Skip to content

src: nix stdin _readableState.reading manipulation #454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
chrisdickinson wants to merge 352 commits into from
Closed

src: nix stdin _readableState.reading manipulation #454

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
352 commits
Select commit Hold shift + click to select a range
aed6bce
readline: turn emitKeys into a streaming parser
rlidwka May 3, 2015
18d457b
dgram: call send callback asynchronously
yosuke-furukawa Apr 1, 2015
5755fc0
tls: update default ciphers to use gcm and aes128
May 8, 2015
f07b3b6
tools: set eslint comma-spacing to 'warn'
silverwind May 11, 2015
36cdc7c
build: re-enable V8 snapshots
trevnorris May 8, 2015
7e1c0e7
deps: sync with upstream bagder/c-ares@bba4dc5
bnoordhuis May 11, 2015
0f850f7
deps: provide TXT chunk info in c-ares
indutny Mar 27, 2014
08d0866
src,deps: replace LoadLibrary by LoadLibraryW
zcbenz Dec 31, 2014
8b9a153
events: provide better error message for unhandled error
evanlucas May 7, 2015
0b21ab1
tools: refactor `make test-npm` into test-npm.sh
Fishrock123 May 7, 2015
c58264e
tools: make eslint work on subdirectories
silverwind May 12, 2015
20c9a52
build: move --with-intl to intl optgroup
jbergstroem May 12, 2015
966acb9
tools: remove closure_linter to eslint on windows
May 12, 2015
7693705
os: refine tmpdir() trailing slash stripping
cjihrig May 11, 2015
4e2f999
test: fix infinite loop detection
May 12, 2015
8a0e529
build: use backslashes for paths on windows
jbergstroem May 13, 2015
0a461e5
src: fix preload when used with prior flags
yosuke-furukawa May 13, 2015
3e7a143
2015-05-15 io.js v2.0.2 Release
Fishrock123 May 15, 2015
0a48a8b
Working on v2.0.3
Fishrock123 May 15, 2015
c7fb91d
doc: fix v2.0.2 entry in changelog.md
Fishrock123 May 15, 2015
d4726cd
http,net,tls: return this from setTimeout methods
evanlucas May 14, 2015
e008e8f
tls: fix tls handshake check in ssl error
May 8, 2015
7c52e1c
tls_wrap: fix error cb when fatal TLS Alert recvd
May 8, 2015
6edc900
repl: support non-array `.scope`, document it
yorkie May 12, 2015
fbaef40
doc: fix connectListener description in net docs
May 16, 2015
5f33521
repl: remove unnecessary check for globals
yorkie May 17, 2015
7d90c90
doc: recommend against use of NODE_PATH
smikes May 14, 2015
0662747
doc: update links from iojs/io.js to nodejs/io.js
fhemberger May 16, 2015
c1de6d2
core: implement runtime flag to trace sync io
trevnorris May 14, 2015
0d6d3dd
win,node-gyp: make delay-load hook C89 compliant
cosmosgenius Apr 26, 2015
3c44100
core: set PROVIDER type as Persistent class id
trevnorris May 18, 2015
85d9983
net: persist net.Socket options before connect
evanlucas Feb 18, 2015
f29762f
test: enable linting for tests
silverwind May 19, 2015
8676319
test: fix test-sync-io-option
santigimeno May 19, 2015
5773438
test: fix jslint error
targos May 20, 2015
86dd244
doc: add notes to child_process.fork() and .exec()
Trott May 17, 2015
f0a8bc3
doc: fix spelling in CHANGELOG
fsbatista May 17, 2015
9b35be5
tls: make server not use DHE in less than 1024bits
May 20, 2015
214d020
util: speed up common case of formatting string
ChALkeR May 20, 2015
2b1c01c
build: refactor pkg-config for shared libraries
jbergstroem May 4, 2015
80342f6
tls: use `.destroy(err)` instead of destroy+emit
indutny May 15, 2015
515afc6
doc: path is ignored in url.format
MauriceButler May 21, 2015
2bb2f06
doc: fix typo in CONTRIBUTING.md
Trott May 21, 2015
2a71f02
tls: emit errors happening before handshake finish
skenqbx May 22, 2015
9da168b
buffer: optimize Buffer.byteLength
brendanashworth May 16, 2015
39dde32
net,dgram: return this from ref and unref methods
silverwind May 22, 2015
cb381fe
net: return this from setNoDelay and setKeepAlive
silverwind May 23, 2015
367ffd1
doc: update AUTHORS list
rvagg May 23, 2015
c54d057
deps: upgrade to npm 2.10.1
iarna May 22, 2015
9e7099f
deps: make node-gyp work with io.js
cjihrig Feb 27, 2015
d144e96
win,node-gyp: enable delay-load hook by default
piscisaureus Mar 25, 2015
4d8f4d5
2015-05-24 io.js v2.1.0 Release
rvagg May 23, 2015
3e8c228
Working on v2.1.1
rvagg May 24, 2015
a6a3f8c
doc: fix changelog s/2.0.3/2.1.0
rvagg May 24, 2015
ba76a9d
doc: remove bad semver-major entry from CHANGELOG
rvagg May 24, 2015
1eec5f0
http: simplify code and remove unused properties
mscdex May 2, 2015
a74c2c9
doc: state url decoding behavior
May 19, 2015
5abd4ac
lib: simplify nextTick() usage
mscdex May 4, 2015
280fb01
test: fix deprecation warning in addons test
bnoordhuis May 25, 2015
c2b8b30
test: remove stray copyright notices
bnoordhuis May 25, 2015
6dfca71
test: don't lint autogenerated test/addons/doc-*/
bnoordhuis May 25, 2015
eb1856d
doc: clarify stability of fs.watch and relatives
Trott May 23, 2015
93a44d5
src: fix deferred events not working with -e
bnoordhuis May 25, 2015
98649fd
doc: add documentation for AtExit hook
OpenSourceSteve Sep 28, 2014
b14fd1a
lib: speed up require(), phase 1
bnoordhuis May 26, 2015
1bbf8d0
lib: speed up require(), phase 2
bnoordhuis May 26, 2015
ff79449
doc: `fs.*File()` also accept encoding strings
Trott May 27, 2015
fbd2b59
tools: add objectLiteralShorthandProperties to .eslintrc
evanlucas May 22, 2015
a77c330
child_process: expose ChildProcess constructor
evanlucas May 22, 2015
3a1bc06
Revert "core: set PROVIDER type as Persistent class id"
bnoordhuis May 28, 2015
4e90c82
test: add heap profiler add-on regression test
bnoordhuis May 28, 2015
2c686fd
http: flush stored header
vkurchatkin May 13, 2015
8606793
tools: pass constant to logger instead of string
jbergstroem May 30, 2015
a65762c
src: remove old code
brendanashworth May 28, 2015
c1afa53
deps: upgrade npm to 2.11.0
othiym23 May 29, 2015
f9fd554
deps: make node-gyp work with io.js
cjihrig Feb 27, 2015
53e98cc
win,node-gyp: enable delay-load hook by default
piscisaureus Mar 25, 2015
5759722
src: fix module search path for preload modules
ofrobots May 27, 2015
8059393
test: check error type from net.Server.listen()
