BUG25397650: Verify server certificate only if ssl_verify_cert is True

Setting ssl_verify_cert to False in CExt had no effect.
If ssl_verify_cert is set to false, we don't pass the CA certificate to
the C API, since passing CA certificate causes auto verification of
the server certificate.

Also, the CExt now throws InterfaceError instead of DatabaseError if
server certificate verification failed to keep behaviour consistent
with the Pure python connector.

Tests added for regression.

Author: amitab

lib/mysql/connector/errors.py

@@ -1,5 +1,5 @@
 # MySQL Connector/Python - MySQL driver written in Python.
-# Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
 
 # MySQL Connector/Python is licensed under the terms of the GPLv2
 # <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>, like most
@@ -301,4 +301,5 @@ class MySQLFabricError(Error):
     2049: NotSupportedError,
     2055: OperationalError,
     2061: InterfaceError,
+    2026: InterfaceError,
 }

src/mysql_capi.c

@@ -1153,8 +1153,10 @@ MySQL_connect(MySQL *self, PyObject *args, PyObject *kwds)
                               MYSQL_OPT_SSL_VERIFY_SERVER_CERT, (char*)&abool);
             }
 #endif
+          mysql_ssl_set(&self->session, ssl_key, ssl_cert, ssl_ca, NULL, NULL);
+        } else {
+          mysql_ssl_set(&self->session, ssl_key, ssl_cert, NULL, NULL, NULL); 
         }
-        mysql_ssl_set(&self->session, ssl_key, ssl_cert, ssl_ca, NULL, NULL);
     } else {
         // Make sure to not enforce SSL
 #if MYSQL_VERSION_ID > 50703 && MYSQL_VERSION_ID < 50711

tests/data/ssl/generate.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 # MySQL Connector/Python - MySQL driver written in Python.
-# Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved.
 
 # MySQL Connector/Python is licensed under the terms of the GPLv2
 # <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>, like most
@@ -47,16 +47,58 @@ if [ ! -d $DESTDIR ]; then
     exit 2
 fi
 
