURL *, - curl_infotype, char *, size_t, const void *); -typedef int (_curl_debug_callback3) (CURL *, - curl_infotype, const char *, size_t, void *); -typedef int (_curl_debug_callback4) (CURL *, - curl_infotype, const char *, size_t, const void *); -typedef int (_curl_debug_callback5) (CURL *, - curl_infotype, unsigned char *, size_t, void *); -typedef int (_curl_debug_callback6) (CURL *, - curl_infotype, unsigned char *, size_t, const void *); -typedef int (_curl_debug_callback7) (CURL *, - curl_infotype, const unsigned char *, size_t, void *); -typedef int (_curl_debug_callback8) (CURL *, - curl_infotype, const unsigned char *, size_t, const void *); - -/* evaluates to true if expr is of type curl_ssl_ctx_callback or "similar" */ -/* this is getting even messier... */ -#define _curl_is_ssl_ctx_cb(expr) \ - (_curl_is_NULL(expr) || \ - __builtin_types_compatible_p(__typeof__(expr), curl_ssl_ctx_callback) || \ - _curl_callback_compatible((expr), _curl_ssl_ctx_callback1) || \ - _curl_callback_compatible((expr), _curl_ssl_ctx_callback2) || \ - _curl_callback_compatible((expr), _curl_ssl_ctx_callback3) || \ - _curl_callback_compatible((expr), _curl_ssl_ctx_callback4) || \ - _curl_callback_compatible((expr), _curl_ssl_ctx_callback5) || \ - _curl_callback_compatible((expr), _curl_ssl_ctx_callback6) || \ - _curl_callback_compatible((expr), _curl_ssl_ctx_callback7) || \ - _curl_callback_compatible((expr), _curl_ssl_ctx_callback8)) -typedef CURLcode (_curl_ssl_ctx_callback1)(CURL *, void *, void *); -typedef CURLcode (_curl_ssl_ctx_callback2)(CURL *, void *, const void *); -typedef CURLcode (_curl_ssl_ctx_callback3)(CURL *, const void *, void *); -typedef CURLcode (_curl_ssl_ctx_callback4)(CURL *, const void *, const void *); -#ifdef HEADER_SSL_H -/* hack: if we included OpenSSL's ssl.h, we know about SSL_CTX - * this will of course break if we're included before OpenSSL headers... - */ -typedef CURLcode (_curl_ssl_ctx_callback5)(CURL *, SSL_CTX, void *); -typedef CURLcode (_curl_ssl_ctx_callback6)(CURL *, SSL_CTX, const void *); -typedef CURLcode (_curl_ssl_ctx_callback7)(CURL *, const SSL_CTX, void *); -typedef CURLcode (_curl_ssl_ctx_callback8)(CURL *, const SSL_CTX, - const void *); -#else -typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback5; -typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback6; -typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback7; -typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback8; -#endif - -/* evaluates to true if expr is of type curl_conv_callback or "similar" */ -#define _curl_is_conv_cb(expr) \ - (_curl_is_NULL(expr) || \ - __builtin_types_compatible_p(__typeof__(expr), curl_conv_callback) || \ - _curl_callback_compatible((expr), _curl_conv_callback1) || \ - _curl_callback_compatible((expr), _curl_conv_callback2) || \ - _curl_callback_compatible((expr), _curl_conv_callback3) || \ - _curl_callback_compatible((expr), _curl_conv_callback4)) -typedef CURLcode (*_curl_conv_callback1)(char *, size_t length); -typedef CURLcode (*_curl_conv_callback2)(const char *, size_t length); -typedef CURLcode (*_curl_conv_callback3)(void *, size_t length); -typedef CURLcode (*_curl_conv_callback4)(const void *, size_t length); - -/* evaluates to true if expr is of type curl_seek_callback or "similar" */ -#define _curl_is_seek_cb(expr) \ - (_curl_is_NULL(expr) || \ - __builtin_types_compatible_p(__typeof__(expr), curl_seek_callback) || \ - _curl_callback_compatible((expr), _curl_seek_callback1) || \ - _curl_callback_compatible((expr), _curl_seek_callback2)) -typedef CURLcode (*_curl_seek_callback1)(void *, curl_off_t, int); -typedef CURLcode (*_curl_seek_callback2)(const void *, curl_off_t, int); - - -#endif /* __CURL_TYPECHECK_GCC_H */ DELETED scriptlibs/softwareupdate/curl/lib/libcurl.a Index: scriptlibs/softwareupdate/curl/lib/libcurl.a ================================================================== --- scriptlibs/softwareupdate/curl/lib/libcurl.a +++ scriptlibs/softwareupdate/curl/lib/libcurl.a cannot compute difference between binary files DELETED scriptlibs/softwareupdate/curl/lib/libcurldll.a Index: scriptlibs/softwareupdate/curl/lib/libcurldll.a ================================================================== --- scriptlibs/softwareupdate/curl/lib/libcurldll.a +++ scriptlibs/softwareupdate/curl/lib/libcurldll.a cannot compute difference between binary files DELETED scriptlibs/softwareupdate/curl/mk-ca-bundle.pl Index: scriptlibs/softwareupdate/curl/mk-ca-bundle.pl ================================================================== --- scriptlibs/softwareupdate/curl/mk-ca-bundle.pl +++ scriptlibs/softwareupdate/curl/mk-ca-bundle.pl @@ -1,554 +0,0 @@ -#!