Trott May 28, 2015
0c57de5
2015-05-31 io.js v2.2.0 Release
rvagg May 31, 2015
f2de5e5
Working on v2.2.1
rvagg May 31, 2015
5d83401
doc: put SEMVER-MINOR on pre-load module fix 2.2.0
rvagg May 31, 2015
4d6b768
http: revert deprecation of client property
targos May 31, 2015
c5a1009
build: avoid passing empty strings to build flags
jbergstroem May 25, 2015
fe84797
2015-06-01 io.js v2.2.1 Release
rvagg Jun 1, 2015
79bb5e1
Working on v2.2.2
rvagg Jun 1, 2015
1baba05
tools: Fix copying contents of deps/npm
thefourtheye May 31, 2015
d29034b
doc: adjust changelog to clarify `client` revert
rvagg Jun 1, 2015
c0e7bf2
src: add getopt option parser
evanlucas May 19, 2015
5b6f575
Revert "src: add getopt option parser"
evanlucas Jun 1, 2015
1cb72c1
docs: delete unused/duplicate css files
robertkowalski Jan 7, 2015
a79dece
docs: add return value for sync fs functions
Mar 8, 2015
8704c58
test: remove unneeded comment task
Trott Jun 1, 2015
e0e96ac
test: remove smalloc add-on test
bnoordhuis May 29, 2015
89a5b90
doc: fix http.IncomingMessage.socket documentation
ChALkeR Jun 1, 2015
d20f018
test: loosen condition to detect infinite loop
yosuke-furukawa Jun 1, 2015
b926718
test: fix test-child-process-stdout-flush-exit
santigimeno Jun 2, 2015
5be9efc
tools: update mk-ca-bundle.pl to HEAD of upstream
bnoordhuis Mar 25, 2015
a2d921d
tools: customize mk-ca-bundle.pl
bnoordhuis Mar 25, 2015
098354a
tools: update certdata.txt
bnoordhuis May 28, 2015
a4dbf45
crypto: update root certificates
bnoordhuis May 28, 2015
8357c50
fs: set encoding on fs.createWriteStream
yosuke-furukawa May 30, 2015
8c71a92
src: hide InitializeICUDirectory symbol
bnoordhuis May 27, 2015
bd99e8d
test: more test coverage for maxConnections
Trott May 30, 2015
f78c722
test: remove hardwired references to 'iojs'
rvagg Jun 3, 2015
b18604b
test: running tls-server-verify clients in parallel
joaocgreis May 22, 2015
975e595
test: run tls-server-verify servers in parallel
joaocgreis May 22, 2015
e6ccdcc
test: improve console output of tls-server-verify
joaocgreis May 22, 2015
4cf323d
test: kill child in tls-server-verify for speed up
May 27, 2015
0ee497f
deps: add -no_rand_screen to openssl s_client
May 27, 2015
4ed25f6
test: add -no_rand_screen for tls-server-verify
May 27, 2015
43a82f8
test: fix test-sync-io-option
evanlucas May 29, 2015
a804026
test: fix broken FreeBSD test
santigimeno Jun 3, 2015
aa33db3
deps: update libuv to version 1.6.0
saghul Jun 3, 2015
b5cd2f0
dgram: partially revert 18d457b
saghul May 27, 2015
6537fd4
test: remove TODO
Trott Jun 3, 2015
628845b
util: introduce `printDeprecationMessage` function
vkurchatkin May 28, 2015
6d95f4f
smalloc: deprecate whole module
vkurchatkin May 28, 2015
5795e83
tls: emit errors on close whilst async action
indutny May 14, 2015
75930bb
tls: prevent use-after-free
indutny May 18, 2015
59d9734
tls_wrap: invoke queued callbacks in DestroySSL
indutny May 19, 2015
353e26e
fs: Add string encoding option for Stream method
yosuke-furukawa Apr 13, 2015
81029c6
debugger: improve ESRCH error message
JacksonTian Jun 1, 2015
2dcef83
fs: use `kMaxLength` from binding
vkurchatkin Jun 5, 2015
a5bd466
deps: update libuv to version 1.6.1
saghul Jun 5, 2015
02c3450
gitignore: don't ignore the debug npm module
zkat Jun 5, 2015
6e78e5f
os: add homedir()
cjihrig May 25, 2015
4b3d493
readline: allow tabs in input
Trott May 21, 2015
deb8b87
doc: add note about available ECC curves
petschekr Jun 7, 2015
ff39ecb
doc: remove comma splice
Trott Jun 4, 2015
38d1afc
crypto: add getCurves() to get supported ECs
mscdex Jun 8, 2015
d9ddd7d
test: remove TODO comment
Trott Jun 2, 2015
9c0a1b8
cluster: wait on servers closing before disconnect
Olegas Jun 2, 2015
9f3a03f
doc: add references to crypto.getCurves()
silverwind Jun 8, 2015
7192b66
doc: add rlidwka as collaborator
rlidwka Jun 9, 2015
7177246
doc: add monsanto as collaborator
monsanto Jun 9, 2015
f500e18
doc: add ofrobots as collaborator
ofrobots Jun 9, 2015
f41b7f1
deps: upgrade to npm 2.11.1
zkat Jun 5, 2015
2dc819b
deps: make node-gyp work with io.js
cjihrig Feb 27, 2015
91d0a8b
win,node-gyp: enable delay-load hook by default
piscisaureus Apr 15, 2015
11ed5f3
doc: add Olegas as collaborator
Olegas Jun 9, 2015
cf5020f
doc: add domenic as collaborator
domenic Jun 10, 2015
09f2a67
fs: improve error message descriptions
thefourtheye Jun 2, 2015
67a11b9
fs: removing unnecessary nullCheckCallNT
thefourtheye Jun 2, 2015
8841132
fs: remove inStatWatchers and use Map for lookup
thefourtheye Jun 2, 2015
a011c32
fs: minor refactoring
thefourtheye Jun 2, 2015
53a4eb3
fs: make SyncWriteStream non-enumerable
thefourtheye Jun 3, 2015
0f68377
crypto: support FIPS mode of OpenSSL
indutny Jun 1, 2015
8732977
tls: fix references to undefined `cb`
indutny Jun 11, 2015
ff8202c
test: fix undeclared variable access
silverwind May 29, 2015
b5b8ff1
lib: don't use global Buffer
silverwind May 29, 2015
6e4d302
tools: enable/add additional eslint rules
silverwind Jun 11, 2015
a6b8ee1
test: create temp dir in common.js
Trott Jun 3, 2015
c21b24d
deps: upgrade openssl sources to 1.0.2b
Jun 11, 2015
dcd67cc
deps: fix openssl assembly error on ia32 win32
indutny Jan 8, 2014
f624d01
deps: fix asm build error of openssl in x86_win32
Feb 13, 2015
a130132
openssl: fix keypress requirement in apps on win32
Feb 17, 2015
f62b613
deps: add -no_rand_screen to openssl s_client
May 27, 2015
3844491
deps: replace all headers in openssl
Jun 11, 2015
9480496
deps: update asm files for openssl-1.0.2b
Jun 11, 2015
86737cf
deps: upgrade openssl sources to 1.0.2c
Jun 12, 2015
c66c3d9
deps: fix openssl assembly error on ia32 win32
indutny Jan 8, 2014
42a8de2
deps: fix asm build error of openssl in x86_win32
Feb 13, 2015
2eb1708
openssl: fix keypress requirement in apps on win32
Feb 17, 2015
664a659
deps: add -no_rand_screen to openssl s_client
May 27, 2015
6b3df92
deps: replace all headers in openssl
Jun 12, 2015
2a7fd0a
deps: update UPGRADING.md doc to openssl-1.0.2c
Jun 11, 2015
03ce84d