+mkdir -p $DESTDIR/ca.db.certs   # Signed certificates storage
+touch $DESTDIR/ca.db.index      # Index of signed certificates
+echo 01 > $DESTDIR/ca.db.serial # Next (sequential) serial number
+
+# Configuration
+cat>$DESTDIR/ca.conf<<'EOF'
+[ ca ]
+default_ca = ca_default
+
+[ ca_default ]
+dir = REPLACE_LATER
+certs = $dir
+new_certs_dir = $dir/ca.db.certs
+database = $dir/ca.db.index
+serial = $dir/ca.db.serial
+RANDFILE = $dir/ca.db.rand
+certificate = $dir/ca.crt
+private_key = $dir/ca.key
+default_days = 365
+default_crl_days = 30
+default_md = md5
+preserve = no
+policy = generic_policy
+[ generic_policy ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+EOF
+
+sed -i "s|REPLACE_LATER|$DESTDIR|" $DESTDIR/ca.conf
+
 echo
 echo "Generating Root Certificate"
 echo
-$OPENSSL genrsa 2048 > $DESTDIR/tests_CA_key.pem
+$OPENSSL genrsa -out $DESTDIR/tests_CA_key.pem 2048
 if [ $? -ne 0 ]; then
     exit 3
 fi
 SUBJ="/OU=$OU Root CA/CN=MyConnPy Root CA"
-$OPENSSL req -batch -new -x509 -nodes -days $DAYS -subj "$SUBJ" \
-    -key $DESTDIR/tests_CA_key.pem -out $DESTDIR/tests_CA_cert.pem
+$OPENSSL req -new -key $DESTDIR/tests_CA_key.pem \
+    -out $DESTDIR/tests_CA_req.csr -subj "$SUBJ"
+if [ $? -ne 0 ]; then
+    exit 3
+fi
+$OPENSSL x509 -req -days $DAYS \
+    -in $DESTDIR/tests_CA_req.csr \
+    -out $DESTDIR/tests_CA_cert.pem \
+    -signkey $DESTDIR/tests_CA_key.pem
 if [ $? -ne 0 ]; then
     exit 3
 fi
@@ -66,41 +108,64 @@ echo
 echo "Generating Server Certificate"
 echo
 SUBJ="/OU=$OU Server Cert/CN=localhost"
-$OPENSSL req -batch -newkey rsa:2048 -days $DAYS -nodes -subj "$SUBJ" \
-    -keyout $DESTDIR/tests_server_key.pem -out $DESTDIR/tests_server_req.pem
+$OPENSSL genrsa -out $DESTDIR/tests_server_key.pem 2048
+if [ $? -ne 0 ]; then
+    exit 3
+fi
+$OPENSSL req -new -key $DESTDIR/tests_server_key.pem \
+    -out $DESTDIR/tests_server_req.csr -subj "$SUBJ"
+if [ $? -ne 0 ]; then
+    exit 3
+fi
+$OPENSSL ca -config $DESTDIR/ca.conf -in $DESTDIR/tests_server_req.csr \
+    -cert $DESTDIR/tests_CA_cert.pem \
+    -keyfile $DESTDIR/tests_CA_key.pem \
+    -out $DESTDIR/tests_server_cert.pem -batch
+if [ $? -ne 0 ]; then
+    exit 3
+fi
+
+# MySQL Expired Server Certificate: generate, remove passphrase, sign
+echo
+echo "Generating Expired Server Certificate"
+echo
+SUBJ="/OU=$OU Expired Server Cert/CN=localhost"
+$OPENSSL genrsa -out $DESTDIR/tests_expired_server_key.pem 2048
 if [ $? -ne 0 ]; then
     exit 3
 fi
-$OPENSSL rsa -in $DESTDIR/tests_server_key.pem \
-    -out $DESTDIR/tests_server_key.pem
+$OPENSSL req -new -key $DESTDIR/tests_expired_server_key.pem \
+    -out $DESTDIR/tests_expired_server_req.csr -subj "$SUBJ"
 if [ $? -ne 0 ]; then
     exit 3
 fi
-$OPENSSL x509 -req -in $DESTDIR/tests_server_req.pem -days $DAYS \
-    -CA $DESTDIR/tests_CA_cert.pem -CAkey $DESTDIR/tests_CA_key.pem \
-    -set_serial 01 -out $DESTDIR/tests_server_cert.pem
+$OPENSSL ca -config $DESTDIR/ca.conf -in $DESTDIR/tests_expired_server_req.csr \
+    -cert $DESTDIR/tests_CA_cert.pem \
+    -keyfile $DESTDIR/tests_CA_key.pem \
+    -out $DESTDIR/tests_expired_server_cert.pem -batch \
+    -startdate 120815080000Z -enddate 120815090000Z
 if [ $? -ne 0 ]; then
     exit 3
 fi
 
-# MySQL Client Certificate: generate, remove passphase, sign
+# MySQL Client Certificate: generate, remove passphrase, sign
 echo
 echo "Generating Client Certificate"
 echo
 SUBJ="/OU=$OU Client Cert/CN=localhost"
-$OPENSSL req -batch -newkey rsa:2048 -days $DAYS -nodes -subj "$SUBJ" \
-    -keyout $DESTDIR/tests_client_key.pem -out $DESTDIR/tests_client_req.pem
+$OPENSSL genrsa -out $DESTDIR/tests_client_key.pem 2048
 if [ $? -ne 0 ]; then
     exit 3
 fi
-$OPENSSL rsa -in $DESTDIR/tests_client_key.pem \
-    -out $DESTDIR/tests_client_key.pem
+$OPENSSL req -new -key $DESTDIR/tests_client_key.pem \
+    -out $DESTDIR/tests_client_req.csr -subj "$SUBJ"
 if [ $? -ne 0 ]; then
     exit 3
 fi
-$OPENSSL x509 -req -in $DESTDIR/tests_client_req.pem -days $DAYS \
-    -CA $DESTDIR/tests_CA_cert.pem -CAkey $DESTDIR/tests_CA_key.pem \
-    -set_serial 01 -out $DESTDIR/tests_client_cert.pem
+$OPENSSL ca -config $DESTDIR/ca.conf -in $DESTDIR/tests_client_req.csr \
+    -cert $DESTDIR/tests_CA_cert.pem \
+    -keyfile $DESTDIR/tests_CA_key.pem \
+    -out $DESTDIR/tests_client_cert.pem -batch
 if [ $? -ne 0 ]; then
     exit 3
 fi
@@ -109,5 +174,7 @@ fi
 echo
 echo "Cleaning up"
 echo
-(cd $DESTDIR; rm tests_server_req.pem tests_client_req.pem)
+(cd $DESTDIR; rm -rf tests_server_req.pem tests_client_req.pem \
+    ca.db.certs ca.db.index* ca.db.serial* ca.conf tests_CA_req.csr \
+    tests_server_req.csr tests_expired_server_req.csr tests_client_req.csr)
 