/usr/bin/perl -w -# *************************************************************************** -# * _ _ ____ _ -# * Project ___| | | | _ \| | -# * / __| | | | |_) | | -# * | (__| |_| | _ <| |___ -# * \___|\___/|_| \_\_____| -# * -# * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. -# * -# * This software is licensed as described in the file COPYING, which -# * you should have received as part of this distribution. The terms -# * are also available at https://curl.haxx.se/docs/copyright.html. -# * -# * You may opt to use, copy, modify, merge, publish, distribute and/or sell -# * copies of the Software, and permit persons to whom the Software is -# * furnished to do so, under the terms of the COPYING file. -# * -# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# * KIND, either express or implied. -# * -# *************************************************************************** -# This Perl script creates a fresh ca-bundle.crt file for use with libcurl. -# It downloads certdata.txt from Mozilla's source tree (see URL below), -# then parses certdata.txt and extracts CA Root Certificates into PEM format. -# These are then processed with the OpenSSL commandline tool to produce the -# final ca-bundle.crt file. -# The script is based on the parse-certs script written by Roland Krikava. -# This Perl script works on almost any platform since its only external -# dependency is the OpenSSL commandline tool for optional text listing. -# Hacked by Guenter Knauf. -# -use Encode; -use Getopt::Std; -use MIME::Base64; -use strict; -use vars qw($opt_b $opt_d $opt_f $opt_h $opt_i $opt_k $opt_l $opt_m $opt_n $opt_p $opt_q $opt_s $opt_t $opt_u $opt_v $opt_w); -use List::Util; -use Text::Wrap; -my $MOD_SHA = "Digest::SHA"; -eval "require $MOD_SHA"; -if ($@) { - $MOD_SHA = "Digest::SHA::PurePerl"; - eval "require $MOD_SHA"; -} -eval "require LWP::UserAgent"; - -my %urls = ( - 'nss' => - 'https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt', - 'central' => - 'https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', - 'aurora' => - 'https://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', - 'beta' => - 'https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', - 'release' => - 'https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', -); - -$opt_d = 'release'; - -# If the OpenSSL commandline is not in search path you can configure it here! -my $openssl = 'openssl'; - -my $version = '1.27'; - -$opt_w = 76; # default base64 encoded lines length - -# default cert types to include in the output (default is to include CAs which may issue SSL server certs) -my $default_mozilla_trust_purposes = "SERVER_AUTH"; -my $default_mozilla_trust_levels = "TRUSTED_DELEGATOR"; -$opt_p = $default_mozilla_trust_purposes . ":" . $default_mozilla_trust_levels; - -my @valid_mozilla_trust_purposes = ( - "DIGITAL_SIGNATURE", - "NON_REPUDIATION", - "KEY_ENCIPHERMENT", - "DATA_ENCIPHERMENT", - "KEY_AGREEMENT", - "KEY_CERT_SIGN", - "CRL_SIGN", - "SERVER_AUTH", - "CLIENT_AUTH", - "CODE_SIGNING", - "EMAIL_PROTECTION", - "IPSEC_END_SYSTEM", - "IPSEC_TUNNEL", - "IPSEC_USER", - "TIME_STAMPING", - "STEP_UP_APPROVED" -); - -my @valid_mozilla_trust_levels = ( - "TRUSTED_DELEGATOR", # CAs - "NOT_TRUSTED", # Don't trust these certs. - "MUST_VERIFY_TRUST", # This explicitly tells us that it ISN'T a CA but is otherwise ok. In other words, this should tell the app to ignore any other sources that claim this is a CA. - "TRUSTED" # This cert is trusted, but only for itself and not for delegates (i.e. it is not a CA). -); - -my $default_signature_algorithms = $opt_s = "MD5"; - -my @valid_signature_algorithms = ( - "MD5", - "SHA1", - "SHA256", - "SHA384", - "SHA512" -); - -$0 =~ s@.*(/|\\)@@; -$Getopt::Std::STANDARD_HELP_VERSION = 1; -getopts('bd:fhiklmnp:qs:tuvw:'); - -if(!defined($opt_d)) { - # to make plain "-d" use not cause warnings, and actually still work - $opt_d = 'release'; -} - -# Use predefined URL or else custom URL specified on command line. -my $url; -if(defined($urls{$opt_d})) { - $url = $urls{$opt_d}; - if(!