test: fix cluster-worker-wait-server-close races
sam-github Jun 11, 2015
a251657
node: mark promises as handled as soon as possible
vkurchatkin Jun 11, 2015
d9e2502
Revert "readline: allow tabs in input"
Fishrock123 Jun 12, 2015
a3cc43d
doc: add Trott as collaborator
Trott Jun 12, 2015
8ea6844
test: add test for failed save in REPL
Trott May 28, 2015
3dfd254
2015-06-12 io.js v2.3.0 Release
rvagg Jun 12, 2015
41951d4
2015-06-13 io.js v2.3.0 Release
rvagg Jun 13, 2015
7c69936
Working on v2.3.1
rvagg Jun 13, 2015
5dfe0d5
doc: remove irrelevant SEMVER-MINOR & MAJOR
rvagg Jun 13, 2015
4285265
doc: add ChALkeR as collaborator
ChALkeR Jun 9, 2015
88d7904
test: remove test repetition
Trott Jun 2, 2015
7c79490
test: only refresh tmpDir for tests that need it
Trott Jun 9, 2015
5fe6e83
doc: copyedit GOVERNANCE.md
Trott Jun 13, 2015
74fdf73
doc: copyedit COLLABORATOR_GUIDE.md
Trott Jun 13, 2015
4b4b176
v8: cherry-pick uclibc build patch from upstream
bnoordhuis Apr 14, 2015
1ec53c0
build: simplify execution of built binary
jbergstroem Jun 12, 2015
8d8a26e
build: don't run lint from test-ci
jbergstroem Jun 13, 2015
fb8811d
lib,test: fix whitespace issues
silverwind Jun 13, 2015
3777f41
tools: enable whitespace related rules in eslint
silverwind Jun 13, 2015
5c2707c
doc: benchmark/README.md copyedit
Trott Jun 13, 2015
3e12561
deps: upgrade to npm 2.11.2
iarna Jun 12, 2015
6aab2f3
deps: make node-gyp work with io.js
cjihrig Feb 27, 2015
953b3e7
win,node-gyp: enable delay-load hook by default
piscisaureus Apr 15, 2015
3806d87
zlib: prevent uncaught exception in zlibBuffer
targos May 27, 2015
c207e8d
build: fix pkg-config output parsing in configure
bnoordhuis Jun 15, 2015
96165f9
doc: minor clarification in the modules API doc.
ChALkeR Jun 15, 2015
3beb880
crypto: add cert check to CNNIC Whitelist
Jun 4, 2015
52a822d
test: fix test-cluster-worker-disconnect
santigimeno Jun 8, 2015
671e64a
module: allow long paths for require on Windows
targos Jun 16, 2015
1d79f57
util: move deprecate() to internal module
brendanashworth Jun 16, 2015
d5637e6
buffer: fix cyclic dependency with util
brendanashworth Jun 16, 2015
626432d
util: dont repeat isBuffer
brendanashworth Jun 16, 2015
c4ec041
doc: reformat authors section
jbergstroem Jun 13, 2015
88c1831
test: tmpdir creation failures should fail tests
Trott Jun 14, 2015
91dfb5e
tools: make test-npm work without global npm
Fishrock123 Jun 9, 2015
5d0cee4
vm: remove unnecessary HandleScopes
bnoordhuis Jun 16, 2015
e56758a
async-wrap: add provider id and object info cb
trevnorris Jun 3, 2015
0abcf44
test: add Buffer slice UTF-8 test
Trott Jun 16, 2015
30638b1
doc: add TSC meeting notes 2015-06-10
piscisaureus Jun 17, 2015
7a3006e
doc: add TOC links to Collaborator Guide
Trott Jun 16, 2015
061342a
net: Defer reading until listeners could be added
jameshartig Jun 8, 2015
a71ee93
module: reduce syscalls during require search
pierreinglebert Jun 8, 2015
0cf94e6
doc: mention CI in Collaborator Guide
Trott Jun 16, 2015
1f93b63
doc: change the info to the same as in gitconfig
tellnes Jun 17, 2015
c5353d7
build: remove lint from test-ci on windows
jbergstroem Jun 17, 2015
6a359b1
deps: upgrade to npm 2.11.3
othiym23 Jun 19, 2015
48c0fb8
deps: make node-gyp work with io.js
cjihrig Feb 27, 2015
0ecf945
win,node-gyp: enable delay-load hook by default
piscisaureus Apr 15, 2015
8ac5081
doc: add security section to README.md
rvagg Jun 11, 2015
3ba4f71
test: check result as early as possible
Trott Jun 18, 2015
b0990ef
test: confirm symlink
Trott Jun 19, 2015
a4f4909
module: fix stat with long paths on Windows
targos Jun 18, 2015
5d2b846
test: assert tmp and fixture dirs different
Trott Jun 19, 2015
8e53fd5
2015-06-23 io.js v2.3.1 Release
rvagg Jun 19, 2015
81ae82e
Working on v2.3.2
rvagg Jun 23, 2015
392e8fd
doc: add @shigeki and @mscdex to TC
rvagg Jun 18, 2015
1330ee3
doc: add TC meeting 2015-05-13 minutes
rvagg May 14, 2015
834a365
build: DTrace is enabled by default on darwin
evanlucas Jun 19, 2015
bdfeb79
test: remove obsolete TODO comments
Trott Jun 22, 2015
776a65e
test: remove obsolete TODO comments
Trott Jun 22, 2015
644b2ea
doc: rename tc-meetings to tsc-meetings
rvagg Jun 3, 2015
941ad36
doc: archive io.js TC minutes
rvagg Jun 3, 2015
50dbc8e
doc: add TSC meeting minutes 2015-05-27
rvagg Jun 3, 2015
dbd5dc9
doc: clarify prerequisites in benchmark/README.md
Fishrock123 Jun 23, 2015
f1f1b7e
doc: add TSC meeting minutes 2015-06-17
rvagg Jun 24, 2015
54d5437
doc: Added sample command to test iojs build
jimmyhsu Feb 16, 2015
c0c0d73
build,win: set env before generating projects
orangemocha Apr 23, 2015
4208dc4
build: add MSVS 2015 support
rvagg Apr 16, 2015
c87c34c
build: fix cherry-pick ooops, fix comment wording
rvagg Jun 23, 2015
8e9089a
test: check for error on Windows
Trott Jun 23, 2015
dcbb9e1
build: update build targets for io.js
rvagg Jun 10, 2015
1f371e3
deps: copy all openssl header files to include dir
Jun 19, 2015
628a3ab
build: add tar-headers target for headers-only tar
rvagg Jun 14, 2015
c370bd3
doc: make the abbreviation 1MM clear
yanxyz Jun 25, 2015
d735b2c
repl: fix tab completion for a non-global context
sixmen May 27, 2015
a198c68
repl: make 'Unexpected token' errors recoverable
Dec 15, 2014
06721fe
test: fix test-repl-tab-complete.js
cjihrig Jun 24, 2015
8350f3a
buffer: optimize Buffer#toString()
bnoordhuis Jun 21, 2015
4d5089e
test: do not swallow OpenSSL support error
Trott Jun 23, 2015
856c11f
test: purge stale disabled tests
Trott Jun 23, 2015
1cd9eeb
buffer: prevent abort on bad proto
trevnorris Jun 18, 2015
7f63449
net: fix debug for dnsopts
evanlucas Jun 25, 2015
6a42350
src: nix stdin _readableState.reading manipulation
chrisdickinson Jan 15, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
crypto: add cert check to CNNIC Whitelist 
When client connect to the server with certification issued by either
CNNIC Root CA or CNNIC EV Root CA, check hash of server
certification in the list of CNNICHashWhitelist.inc. If it's not,
CERT_REVOKED error returns.

