AM_CPPFLAGS = @WFLAGS@
+pkgdata_DATA = certs/Amazon.com_InfoSec_CA_G3.pem \
+ certs/Amazon.com_Internal_Root_Certificate_Authority.pem \
+ certs/Amazon_Root_CA_1.pem \
+ certs/Amazon_Root_CA_2.pem \
+ certs/Amazon_Root_CA_3.pem \
+ certs/Amazon_Root_CA_4.pem \
+ certs/SFS_Root_CA_G2.pem
+
purple_plugin_LTLIBRARIES = libchimeprpl.la
PROTOBUF_SRCS = protobuf/auth_message.pb-c.c protobuf/auth_message.pb-c.h \
chime/chime-websocket.c
CHIME_SRCS = chime/chime-connection.c chime/chime-connection.h \
- chime/chime-connection-private.h \
+ chime/chime-connection-private.h chime/chime-certs.c \
chime/chime-contact.c chime/chime-contact.h \
chime/chime-room.c chime/chime-room.h \
chime/chime-conversation.c chime/chime-conversation.h \
noinst_LTLIBRARIES = libchime.la
libchime_la_SOURCES = $(CHIME_SRCS) $(WEBSOCKET_SRCS) $(PROTOBUF_SRCS)
-libchime_la_CFLAGS = $(SOUP_CFLAGS) $(JSON_CFLAGS) $(LIBXML_CFLAGS) $(PROTOBUF_CFLAGS) $(GSTREAMER_CFLAGS) $(GSTRTP_CFLAGS) $(GSTAPP_CFLAGS) $(GSTVIDEO_CFLAGS) $(GNUTLS_CFLAGS) -Ichime
+libchime_la_CFLAGS = $(SOUP_CFLAGS) $(JSON_CFLAGS) $(LIBXML_CFLAGS) $(PROTOBUF_CFLAGS) $(GSTREAMER_CFLAGS) $(GSTRTP_CFLAGS) $(GSTAPP_CFLAGS) $(GSTVIDEO_CFLAGS) $(GNUTLS_CFLAGS) -Ichime -DCHIME_DATADIR=\"$(pkgdatadir)\"
libchime_la_LIBADD = $(SOUP_LIBS) $(JSON_LIBS) $(LIBXML_LIBS) $(PROTOBUF_LIBS) $(GSTREAMER_LIBS) $(GSTRTP_LIBS) $(GSTAPP_LIBS) $(GSTVIDEO_LIBS) $(GNUTLS_LIBS)
libchime_la_LDFLAGS = -module -avoid-version -no-undefined
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 61:25:1e:80:00:00:00:00:00:1c
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN = Amazon.com Internal Root Certificate Authority
+ Validity
+ Not Before: Feb 13 22:14:35 2015 GMT
+ Not After : Feb 13 22:24:35 2020 GMT
+ Subject: DC = com, DC = amazon, DC = ant, CN = Amazon.com InfoSec CA G3
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:b7:77:6e:93:ed:33:75:89:99:5e:eb:81:d4:98:
+ d6:b4:59:ee:37:a7:7d:75:73:37:19:a5:a6:18:27:
+ 80:7e:2e:ae:f4:0d:73:d2:ba:a7:0c:98:f0:5e:40:
+ 08:18:c0:3d:f6:4c:cc:cc:50:ba:7c:ea:51:93:46:
+ ef:75:63:38:57:29:20:1e:68:54:6c:9e:cf:c9:14:
+ bd:12:d3:43:22:12:ea:2c:66:a0:eb:9c:46:91:43:
+ 03:2e:a9:10:61:f2:6a:83:f0:b9:f2:26:05:e2:cd:
+ 33:ea:be:97:4d:3b:c0:b9:cf:33:b8:c1:66:c7:12:
+ 69:0d:d6:6a:c3:76:ec:a5:d4:f3:67:bd:3e:f1:96:
+ 42:40:95:2f:54:bd:39:2a:b3:37:9f:d9:b0:35:ad:
+ 7e:f2:4d:77:53:b9:ba:64:d8:2f:c9:d2:20:a9:a0:
+ d4:fd:c0:ba:08:ab:ed:43:0d:2e:59:c4:68:45:26:
+ 47:82:51:c8:ab:88:0b:95:3e:89:33:8c:56:8b:f3:
+ a7:49:4c:5a:c2:11:34:b7:ef:89:b2:f3:76:c1:25:
+ 3e:a5:01:05:98:94:d7:ea:c3:37:e4:ea:c9:39:64:
+ f5:f8:5d:41:fa:4d:41:dc:68:ed:9d:12:f1:b1:30:
+ cc:e2:b3:97:79:e6:c2:52:f7:8c:c8:91:85:54:31:
+ 5a:d3
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ 1.3.6.1.4.1.311.21.1:
+ .....
+ 1.3.6.1.4.1.311.21.2:
+ ..@....T..1...>....KEH
+ X509v3 Subject Key Identifier:
+ 82:5A:69:A8:49:9D:64:CB:14:36:B3:61:5B:93:71:A7:F0:11:C8:0C
+ 1.3.6.1.4.1.311.20.2:
+ .