$opt_k && $url !~ /^https:\/\//i) { - die "The URL for '$opt_d' is not HTTPS. Use -k to override (insecure).\n"; - } -} -else { - $url = $opt_d; -} - -my $curl = `curl -V`; - -if ($opt_i) { - print ("=" x 78 . "\n"); - print "Script Version : $version\n"; - print "Perl Version : $]\n"; - print "Operating System Name : $^O\n"; - print "Getopt::Std.pm Version : ${Getopt::Std::VERSION}\n"; - print "MIME::Base64.pm Version : ${MIME::Base64::VERSION}\n"; - print "LWP::UserAgent.pm Version : ${LWP::UserAgent::VERSION}\n" if($LWP::UserAgent::VERSION); - print "LWP.pm Version : ${LWP::VERSION}\n" if($LWP::VERSION); - print "Digest::SHA.pm Version : ${Digest::SHA::VERSION}\n" if ($Digest::SHA::VERSION); - print "Digest::SHA::PurePerl.pm Version : ${Digest::SHA::PurePerl::VERSION}\n" if ($Digest::SHA::PurePerl::VERSION); - print ("=" x 78 . "\n"); -} - -sub warning_message() { - if ( $opt_d =~ m/^risk$/i ) { # Long Form Warning and Exit - print "Warning: Use of this script may pose some risk:\n"; - print "\n"; - print " 1) If you use HTTP URLs they are subject to a man in the middle attack\n"; - print " 2) Default to 'release', but more recent updates may be found in other trees\n"; - print " 3) certdata.txt file format may change, lag time to update this script\n"; - print " 4) Generally unwise to blindly trust CAs without manual review & verification\n"; - print " 5) Mozilla apps use additional security checks aren't represented in certdata\n"; - print " 6) Use of this script will make a security engineer grind his teeth and\n"; - print " swear at you. ;)\n"; - exit; - } else { # Short Form Warning - print "Warning: Use of this script may pose some risk, -d risk for more details.\n"; - } -} - -sub HELP_MESSAGE() { - print "Usage:\t${0} [-b] [-d] [-f] [-i] [-k] [-l] [-n] [-p] [-q] [-s] [-t] [-u] [-v] [-w] []\n"; - print "\t-b\tbackup an existing version of ca-bundle.crt\n"; - print "\t-d\tspecify Mozilla tree to pull certdata.txt or custom URL\n"; - print "\t\t Valid names are:\n"; - print "\t\t ", join( ", ", map { ( $_ =~ m/$opt_d/ ) ? "$_ (default)" : "$_" } sort keys %urls ), "\n"; - print "\t-f\tforce rebuild even if certdata.txt is current\n"; - print "\t-i\tprint version info about used modules\n"; - print "\t-k\tallow URLs other than HTTPS, enable HTTP fallback (insecure)\n"; - print "\t-l\tprint license info about certdata.txt\n"; - print "\t-m\tinclude meta data in output\n"; - print "\t-n\tno download of certdata.txt (to use existing)\n"; - print wrap("\t","\t\t", "-p\tlist of Mozilla trust purposes and levels for certificates to include in output. Takes the form of a comma separated list of purposes, a colon, and a comma separated list of levels. (default: $default_mozilla_trust_purposes:$default_mozilla_trust_levels)"), "\n"; - print "\t\t Valid purposes are:\n"; - print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_mozilla_trust_purposes ) ), "\n"; - print "\t\t Valid levels are:\n"; - print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_mozilla_trust_levels ) ), "\n"; - print "\t-q\tbe really quiet (no progress output at all)\n"; - print wrap("\t","\t\t", "-s\tcomma separated list of certificate signatures/hashes to output in plain text mode. (default: $default_signature_algorithms)\n"); - print "\t\t Valid signature algorithms are:\n"; - print wrap("\t\t ","\t\t ", join( ", ", "ALL", @valid_signature_algorithms ) ), "\n"; - print "\t-t\tinclude plain text listing of certificates\n"; - print "\t-u\tunlink (remove) certdata.txt after processing\n"; - print "\t-v\tbe verbose and print out processed CAs\n"; - print "\t-w \twrap base64 output lines after chars (default: ${opt_w})\n"; - exit; -} - -sub VERSION_MESSAGE() { - print "${0} version ${version} running Perl ${]} on ${^O}\n"; -} - -warning_message() unless ($opt_q || $url =~ m/^(ht|f)tps:/i ); -HELP_MESSAGE() if ($opt_h); - -sub report($@) { - my $output = shift; - - print STDERR $output . "\n" unless $opt_q; -} - -sub is_in_list($@) { - my $target = shift; - - return defined(List::Util::first { $target eq $_ } @_); -} - -# Parses $param_string as a case insensitive comma separated list