See for details in
https://blog.mozilla.org/security/2015/04/02/distrusting-new-cnnic-certificates/

PR-URL: #1895
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
  • Loading branch information
Shigeki Ohtsu committed Jun 16, 2015
commit 3beb880716654dbb2bbb9e333758825172951775
5,727 changes: 5,727 additions & 0 deletions src/CNNICHashWhitelist.inc
View file
Open in desktop

Large diffs are not rendered by default.

160 changes: 117 additions & 43 deletions src/node_crypto.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@
#include "util.h"
#include "util-inl.h"
#include "v8.h"
// CNNIC Hash WhiteList is taken from
// https://hg.mozilla.org/mozilla-central/raw-file/98820360ab66/security/
// certverifier/CNNICHashWhitelist.inc
#include "CNNICHashWhitelist.inc"

#include <errno.h>
#include <stdlib.h>
Expand Down Expand Up @@ -84,6 +88,34 @@ using v8::V8;
using v8::Value;


// Subject DER of CNNIC ROOT CA and CNNIC EV ROOT CA are taken from
// https://hg.mozilla.org/mozilla-central/file/98820360ab66/security/
// certverifier/NSSCertDBTrustDomain.cpp#l672
// C = CN, O = CNNIC, CN = CNNIC ROOT
static const uint8_t CNNIC_ROOT_CA_SUBJECT_DATA[] =
"\x30\x32\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x0E\x30"
"\x0C\x06\x03\x55\x04\x0A\x13\x05\x43\x4E\x4E\x49\x43\x31\x13\x30\x11\x06"
"\x03\x55\x04\x03\x13\x0A\x43\x4E\x4E\x49\x43\x20\x52\x4F\x4F\x54";
static const uint8_t* cnnic_p = CNNIC_ROOT_CA_SUBJECT_DATA;
static X509_NAME* cnnic_name =
d2i_X509_NAME(nullptr, &cnnic_p, sizeof(CNNIC_ROOT_CA_SUBJECT_DATA)-1);