tests/data/ssl/tests_CA_cert.pem

@@ -1,20 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIDVzCCAj+gAwIBAgIJAIUsZ/vX9kOGMA0GCSqGSIb3DQEBBQUAMEIxJTAjBgNV
-BAsMHE15U1FMQ29ubmVjdG9yUHl0aG9uIFJvb3QgQ0ExGTAXBgNVBAMMEE15Q29u
-blB5IFJvb3QgQ0EwHhcNMTMwMzI2MTUzNTUyWhcNMjIwNDE0MTUzNTUyWjBCMSUw
-IwYDVQQLDBxNeVNRTENvbm5lY3RvclB5dGhvbiBSb290IENBMRkwFwYDVQQDDBBN
-eUNvbm5QeSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-qWcX9kD+b8c3hkPtPlIgwTsfGvhm/bJ64RHjCtQc2pi/fv9hlcryor8tWmdCCcw7
-ajg5n/QAIJ8crD5D0kheGEnWVI7dyVxZVfT3CiKuS+GBxuQP2ejJi4aDGh2McVv4
-aq1dXRqf2YWkM8PUjM0lzUD9MC9S4APtP6ux0TBhz5rv2ZWdg2EAjAl7Q56KM5m6
-odpF+Z1ExnfVpNzWnpvlYHJ+GhbVWb2F0NbqBTmz4OLEAxU/O2fo43dwVlHp+yNd
-ib2V+VxeeyZmTt1CIeK6DStAiKdNLN5/N/+2FHZ9/XcA6qqxLFLeuTIySlPmuaX6
-u2C8tmOWp99TCUL+GZ2iBwIDAQABo1AwTjAdBgNVHQ4EFgQU1objOGh5rgtBTmjK
-gPkN6SgXl64wHwYDVR0jBBgwFoAU1objOGh5rgtBTmjKgPkN6SgXl64wDAYDVR0T
-BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAWgHZzUo8oGP7YxMn9YACdbipTRYU
-IzGF+Cf0ueXktcEDbq7AIa6MsxXTp8pFOObvLiiecrMngYlqfHlYPL2HG+zOLDig
-nmkO4pGwTqCDZHO4aYBdiVMlaxSpxMX9R/kFYRP1P4AGLOp66FirNO5iLNlTIjpf
-PGebF+k0B1zUSUPsrZfa/d29XcJxBaw7aEOhARQYsymItasnTdcKvjZp1ahGnZYz
-yCDtJjVbXK/4qEtiSA4qcV1HrNuHmhZEwWahntLqo++x3oLK7DrWfHwTX5gHMyv2
-DGTggnNfB8uzzNe3giT0j6ie9DJEnvv1hB0GpUToUNECusrKsYnWLdJkIA==
+MIIDADCCAegCCQDmOCndJJOWFjANBgkqhkiG9w0BAQsFADBCMSUwIwYDVQQLDBxN
+eVNRTENvbm5lY3RvclB5dGhvbiBSb290IENBMRkwFwYDVQQDDBBNeUNvbm5QeSBS
+b290IENBMB4XDTE3MDMxNzE1NTAzNloXDTI2MDQwNTE1NTAzNlowQjElMCMGA1UE
+CwwcTXlTUUxDb25uZWN0b3JQeXRob24gUm9vdCBDQTEZMBcGA1UEAwwQTXlDb25u
+UHkgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANex2fME
+DGfFk6KIIjsCpXQ6Rsv7nClZ+H7iT/xBMDHtQbqVYX1HIDYGRApWIi0Mmg3hosri
+6TO5wJIMMEwcSurVStyLXPpCT4Dg3iDuKToYfNNGtuH9DFWh1fnkeni0gbEh+/yT
+PIe3FLZCHD+F12ST1z88i4LXOG4NuozKI2cmQcHxdVkYYzknMX4IKdP4AniPgMq0
+9YmQJjXH6y7lPzDXeUuG8YrOSuvfl4W2bjht4mGP6YUUQkwZ5qbRQfrkduQB3+pa
++7P6ckd3q91j1+H1kRCn4a1S28xzPOaey6cLQ/DRVKP9EwPVV9H3/Wm8BdTr0ZMs
+1s2VQtocmzcp35kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAGvUp9Du79gpN/pBD
+8eG7ZX/YMpK1cbzUwD+TqmP7QnXItRrZalbmadzZ6P161ff0QOEQPxL181+EEXFe
+yC8f33EGu9n6ZlSnj/HrdMZ2sjv8QA8M4Vg2vn81qUT/EsJQOjJA6n30ybncZHWB
+ovmFgBlq9miX2gDCMRosiRkzm4HAETdWQhiQ/jU4RV+pgP3/sd/mk/u2D5nqMeuT
+Ni61ke1CfskuCar5knXTdw7PYfCVXrD1ndgpf7e+qdz534GMkHcFKQkEvWE+ZuWj
+CHx9t32JFekCSzJCYs5YuAfuIJc0aC+RmA/lF7UUGyj++wWFAMnkmVEf5MM3WGjM
+HRerEg==
 -----END CERTIFICATE-----