with optional whitespace -# validates that only allowed parameters are supplied -sub parse_csv_param($$@) { - my $description = shift; - my $param_string = shift; - my @valid_values = @_; - - my @values = map { - s/^\s+//; # strip leading spaces - s/\s+$//; # strip trailing spaces - uc $_ # return the modified string as upper case - } split( ',', $param_string ); - - # Find all values which are not in the list of valid values or "ALL" - my @invalid = grep { !is_in_list($_,"ALL",@valid_values) } @values; - - if ( scalar(@invalid) > 0 ) { - # Tell the user which parameters were invalid and print the standard help message which will exit - print "Error: Invalid ", $description, scalar(@invalid) == 1 ? ": " : "s: ", join( ", ", map { "\"$_\"" } @invalid ), "\n"; - HELP_MESSAGE(); - } - - @values = @valid_values if ( is_in_list("ALL",@values) ); - - return @values; -} - -sub sha256 { - my $result; - if ($Digest::SHA::VERSION || $Digest::SHA::PurePerl::VERSION) { - open(FILE, $_[0]) or die "Can't open '$_[0]': $!"; - binmode(FILE); - $result = $MOD_SHA->new(256)->addfile(*FILE)->hexdigest; - close(FILE); - } else { - # Use OpenSSL command if Perl Digest::SHA modules not available - $result = `"$openssl" dgst -r -sha256 "$_[0]"`; - $result =~ s/^([0-9a-f]{64}) .+/$1/is; - } - return $result; -} - - -sub oldhash { - my $hash = ""; - open(C, "<$_[0]") || return 0; - while() { - chomp; - if($_ =~ /^\#\# SHA256: (.*)/) { - $hash = $1; - last; - } - } - close(C); - return $hash; -} - -if ( $opt_p !~ m/:/ ) { - print "Error: Mozilla trust identifier list must include both purposes and levels\n"; - HELP_MESSAGE(); -} - -(my $included_mozilla_trust_purposes_string, my $included_mozilla_trust_levels_string) = split( ':', $opt_p ); -my @included_mozilla_trust_purposes = parse_csv_param( "trust purpose", $included_mozilla_trust_purposes_string, @valid_mozilla_trust_purposes ); -my @included_mozilla_trust_levels = parse_csv_param( "trust level", $included_mozilla_trust_levels_string, @valid_mozilla_trust_levels ); - -my @included_signature_algorithms = parse_csv_param( "signature algorithm", $opt_s, @valid_signature_algorithms ); - -sub should_output_cert(%) { - my %trust_purposes_by_level = @_; - - foreach my $level (@included_mozilla_trust_levels) { - # for each level we want to output, see if any of our desired purposes are included - return 1 if ( defined( List::Util::first { is_in_list( $_, @included_mozilla_trust_purposes ) } @{$trust_purposes_by_level{$level}} ) ); - } - - return 0; -} - -my $crt = $ARGV[0] || 'ca-bundle.crt'; -(my $txt = $url) =~ s@(.*/|\?.*)@@g; - -my $stdout = $crt eq '-'; -my $resp; -my $fetched; - -my $oldhash = oldhash($crt); - -report "SHA256 of old file: $oldhash"; - -if(!$opt_n) { - report "Downloading $txt ..."; - - # If we have an HTTPS URL then use curl - if($url =~ /^https:\/\//i) { - if($curl) { - if($curl =~ /^Protocols:.* https( |$)/m) { - report "Get certdata with curl!"; - my $proto = !$opt_k ? "--proto =https" : ""; - my $quiet = $opt_q ? "-s" : ""; - my @out = `curl -w %{response_code} $proto $quiet -o "$txt" "$url"`; - if(@out && $out[0] == 200) { - $fetched = 1; - report "Downloaded $txt"; - } - else { - report "Failed downloading via HTTPS with curl"; - if(-e $txt && !unlink($txt)) { - report "Failed to remove '$txt': $!"; - } - } - } - else { - report "curl lacks https support"; - } - } - else { - report "curl not found"; - } - } - - # If nothing was fetched then use LWP - if(!$fetched) { - if($url =~ /^https:\/\//i) { - report "Falling back to HTTP"; - $url =~ s/^https:\/\//http:\/\//i; - } - if(!$opt_k) { - report "URLs other than HTTPS are disabled by default, to enable use -k"; - exit 1; - } - report "Get certdata with LWP!"; - if(!defined(${LWP::UserAgent::VERSION})) { - report "LWP is not available (LWP::UserAgent not found)"; - exit 1; - } - my $ua = new LWP::UserAgent(agent => "$0/$version"); - $ua->env_proxy(); - $resp = $ua->mirror($url, $txt); - if($resp && $resp->code eq '304') { - report "Not modified"; - exit 0 if -e $crt && !$opt_f; - } - else { - $fetched = 1; - report "Downloaded $txt"; - } - if(!$resp || $resp->code !~ /^(?:200|304)$/) { - report "Unable to download latest data: " - . ($resp? $resp->code . ' - ' . $resp->message : "LWP failed"); - exit 1 if -e $crt || ! -r $txt; - } - } -} - -my $filedate = $resp ? $resp->last_modified : (stat($txt))[9]; -my $datesrc = "as of"; -if(!