// C = CN, O = China Internet Network Information Center, CN = China
// Internet Network Information Center EV Certificates Root
static const uint8_t CNNIC_EV_ROOT_CA_SUBJECT_DATA[] =
"\x30\x81\x8A\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x32"
"\x30\x30\x06\x03\x55\x04\x0A\x0C\x29\x43\x68\x69\x6E\x61\x20\x49\x6E\x74"
"\x65\x72\x6E\x65\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x49\x6E\x66\x6F"
"\x72\x6D\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x65\x72\x31\x47\x30\x45"
"\x06\x03\x55\x04\x03\x0C\x3E\x43\x68\x69\x6E\x61\x20\x49\x6E\x74\x65\x72"
"\x6E\x65\x74\x20\x4E\x65\x74\x77\x6F\x72\x6B\x20\x49\x6E\x66\x6F\x72\x6D"
"\x61\x74\x69\x6F\x6E\x20\x43\x65\x6E\x74\x65\x72\x20\x45\x56\x20\x43\x65"
"\x72\x74\x69\x66\x69\x63\x61\x74\x65\x73\x20\x52\x6F\x6F\x74";
static const uint8_t* cnnic_ev_p = CNNIC_EV_ROOT_CA_SUBJECT_DATA;
static X509_NAME *cnnic_ev_name =
d2i_X509_NAME(nullptr, &cnnic_ev_p,
sizeof(CNNIC_EV_ROOT_CA_SUBJECT_DATA)-1);

// Forcibly clear OpenSSL's error stack on return. This stops stale errors
// from popping up later in the lifecycle of crypto operations where they
// would cause spurious failures. It's a rather blunt method, though.
Expand Down Expand Up @@ -2210,49 +2242,91 @@ void Connection::Initialize(Environment* env, Handle<Object> target) {
}


int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) {
// Quoting SSL_set_verify(3ssl):
//
// The VerifyCallback function is used to control the behaviour when
// the SSL_VERIFY_PEER flag is set. It must be supplied by the
// application and receives two arguments: preverify_ok indicates,
// whether the verification of the certificate in question was passed
// (preverify_ok=1) or not (preverify_ok=0). x509_ctx is a pointer to
// the complete context used for the certificate chain verification.
//
// The certificate chain is checked starting with the deepest nesting
// level (the root CA certificate) and worked upward to the peer's
// certificate. At each level signatures and issuer attributes are
// checked. Whenever a verification error is found, the error number is
// stored in x509_ctx and VerifyCallback is called with preverify_ok=0.
// By applying X509_CTX_store_* functions VerifyCallback can locate the
// certificate in question and perform additional steps (see EXAMPLES).
// If no error is found for a certificate, VerifyCallback is called
// with preverify_ok=1 before advancing to the next level.
//
// The return value of VerifyCallback controls the strategy of the
// further verification process. If VerifyCallback returns 0, the
// verification process is immediately stopped with "verification
// failed" state. If SSL_VERIFY_PEER is set, a verification failure
// alert is sent to the peer and the TLS/SSL handshake is terminated. If
// VerifyCallback returns 1, the verification process is continued. If
// VerifyCallback always returns 1, the TLS/SSL handshake will not be
// terminated with respect to verification failures and the connection
// will be established. The calling process can however retrieve the
// error code of the last verification error using
// SSL_get_verify_result(3) or by maintaining its own error storage
// managed by VerifyCallback.
//
// If no VerifyCallback is specified, the default callback will be
// used. Its return value is identical to preverify_ok, so that any
// verification failure will lead to a termination of the TLS/SSL
// handshake with an alert message, if SSL_VERIFY_PEER is set.
//
// Since we cannot perform I/O quickly enough in this callback, we ignore
// all preverify_ok errors and let the handshake continue. It is
// imparative that the user use Connection::VerifyError after the
// 'secure' callback has been made.
return 1;
inline int compar(const void* a, const void* b) {
return memcmp(a, b, CNNIC_WHITELIST_HASH_LEN);
}


inline int IsSelfSigned(X509* cert) {
return X509_NAME_cmp(X509_get_subject_name(cert),
X509_get_issuer_name(cert)) == 0;
}


inline X509* FindRoot(STACK_OF(X509)* sk) {
for (int i = 0; i < sk_X509_num(sk); i++) {
X509* cert = sk_X509_value(sk, i);
if (IsSelfSigned(cert))
return cert;
}
return nullptr;
}


// Whitelist check for certs issued by CNNIC. See
// https://blog.mozilla.org/security/2015/04/02
// /distrusting-new-cnnic-certificates/
inline CheckResult CheckWhitelistedServerCert(X509_STORE_CTX* ctx) {
unsigned char hash[CNNIC_WHITELIST_HASH_LEN];
unsigned int hashlen = CNNIC_WHITELIST_HASH_LEN;

STACK_OF(X509)* chain = X509_STORE_CTX_get1_chain(ctx);
CHECK_NE(chain, nullptr);
CHECK_GT(sk_X509_num(chain), 0);

// Take the last cert as root at the first time.
X509* root_cert = sk_X509_value(chain, sk_X509_num(chain)-1);
X509_NAME* root_name = X509_get_subject_name(root_cert);

if (!IsSelfSigned(root_cert)) {
root_cert = FindRoot(chain);
CHECK_NE(root_cert, nullptr);
root_name = X509_get_subject_name(root_cert);
}

// When the cert is issued from either CNNNIC ROOT CA or CNNNIC EV
// ROOT CA, check a hash of its leaf cert if it is in the whitelist.
if (X509_NAME_cmp(root_name, cnnic_name) == 0 ||
X509_NAME_cmp(root_name, cnnic_ev_name) == 0) {
X509* leaf_cert = sk_X509_value(chain, 0);
int ret = X509_digest(leaf_cert, EVP_sha256(), hash,
&hashlen);
CHECK(ret);

void* result = bsearch(hash, WhitelistedCNNICHashes,
ARRAY_SIZE(WhitelistedCNNICHashes),
CNNIC_WHITELIST_HASH_LEN, compar);
if (result == nullptr) {
sk_X509_pop_free(chain, X509_free);
return CHECK_CERT_REVOKED;
}
}

sk_X509_pop_free(chain, X509_free);
return CHECK_OK;
}


inline int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) {
// Failure on verification of the cert is handled in
// Connection::VerifyError.
if (preverify_ok == 0)
return 1;