+.S.u.b.C.A
+ X509v3 Key Usage:
+ Digital Signature, Certificate Sign, CRL Sign
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Authority Key Identifier:
+ keyid:7F:8D:B1:4E:4C:A2:98:0A:DC:8B:27:BF:62:05:69:3C:25:12:B3:C2
+
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://pki.amazon.com/crl/Amazon.com%20Internal%20Root%20Certificate%20Authority.crl
+
+ Authority Information Access:
+ CA Issuers - URI:http://pki.amazon.com/crt/Amazon.com%20Internal%20Root%20Certificate%20Authority.crt
+
+ Signature Algorithm: sha256WithRSAEncryption
+ ce:a5:e5:7d:fa:e7:94:54:93:b8:c9:7b:98:8c:f3:af:83:28:
+ 7d:1e:4a:76:1e:5b:dc:b6:50:54:82:6d:c3:e7:3d:8a:c3:8f:
+ 7f:81:58:5d:7d:86:50:f3:af:c8:17:ba:46:b7:62:cb:84:cc:
+ 0a:f3:51:1a:ce:83:f8:7a:a8:88:4c:31:1f:4c:8c:d3:54:46:
+ ab:56:e6:c3:81:bf:98:9e:a1:6f:a5:cf:a8:6c:92:0d:79:8b:
+ 6c:b1:f7:c3:e2:41:4f:db:a2:2a:34:57:90:41:4d:82:16:30:
+ 79:31:46:f0:47:e2:cf:73:99:67:c1:f5:48:82:09:65:1b:86:
+ e2:42:c1:81:5f:7d:23:5d:a2:aa:71:74:a0:4a:e7:a2:ac:17:
+ 5b:e7:1e:02:54:16:35:8b:df:14:6e:db:ff:6a:f1:8b:c9:ee:
+ af:b4:44:7e:8e:90:36:25:ab:e7:b2:da:b4:4a:84:08:5a:87:
+ 4d:8e:35:04:a8:46:31:8f:af:01:d2:10:be:73:aa:65:68:24:
+ 26:58:ad:cb:39:64:20:17:ca:5a:29:7b:1e:d0:84:f3:04:52:
+ b2:a6:08:49:01:f3:49:ec:98:c9:1b:5b:26:5e:86:45:49:85:
+ 47:c0:8a:09:a9:3d:44:52:0d:8e:04:71:03:eb:43:4e:b7:37:
+ 8b:c3:f3:40
+-----BEGIN CERTIFICATE-----
+MIIEszCCA5ugAwIBAgIKYSUegAAAAAAAHDANBgkqhkiG9w0BAQsFADA5MTcwNQYD
+VQQDEy5BbWF6b24uY29tIEludGVybmFsIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5MB4XDTE1MDIxMzIyMTQzNVoXDTIwMDIxMzIyMjQzNVowZTETMBEGCgmSJomT
+8ixkARkWA2NvbTEWMBQGCgmSJomT8ixkARkWBmFtYXpvbjETMBEGCgmSJomT8ixk
+ARkWA2FudDEhMB8GA1UEAxMYQW1hem9uLmNvbSBJbmZvU2VjIENBIEczMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3duk+0zdYmZXuuB1JjWtFnuN6d9
+dXM3GaWmGCeAfi6u9A1z0rqnDJjwXkAIGMA99kzMzFC6fOpRk0bvdWM4VykgHmhU
+bJ7PyRS9EtNDIhLqLGag65xGkUMDLqkQYfJqg/C58iYF4s0z6r6XTTvAuc8zuMFm
+xxJpDdZqw3bspdTzZ70+8ZZCQJUvVL05KrM3n9mwNa1+8k13U7m6ZNgvydIgqaDU
+/cC6CKvtQw0uWcRoRSZHglHIq4gLlT6JM4xWi/OnSUxawhE0t++JsvN2wSU+pQEF
+mJTX6sM35OrJOWT1+F1B+k1B3GjtnRLxsTDM4rOXeebCUveMyJGFVDFa0wIDAQAB
+o4IBjzCCAYswEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUQJMa
+85RU9cQxCLoZPo3aih1LRUgwHQYDVR0OBBYEFIJaaahJnWTLFDazYVuTcafwEcgM
+MBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMB
+Af8EBTADAQH/MB8GA1UdIwQYMBaAFH+NsU5MopgK3Isnv2IFaTwlErPCMGUGA1Ud
+HwReMFwwWqBYoFaGVGh0dHA6Ly9wa2kuYW1hem9uLmNvbS9jcmwvQW1hem9uLmNv
+bSUyMEludGVybmFsJTIwUm9vdCUyMENlcnRpZmljYXRlJTIwQXV0aG9yaXR5LmNy
+bDBwBggrBgEFBQcBAQRkMGIwYAYIKwYBBQUHMAKGVGh0dHA6Ly9wa2kuYW1hem9u
+LmNvbS9jcnQvQW1hem9uLmNvbSUyMEludGVybmFsJTIwUm9vdCUyMENlcnRpZmlj
+YXRlJTIwQXV0aG9yaXR5LmNydDANBgkqhkiG9w0BAQsFAAOCAQEAzqXlffrnlFST
+uMl7mIzzr4MofR5Kdh5b3LZQVIJtw+c9isOPf4FYXX2GUPOvyBe6Rrdiy4TMCvNR
+Gs6D+HqoiEwxH0yM01RGq1bmw4G/mJ6hb6XPqGySDXmLbLH3w+JBT9uiKjRXkEFN
+ghYweTFG8Efiz3OZZ8H1SIIJZRuG4kLBgV99I12iqnF0oErnoqwXW+ceAlQWNYvf
+FG7b/2rxi8nur7REfo6QNiWr57LatEqECFqHTY41BKhGMY+vAdIQvnOqZWgkJlit
+yzlkIBfKWil7HtCE8wRSsqYISQHzSeyYyRtbJl6GRUmFR8CKCak9RFINjgRxA+tD
+Trc3i8PzQA==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 57:87:14:f0:8d:e1:d9:ab:4a:25:7a:e5:d7:ae:fe:21
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: CN = Amazon.com Internal Root Certificate Authority
+ Validity
+ Not Before: Aug 30 18:02:25 2007 GMT
+ Not After : Aug 30 18:10:59 2027 GMT
+ Subject: CN = Amazon.com Internal Root Certificate Authority
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ee:81:87:46:9c:36:a3:16:05:1b:7e:be:9e:93:
+ 70:0f:9d:28:b2:ea:71:d4:59:41:1b:bf:12:8f:15:
+ ce:1e:89:66:96:70:60:60:7b:82:53:89:a9:b1:56:
+ 66:6e:df:21:61:f3:a9:25:14:66:01:c6:2c:70:27:
+ 7d:b3:a0:3e:7a:35:f5:a5:b9:b8:6f:d9:f7:8c:40:
+ 5c:71:28:a3:a2:2b:77:59:48:80:cb:6c:6a:82:32:
+ f2:0b:0d:6f:e1:60:72:c6:2f:af:eb:14:31:4f:61:
+ b4:9b:b3:b9:89:2f:11:41:99:67:72:08:5b:df:a4:
+ 31:44:30:37:0f:54:e1:4d:c3:81:04:40:be:d3:82:
+ 63:e7:e6:5a:16:be:d8:24:48:0b:9e:e4:42:20:a4:
+ 47:0a:c3:2f:3a:ca:5a:6f:ce:af:ce:8f:f1:84:5a:
+ a0:fc:b1:70:14:9e:15:8b:81:29:ba:af:58:ec:00:
+ a9:64:d6:d9:9a:2a:c6:96:06:33:02:e1:f8:92:83:
+ c6:6a:d4:92:3f:09:0f:85:72:46:79:9c:79:22:08:
+ 1c:ed:cd:61:18:a7:59:bb:b8:14:01:05:c6:7f:fa:
+ 5d:aa:77:3f:77:bb:fe:df:0f:19:b2:20:22:04:e1:
+ e9:c6:af:9c:53:59:2b:fd:30:33:70:41:07:7d:60:
+ b8:7d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage:
+ Digital Signature, Certificate Sign, CRL Sign
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ 7F:8D:B1:4E:4C:A2:98:0A:DC:8B:27:BF:62:05:69:3C:25:12:B3:C2
+ 1.3.6.1.4.1.311.21.1:
+ ...
+ X509v3 Certificate Policies:
+ Policy: 1.3.6.1.4.1.4843.200.1.1.1
+ User Notice:
+ Explicit Text:
+ CPS: http://pki.amazon.com/cps/
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 74:01:6e:9e:3d:96:90:f3:79:9c:13:d1:2d:76:e7:35:69:2a:
+ 78:9e:f2:d4:a0:9d:8d:00:8d:6f:e1:40:c1:dc:0d:22:06:08:
+ 0d:a3:d5:df:12:c7:e2:9f:fb:49:a1:79:16:b8:7c:6d:07:9b:
+ 9c:64:d0:16:dd:99:5e:b5:74:1f:5b:70:c0:6d:65:6b:e6:40:
+ 19:4e:fe:21:fe:ef:fd:3a:a0:15:64:23:ae:c5:83:14:66:a7:
+ f0:26:23:f2:6e:6e:31:8f:d7:67:96:5e:85:f6:61:7b:52:be:
+ 48:ec:3f:8f:5f:e3:26:b8:93:6c:13:36:b7:32:a7:09:6b:17:
+ 1e:7e:b2:39:d1:74:e7:f6:e0:8c:83:1a:3a:ff:1e:7a:2e:a5:
+ 83:e3:a0:31:ad:80:5e:e1:88:c5:f0:54:3d:54:14:73:e1:2d:
+ 5c:4b:42:88:ee:60:38:d2:2e:5d:c8:e7:36:9e:69:c4:4f:a7:
+ be:88:84:0f:18:7c:d0:89:3b:9e:ad:e0:91:84:6c:9b:2e:42:
+ a2:df:20:a1:7b:85:30:e8:aa:90:e2:a4:95:54:06:1f:d6:72:
+ 63:ac:36:24:dd:15:07:1c:5f:79:25:c5:82:1f:24:e1:e2:c6:
+ 9f:4c:77:13:11:33:56:c7:c1:7d:31:65:a5:17:de:a0:67:80:
+ 7c:fc:e4:65
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIQV4cU8I3h2atKJXrl167+ITANBgkqhkiG9w0BAQUFADA5
+MTcwNQYDVQQDEy5BbWF6b24uY29tIEludGVybmFsIFJvb3QgQ2VydGlmaWNhdGUg
+QXV0aG9yaXR5MB4XDTA3MDgzMDE4MDIyNVoXDTI3MDgzMDE4MTA1OVowOTE3MDUG
+A1UEAxMuQW1hem9uLmNvbSBJbnRlcm5hbCBSb290IENlcnRpZmljYXRlIEF1dGhv
+cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO6Bh0acNqMWBRt+
+vp6TcA+dKLLqcdRZQRu/Eo8Vzh6JZpZwYGB7glOJqbFWZm7fIWHzqSUUZgHGLHAn
+fbOgPno19aW5uG/Z94xAXHEoo6Ird1lIgMtsaoIy8gsNb+FgcsYvr+sUMU9htJuz
+uYkvEUGZZ3IIW9+kMUQwNw9U4U3DgQRAvtOCY+fmWha+2CRIC57kQiCkRwrDLzrK
+Wm/Or86P8YRaoPyxcBSeFYuBKbqvWOwAqWTW2ZoqxpYGMwLh+JKDxmrUkj8JD4Vy
+RnmceSIIHO3NYRinWbu4FAEFxn/6Xap3P3e7/t8PGbIgIgTh6cavnFNZK/0wM3BB
+B31guH0CAwEAAaOCAREwggENMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/
+MB0GA1UdDgQWBBR/jbFOTKKYCtyLJ79iBWk8JRKzwjAQBgkrBgEEAYI3FQEEAwIB
+ADCBuwYDVR0gBIGzMIGwMIGtBgwrBgEEAaVrgUgBAQEwgZwwcgYIKwYBBQUHAgIw
+Zh5kAEEAbQBhAHoAbwBuAC4AYwBvAG0AIABJAG4AdABlAHIAbgBhAGwAIABDAGUA
+cgB0AGkAZgBpAGMAYQB0AGUAIABQAHIAYQBjAHQAaQBjAGUAIABTAHQAYQB0AGUA
+bQBlAG4AdDAmBggrBgEFBQcCARYaaHR0cDovL3BraS5hbWF6b24uY29tL2Nwcy8w
+DQYJKoZIhvcNAQEFBQADggEBAHQBbp49lpDzeZwT0S125zVpKnie8tSgnY0AjW/h
+QMHcDSIGCA2j1d8Sx+Kf+0mheRa4fG0Hm5xk0BbdmV61dB9bcMBtZWvmQBlO/iH+
+7/06oBVkI67FgxRmp/AmI/JubjGP12eWXoX2YXtSvkjsP49f4ya4k2wTNrcypwlr
+Fx5+sjnRdOf24IyDGjr/HnoupYPjoDGtgF7hiMXwVD1UFHPhLVxLQojuYDjSLl3I
+5zaeacRPp76IhA8YfNCJO56t4JGEbJsuQqLfIKF7hTDoqpDipJVUBh/WcmOsNiTd
+FQccX3klxYIfJOHixp9MdxMRM1bHwX0xZaUX3qBngHz85GU=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C = US, O = Amazon, CN = Amazon Root CA 1
+ Validity
+ Not Before: May 26 00:00:00 2015 GMT
+ Not After : Jan 17 00:00:00 2038 GMT
+ Subject: C = US, O = Amazon, CN = Amazon Root CA 1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:b2:78:80:71:ca:78:d5:e3:71:af:47:80:50:74:
+ 7d:6e:d8:d7:88:76:f4:99:68:f7:58:21:60:f9:74:
+ 84:01:2f:ac:02:2d:86:d3:a0:43:7a:4e:b2:a4:d0:
+ 36:ba:01:be:8d:db:48:c8:07:17:36:4c:f4:ee:88:
+ 23:c7:3e:eb:37:f5:b5:19:f8:49:68:b0:de:d7:b9:
+ 76:38:1d:61:9e:a4:fe:82:36:a5:e5:4a:56:e4:45:
+ e1:f9:fd:b4:16:fa:74:da:9c:9b:35:39:2f:fa:b0:
+ 20:50:06:6c:7a:d0:80:b2:a6:f9:af:ec:47:19:8f:
+ 50:38:07:dc:a2:87:39:58:f8:ba:d5:a9:f9:48:67:
+ 30:96:ee:94:78:5e:6f:89:a3:51:c0:30:86:66:a1:
+ 45:66:ba:54:eb:a3:c3:91:f9:48:dc:ff:d1:e8:30:
+ 2d:7d:2d:74:70:35:d7:88:24:f7:9e:c4:59:6e:bb:
+ 73:87:17:f2:32:46:28:b8:43:fa:b7:1d:aa:ca:b4:
+ f2:9f:24:0e:2d:4b:f7:71:5c:5e:69:ff:ea:95:02:
+ cb:38:8a:ae:50:38:6f:db:fb:2d:62:1b:c5:c7:1e:
+ 54:e1:77:e0:67:c8:0f:9c:87:23:d6:3f:40:20:7f:
+ 20:80:c4:80:4c:3e:3b:24:26:8e:04:ae:6c:9a:c8:
+ aa:0d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Digital Signature, Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ 84:18:CC:85:34:EC:BC:0C:94:94:2E:08:59:9C:C7:B2:10:4E:0A:08
+ Signature Algorithm: sha256WithRSAEncryption
+ 98:f2:37:5a:41:90:a1:1a:c5:76:51:28:20:36:23:0e:ae:e6:
+ 28:bb:aa:f8:94:ae:48:a4:30:7f:1b:fc:24:8d:4b:b4:c8:a1:
+ 97:f6:b6:f1:7a:70:c8:53:93:cc:08:28:e3:98:25:cf:23:a4:
+ f9:de:21:d3:7c:85:09:ad:4e:9a:75:3a:c2:0b:6a:89:78:76:
+ 44:47:18:65:6c:8d:41:8e:3b:7f:9a:cb:f4:b5:a7:50:d7:05:
+ 2c:37:e8:03:4b:ad:e9:61:a0:02:6e:f5:f2:f0:c5:b2:ed:5b:
+ b7:dc:fa:94:5c:77:9e:13:a5:7f:52:ad:95:f2:f8:93:3b:de:
+ 8b:5c:5b:ca:5a:52:5b:60:af:14:f7:4b:ef:a3:fb:9f:40:95:
+ 6d:31:54:fc:42:d3:c7:46:1f:23:ad:d9:0f:48:70:9a:d9:75:
+ 78:71:d1:72:43:34:75:6e:57:59:c2:02:5c:26:60:29:cf:23:
+ 19:16:8e:88:43:a5:d4:e4:cb:08:fb:23:11:43:e8:43:29:72:
+ 62:a1:a9:5d:5e:08:d4:90:ae:b8:d8:ce:14:c2:d0:55:f2:86:
+ f6:c4:93:43:77:66:61:c0:b9:e8:41:d7:97:78:60:03:6e:4a:
+ 72:ae:a5:d1:7d:ba:10:9e:86:6c:1b:8a:b9:59:33:f8:eb:c4:
+ 90:be:f1:b9
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
+ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
+b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
+MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
+b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
+ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
+9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
+IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
+VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
+93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
+jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
+A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
+U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
+N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
+o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
+5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
+rqXRfboQnoZsG4q5WTP468SQvvG5
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37
+ Signature Algorithm: sha384WithRSAEncryption
+ Issuer: C = US, O = Amazon, CN = Amazon Root CA 2
+ Validity
+ Not Before: May 26 00:00:00 2015 GMT
+ Not After : May 26 00:00:00 2040 GMT
+ Subject: C = US, O = Amazon, CN = Amazon Root CA 2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:ad:96:9f:2d:9c:4a:4c:4a:81:79:51:99:ec:8a:
+ cb:6b:60:51:13:bc:4d:6d:06:fc:b0:08:8d:dd:19:
+ 10:6a:c7:26:0c:35:d8:c0:6f:20:84:e9:94:b1:9b:
+ 85:03:c3:5b:db:4a:e8:c8:f8:90:76:d9:5b:4f:e3:
+ 4c:e8:06:36:4d:cc:9a:ac:3d:0c:90:2b:92:d4:06:
+ 19:60:ac:37:44:79:85:81:82:ad:5a:37:e0:0d:cc:
+ 9d:a6:4c:52:76:ea:43:9d:b7:04:d1:50:f6:55:e0:
+ d5:d2:a6:49:85:e9:37:e9:ca:7e:ae:5c:95:4d:48:
+ 9a:3f:ae:20:5a:6d:88:95:d9:34:b8:52:1a:43:90:
+ b0:bf:6c:05:b9:b6:78:b7:ea:d0:e4:3a:3c:12:53:
+ 62:ff:4a:f2:7b:be:35:05:a9:12:34:e3:f3:64:74:
+ 62:2c:3d:00:49:5a:28:fe:32:44:bb:87:dd:65:27:
+ 02:71:3b:da:4a:f7:1f:da:cd:f7:21:55:90:4f:0f:
+ ec:ae:82:e1:9f:6b:d9:45:d3:bb:f0:5f:87:ed:3c:
+ 2c:39:86:da:3f:de:ec:72:55:eb:79:a3:ad:db:dd:
+ 7c:b0:ba:1c:ce:fc:de:4f:35:76:cf:0f:f8:78:1f:
+ 6a:36:51:46:27:61:5b:e9:9e:cf:f0:a2:55:7d:7c:
+ 25:8a:6f:2f:b4:c5:cf:84:2e:2b:fd:0d:51:10:6c:
+ fb:5f:1b:bc:1b:7e:c5:ae:3b:98:01:31:92:ff:0b:
+ 57:f4:9a:b2:b9:57:e9:ab:ef:0d:76:d1:f0:ee:f4:
+ ce:86:a7:e0:6e:e9:b4:69:a1:df:69:f6:33:c6:69:
+ 2e:97:13:9e:a5:87:b0:57:10:81:37:c9:53:b3:bb:
+ 7f:f6:92:d1:9c:d0:18:f4:92:6e:da:83:4f:a6:63:
+ 99:4c:a5:fb:5e:ef:21:64:7a:20:5f:6c:64:85:15:
+ cb:37:e9:62:0c:0b:2a:16:dc:01:2e:32:da:3e:4b:
+ f5:9e:3a:f6:17:40:94:ef:9e:91:08:86:fa:be:63:
+ a8:5a:33:ec:cb:74:43:95:f9:6c:69:52:36:c7:29:
+ 6f:fc:55:03:5c:1f:fb:9f:bd:47:eb:e7:49:47:95:
+ 0b:4e:89:22:09:49:e0:f5:61:1e:f1:bf:2e:8a:72:
+ 6e:80:59:ff:57:3a:f9:75:32:a3:4e:5f:ec:ed:28:
+ 62:d9:4d:73:f2:cc:81:17:60:ed:cd:eb:dc:db:a7:
+ ca:c5:7e:02:bd:f2:54:08:54:fd:b4:2d:09:2c:17:
+ 54:4a:98:d1:54:e1:51:67:08:d2:ed:6e:7e:6f:3f:
+ d2:2d:81:59:29:66:cb:90:39:95:11:1e:74:27:fe:
+ dd:eb:af
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Digital Signature, Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ B0:0C:F0:4C:30:F4:05:58:02:48:FD:33:E5:52:AF:4B:84:E3:66:52
+ Signature Algorithm: sha384WithRSAEncryption
+ aa:a8:80:8f:0e:78:a3:e0:a2:d4:cd:e6:f5:98:7a:3b:ea:00:
+ 03:b0:97:0e:93:bc:5a:a8:f6:2c:8c:72:87:a9:b1:fc:7f:73:
+ fd:63:71:78:a5:87:59:cf:30:e1:0d:10:b2:13:5a:6d:82:f5:
+ 6a:e6:80:9f:a0:05:0b:68:e4:47:6b:c7:6a:df:b6:fd:77:32:
+ 72:e5:18:fa:09:f4:a0:93:2c:5d:d2:8c:75:85:76:65:90:0c:
+ 03:79:b7:31:23:63:ad:78:83:09:86:68:84:ca:ff:f9:cf:26:
+ 9a:92:79:e7:cd:4b:c5:e7:61:a7:17:cb:f3:a9:12:93:93:6b:
+ a7:e8:2f:53:92:c4:60:58:b0:cc:02:51:18:5b:85:8d:62:59:
+ 63:b6:ad:b4:de:9a:fb:26:f7:00:27:c0:5d:55:37:74:99:c9:
+ 50:7f:e3:59:2e:44:e3:2c:25:ee:ec:4c:32:77:b4:9f:1a:e9:
+ 4b:5d:20:c5:da:fd:1c:87:16:c6:43:e8:d4:bb:26:9a:45:70:
+ 5e:a9:0b:37:53:e2:46:7b:27:fd:e0:46:f2:89:b7:cc:42:b6:
+ cb:28:26:6e:d9:a5:c9:3a:c8:41:13:60:f7:50:8c:15:ae:b2:
+ 6d:1a:15:1a:57:78:e6:92:2a:d9:65:90:82:3f:6c:02:af:ae:
+ 12:3a:27:96:36:04:d7:1d:a2:80:63:a9:9b:f1:e5:ba:b4:7c:
+ 14:b0:4e:c9:b1:1f:74:5f:38:f6:51:ea:9b:fa:2c:a2:11:d4:
+ a9:2d:27:1a:45:b1:af:b2:4e:71:0d:c0:58:46:d6:69:06:cb:
+ 53:cb:b3:fe:6b:41:cd:41:7e:7d:4c:0f:7c:72:79:7a:59:cd:
+ 5e:4a:0e:ac:9b:a9:98:73:79:7c:b4:f4:cc:b9:b8:07:0c:b2:
+ 74:5c:b8:c7:6f:88:a1:90:a7:f4:aa:f9:bf:67:3a:f4:1a:15:
+ 62:1e:b7:9f:be:3d:b1:29:af:67:a1:12:f2:58:10:19:53:03:
+ 30:1b:b8:1a:89:f6:9c:bd:97:03:8e:a3:09:f3:1d:8b:21:f1:
+ b4:df:e4:1c:d1:9f:65:02:06:ea:5c:d6:13:b3:84:ef:a2:a5:
+ 5c:8c:77:29:a7:68:c0:6b:ae:40:d2:a8:b4:ea:cd:f0:8d:4b:
+ 38:9c:19:9a:1b:28:54:b8:89:90:ef:ca:75:81:3e:1e:f2:64:
+ 24:c7:18:af:4e:ff:47:9e:07:f6:35:65:a4:d3:0a:56:ff:f5:
+ 17:64:6c:ef:a8:22:25:49:93:b6:df:00:17:da:58:7e:5d:ee:
+ c5:1b:b0:d1:d1:5f:21:10:c7:f9:f3:ba:02:0a:27:07:c5:f1:
+ d6:c7:d3:e0:fb:09:60:6c
+-----BEGIN CERTIFICATE-----
+MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF
+ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
+b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL
+MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
+b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK
+gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ
+W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg
+1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K
+8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r
+2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me
+z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR
+8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj
+mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz
+7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6