$filedate) { - # mxr.mozilla.org gave us a time, hg.mozilla.org does not! - $filedate = time(); - $datesrc="downloaded on"; -} - -# get the hash from the download file -my $newhash= sha256($txt); - -if(!$opt_f && $oldhash eq $newhash) { - report "Downloaded file identical to previous run\'s source file. Exiting"; - exit; -} - -report "SHA256 of new file: $newhash"; - -my $currentdate = scalar gmtime($filedate); - -my $format = $opt_t ? "plain text and " : ""; -if( $stdout ) { - open(CRT, '> -') or die "Couldn't open STDOUT: $!\n"; -} else { - open(CRT,">$crt.~") or die "Couldn't open $crt.~: $!\n"; -} -print CRT <) { - if (/\*\*\*\*\* BEGIN LICENSE BLOCK \*\*\*\*\*/) { - print CRT; - print if ($opt_l); - while () { - print CRT; - print if ($opt_l); - last if (/\*\*\*\*\* END LICENSE BLOCK \*\*\*\*\*/); - } - } - elsif(/^# (Issuer|Serial Number|Subject|Not Valid Before|Not Valid After |Fingerprint \(MD5\)|Fingerprint \(SHA1\)):/) { - push @precert, $_; - next; - } - elsif(/^#|^\s*$/) { - undef @precert; - next; - } - chomp; - - # this is a match for the start of a certificate - if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) { - $start_of_cert = 1 - } - if ($start_of_cert && /^CKA_LABEL UTF8 \"(.*)\"/) { - $caname = $1; - } - my %trust_purposes_by_level; - if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) { - my $data; - while () { - last if (/^END/); - chomp; - my @octets = split(/\\/); - shift @octets; - for (@octets) { - $data .= chr(oct); - } - } - # scan forwards until the trust part - while () { - last if (/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/); - chomp; - } - # now scan the trust part to determine how we should trust this cert - while () { - last if (/^#/); - if (/^CKA_TRUST_([A-Z_]+)\s+CK_TRUST\s+CKT_NSS_([A-Z_]+)\s*$/) { - if ( !is_in_list($1,@valid_mozilla_trust_purposes) ) { - report "Warning: Unrecognized trust purpose for cert: $caname. Trust purpose: $1. Trust Level: $2"; - } elsif ( !is_in_list($2,@valid_mozilla_trust_levels) ) { - report "Warning: Unrecognized trust level for cert: $caname. Trust purpose: $1. Trust Level: $2"; - } else { - push @{$trust_purposes_by_level{$2}}, $1; - } - } - } - - if ( !should_output_cert(%trust_purposes_by_level) ) { - $skipnum ++; - } else { - my $encoded = MIME::Base64::encode_base64($data, ''); - $encoded =~ s/(.{1,${opt_w}})/$1\n/g; - my $pem = "-----BEGIN CERTIFICATE-----\n" - . $encoded - . "-----END CERTIFICATE-----\n"; - print CRT "\n$caname\n"; - print CRT @precert if($opt_m); - my $maxStringLength = length(decode('UTF-8', $caname, Encode::FB_CROAK)); - if ($opt_t) { - foreach my $key (keys %trust_purposes_by_level) { - my $string = $key . ": " . join(", ", @{$trust_purposes_by_level{$key}}); - $maxStringLength = List::Util::max( length($string), $maxStringLength ); - print CRT $string . "\n"; - } - } - print CRT ("=" x $maxStringLength . "\n"); - if (!$opt_t) { - print CRT $pem; - } else { - my $pipe = ""; - foreach my $hash (@included_signature_algorithms) { - $pipe = "|$openssl x509 -" . $hash . " -fingerprint -noout -inform PEM"; - if (!$stdout) { - $pipe .= " >> $crt.~"; - close(CRT) or die "Couldn't close $crt.~: $!"; - } - open(TMP, $pipe) or die "Couldn't open openssl pipe: $!"; - print TMP $pem; - close(TMP) or die "Couldn't close openssl pipe: $!"; - if (!$stdout) { - open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!"; - } - } - $pipe = "|$openssl x509 -text -inform PEM"; - if (!$stdout) { - $pipe .= " >> $crt.~"; - close(CRT) or die "Couldn't close $crt.~: $!"; - } - open(TMP, $pipe) or die "Couldn't open openssl pipe: $!"; - print TMP $pem; - close(TMP) or die "Couldn't close openssl pipe: $!"; - if (!$stdout) { - open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!"; - } - } - report "Parsing: $caname" if ($opt_v); - $certnum ++; - $start_of_cert = 0; - } - undef @precert; - } - -} -close(TXT) or die "Couldn't close $txt: $!\n"; -close(CRT) or die "Couldn't close $crt.~: $!\n"; -unless( $stdout ) { - if ($opt_b && -e $crt) { - my $bk = 1; - while (-e "$crt.~${bk}~") { - $bk++; - } - rename $crt, "$crt.~${bk}~" or die "Failed to create backup $crt.~$bk}~: $!