// Server does not need to check the whitelist.
SSL* ssl = static_cast<SSL*>(
X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));

if (SSL_is_server(ssl))
return 1;

// Client needs to check if the server cert is listed in the
// whitelist when it is issued by the specific rootCAs.
CheckResult ret = CheckWhitelistedServerCert(ctx);
if (ret == CHECK_CERT_REVOKED)
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);

return ret;
}


Expand Down
5 changes: 5 additions & 0 deletions src/node_crypto.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,11 @@
namespace node {
namespace crypto {

enum CheckResult {
CHECK_CERT_REVOKED = 0,
CHECK_OK = 1
};

extern int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx);

extern X509_STORE* root_cert_store;
Expand Down
43 changes: 42 additions & 1 deletion test/fixtures/keys/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,10 @@ ca3-key.pem:

ca3-csr.pem: ca3.cnf ca3-key.pem
openssl req -new \
-extensions v3_ca -config ca3.cnf -key ca3-key.pem -out ca3-csr.pem
-extensions v3_ca \
-config ca3.cnf \
-key ca3-key.pem \
-out ca3-csr.pem

ca3-cert.pem: ca3-csr.pem ca3-key.pem ca3.cnf ca1-cert.pem ca1-key.pem
openssl x509 -req \
Expand All @@ -40,6 +43,20 @@ ca3-cert.pem: ca3-csr.pem ca3-key.pem ca3.cnf ca1-cert.pem ca1-key.pem
-CAcreateserial \
-out ca3-cert.pem

#
# Create Fake CNNIC Root Certificate Authority: fake-cnnic-root
#

fake-cnnic-root-key.pem:
openssl genrsa -out fake-cnnic-root-key.pem 2048

fake-cnnic-root-cert.pem: fake-cnnic-root.cnf fake-cnnic-root-key.pem
openssl req -x509 -new \
-key fake-cnnic-root-key.pem \
-days 1024 \
-out fake-cnnic-root-cert.pem \
-config fake-cnnic-root.cnf

#
# agent1 is signed by ca1.
#
Expand Down Expand Up @@ -204,6 +221,30 @@ agent6-cert.pem: agent6-csr.pem ca3-cert.pem ca3-key.pem
agent6-verify: agent6-cert.pem ca3-cert.pem
openssl verify -CAfile ca3-cert.pem agent6-cert.pem

#
# agent7 is signed by fake-cnnic-root.
#

agent7-key.pem:
openssl genrsa -out agent7-key.pem 2048

agent7-csr.pem: agent1.cnf agent7-key.pem
openssl req -new -config agent7.cnf -key agent7-key.pem -out agent7-csr.pem

agent7-cert.pem: agent7-csr.pem fake-cnnic-root-cert.pem fake-cnnic-root-key.pem
openssl x509 -req \
-extfile agent7.cnf \
-days 9999 \
-passin "pass:password" \
-in agent7-csr.pem \
-CA fake-cnnic-root-cert.pem \
-CAkey fake-cnnic-root-key.pem \
-CAcreateserial \
-out agent7-cert.pem

agent7-verify: agent7-cert.pem fake-cnnic-root-cert.pem
openssl verify -CAfile fake-cnnic-root-cert.pem agent7-cert.pem