tests/data/ssl/tests_CA_key.pem

@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAqWcX9kD+b8c3hkPtPlIgwTsfGvhm/bJ64RHjCtQc2pi/fv9h
-lcryor8tWmdCCcw7ajg5n/QAIJ8crD5D0kheGEnWVI7dyVxZVfT3CiKuS+GBxuQP
-2ejJi4aDGh2McVv4aq1dXRqf2YWkM8PUjM0lzUD9MC9S4APtP6ux0TBhz5rv2ZWd
-g2EAjAl7Q56KM5m6odpF+Z1ExnfVpNzWnpvlYHJ+GhbVWb2F0NbqBTmz4OLEAxU/
-O2fo43dwVlHp+yNdib2V+VxeeyZmTt1CIeK6DStAiKdNLN5/N/+2FHZ9/XcA6qqx
-LFLeuTIySlPmuaX6u2C8tmOWp99TCUL+GZ2iBwIDAQABAoIBAAKXtFMtfXdieiQQ
-6BGbGis652f3Q0RAtga5ylrBEkv6KHweFnU/bOU2vc/zYpxZxtMCV0duaY4WQU8V
-iN4wA1il0KTsptJNGoTpQdqi2z4IDn9nwCJaoLME9P6yUxLtEGk5jAM/xBCFLhUo
-uxkIjrqMcxOIteD9zmS6EPedoPGXbBFK2jBheArszZ/fiNhi7D2w03/s/Dhu14Px
-5gjG5f+A/lS0l81RC5aeUt+wghA5y7TxY20fN1QU+XX2+Oft/HBq6xNloMlmPhzN
-loi952HlWLZS31QJRgEhXZ3aJMHDQ3z9I4M6RfdngW2aJTbuJq/weFgN0Z8ogDLK
-k/kuTfECgYEA2F5uRlUEW/0MKPrd10q5Ln3i3o0dQmW/QaPZ+SCjGan7xiC8Hm/2
-awkZIIaHQThkgRtxgsLOY+o7NVWkzTeLBlCKl12O0TQ3ZofwXdWPdI2b7adiFnEd
-6/htxQd90En7BgNls39j9bK7UVDDilJrRDKvyNzQKwHP95QRxJellJkCgYEAyG5p
-lB9j78CLWL9lZZgG7Xu/+DR63gceLLBAYclIfHzIb5B49TakasEgsT6JKbqmmwcC
-VXs+SSw0b1dYaFajOL9ceMkOFEn9KV5bESKcPJ2/JxBW6e5j6i4eo+oQxTTiAn75
-UEcmPx8aBCtxhj4LFPKSwzi8mJNliRH2lLAYb58CgYEAlRrGLauq3GWOurLeq92v
-ra1M6YcfkcEiQu7SaI8oNqhgfBHU8bjAfNSBP1vV24ksIZiy6aSrrEkfUkrZzh4n
-rUtVpqfvopW0U/D8IP3p5S0tNmIyAzsinpnNs4jNF/vThDpVHJR+YzQvSAM7LZhM
-mWvAndAlmG2gToH4mJzUm4kCgYBKFk4ee4/0Uobvsifn6s88v46RT8zO/3CO8kOK
-Id4Sbgmk+5FKiv0xnNvZyJTpAN6O1YNuV5UJdTaYpX+/aa8BzfJ/j0oOA995iDA/
-YDzCR0keRnLqG72BFbUrv9ydGNQmOgssOnCPyo5SVkCrb4mnH5dSZEmKWImipiow
-gfs2XwKBgQDSjbMlJme1fwNEt7EvwLJ6Zd4wSLs70IWvcX3k0g4PMhSj9J1zXRP+
-wpOZCa4GW2y21t5dpHG2B+a9Sd+z0/NMSSBZ8SUfrbZza3gC6cJyPoBYy7w/PFx3
-CgHcWRVI3n6+dkMYzpu2J1zzB2y0aiBE4icDq5+Uq7kO2OIytPVnHA==