\n"; - } elsif( -e $crt ) { - unlink( $crt ) or die "Failed to remove $crt: $!\n"; - } - rename "$crt.~", $crt or die "Failed to rename $crt.~ to $crt: $!\n"; -} -if($opt_u && -e $txt && !unlink($txt)) { - report "Failed to remove $txt: $!\n"; -} -report "Done ($certnum CA certs processed, $skipnum skipped)."; Index: scriptlibs/softwareupdate/pkgIndex.tcl ================================================================== --- scriptlibs/softwareupdate/pkgIndex.tcl +++ scriptlibs/softwareupdate/pkgIndex.tcl @@ -6,6 +6,6 @@ # information so that packages will be loaded automatically # in response to "package require" commands. When this # script is sourced, the variable $dir must contain the # full path name of this file's directory. -package ifneeded softwareupdate 1.6 [list source [file join $dir softwareupdate.tcl]] +package ifneeded softwareupdate 1.5 [list source [file join $dir softwareupdate.tcl]] Index: scriptlibs/softwareupdate/softwareupdate.tcl ================================================================== --- scriptlibs/softwareupdate/softwareupdate.tcl +++ scriptlibs/softwareupdate/softwareupdate.tcl @@ -2,12 +2,16 @@ # Copyright (C) 2014 WordTech Communications LLC #MIT license +package provide softwareupdate 1.5 +package require http +package require tls -package provide softwareupdate 1.6 +::http::register https 443 [list ::tls::socket -servername codebykevin.com -request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 1] + namespace eval softwareupdate { if {![info exists library]} { variable library [file dirname [info script]] } @@ -16,21 +20,18 @@ variable icon variable appname variable tmpdir variable currentinstall variable versionnumber - variable getupdate switch [tk windowingsystem] { "aqua" { set tmpdir $::env(TMPDIR) - set getupdate /usr/bin/curl } "win32" { set tmpdir $::env(TMP) - set getupdate [file join [file dirname [info script]] curl bin curl.exe] } "x11" { set tmpdir $::env(TMP) } @@ -57,27 +58,26 @@ proc checkVersion {app version} { variable appversion variable appname variable currentversion variable versionnumber - variable getupdate set appname $app softwareupdate::checkingForUpdates set versionurl https://www.codebykevin.com/$appname-version.tcl - + http::config -useragent "$appname Update Check" - if [catch {exec $getupdate $versionurl} msg] { + if [catch {http::geturl $versionurl} msg] { puts "error: $msg" tk_messageBox -icon warning -title "Unable to Connect to Server" -message "Unable to Connect to Server" -detail "Unable to connect to www.codebykevin.com to check for updates. Please make sure you are connected to the Internet." -parent . catch {destroy .updateprogress} return } - set versionnumber [string trim exec $getupdate $versionurl] + set versionnumber [string trim [http::data [http::geturl $versionurl]]] if [expr $currentversion < $versionnumber] { softwareupdate::updatePitch } else { softwareupdate::upToDate } @@ -125,29 +125,28 @@ variable appname variable icon variable changedata variable currentversion variable versionnumber - variable getupdate catch {destroy .updateprogress} catch {destroy .update} variable appname set changeurl https://www.codebykevin.com/$appname-changes.tcl - if [catch {exec $getupdate $changeurl} msg] { + if [catch {http::geturl $changeurl} msg] { puts "error: $msg" tk_messageBox -icon warning -title "Unable to Connect to Server" -message "Unable to Connect to Server" -detail "Unable to connect to www.codebykevin.com to check for updates. Please make sure you are connected to the Internet." -parent . catch {destroy .updateprogress} return } - set changelist [exec $getupdate $changeurl] + set changelist [http::data [http::geturl $changeurl]] set updateanswer [tk_messageBox -title "Update" -icon info -message "Update Available" -detail "A new version ($softwareupdate::versionnumber) of $appname is available.