ec-key.pem:
openssl ecparam -genkey -out ec-key.pem -name prime256v1

Expand Down
19 changes: 19 additions & 0 deletions test/fixtures/keys/agent7-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDEDCCAfigAwIBAgIJAKpGbw//YhvMMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNV
BAYTAkNOMQ4wDAYDVQQKEwVDTk5JQzETMBEGA1UEAxMKQ05OSUMgUk9PVDAeFw0x
NTA2MTAwNDI4MTNaFw00MjEwMjUwNDI4MTNaMF0xCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJDQTELMAkGA1UEBxMCU0YxDTALBgNVBAoTBElPSlMxETAPBgNVBAsTCGlv
anMub3JnMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCur6nhJBpxAmWKVbTKvEDn8YJ7ebkpNSwNVMzSycmvo3XOIogw
ZngRJ/dL8YM/+p5CvAheJ6IqThgRw6+Se42O5ywlYpaHaY7n1oaFJC+2RUoPwdS7
Rz0dl30kXwUnKlllqkGDdFwMUD5NlXBLsGgiW1gkPHCvlOYxfuv50z3yIMgxfVGP
a7FeAYIHkRWQ5VrvugT70YaZMhLoMnj8c6RcIe81PV3eCS5Pp4ce8SGUkzAV9AFu
f4yVlEnPqqy/VrinT+xNrRKt+2YijIb54i75p+2AVveOhpLcCcB2K65Zgc5LnZB8
EY7W8/Qfh0DOAZibOd2vrUl2pkkOlR+qkYX/AgMBAAEwDQYJKoZIhvcNAQELBQAD
ggEBAIiPC5SMDJAbUwkEWZxSleKfliLnycwaRfzF/B+8CUMd+hrVdrKe/u1aPDEV
FgWq4Vd3K3jtGZxwfW8VMjtF3aj7vd/Lx6XUbZv+VUKURlDRktBuZTDdYu5mECV1
+iDd64robqeYbZ04w1pnwArT50+oZdmQ9BgbQom1B4FoMhoeSX7A0gITH5BHW1xs
SRiqI7tDoDqhhn6X8pWoiq9QpXCSjXqUDNlxmiL5+e9j6DUv+e4z/bWY0s/COmY6
2gGSZDJGDcpwx8RgEy+1gDNMMApqLZxH0b/RwtE/9R9OiPm272pCuz2zkdQM48a0
9/GbQ68v2fmDZRF2WnYrkTSzF0Y=
-----END CERTIFICATE-----
17 changes: 17 additions & 0 deletions test/fixtures/keys/agent7-csr.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICxzCCAa8CAQAwXTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQH
EwJTRjENMAsGA1UEChMESU9KUzERMA8GA1UECxMIaW9qcy5vcmcxEjAQBgNVBAMT
CWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK6vqeEk
GnECZYpVtMq8QOfxgnt5uSk1LA1UzNLJya+jdc4iiDBmeBEn90vxgz/6nkK8CF4n
oipOGBHDr5J7jY7nLCVilodpjufWhoUkL7ZFSg/B1LtHPR2XfSRfBScqWWWqQYN0
XAxQPk2VcEuwaCJbWCQ8cK+U5jF+6/nTPfIgyDF9UY9rsV4BggeRFZDlWu+6BPvR
hpkyEugyePxzpFwh7zU9Xd4JLk+nhx7xIZSTMBX0AW5/jJWUSc+qrL9WuKdP7E2t
Eq37ZiKMhvniLvmn7YBW946GktwJwHYrrlmBzkudkHwRjtbz9B+HQM4BmJs53a+t
SXamSQ6VH6qRhf8CAwEAAaAlMCMGCSqGSIb3DQEJBzEWExRBIGNoYWxsZW5nZSBw
YXNzd29yZDANBgkqhkiG9w0BAQsFAAOCAQEAgT89dg/uj55YDT0wqNH2spt6JBK+
gF7Y8R7MBgGEJSbJnjAkJSUpKKPE3ph6mJ9naYl1U3zqt+xoQKdp8kn8649u5Hjq
TmmlsCExf0cznpMHINB9FG1aOoKdrsHf4o4eSXBAOacrpgnCpPAnaywE8F6Rc1a0
3RDogwETUOFzTKvyl8XJQ2jUQt4qs9+fmkR12IVNe8IFPe2I8j5wMmQ81nUmFDpC
NHy35vXjs+7N15FEkkvbr7jxZzMzXAhdZLUEOwIcNZsfpgCCqRmM/j5w8qXLFShd
NUZn6Psex2Jkq2rcNwJ25739ORS69nWqhZrUvaaMP6IqjFcJBVWIyRwltQ==
-----END CERTIFICATE REQUEST-----
27 changes: 27 additions & 0 deletions test/fixtures/keys/agent7-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEArq+p4SQacQJlilW0yrxA5/GCe3m5KTUsDVTM0snJr6N1ziKI
MGZ4ESf3S/GDP/qeQrwIXieiKk4YEcOvknuNjucsJWKWh2mO59aGhSQvtkVKD8HU
u0c9HZd9JF8FJypZZapBg3RcDFA+TZVwS7BoIltYJDxwr5TmMX7r+dM98iDIMX1R
j2uxXgGCB5EVkOVa77oE+9GGmTIS6DJ4/HOkXCHvNT1d3gkuT6eHHvEhlJMwFfQB
bn+MlZRJz6qsv1a4p0/sTa0SrftmIoyG+eIu+aftgFb3joaS3AnAdiuuWYHOS52Q
fBGO1vP0H4dAzgGYmzndr61JdqZJDpUfqpGF/wIDAQABAoIBAQCNIXcKYnTKYLlQ
rjXGpZl6yvA0ef9Sf5b7nkts8YJ02IdQ5y1IjUDr+3IcdR8pDX3XRLst9q9ZpoZj
s8mhexi/H53XBnO/K1U9kWBVKQszI3/Wgy8vrzp9Mer0+5/aKKjZLliHr/a+LAZq
ABYd0IQRXeM0Q3B3KsFfs79Ks5QUjXjrOPCkFCKmLwZin0Oujbb88WDeqSHAYB0A
35lUDuQtg1rCNkTirBCdFAYFkfaRRwDGwdQ7L9cijidxMONYx1EapDbyqGL2BXJl
99ZVebokUKeKQrvsghQZhmcph1mHABsOMfRw4x8TGxMJJSRM264OYCn66EK1tBh4
tA0oU5GBAoGBAOTZEF1cQWjHHLvMUSP4B/6ZxvcP9ZdQaPISrq2j9oaArnCxxYvm
XHTZRK0YAXzPnmhBXL46FoslDwUKu+T2gajl1NOBKk9C8uao9Xqm+IDKuA+ebf8V
1B31Sf5bxnBI9jMaORGZg5/KFGvl3IzBrJODPTFToLHoqlS+lGhHoMYPAoGBAMNp
g0+w8m/CsKapOhKZ6+91pT3sHsVUQ7JhTKpajpk+JOB7JaF1eZzuShTykkpDWmGw
VesgbpBx+/JnjxW3Lnq24FUp4t+9OZ5r3gr2uFPHkmr4laT8S1WSqspmck0jZMgM
zAIrLV7miAxVefrDjoqf5VkMaqwGoZavXU5UzLERAoGAK+vFCkYEf7mHODvUbtTR
o/mbiBtWBT53hc40HDtVuybDU/mqclk58WsplRcAYhXuzw+MXy4C2Z25LjyLJzxw
UhwaJqWpmyC8Qay3wFx/YSiG/uhnMAfeeAl1tA2lHjPCnLgxr8EI1AgSt0qcc59Q
IdeUTP1B4CNJXY5eKU1l+90CgYEAuU0aybzfiH80CDY87VqsUnxa32dCnpiTQVnm
2zvYMRSu33enbX36foewFEEZ2/YWhMA0GSy965dK9Mii9FKqbo9wFxILI2NKeiGL
gxYGINwEyg9DyBm+Tj0wW5HeHavMa69G3V+YPH+azydW7iX2yxlo4JJXrRz0qfFN
J3ReTiECgYEA4CIpRG5XzW6BEscqDBBQZ46RVy8wsnwxt62V2g2CImDwzKslcHK8
oQurwl5WLKmvb0amMTedmVeIey3GOy23G8HrpHjEZjLi3wr3s3xJlPVajDBWw5Og
dgU9acdKHcbzv9dnsyC6eO1hr0TlEJqMkPuoNr3RihEuhv88rQbmGas=
-----END RSA PRIVATE KEY-----
17 changes: 17 additions & 0 deletions test/fixtures/keys/agent7.cnf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
[ req ]
default_bits = 2048
days = 999
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no

[ req_distinguished_name ]
C = US
ST = CA
L = SF
O = IOJS
OU = iojs.org
CN = localhost