++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI
+0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm
+UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2
+LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY
++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS
+k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl
+7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm
+btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl
+urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+
+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63
+n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE
+76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H
+9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT
+4PsJYGw=
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: C = US, O = Amazon, CN = Amazon Root CA 3
+ Validity
+ Not Before: May 26 00:00:00 2015 GMT
+ Not After : May 26 00:00:00 2040 GMT
+ Subject: C = US, O = Amazon, CN = Amazon Root CA 3
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:29:97:a7:c6:41:7f:c0:0d:9b:e8:01:1b:56:c6:
+ f2:52:a5:ba:2d:b2:12:e8:d2:2e:d7:fa:c9:c5:d8:
+ aa:6d:1f:73:81:3b:3b:98:6b:39:7c:33:a5:c5:4e:
+ 86:8e:80:17:68:62:45:57:7d:44:58:1d:b3:37:e5:
+ 67:08:eb:66:de
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Digital Signature, Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ AB:B6:DB:D7:06:9E:37:AC:30:86:07:91:70:C7:9C:C4:19:B1:78:C0
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:46:02:21:00:e0:85:92:a3:17:b7:8d:f9:2b:06:a5:93:ac:
+ 1a:98:68:61:72:fa:e1:a1:d0:fb:1c:78:60:a6:43:99:c5:b8:
+ c4:02:21:00:9c:02:ef:f1:94:9c:b3:96:f9:eb:c6:2a:f8:b6:
+ 2c:fe:3a:90:14:16:d7:8c:63:24:48:1c:df:30:7d:d5:68:3b
+-----BEGIN CERTIFICATE-----
+MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5
+MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g
+Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG
+A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg
+Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl
+ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr
+ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr
+BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM
+YyRIHN8wfdVoOw==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e
+ Signature Algorithm: ecdsa-with-SHA384
+ Issuer: C = US, O = Amazon, CN = Amazon Root CA 4
+ Validity
+ Not Before: May 26 00:00:00 2015 GMT
+ Not After : May 26 00:00:00 2040 GMT
+ Subject: C = US, O = Amazon, CN = Amazon Root CA 4
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:d2:ab:8a:37:4f:a3:53:0d:fe:c1:8a:7b:4b:a8:
+ 7b:46:4b:63:b0:62:f6:2d:1b:db:08:71:21:d2:00:
+ e8:63:bd:9a:27:fb:f0:39:6e:5d:ea:3d:a5:c9:81:
+ aa:a3:5b:20:98:45:5d:16:db:fd:e8:10:6d:e3:9c:
+ e0:e3:bd:5f:84:62:f3:70:64:33:a0:cb:24:2f:70:
+ ba:88:a1:2a:a0:75:f8:81:ae:62:06:c4:81:db:39:
+ 6e:29:b0:1e:fa:2e:5c
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Digital Signature, Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ D3:EC:C7:3A:65:6E:CC:E1:DA:76:9A:56:FB:9C:F3:86:6D:57:E5:81
+ Signature Algorithm: ecdsa-with-SHA384
+ 30:65:02:30:3a:8b:21:f1:bd:7e:11:ad:d0:ef:58:96:2f:d6:
+ eb:9d:7e:90:8d:2b:cf:66:55:c3:2c:e3:28:a9:70:0a:47:0e:
+ f0:37:59:12:ff:2d:99:94:28:4e:2a:4f:35:4d:33:5a:02:31:
+ 00:ea:75:00:4e:3b:c4:3a:94:12:91:c9:58:46:9d:21:13:72:
+ a7:88:9c:8a:e4:4c:4a:db:96:d4:ac:8b:6b:6b:49:12:53:33:
+ ad:d7:e4:be:24:fc:b5:0a:76:d4:a5:bc:10
+-----BEGIN CERTIFICATE-----
+MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5
+MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g
+Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG
+A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg
+Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi
+9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk
+M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB
+MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw
+CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW
+1KyLa2tJElMzrdfkviT8tQp21KW8EA==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
+ Validity
+ Not Before: Sep 1 00:00:00 2009 GMT
+ Not After : Dec 31 23:59:59 2037 GMT
+ Subject: C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:d5:0c:3a:c4:2a:f9:4e:e2:f5:be:19:97:5f:8e:
+ 88:53:b1:1f:3f:cb:cf:9f:20:13:6d:29:3a:c8:0f:
+ 7d:3c:f7:6b:76:38:63:d9:36:60:a8:9b:5e:5c:00:
+ 80:b2:2f:59:7f:f6:87:f9:25:43:86:e7:69:1b:52:
+ 9a:90:e1:71:e3:d8:2d:0d:4e:6f:f6:c8:49:d9:b6:
+ f3:1a:56:ae:2b:b6:74:14:eb:cf:fb:26:e3:1a:ba:
+ 1d:96:2e:6a:3b:58:94:89:47:56:ff:25:a0:93:70:
+ 53:83:da:84:74:14:c3:67:9e:04:68:3a:df:8e:40:
+ 5a:1d:4a:4e:cf:43:91:3b:e7:56:d6:00:70:cb:52:
+ ee:7b:7d:ae:3a:e7:bc:31:f9:45:f6:c2:60:cf:13:
+ 59:02:2b:80:cc:34:47:df:b9:de:90:65:6d:02:cf:
+ 2c:91:a6:a6:e7:de:85:18:49:7c:66:4e:a3:3a:6d:
+ a9:b5:ee:34:2e:ba:0d:03:b8:33:df:47:eb:b1:6b:
+ 8d:25:d9:9b:ce:81:d1:45:46:32:96:70:87:de:02:
+ 0e:49:43:85:b6:6c:73:bb:64:ea:61:41:ac:c9:d4:
+ 54:df:87:2f:c7:22:b2:26:cc:9f:59:54:68:9f:fc:
+ be:2a:2f:c4:55:1c:75:40:60:17:85:02:55:39:8b:
+ 7f:05
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Subject Key Identifier:
+ 9C:5F:00:DF:AA:01:D7:30:2B:38:88:A2:B8:6D:4A:9C:F2:11:91:83
+ Signature Algorithm: sha256WithRSAEncryption
+ 4b:36:a6:84:77:69:dd:3b:19:9f:67:23:08:6f:0e:61:c9:fd:
+ 84:dc:5f:d8:36:81:cd:d8:1b:41:2d:9f:60:dd:c7:1a:68:d9:
+ d1:6e:86:e1:88:23:cf:13:de:43:cf:e2:34:b3:04:9d:1f:29:
+ d5:bf:f8:5e:c8:d5:c1:bd:ee:92:6f:32:74:f2:91:82:2f:bd:
+ 82:42:7a:ad:2a:b7:20:7d:4d:bc:7a:55:12:c2:15:ea:bd:f7:
+ 6a:95:2e:6c:74:9f:cf:1c:b4:f2:c5:01:a3:85:d0:72:3e:ad:
+ 73:ab:0b:9b:75:0c:6d:45:b7:8e:94:ac:96:37:b5:a0:d0:8f:
+ 15:47:0e:e3:e8:83:dd:8f:fd:ef:41:01:77:cc:27:a9:62:85:
+ 33:f2:37:08:ef:71:cf:77:06:de:c8:19:1d:88:40:cf:7d:46:
+ 1d:ff:1e:c7:e1:ce:ff:23:db:c6:fa:8d:55:4e:a9:02:e7:47:
+ 11:46:3e:f4:fd:bd:7b:29:26:bb:a9:61:62:37:28:b6:2d:2a:
+ f6:10:86:64:c9:70:a7:d2:ad:b7:29:70:79:ea:3c:da:63:25:
+ 9f:fd:68:b7:30:ec:70:fb:75:8a:b7:6d:60:67:b2:1e:c8:b9:
+ e9:d8:a8:6f:02:8b:67:0d:4d:26:57:71:da:20:fc:c1:4a:50:
+ 8d:b1:28:ba
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs
+ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
+MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy
+ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy
+dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p
+OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2
+8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K
+Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe
+hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk
+6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q
+AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI
+bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB
+ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z
+qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
+iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
+0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
+sSi6
+-----END CERTIFICATE-----
if (!audio->dtls_cred) {
gnutls_certificate_allocate_credentials(&audio->dtls_cred);
gnutls_certificate_set_x509_system_trust(audio->dtls_cred);
+ gnutls_certificate_set_x509_trust_dir(audio->dtls_cred,
+ CHIME_DATADIR, GNUTLS_X509_FMT_PEM);
}
gnutls_credentials_set(audio->dtls_sess, GNUTLS_CRD_CERTIFICATE, audio->dtls_cred);
--- /dev/null
+/*
+ * Pidgin/libpurple Chime client plugin
+ *
+ * Copyright © 2018 Amazon.com, Inc. or its affiliates.