\n\nThis new version features the following updates and changes:\n\n$changelist\n\nWould you like to install it? " -type yesno -parent .] switch -- $updateanswer { yes { softwareupdate::installUpdate @@ -264,12 +263,11 @@ proc installUpdate {} { variable currentinstall variable status variable appname variable tmpdir - variable getupdate - + catch {destroy .update} softwareupdate::findCurrentInstallation softwareupdate::progressDialog @@ -276,11 +274,11 @@ set status "Downloading update for $appname" switch [tk windowingsystem] { "aqua" { - exec $getupdate https://www.codebykevin.com/updates/[list $appname].dmg > $tmpdir/[list $appname].dmg + http::geturl https://www.codebykevin.com/updates/[list $appname].dmg -channel [open $tmpdir/[list $appname].dmg w] update after 1000 cd $tmpdir set status "Attaching [list $appname].dmg" update @@ -287,11 +285,11 @@ exec hdiutil attach [list $appname].dmg } "win32" { - exec $getupdate https://www.codebykevin.com/updates/[list $appname]_Setup.exe > $tmpdir/[list $appname]_Setup.exe + http::geturl https://www.codebykevin.com/updates/[list $appname]_Setup.exe -channel [open $tmpdir/[list $appname]_Setup.exe w] } "x11" { tk_messageBox -icon info -parent . -message "Please ask the maintainer of $appname on your platform to prepare a release of the latest version." ADDED winlibs/tls/pkgIndex.tcl Index: winlibs/tls/pkgIndex.tcl ================================================================== --- winlibs/tls/pkgIndex.tcl +++ winlibs/tls/pkgIndex.tcl @@ -0,0 +1,7 @@ +if { $::tcl_platform(platform) ne "windows" } { + return; + } + +package ifneeded tls 1.6.3 \ + "[list source [file join $dir tls.tcl]] ; \ + [list tls::initlib $dir tls163.dll]" ADDED winlibs/tls/tls.tcl Index: winlibs/tls/tls.tcl ================================================================== --- winlibs/tls/tls.tcl +++ winlibs/tls/tls.tcl @@ -0,0 +1,272 @@ +# +# Copyright (C) 1997-2000 Matt Newman +# +# $Header: /cvsroot/tls/tls/tls.tcl,v 1.12 2010/07/27 17:15:47 hobbs2 Exp $ +# +namespace eval tls { + variable logcmd tclLog + variable debug 0 + + # Default flags passed to tls::import + variable defaults {} + + # Maps UID to Server Socket + variable srvmap + variable srvuid 0 + + # Over-ride this if you are using a different socket command + variable socketCmd + if {![info exists socketCmd]} { + set socketCmd [info command ::socket] + } +} + +proc tls::initlib {dir dll} { + # Package index cd's into the package directory for loading. + # Irrelevant to unixoids, but for Windows this enables the OS to find + # the dependent DLL's in the CWD, where they may be. + set cwd [pwd] + catch {cd $dir} + if {[string equal $::tcl_platform(platform) "windows"] && + ![string equal [lindex [file system $dir] 0] "native"]} { + # If it is a wrapped executable running on windows, the openssl + # dlls must be copied out of the virtual filesystem to the disk + # where Windows will find them when resolving the dependency in + # the tls dll. We choose to make them siblings of the executable. + package require starkit + set dst [file nativename [file dirname $starkit::topdir]] + foreach sdll [glob -nocomplain -directory $dir -tails *eay32.dll] { + catch {file delete -force $dst/$sdll} + catch {file copy -force $dir/$sdll $dst/$sdll} + } + } + # These lines added by Mike for Potato + set bits 64 + set files [glob -nocomplain -dir [pwd] -tails *_${bits}bit.dll] + if { [llength $files] } { + set dll [lindex $files 0] + } + # End addition by Mike for Potato + set res [catch {uplevel #0 [list load [file join [pwd] $dll]]} err] + catch {cd $cwd} + if {$res} { + namespace eval [namespace parent] {namespace delete tls} + return -code $res $err + } + rename tls::initlib {} +} + +# +# Backwards compatibility, also used to set the default +# context options +# +proc tls::init {args} { + variable defaults + + set defaults $args +} +# +# Helper function - behaves exactly as the native socket command. +# +proc tls::socket {args} { + variable socketCmd + variable defaults + set idx [lsearch $args -server] + if {$idx != -1} { + set server 1 + set callback [lindex $args [expr {$idx+1}]] + set args [lreplace $args $idx [expr {$idx+1}]] + + set usage "wrong # args: should be \"tls::socket -server command ?options? port\"" + set options "-cadir, -cafile, -certfile, -cipher, -command, -keyfile, -myaddr, -password, -request, -require, -ssl2, -ssl3, or -tls1" + } else { + set server 0 + + set usage "wrong # args: should be \"tls::socket ?options? host port\"" + set options "-async, -cadir, -cafile, -certfile, -cipher, -command, -keyfile, -myaddr, -myport, -password, -request, -require, -ssl2, -ssl3, or -tls1" + } + set argc [llength $args] + set sopts {} + set iopts [concat [list -server $server] $defaults] ;# Import options + + for {set idx 0} {$idx < $argc} {incr idx} { + set arg [lindex $args $idx] + switch -glob -- $server,$arg { + 0,-async {lappend sopts $arg} + 0,-myport - + *,-type - + *,-myaddr {lappend sopts $arg [lindex $args [incr idx]]} + *,-cadir - + *,-cafile - + *,-certfile - + *,-cipher - + *,-command - + *,-keyfile - + *,-password - + *,-request - + *,-require - + *,-ssl2 - + *,-ssl3 - + *,-tls1 {lappend iopts $arg [lindex $args [incr idx]]} + -* {return -code error "bad option \"$arg\": must be one of $options"} + default {break} + } + } + if {$server} { + if {($idx + 1) != $argc} { + return -code error $usage + } + set uid [incr ::tls::srvuid] + + set port [lindex $args [expr {$argc-1}]] + lappend sopts $port + #set sopts [linsert $sopts 0 -server $callback] + set sopts [linsert $sopts 0 -server [list tls::_accept $iopts $callback]] + #set sopts [linsert $sopts 0 -server [list tls::_accept $uid $callback]] + } else { + if {($idx + 2) != $argc} { + return -code error $usage + } + set host [lindex $args [expr {$argc-2}]] + set port [lindex $args [expr {$argc-1}]] + lappend sopts $host $port + } + # + # Create TCP/IP socket + # + set chan [eval $socketCmd $sopts] + if {!$server && [catch { + # + # Push SSL layer onto socket + # + eval [list tls::import] $chan $iopts + } err]} { + set info ${::errorInfo} + catch {close $chan} + return -code error -errorinfo $info $err + } + return $chan +} + +# tls::_accept -- +# +# This is the actual accept that TLS sockets use, which then calls +# the callback registered by tls::socket. +# +# Arguments: +# iopts tls::import opts +# callback server callback to invoke +# chan socket channel to accept/deny +# ipaddr calling IP address +# port calling port +# +# Results: +# Returns an error if the callback throws one. +# +proc tls::_accept { iopts callback chan ipaddr port } { + log 2 [list tls::_accept $iopts $callback $chan $ipaddr $port] + + set chan [eval [list tls::import $chan] $iopts] + + lappend callback $chan $ipaddr $port + if {[catch { + uplevel #0 $callback + } err]} { + log 1 "tls::_accept error: ${::errorInfo}" + close $chan + error $err $::errorInfo $::errorCode + } else { + log 2 "tls::_accept - called \"$callback\" succeeded" + } +} +# +# Sample callback for hooking: - +# +# error +# verify +# info +# +proc tls::callback {option args} { + variable debug + + #log 2 [concat $option $args] + + switch -- $option { + "error" { + foreach {chan msg} $args break + + log 0 "TLS/$chan: error: $msg" + } + "verify" { + # poor man's lassign + foreach {chan depth cert rc err} $args break + + array set c $cert + + if {$rc != "1"} { + log 1 "TLS/$chan: verify/$depth: Bad Cert: $err (rc = $rc)" + } else { + log 2 "TLS/$chan: verify/$depth: $c(subject)" + } + if {$debug > 0} { + return 1; # FORCE OK + } else { + return $rc + } + } + "info" { + # poor man's lassign + foreach {chan major minor state msg} $args break + + if {$msg != ""} { + append state ": $msg" + } + # For tracing + upvar #0 tls::$chan cb + set cb($major) $minor + + log 2 "TLS/$chan: $major/$minor: $state" + } + default { + return -code error "bad option \"$option\":\ + must be one of error, info, or verify" + } + } +} + +proc tls::xhandshake {chan} { + upvar #0 tls::$chan cb + + if {[info exists cb(handshake)] && \ + $cb(handshake) == "done"} { + return 1 + } + while {1} { + vwait tls::${chan}(handshake) + if {![info exists cb(handshake)]} { + return 0 + } + if {$cb(handshake) == "done"} { + return 1 + } + } +} + +proc tls::password {} { + log 0 "TLS/Password: did you forget to set your passwd!" + # Return the worlds best kept secret password. + return "secret" +} + +proc tls::log {level msg} { + variable debug + variable logcmd + + if {$level > $debug || $logcmd == ""} { + return + } + set cmd $logcmd + lappend cmd $msg + uplevel #0 $cmd +} + ADDED winlibs/tls/tls163_32bit.dll Index: winlibs/tls/tls163_32bit.dll ================================================================== --- winlibs/tls/tls163_32bit.dll +++ winlibs/tls/tls163_32bit.dll cannot compute difference between binary files ADDED winlibs/tls/tls163_64bit.dll Index: winlibs/tls/tls163_64bit.dll ================================================================== --- winlibs/tls/tls163_64bit.dll +++ winlibs/tls/tls163_64bit.dll cannot compute difference between binary files