[ req_attributes ]
challengePassword = A challenge password
18 changes: 18 additions & 0 deletions test/fixtures/keys/fake-cnnic-root-cert.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC9zCCAd+gAwIBAgIJAMJ5SivqSZNtMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNV
BAYTAkNOMQ4wDAYDVQQKEwVDTk5JQzETMBEGA1UEAxMKQ05OSUMgUk9PVDAeFw0x
NTA2MDkxNzE1MTZaFw0xODAzMjkxNzE1MTZaMDIxCzAJBgNVBAYTAkNOMQ4wDAYD
VQQKEwVDTk5JQzETMBEGA1UEAxMKQ05OSUMgUk9PVDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMwlKdTOPb+B0bENBw5+ZgnN2KxNhLBcEd0HB174fI1o
iE7qmbRObzSXT4HCmg1j8lijq3isnI4oMH9nCJNxZcdXtY7c3YXYoGtsVWAX++ZF
wYzakXXvDnHiaGXOos9+LuIRC0PZqyoYwZb0lvfyjPzIKBLVoCAAVTw65ankLN/J
5vJ44PzyiLmBZhhr9WzyyKVYNo2X7FLMGJtg8lz0vslb4ImNxumKmGyBijv730E5
qEc6HSriNeH/GSO7HBkxpbt+1MDkg3RaY/uGABuWhtuGgT8PkYCRdsSypawG561j
NKs/Ny4gTBaQAsmnuj2wwUj0i4MQkQDute/Db/IY56UCAwEAAaMQMA4wDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEARJG19V4/zOko/8eIVYeX9L6hQRNt
a6llIYPihQG29GdQsU+d0FqXba9N3oUD5kSF21F4oty7hWzLbBWnrKl66mXKNwWI
DjcYwjc2etThNEhud3jY2SreDx6OIFu97DW2oZfvBSTYrh1xastxuDVcBmhdNk4N
76Qj8s2X9KOS7nE+FY90ANwvckmHEAiq//aD5liwzCc8AYZi/JxV00YR7JS7Niee
y0M5UZ0AAO+P9DB+fkIRZcSodtmPa4Q3m32p3RgGS7TnNHsqDvRXsnrt+7YV1kBW
xrYO/iKGhq2K4bv6Z8JWUHyGyx7JEOFCJ25oWLYgByW5cJUE3xM4UTDzuw==
-----END CERTIFICATE-----
1 change: 1 addition & 0 deletions test/fixtures/keys/fake-cnnic-root-cert.srl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
AA466F0FFF621BCC
27 changes: 27 additions & 0 deletions test/fixtures/keys/fake-cnnic-root-key.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzCUp1M49v4HRsQ0HDn5mCc3YrE2EsFwR3QcHXvh8jWiITuqZ
tE5vNJdPgcKaDWPyWKOreKycjigwf2cIk3Flx1e1jtzdhdiga2xVYBf75kXBjNqR
de8OceJoZc6iz34u4hELQ9mrKhjBlvSW9/KM/MgoEtWgIABVPDrlqeQs38nm8njg
/PKIuYFmGGv1bPLIpVg2jZfsUswYm2DyXPS+yVvgiY3G6YqYbIGKO/vfQTmoRzod
KuI14f8ZI7scGTGlu37UwOSDdFpj+4YAG5aG24aBPw+RgJF2xLKlrAbnrWM0qz83
LiBMFpACyae6PbDBSPSLgxCRAO6178Nv8hjnpQIDAQABAoIBAGKGtS+98lNRRnEb
BoLaQkkNDjvqldXAOebhE4+kggiFoPPlihVZnZZWSMsprswzpq1dIM73EAAUKYPz
qFHw8txI2pl+w3Nr39C40mO0b6DtncJrYrT2kZQpX5VzK2TVU69L5pHypgeFNzmy
BoLYj28Y8y5T6BpJztlo25spQvcmUAR0PZmde1NJwjWTdxAlCeER+fvgJu2UsKpn
EEEIc5UGEdedhRLkQgt0Cu1FqeDihvr+z6upH467trmNhlTyrPeN3+FqRUkuqPvA
RdR1g7+fSRTku+QzrCq/tN2zyjVDwED2GGQs1fCOYOb/vSsIydIddqGIqdSdE05r
ZtIhGEECgYEA7EtwzIJAHV1rcB2OcNgodLx7/ratPIJZg5umGDfd159MkwzxcFjz
lxiu4SjW8s+83KgZ6E6N4ZsekJLz1eI33gGGK4XqGBSHiQe+A8WnQeRJXCmT1nzx
23LjE07sJd42l2byPejF+dBRQZF71pqsjTHLvn+jJD2CakdaeozEpEkCgYEA3Stg
L7DqSjPBOaGpFR6bZqdJhYG4/FVIVN9sKTfo0CqlNHrqjIeL8RgTSu+PYJTvIF2B
NfUjTfsxGfLKKBIHR+1LRMt2rr/tYnvr1/kwAAw9zYaugNiZ/J4BPLCXtN4Ahj4t
2d2Zbyg/bD3ppmT80LGnzJ3oQhmQVC0nuv8PMH0CgYEA4zzVmEa2Q8cgWCyEXC70
EPdmQxkIVkWAshkQTQAE3qR6bnwnAAT7FNaO70doFxACLy2V5JsOxOR5K023Inwv
f9d1YQuiiU/M29HPQS9mXu6cQf5WBxIXQRQmHd5rKSue0lEVKsZdBZX5XpX7QvFy
eUJnDqcOi/5/GZfPAkW3ockCgYAa+/vUVcWAIChnG65BgWZ8c9SokVc8kjss/8V2
kfe5zjox2P1c//y3AbT445mesw0p6b6mEq6oCQnInLLFiM2SnQUd86UbVRdleLEh
vKl6mAPCW7hWyBahl7WW7gTUcHGn71YwyrS5tzNlxXgIcTHXVJWghXOc/Pl7C7dZ
PV1hEQKBgQCnJQuQ1fb+w9O+P2MKdZPD/ztrghIeIyS9X90GuFWPMCWlIO6gaF8U
JY3BNuiahAhxVLcnaG8mNCXARPGCRGYDwN11vv/jrUOH/dXbd1bwwUkHfNu00w75
LTHh1YKab/RifALc5k8mGWNIuZWE8xqjKOrpyNiX2VKwhglrJ1NK0A==
-----END RSA PRIVATE KEY-----
Loading