+MIIEowIBAAKCAQEA17HZ8wQMZ8WToogiOwKldDpGy/ucKVn4fuJP/EEwMe1BupVh
+fUcgNgZEClYiLQyaDeGiyuLpM7nAkgwwTBxK6tVK3Itc+kJPgODeIO4pOhh800a2
+4f0MVaHV+eR6eLSBsSH7/JM8h7cUtkIcP4XXZJPXPzyLgtc4bg26jMojZyZBwfF1
+WRhjOScxfggp0/gCeI+AyrT1iZAmNcfrLuU/MNd5S4bxis5K69+XhbZuOG3iYY/p
+hRRCTBnmptFB+uR25AHf6lr7s/pyR3er3WPX4fWREKfhrVLbzHM85p7LpwtD8NFU
+o/0TA9VX0ff9abwF1OvRkyzWzZVC2hybNynfmQIDAQABAoIBAQDMZI2KuqBiyZhQ
+IT6Gusg8rmieLYzappZS7nQrLz7TYOezPpEGXRsJ9sANJ3f1RobJdrKEHagsyu3P
+t9sglILtqzbobOurfqDGGNCFVgodMk0/DDiLR/ajQtt4lOj1bt+jEfgubPukA3qO
+B3GrRFJKzcnf86ikUPv5VescNQR9Xca8qvy0W69SmtkSSZcC55yhWhGwReUDmywH
+tu57eR07t1Jf3RdHwa98VsiEde4TcuA/wo/C3e2A1MZZW0AtqVAVrX8hq+UVAMJ8
+sMubjNqUmDjbOOL4YkLbyR237uC6V6ejmWKEjMXAYUlNnpme1EcoimSL35hCjDVU
+H6MwhBiBAoGBAPNawx7lICj0qYJ3CSP5VMiiD7vTdDmtNPg6KFesZ2XKPALR/Csq
+1WXSEOb4DvFOAuSWjWYPW+0gvV966LkhKXE+cXWf4RmggrpwhT1JPbkcBwbwQ5oo
+aJnNByCcxoTBvJavLkrDBvZzOW2j5lvcD8qfnNYtbNihsExzkxfFm7AxAoGBAOLn
+JJqLwuNK2cyi7F5mkRLhGCdtSglSoht/3xTuqdrQv0JsVjmGTOqZhh6EBeI91auu
+O89KLs2ARN/KKR90ckuf/h6iwsS5/PDjiPTWOcH8LjiocPuvtvoRzq6leoC1XWBm
+vqLZYjPGuZRNibvputUFIVprw38EmppZzcrBuPPpAoGAa1mIZWKRsz9qX0D/aT0d
+p3vGEQcQaDj9+to83aAR5Jc3rc7PvIMiq83k4t5eSRgusoOvUGxKEuq0XyAq9S+p
+xmjTSB4FAHcL9A6a2BQtBDFW8Dqgt6pHqkEFed9uuzVzac1RUG2D7seZd8IrZi5H
+UQzj9J8JOu7ohHEfXAcxzKECgYA9mJ/wMGasi0JK8iOWkONrK54B/gIuO7d0Hady
+qEOF+kshfgV+Qj4ZJaoqGI78VurtWzQzVqET+nE4C0pUlqj8bKdwq6CSBSdsQWiJ
+hqpRReNKUDezq4TRqAnikVuLGzEJHXs8/CRTh+wTHWV5lL66W1UtlbmRfq91nVFn
+bGWIGQKBgE3S/0XsB9Ox+lNyxj5TycmT9VEfn+vvB+PF3ITWLRkcDanK5ynh4Pvt
+2HbwWIShQXGczn4jzWX61AwWE7Lkc1an1yiCQ2/SJItyhWJxVGO0V0BwTK9jmq+r
+1DXQSTgsOtmRknMdgGTk594Nj7S4r4GDYudzAujsbsrPEItw2nRr
 -----END RSA PRIVATE KEY-----