+ *
+ * Authors: David Woodhouse <dwmw2@infradead.org>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * version 2.1, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ */
+
+#include "chime-connection.h"
+#include "chime-connection-private.h"
+
+#include <gio/gio.h>
+
+#define NR_CERTS 7
+
+static const char *cert_filenames[NR_CERTS] = {
+ "Amazon.com_InfoSec_CA_G3.pem",
+ "Amazon.com_Internal_Root_Certificate_Authority.pem",
+ "Amazon_Root_CA_1.pem",
+ "Amazon_Root_CA_2.pem",
+ "Amazon_Root_CA_3.pem",
+ "Amazon_Root_CA_4.pem",
+ "SFS_Root_CA_G2.pem",
+};
+
+static GTlsCertificate *certs[NR_CERTS];
+
+GSList *chime_cert_list(void)
+{
+ int i;
+ GSList *ret = NULL;
+
+ for (i=0; i < NR_CERTS; i++) {
+ if (certs[i]) {
+ g_object_ref(certs[i]);
+ } else {
+ GError *error = NULL;
+ gchar *filename = g_build_filename(CHIME_DATADIR, cert_filenames[i], NULL);
+ certs[i] = g_tls_certificate_new_from_file(filename, &error);
+ if (!certs[i]) {
+ chime_debug("Failed to load %s: %s\n", cert_filenames[1], error->message);
+ g_clear_error(&error);
+ continue;
+ }
+ g_object_add_weak_pointer(G_OBJECT(certs[i]), (gpointer *)&certs[i]);
+ }
+ ret = g_slist_prepend(ret, certs[i]);
+ }
+ return ret;
+}
typedef struct {
ChimeConnectionState state;
+ GSList *amazon_cas;
gchar *server;
gchar *device_token;
/* chime-login.c */
void chime_initial_login(ChimeConnection *cxn);
+/* chime-certs.c */
+GSList *chime_cert_list(void);
+
#endif /* __CHIME_CONNECTION_PRIVATE_H__ */
if (priv->state != CHIME_STATE_DISCONNECTED)
chime_connection_disconnect(self);
+ g_slist_free_full(priv->amazon_cas, g_object_unref);
+ priv->amazon_cas = NULL;
chime_connection_log(self, CHIME_LOGLVL_MISC, "Connection disposed: %p\n", self);
G_OBJECT_CLASS(chime_connection_parent_class)->dispose(object);
g_error_free(error);
}
+static void
+req_started_cb(SoupSession *sess, SoupMessage *msg, SoupSocket *sock, gpointer _cxn)
+{
+ ChimeConnection *cxn = CHIME_CONNECTION(_cxn);
+ ChimeConnectionPrivate *priv = CHIME_CONNECTION_GET_PRIVATE (cxn);
+
+ if (!soup_socket_is_ssl(sock))
+ return;
+
+ GTlsCertificateFlags cert_errors;
+ g_object_get(sock, "tls-errors", &cert_errors, NULL);
+ if (!cert_errors)
+ return;
+
+ /* If the problem was *only* an unknown CA (i.e. the hostname did
+ * match OK, it wasn't expired, etc.) then check if it's trusted
+ * by the Amazon internal CA. */
+ if (cert_errors == G_TLS_CERTIFICATE_UNKNOWN_CA) {
+ /* The identity part shouldn't be needed but there's no
+ * real harm in being paranoid and checking it again. */
+ SoupURI *uri = soup_message_get_uri(msg);
+ GSocketConnectable *ident = g_network_address_new(soup_uri_get_host(uri),
+ soup_uri_get_port(uri));
+
+ GTlsCertificate *cert;
+ g_object_get(sock, "tls-certificate", &cert, NULL);
+
+ GSList *l = priv->amazon_cas;
+ while (l && cert_errors) {
+ cert_errors = g_tls_certificate_verify(cert, ident, G_TLS_CERTIFICATE(l->data));
+ l = l->next;
+ }
+ g_object_unref(ident);
+
+ if (!cert_errors) {
+ chime_debug("Allow Amazon CA for %s\n", soup_uri_get_host(uri));
+ return;
+ }
+ }
+
+ /* Don't like the server's cert. Fail the message. */
+ soup_session_cancel_message(sess, msg, SOUP_STATUS_SSL_FAILED);
+}
+
static void
chime_connection_init(ChimeConnection *self)
{
ChimeConnectionPrivate *priv = CHIME_CONNECTION_GET_PRIVATE (self);
priv->soup_sess = soup_session_new();
+ priv->amazon_cas = chime_cert_list();
if (getenv("CHIME_DEBUG") && atoi(getenv("CHIME_DEBUG")) > 0) {
SoupLogger *l = soup_logger_new(SOUP_LOGGER_LOG_BODY, -1);
soup_session_add_feature(priv->soup_sess, SOUP_SESSION_FEATURE(l));
g_object_unref(l);
- g_object_set(priv->soup_sess, "ssl-strict", FALSE, NULL);
}
const gchar *https_aliases[2] = { "wss", NULL };
g_object_set(priv->soup_sess, "https-aliases", https_aliases, NULL);
+ /* Unset ssl-strict and manually check, so that we can allow
+ * the Amazon internal CAs. The media endpoints may use those. */
+ g_object_set(priv->soup_sess, "ssl-strict", FALSE, NULL);
+ g_signal_connect(G_OBJECT(priv->soup_sess), "request-started", G_CALLBACK(req_started_cb), self);
+
priv->msgs_pending_auth = g_queue_new();
priv->msgs_queued = g_queue_new();
priv->state = CHIME_STATE_DISCONNECTED;
%{_libdir}/purple-2/libchimeprpl.so
%{_libdir}/farstream-0.2/libapp-transmitter.so
%{_libdir}/gstreamer-1.0/libgstchime.so
+%dir %{_datadir}/%{name}
+%{_datadir}/%{name}/*.pem
+
%defattr(-,root,root,-)
%license LICENSE
%doc README TODO
projects / pidgin-chime.git / commitdiff