tests/data/ssl/tests_client_cert.pem

@@ -1,18 +1,67 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 3 (0x3)
+    Signature Algorithm: md5WithRSAEncryption
+        Issuer: OU=MySQLConnectorPython Root CA, CN=MyConnPy Root CA
+        Validity
+            Not Before: Mar 17 15:50:37 2017 GMT
+            Not After : Mar 17 15:50:37 2018 GMT
+        Subject: OU=MySQLConnectorPython Client Cert, CN=localhost
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:b0:7b:da:61:20:7c:13:97:fa:1e:20:83:e0:40:
+                    e8:94:4a:ea:1c:62:22:09:4e:d3:cd:30:66:73:28:
+                    f4:ff:2d:79:a4:b6:0b:c7:b7:20:c8:f6:c0:98:66:
+                    3d:46:ec:f1:8c:04:8b:d7:3c:b4:fa:69:6c:c5:47:
+                    1b:04:a4:a3:53:5a:0a:f2:a4:f7:94:d5:2c:d7:b6:
+                    24:81:e0:c2:ea:51:d1:6e:8e:d4:58:dc:5b:fc:b9:
+                    1b:6b:7c:52:cc:17:36:85:63:ca:f0:1f:75:2f:b8:
+                    97:96:d1:08:ab:46:31:31:e6:9c:8b:26:a1:1b:df:
+                    35:66:36:d9:ba:e1:a4:3d:88:25:7a:9d:68:d3:62:
+                    20:ec:14:b0:59:2c:33:40:11:cf:03:70:17:1c:de:
+                    65:ca:0c:2e:26:2d:f0:33:13:52:d7:0f:69:d7:c0:
+                    d6:f8:71:03:19:f4:79:3d:66:98:56:d2:44:db:bf:
+                    aa:a7:d6:fc:2d:0b:29:63:0a:d4:3d:5e:7e:a7:2c:
+                    6c:b8:2f:32:6f:51:ce:4a:2d:6a:35:54:21:33:76:
+                    a2:64:4a:8c:1d:30:73:47:3e:90:19:68:c9:07:8f:
+                    14:c5:ff:93:c7:ec:b4:08:d7:30:11:f6:67:3f:7a:
+                    8a:57:2c:87:63:34:ff:ff:79:2b:6b:70:88:21:ca:
+                    4e:53
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+         2e:d2:37:97:8b:aa:05:47:8d:b4:c6:87:7d:b8:41:d6:55:12:
+         84:14:8d:91:de:4f:84:15:89:a2:90:5a:0a:94:a1:c2:41:42:
+         18:3c:b7:10:c7:19:b5:01:96:2e:51:83:14:2f:64:0a:96:bb:
+         ce:f8:28:df:ab:fe:72:05:e8:6a:fd:1d:7b:09:22:eb:26:e7:
+         64:a7:a7:fe:fb:e8:e0:2f:91:e4:9e:fa:f6:ab:0b:5b:f3:82:
+         e0:54:d5:07:d2:05:ae:99:fd:22:d8:23:ba:e5:16:21:d7:b0:
+         82:98:4a:f0:87:36:ca:1e:4e:c0:c3:6a:22:a4:37:18:5f:6f:
+         6f:7b:92:e9:bb:15:77:55:6b:9a:57:35:95:4c:64:e9:bb:12:
+         cb:ab:67:4b:23:27:41:d3:71:15:5e:cf:6b:d6:13:05:f0:7a:
+         df:0f:f9:fd:bc:0d:8b:e4:cb:e7:62:67:9e:10:00:c9:9d:ea:
+         a7:cb:3f:ec:47:04:06:96:7f:b3:74:be:3c:cc:bd:72:05:d8:
+         91:b7:d6:b1:9a:40:79:bd:eb:cb:7a:49:bc:a6:e7:61:4f:1d:
+         68:79:21:ad:18:f6:13:6e:87:b6:13:a6:31:1e:f9:73:4c:ec:
+         04:b4:f2:83:5a:25:ae:9c:2e:8e:3a:0a:1d:0a:fd:34:dd:d4:
+         12:cc:4f:47
 -----BEGIN CERTIFICATE-----
-MIIC9TCCAd0CAQEwDQYJKoZIhvcNAQEFBQAwQjElMCMGA1UECwwcTXlTUUxDb25u
+MIIC9TCCAd0CAQMwDQYJKoZIhvcNAQEEBQAwQjElMCMGA1UECwwcTXlTUUxDb25u
 ZWN0b3JQeXRob24gUm9vdCBDQTEZMBcGA1UEAwwQTXlDb25uUHkgUm9vdCBDQTAe
-Fw0xMzAzMjYxNTM1NTJaFw0yMjA0MTQxNTM1NTJaMD8xKTAnBgNVBAsMIE15U1FM
+Fw0xNzAzMTcxNTUwMzdaFw0xODAzMTcxNTUwMzdaMD8xKTAnBgNVBAsMIE15U1FM
 Q29ubmVjdG9yUHl0aG9uIENsaWVudCBDZXJ0MRIwEAYDVQQDDAlsb2NhbGhvc3Qw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXbL7sr/k/W4LwwzTKJj5i
-1QtcZL0tMyBhAwuI7XQVyJBVvY7dRUM+G30ADOcUw5DscYbkkVu3L2NtsnmuyB8o
-0Y5bbHpTv4xTrVfsQuDkMLe+/LwFfL7XrY1Bm13xdEn345b6edfvhre7eatCgIaG
-IKfFr5JDv5oN4faGEJpqYahE/WdxM7zv6xb7Wx+yqLlezldU34VcLcghi8zfDkxb
-Fb4cZSgko/9RT7lTUGBJSSgITnq3Re0qANah7UbqFkTM2wfltoXGerbWMYuzOfQo
-5r0FiScjuvACkDALHAdUbX4UbXasArqpGovyVqHp4OWu3FWRfcCUnxAxfj3G3x79
-AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFi+U6Fyc1L0qCTCiMvUMQuXacnOMH4q
-rHm7qDKkHHcMMGsspNXvLcVKEwJrX3dhP3dZ52eKyFsOjuTkO9eU5H8V2alO8iGD
-Zb6vHT/pQRInoc39SVDFx1QnJ7RlC2Z99xzncHMQChSlDCC+Lft/K5am7vXFwQ3e
-icfLqmR5hz6nc+opnPc7WbQu/cc7PesP5uroyKScYoqAiDJ2cKQJQFPM4Cvt/KZ3
-22H/yCyQNkplIcrlQRF+l+sInNlJZr36INF0o91GcucyuLQzOXUn0L5eAyFzA9RQ
-8xkVztqRN++CgbGAhqIt8ERBtxBvCpNxuFpgm4dPKCTLm+r7fJcKwDI=
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwe9phIHwTl/oeIIPgQOiU
+SuocYiIJTtPNMGZzKPT/LXmktgvHtyDI9sCYZj1G7PGMBIvXPLT6aWzFRxsEpKNT
+WgrypPeU1SzXtiSB4MLqUdFujtRY3Fv8uRtrfFLMFzaFY8rwH3UvuJeW0QirRjEx
+5pyLJqEb3zVmNtm64aQ9iCV6nWjTYiDsFLBZLDNAEc8DcBcc3mXKDC4mLfAzE1LX
+D2nXwNb4cQMZ9Hk9ZphW0kTbv6qn1vwtCyljCtQ9Xn6nLGy4LzJvUc5KLWo1VCEz
+dqJkSowdMHNHPpAZaMkHjxTF/5PH7LQI1zAR9mc/eopXLIdjNP//eStrcIghyk5T
+AgMBAAEwDQYJKoZIhvcNAQEEBQADggEBAC7SN5eLqgVHjbTGh324QdZVEoQUjZHe
+T4QViaKQWgqUocJBQhg8txDHGbUBli5RgxQvZAqWu874KN+r/nIF6Gr9HXsJIusm
+52Snp/776OAvkeSe+varC1vzguBU1QfSBa6Z/SLYI7rlFiHXsIKYSvCHNsoeTsDD
+aiKkNxhfb297kum7FXdVa5pXNZVMZOm7EsurZ0sjJ0HTcRVez2vWEwXwet8P+f28
+DYvky+diZ54QAMmd6qfLP+xHBAaWf7N0vjzMvXIF2JG31rGaQHm968t6Sbym52FP
+HWh5Ia0Y9hNuh7YTpjEe+XNM7AS08oNaJa6cLo46Ch0K/TTd1BLMT0c=
 -----END CERTIFICATE-----