From 4d0611b7d4be21d9b436348fbe9b7b1a4c0b189c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 1 Aug 2018 16:12:44 -0700 Subject: hubzilla core issue #1258 --- Zotlabs/Widget/Activity_order.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Zotlabs/Widget/Activity_order.php b/Zotlabs/Widget/Activity_order.php index 0e660afc3..27d1a971a 100644 --- a/Zotlabs/Widget/Activity_order.php +++ b/Zotlabs/Widget/Activity_order.php @@ -34,6 +34,7 @@ class Activity_order { break; default: $commentord_active = 'active'; + break; } } else { @@ -78,6 +79,9 @@ class Activity_order { if(x($_GET,'file')) $filter .= '&file=' . $_GET['file']; + if(x($_GET,'pf')) + $filter .= '&pf=' . $_GET['pf']; + // tabs $tabs = []; -- cgit v1.2.3 From c806279fa97aa6880e1e0542be00937406e79d27 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 1 Aug 2018 21:32:05 -0700 Subject: update certs --- library/cacert.pem | 1063 +++++++++------------------------------------- library/certs/cacert.pem | 1063 +++++++++------------------------------------- 2 files changed, 422 insertions(+), 1704 deletions(-) diff --git a/library/cacert.pem b/library/cacert.pem index 55958581d..e287611a6 100644 --- a/library/cacert.pem +++ b/library/cacert.pem @@ -1,7 +1,7 @@ ## ## Bundle of CA Root Certificates ## -## Certificate data from Mozilla as of: Wed Jun 7 03:12:05 2017 GMT +## Certificate data from Mozilla as of: Wed Jun 20 03:12:06 2018 GMT ## ## This is a bundle of X.509 certificates of public Certificate Authorities ## (CA). These were automatically extracted from Mozilla's root certificates @@ -14,7 +14,7 @@ ## Just configure this file as the SSLCACertificateFile. ## ## Conversion done with mk-ca-bundle.pl version 1.27. -## SHA256: 93753268e1c596aee21893fb1c6975338389132f15c942ed65fc394a904371d7 +## SHA256: c80f571d9f4ebca4a91e0ad3a546f263153d71afffc845c6f8f52ce9d1a2e8ec ## @@ -130,30 +130,6 @@ Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp -----END CERTIFICATE----- -AddTrust Low-Value Services Root -================================ ------BEGIN CERTIFICATE----- -MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRU -cnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQsw -CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBO -ZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ulCDtbKRY6 -54eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0/7Gcrjyvd7ZWxbWr -oulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1 -Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJui -GMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8w -HQYDVR0OBBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTAD -AQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBlMQswCQYDVQQGEwJT -RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEw -HwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxt -ZBsfzQ3duQH6lmM0MkhHma6X7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0Ph -iVYrqW9yTkkz43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY -eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJlpz/+0WatC7xr -mYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vj -ccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= ------END CERTIFICATE----- - AddTrust External Root ====================== -----BEGIN CERTIFICATE----- @@ -178,54 +154,6 @@ e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4u G+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- -AddTrust Public Services Root -============================= ------BEGIN CERTIFICATE----- -MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSAwHgYDVQQDExdBZGRU -cnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAxMDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJ -BgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5l -dHdvcmsxIDAeBgNVBAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV6tsfSlbu -nyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nXGCwwfQ56HmIexkvA/X1i -d9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnPdzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSG -Aa2Il+tmzV7R/9x98oTaunet3IAIx6eH1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAw -HM+A+WD+eeSI8t0A65RF62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0G -A1UdDgQWBBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDELMAkGA1UEBhMCU0Ux -FDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29yazEgMB4G -A1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4 -JNojVhaTdt02KLmuG7jD8WS6IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL -+YPoRNWyQSW/iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao -GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh4SINhwBk/ox9 -Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQmXiLsks3/QppEIW1cxeMiHV9H -EufOX1362KqxMy3ZdvJOOjMMK7MtkAY= ------END CERTIFICATE----- - -AddTrust Qualified Certificates Root -==================================== ------BEGIN CERTIFICATE----- -MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSMwIQYDVQQDExpBZGRU -cnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcx -CzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQ -IE5ldHdvcmsxIzAhBgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx -64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3 -KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1tUvznoD1o -L/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GR -wVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HU -MIHRMB0GA1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6FrpGkwZzELMAkGA1UE -BhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29y -azEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlmaWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQAD -ggEBABmrder4i2VhlRO6aQTvhsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxG -GuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X -dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3P6CxB9bpT9ze -RXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDB -iFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5noxqE= ------END CERTIFICATE----- - Entrust Root Certification Authority ==================================== -----BEGIN CERTIFICATE----- @@ -273,27 +201,6 @@ XE0zX5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm Mw== -----END CERTIFICATE----- -GeoTrust Global CA 2 -==================== ------BEGIN CERTIFICATE----- -MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN -R2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwHhcNMDQwMzA0MDUw -MDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j -LjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDvPE1APRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/ -NTL8Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hLTytCOb1k -LUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL5mkWRxHCJ1kDs6ZgwiFA -Vvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7S4wMcoKK+xfNAGw6EzywhIdLFnopsk/b -HdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNH -K266ZUapEBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6tdEPx7 -srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv/NgdRN3ggX+d6Yvh -ZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywNA0ZF66D0f0hExghAzN4bcLUprbqL -OzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkC -x1YAzUm5s2x7UwQa4qjJqhIFI8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqF -H4z1Ir+rzoPz4iIprn2DQKi6bA== ------END CERTIFICATE----- - GeoTrust Universal CA ===================== -----BEGIN CERTIFICATE----- @@ -376,25 +283,6 @@ YQa7FkKMcPcw++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt 398znM/jra6O1I7mT1GvFpLgXPYHDw== -----END CERTIFICATE----- -Certum Root CA -============== ------BEGIN CERTIFICATE----- -MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQK -ExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQTAeFw0wMjA2MTExMDQ2Mzla -Fw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8u -by4xEjAQBgNVBAMTCUNlcnR1bSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6x -wS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdL -kKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ -89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/K -Uz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu/qpGWX7P -NSzVttpd90gzFFS269lvzs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkq -hkiG9w0BAQUFAAOCAQEAuI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+ -GXYkHAQaTOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvg -GrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqTE5s7FCMTY5w/ -0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5xO/fIR/RpbxXyEV6DHpx8Uq79AtoS -qFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs6GAqm4VKQPNriiTsBhYscw== ------END CERTIFICATE----- - Comodo AAA Services root ======================== -----BEGIN CERTIFICATE----- @@ -419,56 +307,6 @@ Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z 12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== -----END CERTIFICATE----- -Comodo Secure Services root -=========================== ------BEGIN CERTIFICATE----- -MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS -R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg -TGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAw -MDAwMFoXDTI4MTIzMTIzNTk1OVowfjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFu -Y2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAi -BgNVBAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPMcm3ye5drswfxdySRXyWP -9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3SHpR7LZQdqnXXs5jLrLxkU0C8j6ysNstc -rbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rC -oznl2yY4rYsK7hljxxwk3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3V -p6ea5EQz6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNVHQ4E -FgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -gYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL1NlY3VyZUNlcnRpZmlj -YXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRwOi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlm -aWNhdGVTZXJ2aWNlcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm -4J4oqF7Tt/Q05qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj -Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtIgKvcnDe4IRRL -DXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJaD61JlfutuC23bkpgHl9j6Pw -pCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDlizeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1H -RR3B7Hzs/Sk= ------END CERTIFICATE----- - -Comodo Trusted Services root -============================ ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS -R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg -TGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEw -MDAwMDBaFw0yODEyMzEyMzU5NTlaMH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1h -bmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUw -IwYDVQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWWfnJSoBVC21ndZHoa0Lh7 -3TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMtTGo87IvDktJTdyR0nAducPy9C1t2ul/y -/9c3S0pgePfw+spwtOpZqqPOSC+pw7ILfhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6 -juljatEPmsbS9Is6FARW1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsS -ivnkBbA7kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0GA1Ud -DgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21vZG9jYS5jb20vVHJ1c3RlZENlcnRp -ZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRodHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENl -cnRpZmljYXRlU2VydmljZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8Ntw -uleGFTQQuS9/HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32 -pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxISjBc/lDb+XbDA -BHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+xqFx7D+gIIxmOom0jtTYsU0l -R+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/AtyjcndBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O -9y5Xt5hwXsjEeLBi ------END CERTIFICATE----- - QuoVadis Root CA ================ -----BEGIN CERTIFICATE----- @@ -608,86 +446,6 @@ EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH llpwrN9M -----END CERTIFICATE----- -UTN USERFirst Hardware Root CA -============================== ------BEGIN CERTIFICATE----- -MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UE -BhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhl -IFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAd -BgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgx -OTIyWjCBlzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0 -eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVz -ZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlI -wrthdBKWHTxqctU8EGc6Oe0rE81m65UJM6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFd -tqdt++BxF2uiiPsA3/4aMXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8 -i4fDidNdoI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqIDsjf -Pe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9KsyoUhbAgMBAAGjgbkw -gbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKFyXyYbKJhDlV0HN9WF -lp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNF -UkZpcnN0LUhhcmR3YXJlLmNybDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUF -BwMGBggrBgEFBQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM -//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28GpgoiskliCE7/yMgUsogW -XecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gECJChicsZUN/KHAG8HQQZexB2 -lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kn -iCrVWFCVH/A7HFe7fRQ5YiuayZSSKqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67 -nfhmqA== ------END CERTIFICATE----- - -Camerfirma Chambers of Commerce Root -==================================== ------BEGIN CERTIFICATE----- -MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe -QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i -ZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAx -NjEzNDNaFw0zNzA5MzAxNjEzNDRaMH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZp -cm1hIFNBIENJRiBBODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3Jn -MSIwIAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0BAQEFAAOC -AQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtbunXF/KGIJPov7coISjlU -xFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0dBmpAPrMMhe5cG3nCYsS4No41XQEMIwRH -NaqbYE6gZj3LJgqcQKH0XZi/caulAGgq7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jW -DA+wWFjbw2Y3npuRVDM30pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFV -d9oKDMyXroDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIGA1Ud -EwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5jaGFtYmVyc2lnbi5v -cmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p26EpW1eLTXYGduHRooowDgYDVR0P -AQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hh -bWJlcnNpZ24ub3JnMCcGA1UdEgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYD -VR0gBFEwTzBNBgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz -aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAAxBl8IahsAi -fJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZdp0AJPaxJRUXcLo0waLIJuvvD -L8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wN -UPf6s+xCX6ndbcj0dc97wXImsQEcXCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/n -ADydb47kMgkdTXg0eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1 -erfutGWaIZDgqtCYvDi1czyL+Nw= ------END CERTIFICATE----- - -Camerfirma Global Chambersign Root -================================== ------BEGIN CERTIFICATE----- -MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe -QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i -ZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYx -NDE4WhcNMzcwOTMwMTYxNDE4WjB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJt -YSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEg -MB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAw -ggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0Mi+ITaFgCPS3CU6gSS9J -1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/sQJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8O -by4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpVeAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl -6DJWk0aJqCWKZQbua795B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c -8lCrEqWhz0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0TAQH/ -BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1iZXJzaWduLm9yZy9j -aGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4wTcbOX60Qq+UDpfqpFDAOBgNVHQ8B -Af8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBj -aGFtYmVyc2lnbi5vcmcwKgYDVR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9y -ZzBbBgNVHSAEVDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh -bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0BAQUFAAOCAQEA -PDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUMbKGKfKX0j//U2K0X1S0E0T9Y -gOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXiryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJ -PJ7oKXqJ1/6v/2j1pReQvayZzKWGVwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4 -IBHNfTIzSJRUTN3cecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREes -t2d/AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== ------END CERTIFICATE----- - XRamp Global CA Root ==================== -----BEGIN CERTIFICATE----- @@ -760,47 +518,6 @@ KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3 QBFGmh95DmK/D5fs4C8fF5Q= -----END CERTIFICATE----- -StartCom Certification Authority -================================ ------BEGIN CERTIFICATE----- -MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN -U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu -ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0 -NjM2WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk -LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg -U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw -ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y -o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/ -Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d -eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt -2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z -6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ -osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/ -untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc -UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT -37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE -FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0 -Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNj -YS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUH -AgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRw -Oi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYg -U3RhcnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5 -LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENl -cnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUgYXQgaHR0cDovL2NlcnQuc3Rh -cnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilT -dGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC -AgEAFmyZ9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8jhvh -3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUWFjgKXlf2Ysd6AgXm -vB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHk -fY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3 -fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZ -EoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq -yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl -1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/7HW/ -lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkyShNOsF/5oirpt9P/FlUQqmMGqz9IgcgA38coro -g14= ------END CERTIFICATE----- - Taiwan GRCA =========== -----BEGIN CERTIFICATE----- @@ -831,38 +548,6 @@ CZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v3Aun+kbfYNucpllQdSNpc5Oy +fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYsfPQS -----END CERTIFICATE----- -Swisscom Root CA 1 -================== ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQG -EwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy -dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4 -MTgyMjA2MjBaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGln -aXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIIC -IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9m2BtRsiM -MW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdihFvkcxC7mlSpnzNApbjyF -NDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/TilftKaNXXsLmREDA/7n29uj/x2lzZAe -AR81sH8A25Bvxn570e56eqeqDFdvpG3FEzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkC -b6dJtDZd0KTeByy2dbcokdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn -7uHbHaBuHYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNFvJbN -cA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo19AOeCMgkckkKmUp -WyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjCL3UcPX7ape8eYIVpQtPM+GP+HkM5 -haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJWbjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNY -MUJDLXT5xp6mig/p/r+D5kNXJLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw -HQYDVR0hBBYwFDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j -BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzcK6FptWfUjNP9 -MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzfky9NfEBWMXrrpA9gzXrzvsMn -jgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7IkVh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQ -MbFamIp1TpBcahQq4FJHgmDmHtqBsfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4H -VtA4oJVwIHaM190e3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtl -vrsRls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ipmXeascCl -OS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HHb6D0jqTsNFFbjCYDcKF3 -1QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksfrK/7DZBaZmBwXarNeNQk7shBoJMBkpxq -nvy5JMWzFYJ+vq6VK+uxwNrjAWALXmmshFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCy -x/yP2FS1k2Kdzs9Z+z0YzirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMW -NY6E0F/6MBr1mmz0DlP5OlvRHA== ------END CERTIFICATE----- - DigiCert Assured ID Root CA =========================== -----BEGIN CERTIFICATE----- @@ -971,30 +656,6 @@ RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ -----END CERTIFICATE----- -DST ACES CA X6 -============== ------BEGIN CERTIFICATE----- -MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQG -EwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QxETAPBgNVBAsTCERTVCBBQ0VT -MRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0wMzExMjAyMTE5NThaFw0xNzExMjAyMTE5NTha -MFsxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UE -CxMIRFNUIEFDRVMxFzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPuktKe1jzI -DZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7gLFViYsx+tC3dr5BPTCa -pCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZHfAjIgrrep4c9oW24MFbCswKBXy314pow -GCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4aahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPy -MjwmR/onJALJfh1biEITajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1Ud -EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rkc3Qu -Y29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjtodHRwOi8vd3d3LnRy -dXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMtaW5kZXguaHRtbDAdBgNVHQ4EFgQU -CXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZIhvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V2 -5FYrnJmQ6AgwbN99Pe7lv7UkQIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6t -Fr8hlxCBPeP/h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq -nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpRrscL9yuwNwXs -vFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf29w4LTJxoeHtxMcfrHuBnQfO3 -oKfN5XozNmr6mis= ------END CERTIFICATE----- - SwissSign Gold CA - G2 ====================== -----BEGIN CERTIFICATE----- @@ -1237,27 +898,6 @@ FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= -----END CERTIFICATE----- -Security Communication EV RootCA1 -================================= ------BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDElMCMGA1UEChMc -U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMhU2VjdXJpdHkgQ29tbXVuaWNh -dGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIzMloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UE -BhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNl -Y3VyaXR5IENvbW11bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSERMqm4miO -/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gOzXppFodEtZDkBp2uoQSX -WHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4z -ZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDFMxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4 -bepJz11sS6/vmsJWXMY1VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK -9U2vP9eCOKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG -SIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HWtWS3irO4G8za+6xm -iEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZq51ihPZRwSzJIxXYKLerJRO1RuGG -Av8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDbEJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnW -mHyojf6GPgcWkuF75x3sM3Z+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEW -T1MKZPlO9L9OVL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490 ------END CERTIFICATE----- - OISTE WISeKey Global Root GA CA =============================== -----BEGIN CERTIFICATE----- @@ -1378,34 +1018,6 @@ sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw= -----END CERTIFICATE----- -T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3 -============================================================================================================================= ------BEGIN CERTIFICATE----- -MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRSMRgwFgYDVQQH -DA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJpbGltc2VsIHZlIFRla25vbG9q -aWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSwVEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ry -b25payB2ZSBLcmlwdG9sb2ppIEFyYcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNV -BAsMGkthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUg -S8O2ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAeFw0wNzA4 -MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIxGDAWBgNVBAcMD0dlYnpl -IC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmlsaW1zZWwgdmUgVGVrbm9sb2ppayBBcmHF -n3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBUQUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZl -IEtyaXB0b2xvamkgQXJhxZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2Ft -dSBTZXJ0aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7ZrIFNl -cnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4hgb46ezzb8R1Sf1n68yJMlaCQvEhO -Eav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yKO7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1 -xnnRFDDtG1hba+818qEhTsXOfJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR -6Oqeyjh1jmKwlZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL -hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQIDAQABo0IwQDAd -BgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmPNOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4 -N5EY3ATIZJkrGG2AA1nJrvhY0D7twyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLT -y9LQQfMmNkqblWwM7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYh -LBOhgLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5noN+J1q2M -dqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUsyZyQ2uypQjyttgI= ------END CERTIFICATE----- - certSIGN ROOT CA ================ -----BEGIN CERTIFICATE----- @@ -1426,27 +1038,6 @@ vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD -----END CERTIFICATE----- -CNNIC ROOT -========== ------BEGIN CERTIFICATE----- -MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJDTjEOMAwGA1UE -ChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2MDcwOTE0WhcNMjcwNDE2MDcw -OTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1Qw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzD -o+/hn7E7SIX1mlwhIhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tiz -VHa6dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZOV/kbZKKT -VrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrCGHn2emU1z5DrvTOTn1Or -czvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gNv7Sg2Ca+I19zN38m5pIEo3/PIKe38zrK -y5nLAgMBAAGjczBxMBEGCWCGSAGG+EIBAQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscC -wQ7vptU7ETAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991S -lgrHAsEO76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnKOOK5 -Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvHugDnuL8BV8F3RTIM -O/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7HgviyJA/qIYM/PmLXoXLT1tLYhFHxUV8 -BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fLbuXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2 -G8kS1sHNzYDzAgE8yGnLRUhj2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5m -mxE= ------END CERTIFICATE----- - GeoTrust Primary Certification Authority - G3 ============================================= -----BEGIN CERTIFICATE----- @@ -1674,37 +1265,6 @@ y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061 lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I= -----END CERTIFICATE----- -ACEDICOM Root -============= ------BEGIN CERTIFICATE----- -MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UEAwwNQUNFRElD -T00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMB4XDTA4 -MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEWMBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoG -A1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHk -WLn709gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7XBZXehuD -YAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5PGrjm6gSSrj0RuVFCPYew -MYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAKt0SdE3QrwqXrIhWYENiLxQSfHY9g5QYb -m8+5eaA9oiM/Qj9r+hwDezCNzmzAv+YbX79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbk -HQl/Sog4P75n/TSW9R28MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTT -xKJxqvQUfecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI2Sf2 -3EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyHK9caUPgn6C9D4zq9 -2Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEaeZAwUswdbxcJzbPEHXEUkFDWug/Fq -TYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz -4SsrSbbXc6GqlPUB53NlTKxQMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU -9QHnc2VMrFAwRAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv -bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWImfQwng4/F9tqg -aHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3gvoFNTPhNahXwOf9jU8/kzJP -eGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKeI6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1Pwk -zQSulgUV1qzOMPPKC8W64iLgpq0i5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1 -ThCojz2GuHURwCRiipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oI -KiMnMCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZo5NjEFIq -nxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6zqylfDJKZ0DcMDQj3dcE -I2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacNGHk0vFQYXlPKNFHtRQrmjseCNj6nOGOp -MCwXEGCSn1WHElkQwg9naRHMTh5+Spqtr0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3o -tkYNbn5XOmeUwssfnHdKZ05phkOTOPu220+DkdRgfks+KzgHVZhepA== ------END CERTIFICATE----- - Microsec e-Szigno Root CA 2009 ============================== -----BEGIN CERTIFICATE----- @@ -2065,37 +1625,6 @@ Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI 03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= -----END CERTIFICATE----- -Certinomis - Autorité Racine -============================ ------BEGIN CERTIFICATE----- -MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjETMBEGA1UEChMK -Q2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAkBgNVBAMMHUNlcnRpbm9taXMg -LSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkG -A1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYw -JAYDVQQDDB1DZXJ0aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jYF1AMnmHa -wE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N8y4oH3DfVS9O7cdxbwly -Lu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWerP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw -2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92N -jMD2AR5vpTESOH2VwnHu7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9q -c1pkIuVC28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6lSTC -lrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1Enn1So2+WLhl+HPNb -xxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB0iSVL1N6aaLwD4ZFjliCK0wi1F6g -530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql095gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna -4NH4+ej9Uji29YnfAgMBAAGjWzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G -A1UdDgQWBBQNjLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ -KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9sov3/4gbIOZ/x -WqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZMOH8oMDX/nyNTt7buFHAAQCva -R6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40 -nJ+U8/aGH88bc62UeYdocMMzpXDn2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1B -CxMjidPJC+iKunqjo3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjv -JL1vnxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG5ERQL1TE -qkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWqpdEdnV1j6CTmNhTih60b -WfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZbdsLLO7XSAPCjDuGtbkD326C00EauFddE -wk01+dIL8hf2rGbVJLJP0RyZwG71fet0BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/ -vgt2Fl43N+bYdJeimUV5 ------END CERTIFICATE----- - TWCA Root Certification Authority ================================= -----BEGIN CERTIFICATE----- @@ -2244,75 +1773,6 @@ l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl iB6XzCGcKQENZetX2fNXlrtIzYE= -----END CERTIFICATE----- -StartCom Certification Authority -================================ ------BEGIN CERTIFICATE----- -MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN -U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu -ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0 -NjM3WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk -LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg -U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw -ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y -o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/ -Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d -eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt -2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z -6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ -osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/ -untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc -UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT -37uMdBNSSwIDAQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD -VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQ -Qa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCCATgwLgYIKwYBBQUHAgEWImh0 -dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu -c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENv -bW1lcmNpYWwgKFN0YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0 -aGUgc2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0 -aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t -L3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBG -cmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5 -fPGFf59Jb2vKXfuM/gTFwWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWm -N3PH/UvSTa0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst0OcN -Org+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNcpRJvkrKTlMeIFw6T -tn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKlCcWw0bdT82AUuoVpaiF8H3VhFyAX -e2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVFP0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA -2MFrLH9ZXF2RsXAiV+uKa0hK1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBs -HvUwyKMQ5bLmKhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE -JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ8dCAWZvLMdib -D4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnmfyWl8kgAwKQB2j8= ------END CERTIFICATE----- - -StartCom Certification Authority G2 -=================================== ------BEGIN CERTIFICATE----- -MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMN -U3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -RzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UE -ChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8O -o1XJJZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsDvfOpL9HG -4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnooD/Uefyf3lLE3PbfHkffi -Aez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/Q0kGi4xDuFby2X8hQxfqp0iVAXV16iul -Q5XqFYSdCI0mblWbq9zSOdIxHWDirMxWRST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbs -O+wmETRIjfaAKxojAuuKHDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8H -vKTlXcxNnw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM0D4L -nMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/iUUjXuG+v+E5+M5iS -FGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9Ha90OrInwMEePnWjFqmveiJdnxMa -z6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHgTuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJ -KoZIhvcNAQELBQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K -2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfXUfEpY9Z1zRbk -J4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl6/2o1PXWT6RbdejF0mCy2wl+ -JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG -/+gyRr61M3Z3qAFdlsHB1b6uJcDJHgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTc -nIhT76IxW1hPkWLIwpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/Xld -blhYXzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5lIxKVCCIc -l85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoohdVddLHRDiBYmxOlsGOm -7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulrso8uBtjRkcfGEvRM/TAXw8HaOFvjqerm -obp573PYtlNXLfbQ4ddI ------END CERTIFICATE----- - Buypass Class 2 Root CA ======================= -----BEGIN CERTIFICATE----- @@ -2419,31 +1879,6 @@ uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU dcGWxZ0= -----END CERTIFICATE----- -TURKTRUST Certificate Services Provider Root 2007 -================================================= ------BEGIN CERTIFICATE----- -MIIEPTCCAyWgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvzE/MD0GA1UEAww2VMOcUktUUlVTVCBF -bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEP -MA0GA1UEBwwGQW5rYXJhMV4wXAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUg -QmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgQXJhbMSxayAyMDA3MB4X -DTA3MTIyNTE4MzcxOVoXDTE3MTIyMjE4MzcxOVowgb8xPzA9BgNVBAMMNlTDnFJLVFJVU1QgRWxl -a3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTELMAkGA1UEBhMCVFIxDzAN -BgNVBAcMBkFua2FyYTFeMFwGA1UECgxVVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZlIEJp -bGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7Fni4gKGMpIEFyYWzEsWsgMjAwNzCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKu3PgqMyKVYFeaK7yc9SrToJdPNM8Ig3BnuiD9N -YvDdE3ePYakqtdTyuTFYKTsvP2qcb3N2Je40IIDu6rfwxArNK4aUyeNgsURSsloptJGXg9i3phQv -KUmi8wUG+7RP2qFsmmaf8EMJyupyj+sA1zU511YXRxcw9L6/P8JorzZAwan0qafoEGsIiveGHtya -KhUG9qPw9ODHFNRRf8+0222vR5YXm3dx2KdxnSQM9pQ/hTEST7ruToK4uT6PIzdezKKqdfcYbwnT -rqdUKDT74eA7YH2gvnmJhsifLfkKS8RQouf9eRbHegsYz85M733WB2+Y8a+xwXrXgTW4qhe04MsC -AwEAAaNCMEAwHQYDVR0OBBYEFCnFkKslrxHkYb+j/4hhkeYO/pyBMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAQDdr4Ouwo0RSVgrESLFF6QSU2TJ/s -Px+EnWVUXKgWAkD6bho3hO9ynYYKVZ1WKKxmLNA6VpM0ByWtCLCPyA8JWcqdmBzlVPi5RX9ql2+I -aE1KBiY3iAIOtsbWcpnOa3faYjGkVh+uX4132l32iPwa2Z61gfAyuOOI0JzzaqC5mxRZNTZPz/OO -Xl0XrRWV2N2y1RVuAE6zS89mlOTgzbUF2mNXi+WzqtvALhyQRNsaXRik7r4EW5nVcV9VZWRi1aKb -BFmGyGJ353yCRWo9F7/snXUMrqNvWtMvmDb08PUZqxFdyKbjKlhqQgnDvZImZjINXQhVdP+MmNAK -poRq0Tl9 ------END CERTIFICATE----- - D-TRUST Root Class 3 CA 2 2009 ============================== -----BEGIN CERTIFICATE----- @@ -2493,171 +1928,6 @@ NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv w9y4AyHqnxbxLFS1 -----END CERTIFICATE----- -PSCProcert -========== ------BEGIN CERTIFICATE----- -MIIJhjCCB26gAwIBAgIBCzANBgkqhkiG9w0BAQsFADCCAR4xPjA8BgNVBAMTNUF1dG9yaWRhZCBk -ZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9sYW5vMQswCQYDVQQGEwJWRTEQ -MA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlzdHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lz -dGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBl -cmludGVuZGVuY2lhIGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUw -IwYJKoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyODE2NTEwMFoXDTIw -MTIyNTIzNTk1OVowgdExJjAkBgkqhkiG9w0BCQEWF2NvbnRhY3RvQHByb2NlcnQubmV0LnZlMQ8w -DQYDVQQHEwZDaGFjYW8xEDAOBgNVBAgTB01pcmFuZGExKjAoBgNVBAsTIVByb3ZlZWRvciBkZSBD -ZXJ0aWZpY2Fkb3MgUFJPQ0VSVDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZp -Y2FjaW9uIEVsZWN0cm9uaWNhMQswCQYDVQQGEwJWRTETMBEGA1UEAxMKUFNDUHJvY2VydDCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANW39KOUM6FGqVVhSQ2oh3NekS1wwQYalNo97BVC -wfWMrmoX8Yqt/ICV6oNEolt6Vc5Pp6XVurgfoCfAUFM+jbnADrgV3NZs+J74BCXfgI8Qhd19L3uA -3VcAZCP4bsm+lU/hdezgfl6VzbHvvnpC2Mks0+saGiKLt38GieU89RLAu9MLmV+QfI4tL3czkkoh -RqipCKzx9hEC2ZUWno0vluYC3XXCFCpa1sl9JcLB/KpnheLsvtF8PPqv1W7/U0HU9TI4seJfxPmO -EO8GqQKJ/+MMbpfg353bIdD0PghpbNjU5Db4g7ayNo+c7zo3Fn2/omnXO1ty0K+qP1xmk6wKImG2 -0qCZyFSTXai20b1dCl53lKItwIKOvMoDKjSuc/HUtQy9vmebVOvh+qBa7Dh+PsHMosdEMXXqP+UH -0quhJZb25uSgXTcYOWEAM11G1ADEtMo88aKjPvM6/2kwLkDd9p+cJsmWN63nOaK/6mnbVSKVUyqU -td+tFjiBdWbjxywbk5yqjKPK2Ww8F22c3HxT4CAnQzb5EuE8XL1mv6JpIzi4mWCZDlZTOpx+FIyw -Bm/xhnaQr/2v/pDGj59/i5IjnOcVdo/Vi5QTcmn7K2FjiO/mpF7moxdqWEfLcU8UC17IAggmosvp -r2uKGcfLFFb14dq12fy/czja+eevbqQ34gcnAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/ -AgEBMDcGA1UdEgQwMC6CD3N1c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAz -Ni0wMB0GA1UdDgQWBBRBDxk4qpl/Qguk1yeYVKIXTC1RVDCCAVAGA1UdIwSCAUcwggFDgBStuyId -xuDSAaj9dlBSk+2YwU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0b3JpZGFkIGRlIENlcnRp -ZmljYWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xhbm8xCzAJBgNVBAYTAlZFMRAwDgYDVQQH -EwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0cml0byBDYXBpdGFsMTYwNAYDVQQKEy1TaXN0ZW1hIE5h -Y2lvbmFsIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5k -ZW5jaWEgZGUgU2VydmljaW9zIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkqhkiG -9w0BCQEWFmFjcmFpekBzdXNjZXJ0ZS5nb2IudmWCAQowDgYDVR0PAQH/BAQDAgEGME0GA1UdEQRG -MESCDnByb2NlcnQubmV0LnZloBUGBWCGXgIBoAwMClBTQy0wMDAwMDKgGwYFYIZeAgKgEgwQUklG -LUotMzE2MzUzNzMtNzB2BgNVHR8EbzBtMEagRKBChkBodHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52 -ZS9sY3IvQ0VSVElGSUNBRE8tUkFJWi1TSEEzODRDUkxERVIuY3JsMCOgIaAfhh1sZGFwOi8vYWNy -YWl6LnN1c2NlcnRlLmdvYi52ZTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9v -Y3NwLnN1c2NlcnRlLmdvYi52ZTBBBgNVHSAEOjA4MDYGBmCGXgMBAjAsMCoGCCsGAQUFBwIBFh5o -dHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9kcGMwDQYJKoZIhvcNAQELBQADggIBACtZ6yKZu4Sq -T96QxtGGcSOeSwORR3C7wJJg7ODU523G0+1ng3dS1fLld6c2suNUvtm7CpsR72H0xpkzmfWvADmN -g7+mvTV+LFwxNG9s2/NkAZiqlCxB3RWGymspThbASfzXg0gTB1GEMVKIu4YXx2sviiCtxQuPcD4q -uxtxj7mkoP3YldmvWb8lK5jpY5MvYB7Eqvh39YtsL+1+LrVPQA3uvFd359m21D+VJzog1eWuq2w1 -n8GhHVnchIHuTQfiSLaeS5UtQbHh6N5+LwUeaO6/u5BlOsju6rEYNxxik6SgMexxbJHmpHmJWhSn -FFAFTKQAVzAswbVhltw+HoSvOULP5dAssSS830DD7X9jSr3hTxJkhpXzsOfIt+FTvZLm8wyWuevo -5pLtp4EJFAv8lXrPj9Y0TzYS3F7RNHXGRoAvlQSMx4bEqCaJqD8Zm4G7UaRKhqsLEQ+xrmNTbSjq -3TNWOByyrYDT13K9mmyZY+gAu0F2BbdbmRiKw7gSXFbPVgx96OLP7bx0R/vu0xdOIk9W/1DzLuY5 -poLWccret9W6aAjtmcz9opLLabid+Qqkpj5PkygqYWwHJgD/ll9ohri4zspV4KuxPX+Y1zMOWj3Y -eMLEYC/HYvBhkdI4sPaeVdtAgAUSM84dkpvRabP/v/GSCmE1P93+hvS84Bpxs2Km ------END CERTIFICATE----- - -China Internet Network Information Center EV Certificates Root -============================================================== ------BEGIN CERTIFICATE----- -MIID9zCCAt+gAwIBAgIESJ8AATANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCQ04xMjAwBgNV -BAoMKUNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyMUcwRQYDVQQDDD5D -aGluYSBJbnRlcm5ldCBOZXR3b3JrIEluZm9ybWF0aW9uIENlbnRlciBFViBDZXJ0aWZpY2F0ZXMg -Um9vdDAeFw0xMDA4MzEwNzExMjVaFw0zMDA4MzEwNzExMjVaMIGKMQswCQYDVQQGEwJDTjEyMDAG -A1UECgwpQ2hpbmEgSW50ZXJuZXQgTmV0d29yayBJbmZvcm1hdGlvbiBDZW50ZXIxRzBFBgNVBAMM -PkNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyIEVWIENlcnRpZmljYXRl -cyBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm35z7r07eKpkQ0H1UN+U8i6y -jUqORlTSIRLIOTJCBumD1Z9S7eVnAztUwYyZmczpwA//DdmEEbK40ctb3B75aDFk4Zv6dOtouSCV -98YPjUesWgbdYavi7NifFy2cyjw1l1VxzUOFsUcW9SxTgHbP0wBkvUCZ3czY28Sf1hNfQYOL+Q2H -klY0bBoQCxfVWhyXWIQ8hBouXJE0bhlffxdpxWXvayHG1VA6v2G5BY3vbzQ6sm8UY78WO5upKv23 -KzhmBsUs4qpnHkWnjQRmQvaPK++IIGmPMowUc9orhpFjIpryp9vOiYurXccUwVswah+xt54ugQEC -7c+WXmPbqOY4twIDAQABo2MwYTAfBgNVHSMEGDAWgBR8cks5x8DbYqVPm6oYNJKiyoOCWTAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUfHJLOcfA22KlT5uqGDSSosqD -glkwDQYJKoZIhvcNAQEFBQADggEBACrDx0M3j92tpLIM7twUbY8opJhJywyA6vPtI2Z1fcXTIWd5 -0XPFtQO3WKwMVC/GVhMPMdoG52U7HW8228gd+f2ABsqjPWYWqJ1MFn3AlUa1UeTiH9fqBk1jjZaM -7+czV0I664zBechNdn3e9rG3geCg+aF4RhcaVpjwTj2rHO3sOdwHSPdj/gauwqRcalsyiMXHM4Ws -ZkJHwlgkmeHlPuV1LI5D1l08eB6olYIpUNHRFrrvwb562bTYzB5MRuF3sTGrvSrIzo9uoV1/A3U0 -5K2JRVRevq4opbs/eHnrc7MKDf2+yfdWrPa37S+bISnHOLaVxATywy39FCqQmbkHzJ8= ------END CERTIFICATE----- - -Swisscom Root CA 2 -================== ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQG -EwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy -dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2 -MjUwNzM4MTRaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGln -aXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIIC -IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvErjw0DzpPM -LgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r0rk0X2s682Q2zsKwzxNo -ysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJ -wDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVPACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpH -Wrumnf2U5NGKpV+GY3aFy6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1a -SgJA/MTAtukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL6yxS -NLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0uPoTXGiTOmekl9Ab -mbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrALacywlKinh/LTSlDcX3KwFnUey7QY -Ypqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velhk6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3 -qPyZ7iVNTA6z00yPhOgpD/0QVAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw -HQYDVR0hBBYwFDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O -BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqhb97iEoHF8Twu -MA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4RfbgZPnm3qKhyN2abGu2sEzsO -v2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ -82YqZh6NM4OKb3xuqFp1mrjX2lhIREeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLz -o9v/tdhZsnPdTSpxsrpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcs -a0vvaGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciATwoCqISxx -OQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99nBjx8Oto0QuFmtEYE3saW -mA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5Wt6NlUe07qxS/TFED6F+KBZvuim6c779o -+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TC -rvJcwhbtkj6EPnNgiLx29CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX -5OfNeOI5wSsSnqaeG8XmDtkx2Q== ------END CERTIFICATE----- - -Swisscom Root EV CA 2 -===================== ------BEGIN CERTIFICATE----- -MIIF4DCCA8igAwIBAgIRAPL6ZOJ0Y9ON/RAdBB92ylgwDQYJKoZIhvcNAQELBQAwZzELMAkGA1UE -BhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdpdGFsIENlcnRpZmljYXRlIFNl -cnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290IEVWIENBIDIwHhcNMTEwNjI0MDk0NTA4WhcN -MzEwNjI1MDg0NTA4WjBnMQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsT -HERpZ2l0YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxHjAcBgNVBAMTFVN3aXNzY29tIFJvb3QgRVYg -Q0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMT3HS9X6lds93BdY7BxUglgRCgz -o3pOCvrY6myLURYaVa5UJsTMRQdBTxB5f3HSek4/OE6zAMaVylvNwSqD1ycfMQ4jFrclyxy0uYAy -Xhqdk/HoPGAsp15XGVhRXrwsVgu42O+LgrQ8uMIkqBPHoCE2G3pXKSinLr9xJZDzRINpUKTk4Rti -GZQJo/PDvO/0vezbE53PnUgJUmfANykRHvvSEaeFGHR55E+FFOtSN+KxRdjMDUN/rhPSays/p8Li -qG12W0OfvrSdsyaGOx9/5fLoZigWJdBLlzin5M8J0TbDC77aO0RYjb7xnglrPvMyxyuHxuxenPaH -Za0zKcQvidm5y8kDnftslFGXEBuGCxobP/YCfnvUxVFkKJ3106yDgYjTdLRZncHrYTNaRdHLOdAG -alNgHa/2+2m8atwBz735j9m9W8E6X47aD0upm50qKGsaCnw8qyIL5XctcfaCNYGu+HuB5ur+rPQa -m3Rc6I8k9l2dRsQs0h4rIWqDJ2dVSqTjyDKXZpBy2uPUZC5f46Fq9mDU5zXNysRojddxyNMkM3Ox -bPlq4SjbX8Y96L5V5jcb7STZDxmPX2MYWFCBUWVv8p9+agTnNCRxunZLWB4ZvRVgRaoMEkABnRDi -xzgHcgplwLa7JSnaFp6LNYth7eVxV4O1PHGf40+/fh6Bn0GXAgMBAAGjgYYwgYMwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdIQQWMBQwEgYHYIV0AVMCAgYHYIV0AVMCAjASBgNVHRMBAf8ECDAGAQH/AgED -MB0GA1UdDgQWBBRF2aWBbj2ITY1x0kbBbkUe88SAnTAfBgNVHSMEGDAWgBRF2aWBbj2ITY1x0kbB -bkUe88SAnTANBgkqhkiG9w0BAQsFAAOCAgEAlDpzBp9SSzBc1P6xXCX5145v9Ydkn+0UjrgEjihL -j6p7jjm02Vj2e6E1CqGdivdj5eu9OYLU43otb98TPLr+flaYC/NUn81ETm484T4VvwYmneTwkLbU -wp4wLh/vx3rEUMfqe9pQy3omywC0Wqu1kx+AiYQElY2NfwmTv9SoqORjbdlk5LgpWgi/UOGED1V7 -XwgiG/W9mR4U9s70WBCCswo9GcG/W6uqmdjyMb3lOGbcWAXH7WMaLgqXfIeTK7KK4/HsGOV1timH -59yLGn602MnTihdsfSlEvoqq9X46Lmgxk7lq2prg2+kupYTNHAq4Sgj5nPFhJpiTt3tm7JFe3VE/ -23MPrQRYCd0EApUKPtN236YQHoA96M2kZNEzx5LH4k5E4wnJTsJdhw4Snr8PyQUQ3nqjsTzyP6Wq -J3mtMX0f/fwZacXduT98zca0wjAefm6S139hdlqP65VNvBFuIXxZN5nQBrz5Bm0yFqXZaajh3DyA -HmBR3NdUIR7KYndP+tiPsys6DXhyyWhBWkdKwqPrGtcKqzwyVcgKEZzfdNbwQBUdyLmPtTbFr/gi -uMod89a2GQ+fYWVq6nTIfI/DT11lgh/ZDYnadXL77/FHZxOzyNEZiCcmmpl5fx7kLD977vHeTYuW -l8PVP3wbI+2ksx0WckNLIOFZfsLorSa/ovc= ------END CERTIFICATE----- - -CA Disig Root R1 -================ ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAlNLMRMw -EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp -ZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQyMDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sx -EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp -c2lnIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy -3QRkD2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/oOI7bm+V8 -u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3AfQ+lekLZWnDZv6fXARz2 -m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJeIgpFy4QxTaz+29FHuvlglzmxZcfe+5nk -CiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8noc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTa -YVKvJrT1cU/J19IG32PK/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6 -vpmumwKjrckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD3AjL -LhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE7cderVC6xkGbrPAX -ZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkCyC2fg69naQanMVXVz0tv/wQFx1is -XxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLdqvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ -04IwDQYJKoZIhvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR -xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaASfX8MPWbTx9B -LxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXoHqJPYNcHKfyyo6SdbhWSVhlM -CrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpBemOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5Gfb -VSUZP/3oNn6z4eGBrxEWi1CXYBmCAMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85 -YmLLW1AL14FABZyb7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKS -ds+xDzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvkF7mGnjix -lAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqFa3qdnom2piiZk4hA9z7N -UaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsTQ6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJ -a7+h89n07eLw4+1knj0vllJPgFOL ------END CERTIFICATE----- - CA Disig Root R2 ================ -----BEGIN CERTIFICATE----- @@ -3061,66 +2331,6 @@ G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP 82Z+ -----END CERTIFICATE----- -WoSign -====== ------BEGIN CERTIFICATE----- -MIIFdjCCA16gAwIBAgIQXmjWEXGUY1BWAGjzPsnFkTANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQG -EwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxKjAoBgNVBAMTIUNlcnRpZmljYXRpb24g -QXV0aG9yaXR5IG9mIFdvU2lnbjAeFw0wOTA4MDgwMTAwMDFaFw0zOTA4MDgwMTAwMDFaMFUxCzAJ -BgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEqMCgGA1UEAxMhQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkgb2YgV29TaWduMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA -vcqNrLiRFVaXe2tcesLea9mhsMMQI/qnobLMMfo+2aYpbxY94Gv4uEBf2zmoAHqLoE1UfcIiePyO -CbiohdfMlZdLdNiefvAA5A6JrkkoRBoQmTIPJYhTpA2zDxIIFgsDcSccf+Hb0v1naMQFXQoOXXDX -2JegvFNBmpGN9J42Znp+VsGQX+axaCA2pIwkLCxHC1l2ZjC1vt7tj/id07sBMOby8w7gLJKA84X5 -KIq0VC6a7fd2/BVoFutKbOsuEo/Uz/4Mx1wdC34FMr5esAkqQtXJTpCzWQ27en7N1QhatH/YHGkR -+ScPewavVIMYe+HdVHpRaG53/Ma/UkpmRqGyZxq7o093oL5d//xWC0Nyd5DKnvnyOfUNqfTq1+ez -EC8wQjchzDBwyYaYD8xYTYO7feUapTeNtqwylwA6Y3EkHp43xP901DfA4v6IRmAR3Qg/UDaruHqk -lWJqbrDKaiFaafPz+x1wOZXzp26mgYmhiMU7ccqjUu6Du/2gd/Tkb+dC221KmYo0SLwX3OSACCK2 -8jHAPwQ+658geda4BmRkAjHXqc1S+4RFaQkAKtxVi8QGRkvASh0JWzko/amrzgD5LkhLJuYwTKVY -yrREgk/nkR4zw7CT/xH8gdLKH3Ep3XZPkiWvHYG3Dy+MwwbMLyejSuQOmbp8HkUff6oZRZb9/D0C -AwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOFmzw7R -8bNLtwYgFP6HEtX2/vs+MA0GCSqGSIb3DQEBBQUAA4ICAQCoy3JAsnbBfnv8rWTjMnvMPLZdRtP1 -LOJwXcgu2AZ9mNELIaCJWSQBnfmvCX0KI4I01fx8cpm5o9dU9OpScA7F9dY74ToJMuYhOZO9sxXq -T2r09Ys/L3yNWC7F4TmgPsc9SnOeQHrAK2GpZ8nzJLmzbVUsWh2eJXLOC62qx1ViC777Y7NhRCOj -y+EaDveaBk3e1CNOIZZbOVtXHS9dCF4Jef98l7VNg64N1uajeeAz0JmWAjCnPv/So0M/BVoG6kQC -2nz4SNAzqfkHx5Xh9T71XXG68pWpdIhhWeO/yloTunK0jF02h+mmxTwTv97QRCbut+wucPrXnbes -5cVAWubXbHssw1abR80LzvobtCHXt2a49CUwi1wNuepnsvRtrtWhnk/Yn+knArAdBtaP4/tIEp9/ -EaEQPkxROpaw0RPxx9gmrjrKkcRpnd8BKWRRb2jaFOwIQZeQjdCygPLPwj2/kWjFgGcexGATVdVh -mVd8upUPYUk6ynW8yQqTP2cOEvIo4jEbwFcW3wh8GcF+Dx+FHgo2fFt+J7x6v+Db9NpSvd4MVHAx -kUOVyLzwPt0JfjBkUO1/AaQzZ01oT74V77D2AhGiGxMlOtzCWfHjXEa7ZywCRuoeSKbmW9m1vFGi -kpbbqsY3Iqb+zCB0oy2pLmvLwIIRIbWTee5Ehr7XHuQe+w== ------END CERTIFICATE----- - -WoSign China -============ ------BEGIN CERTIFICATE----- -MIIFWDCCA0CgAwIBAgIQUHBrzdgT/BtOOzNy0hFIjTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQG -EwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNVBAMMEkNBIOayg+mAmuagueiv -geS5pjAeFw0wOTA4MDgwMTAwMDFaFw0zOTA4MDgwMTAwMDFaMEYxCzAJBgNVBAYTAkNOMRowGAYD -VQQKExFXb1NpZ24gQ0EgTGltaXRlZDEbMBkGA1UEAwwSQ0Eg5rKD6YCa5qC56K+B5LmmMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0EkhHiX8h8EqwqzbdoYGTufQdDTc7WU1/FDWiD+k -8H/rD195L4mx/bxjWDeTmzj4t1up+thxx7S8gJeNbEvxUNUqKaqoGXqW5pWOdO2XCld19AXbbQs5 -uQF/qvbW2mzmBeCkTVL829B0txGMe41P/4eDrv8FAxNXUDf+jJZSEExfv5RxadmWPgxDT74wwJ85 -dE8GRV2j1lY5aAfMh09Qd5Nx2UQIsYo06Yms25tO4dnkUkWMLhQfkWsZHWgpLFbE4h4TV2TwYeO5 -Ed+w4VegG63XX9Gv2ystP9Bojg/qnw+LNVgbExz03jWhCl3W6t8Sb8D7aQdGctyB9gQjF+BNdeFy -b7Ao65vh4YOhn0pdr8yb+gIgthhid5E7o9Vlrdx8kHccREGkSovrlXLp9glk3Kgtn3R46MGiCWOc -76DbT52VqyBPt7D3h1ymoOQ3OMdc4zUPLK2jgKLsLl3Az+2LBcLmc272idX10kaO6m1jGx6KyX2m -+Jzr5dVjhU1zZmkR/sgO9MHHZklTfuQZa/HpelmjbX7FF+Ynxu8b22/8DU0GAbQOXDBGVWCvOGU6 -yke6rCzMRh+yRpY/8+0mBe53oWprfi1tWFxK1I5nuPHa1UaKJ/kR8slC/k7e3x9cxKSGhxYzoacX -GKUN5AXlK8IrC6KVkLn9YDxOiT7nnO4fuwECAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud -EwEB/wQFMAMBAf8wHQYDVR0OBBYEFOBNv9ybQV0T6GTwp+kVpOGBwboxMA0GCSqGSIb3DQEBCwUA -A4ICAQBqinA4WbbaixjIvirTthnVZil6Xc1bL3McJk6jfW+rtylNpumlEYOnOXOvEESS5iVdT2H6 -yAa+Tkvv/vMx/sZ8cApBWNromUuWyXi8mHwCKe0JgOYKOoICKuLJL8hWGSbueBwj/feTZU7n85iY -r83d2Z5AiDEoOqsuC7CsDCT6eiaY8xJhEPRdF/d+4niXVOKM6Cm6jBAyvd0zaziGfjk9DgNyp115 -j0WKWa5bIW4xRtVZjc8VX90xJc/bYNaBRHIpAlf2ltTW/+op2znFuCyKGo3Oy+dCMYYFaA6eFN0A -kLppRQjbbpCBhqcqBT/mhDn4t/lXX0ykeVoQDF7Va/81XwVRHmyjdanPUIPTfPRm94KNPQx96N97 -qA4bLJyuQHCH2u2nFoJavjVsIE4iYdm8UXrNemHcSxH5/mc0zy4EZmFcV5cjjPOGG0jfKq+nwf/Y -jj4Du9gqsPoUJbJRa4ZDhS4HIxaAjUz7tGM7zMN07RujHv41D198HRaG9Q7DlfEvr10lO1Hm13ZB -ONFLAzkopR6RctR9q5czxNM+4Gm2KHmgCY0c0f9BckgG/Jou5yD5m6Leie2uPAmvylezkolwQOQv -T8Jwg0DXJCxr5wkf09XHwQj02w47HAcLQxGEIYbpgNR12KvxAmLBsX5VYc8T1yaw15zLKYs4SgsO -kI26oQ== ------END CERTIFICATE----- - COMODO RSA Certification Authority ================================== -----BEGIN CERTIFICATE----- @@ -3425,30 +2635,6 @@ kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su -----END CERTIFICATE----- -TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 -==================================================== ------BEGIN CERTIFICATE----- -MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCVFIxDzAN -BgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZlIEJp -bGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1Qg -RWxla3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAw -ODA3MDFaFw0yMzA0MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0w -SwYDVQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnE -n2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBFbGVrdHJvbmlrIFNlcnRp -ZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEApCUZ4WWe60ghUEoI5RHwWrom/4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537 -jVJp45wnEFPzpALFp/kRGml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1m -ep5Fimh34khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z5UNP -9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0hO8EuPbJbKoCPrZV -4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QIDAQABo0IwQDAdBgNVHQ4EFgQUVpkH -HtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAJ5FdnsXSDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPo -BP5yCccLqh0lVX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq -URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nfpeYVhDfwwvJl -lpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CFYv4HAqGEVka+lgqaE9chTLd8 -B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW+qtB4Uu2NQvAmxU= ------END CERTIFICATE----- - Certinomis - Root CA ==================== -----BEGIN CERTIFICATE----- @@ -3502,42 +2688,6 @@ HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= -----END CERTIFICATE----- -Certification Authority of WoSign G2 -==================================== ------BEGIN CERTIFICATE----- -MIIDfDCCAmSgAwIBAgIQayXaioidfLwPBbOxemFFRDANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQG -EwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxLTArBgNVBAMTJENlcnRpZmljYXRpb24g -QXV0aG9yaXR5IG9mIFdvU2lnbiBHMjAeFw0xNDExMDgwMDU4NThaFw00NDExMDgwMDU4NThaMFgx -CzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEtMCsGA1UEAxMkQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAvsXEoCKASU+/2YcRxlPhuw+9YH+v9oIOH9ywjj2X4FA8jzrvZjtFB5sg+OPXJYY1kBai -XW8wGQiHC38Gsp1ij96vkqVg1CuAmlI/9ZqD6TRay9nVYlzmDuDfBpgOgHzKtB0TiGsOqCR3A9Du -W/PKaZE1OVbFbeP3PU9ekzgkyhjpJMuSA93MHD0JcOQg5PGurLtzaaNjOg9FD6FKmsLRY6zLEPg9 -5k4ot+vElbGs/V6r+kHLXZ1L3PR8du9nfwB6jdKgGlxNIuG12t12s9R23164i5jIFFTMaxeSt+BK -v0mUYQs4kI9dJGwlezt52eJ+na2fmKEG/HgUYFf47oB3sQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+mCp62XF3RYUCE4MD42b4Pdkr2cwDQYJKoZI -hvcNAQELBQADggEBAFfDejaCnI2Y4qtAqkePx6db7XznPWZaOzG73/MWM5H8fHulwqZm46qwtyeY -P0nXYGdnPzZPSsvxFPpahygc7Y9BMsaV+X3avXtbwrAh449G3CE4Q3RM+zD4F3LBMvzIkRfEzFg3 -TgvMWvchNSiDbGAtROtSjFA9tWwS1/oJu2yySrHFieT801LYYRf+epSEj3m2M1m6D8QL4nCgS3gu -+sif/a+RZQp4OBXllxcU3fngLDT4ONCEIgDAFFEYKwLcMFrw6AF8NTojrwjkr6qOKEJJLvD1mTS+ -7Q9LGOHSJDy7XUe3IfKN0QqZjuNuPq1w4I+5ysxugTH2e5x6eeRncRg= ------END CERTIFICATE----- - -CA WoSign ECC Root -================== ------BEGIN CERTIFICATE----- -MIICCTCCAY+gAwIBAgIQaEpYcIBr8I8C+vbe6LCQkDAKBggqhkjOPQQDAzBGMQswCQYDVQQGEwJD -TjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNVBAMTEkNBIFdvU2lnbiBFQ0MgUm9v -dDAeFw0xNDExMDgwMDU4NThaFw00NDExMDgwMDU4NThaMEYxCzAJBgNVBAYTAkNOMRowGAYDVQQK -ExFXb1NpZ24gQ0EgTGltaXRlZDEbMBkGA1UEAxMSQ0EgV29TaWduIEVDQyBSb290MHYwEAYHKoZI -zj0CAQYFK4EEACIDYgAE4f2OuEMkq5Z7hcK6C62N4DrjJLnSsb6IOsq/Srj57ywvr1FQPEd1bPiU -t5v8KB7FVMxjnRZLU8HnIKvNrCXSf4/CwVqCXjCLelTOA7WRf6qU0NGKSMyCBSah1VES1ns2o0Iw -QDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUqv3VWqP2h4syhf3R -MluARZPzA7gwCgYIKoZIzj0EAwMDaAAwZQIxAOSkhLCB1T2wdKyUpOgOPQB0TKGXa/kNUTyh2Tv0 -Daupn75OcsqF1NnstTJFGG+rrQIwfcf3aWMvoeGY7xMQ0Xk/0f7qO3/eVvSQsRUR2LIiFdAvwyYu -a/GRspBl9JrmkO5K ------END CERTIFICATE----- - SZAFIR ROOT CA2 =============== -----BEGIN CERTIFICATE----- @@ -3953,6 +3103,215 @@ lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= -----END CERTIFICATE----- + +GDCA TrustAUTH R5 ROOT +====================== +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw +BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD +DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow +YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs +AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p +OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr +pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ +9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ +xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM +R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ +D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4 +oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx +9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9 +H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35 +6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd ++PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ +HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD +F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ +8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv +/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT +aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- + +TrustCor RootCert CA-1 +====================== +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYDVQQGEwJQQTEP +MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig +U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkx +MjMxMTcyMzE2WjCBpDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFu +YW1hIENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUGA1UECwwe +VHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZUcnVzdENvciBSb290Q2Vy +dCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv463leLCJhJrMxnHQFgKq1mq +jQCj/IDHUHuO1CAmujIS2CNUSSUQIpidRtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4 +pQa81QBeCQryJ3pS/C3Vseq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0 +JEsq1pme9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CVEY4h +gLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorWhnAbJN7+KIor0Gqw +/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/DeOxCbeKyKsZn3MzUOcwHwYDVR0j +BBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwDQYJKoZIhvcNAQELBQADggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5 +mDo4Nvu7Zp5I/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf +ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZyonnMlo2HD6C +qFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djtsL1Ac59v2Z3kf9YKVmgenFK+P +3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdNzl/HHk484IkzlQsPpTLWPFp5LBk= +-----END CERTIFICATE----- + +TrustCor RootCert CA-2 +====================== +-----BEGIN CERTIFICATE----- +MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNVBAYTAlBBMQ8w +DQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVzdENvciBT +eXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0 +eTEfMB0GA1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEy +MzExNzI2MzlaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5h +bWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0 +IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnIG7CKqJiJJWQdsg4foDSq8Gb +ZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9Nk +RvRUqdw6VC0xK5mC8tkq1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1 +oYxOdqHp2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nKDOOb +XUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hapeaz6LMvYHL1cEksr1 +/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF3wP+TfSvPd9cW436cOGlfifHhi5q +jxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQP +eSghYA2FFn3XVDjxklb9tTNMg9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+Ctg +rKAmrhQhJ8Z3mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh +8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAdBgNVHQ4EFgQU +2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6UnrybPZx9mCAZ5YwwYrIwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/h +Osh80QA9z+LqBrWyOrsGS2h60COXdKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnp +kpfbsEZC89NiqpX+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv +2wnL/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RXCI/hOWB3 +S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYaZH9bDTMJBzN7Bj8RpFxw +PIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dv +DDqPys/cA8GiCcjl/YBeyGBCARsaU1q7N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYU +RpFHmygk71dSTlxCnKr3Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANE +xdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp5KeX +RKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu1uwJ +-----END CERTIFICATE----- + +TrustCor ECA-1 +============== +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYDVQQGEwJQQTEP +MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig +U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkxFzAVBgNVBAMMDlRydXN0Q29yIEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3Mjgw +N1owgZwxCzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5 +MSQwIgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29y +IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3IgRUNBLTEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb3w9U73NjKYKtR8aja+3+XzP4Q1HpGjOR +MRegdMTUpwHmspI+ap3tDvl0mEDTPwOABoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23 +xFUfJ3zSCNV2HykVh0A53ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmc +p0yJF4OuowReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/wZ0+ +fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZFZtS6mFjBAgMBAAGj +YzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAfBgNVHSMEGDAWgBREnkj1zG1I1KBL +f/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF +AAOCAQEABT41XBVwm8nHc2FvcivUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u +/ukZMjgDfxT2AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F +hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50soIipX1TH0Xs +J5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BIWJZpTdwHjFGTot+fDz2LYLSC +jaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1WitJ/X5g== +-----END CERTIFICATE----- + +SSL.com Root Certification Authority RSA +======================================== +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM +BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x +MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw +MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM +LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C +Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8 +P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge +oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp +k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z +fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ +gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2 +UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8 +1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s +bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr +dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf +ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl +u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq +erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj +MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ +vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI +Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y +wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI +WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- + +SSL.com Root Certification Authority ECC +======================================== +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv +BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy +MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO +BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+ +8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR +hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT +jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW +e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z +5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority RSA R2 +============================================== +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w +DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u +MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI +DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD +VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh +hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w +cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO +Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+ +B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh +CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim +9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto +RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm +JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48 ++qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp +qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1 +++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx +Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G +guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz +OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7 +CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq +lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR +rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1 +hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX +9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority ECC +=========================================== +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy +BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw +MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM +LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy +3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O +BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe +5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ +N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm +m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G diff --git a/library/certs/cacert.pem b/library/certs/cacert.pem index 8f1357b66..ee25bee11 100644 --- a/library/certs/cacert.pem +++ b/library/certs/cacert.pem @@ -1,7 +1,7 @@ ## ## Bundle of CA Root Certificates ## -## Certificate data from Mozilla as of: Wed Jun 7 03:12:05 2017 GMT +## Certificate data from Mozilla as of: Wed Jun 20 03:12:06 2018 GMT ## ## This is a bundle of X.509 certificates of public Certificate Authorities ## (CA). These were automatically extracted from Mozilla's root certificates @@ -14,7 +14,7 @@ ## Just configure this file as the SSLCACertificateFile. ## ## Conversion done with mk-ca-bundle.pl version 1.27. -## SHA256: 93753268e1c596aee21893fb1c6975338389132f15c942ed65fc394a904371d7 +## SHA256: c80f571d9f4ebca4a91e0ad3a546f263153d71afffc845c6f8f52ce9d1a2e8ec ## @@ -130,30 +130,6 @@ Y71k5h+3zvDyny67G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9H RCwBXbsdtTLSR9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp -----END CERTIFICATE----- -AddTrust Low-Value Services Root -================================ ------BEGIN CERTIFICATE----- -MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRU -cnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMwMTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQsw -CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBO -ZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ulCDtbKRY6 -54eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6ntGO0/7Gcrjyvd7ZWxbWr -oulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyldI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1 -Zmne3yzxbrww2ywkEtvrNTVokMsAsJchPXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJui -GMx1I4S+6+JNM3GOGvDC+Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8w -HQYDVR0OBBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTAD -AQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBlMQswCQYDVQQGEwJT -RTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEw -HwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxt -ZBsfzQ3duQH6lmM0MkhHma6X7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0Ph -iVYrqW9yTkkz43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY -eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJlpz/+0WatC7xr -mYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOAWiFeIc9TVPC6b4nbqKqVz4vj -ccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= ------END CERTIFICATE----- - AddTrust External Root ====================== -----BEGIN CERTIFICATE----- @@ -178,54 +154,6 @@ e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4u G+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- -AddTrust Public Services Root -============================= ------BEGIN CERTIFICATE----- -MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSAwHgYDVQQDExdBZGRU -cnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAxMDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJ -BgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5l -dHdvcmsxIDAeBgNVBAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV6tsfSlbu -nyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nXGCwwfQ56HmIexkvA/X1i -d9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnPdzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSG -Aa2Il+tmzV7R/9x98oTaunet3IAIx6eH1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAw -HM+A+WD+eeSI8t0A65RF62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0G -A1UdDgQWBBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDELMAkGA1UEBhMCU0Ux -FDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29yazEgMB4G -A1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4 -JNojVhaTdt02KLmuG7jD8WS6IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL -+YPoRNWyQSW/iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao -GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh4SINhwBk/ox9 -Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQmXiLsks3/QppEIW1cxeMiHV9H -EufOX1362KqxMy3ZdvJOOjMMK7MtkAY= ------END CERTIFICATE----- - -AddTrust Qualified Certificates Root -==================================== ------BEGIN CERTIFICATE----- -MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEUMBIGA1UEChML -QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSMwIQYDVQQDExpBZGRU -cnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcx -CzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQ -IE5ldHdvcmsxIzAhBgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwqxBb/4Oxx -64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G87B4pfYOQnrjfxvM0PC3 -KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i2O+tCBGaKZnhqkRFmhJePp1tUvznoD1o -L/BLcHwTOK28FSXx1s6rosAx1i+f4P8UWfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GR -wVY18BTcZTYJbqukB8c10cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HU -MIHRMB0GA1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6FrpGkwZzELMAkGA1UE -BhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRUcnVzdCBUVFAgTmV0d29y -azEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlmaWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQAD -ggEBABmrder4i2VhlRO6aQTvhsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxG -GuoYQ992zPlmhpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X -dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3P6CxB9bpT9ze -RXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9YiQBCYz95OdBEsIJuQRno3eDB -iFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5noxqE= ------END CERTIFICATE----- - Entrust Root Certification Authority ==================================== -----BEGIN CERTIFICATE----- @@ -273,27 +201,6 @@ XE0zX5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm Mw== -----END CERTIFICATE----- -GeoTrust Global CA 2 -==================== ------BEGIN CERTIFICATE----- -MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN -R2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwHhcNMDQwMzA0MDUw -MDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j -LjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDvPE1APRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/ -NTL8Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hLTytCOb1k -LUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL5mkWRxHCJ1kDs6ZgwiFA -Vvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7S4wMcoKK+xfNAGw6EzywhIdLFnopsk/b -HdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQF -MAMBAf8wHQYDVR0OBBYEFHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNH -K266ZUapEBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6tdEPx7 -srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv/NgdRN3ggX+d6Yvh -ZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywNA0ZF66D0f0hExghAzN4bcLUprbqL -OzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkC -x1YAzUm5s2x7UwQa4qjJqhIFI8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqF -H4z1Ir+rzoPz4iIprn2DQKi6bA== ------END CERTIFICATE----- - GeoTrust Universal CA ===================== -----BEGIN CERTIFICATE----- @@ -376,25 +283,6 @@ YQa7FkKMcPcw++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt 398znM/jra6O1I7mT1GvFpLgXPYHDw== -----END CERTIFICATE----- -Certum Root CA -============== ------BEGIN CERTIFICATE----- -MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQK -ExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQTAeFw0wMjA2MTExMDQ2Mzla -Fw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8u -by4xEjAQBgNVBAMTCUNlcnR1bSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6x -wS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdL -kKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ -89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/K -Uz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu/qpGWX7P -NSzVttpd90gzFFS269lvzs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkq -hkiG9w0BAQUFAAOCAQEAuI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+ -GXYkHAQaTOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvg -GrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqTE5s7FCMTY5w/ -0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5xO/fIR/RpbxXyEV6DHpx8Uq79AtoS -qFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs6GAqm4VKQPNriiTsBhYscw== ------END CERTIFICATE----- - Comodo AAA Services root ======================== -----BEGIN CERTIFICATE----- @@ -419,56 +307,6 @@ Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z 12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== -----END CERTIFICATE----- -Comodo Secure Services root -=========================== ------BEGIN CERTIFICATE----- -MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS -R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg -TGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAw -MDAwMFoXDTI4MTIzMTIzNTk1OVowfjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFu -Y2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAi -BgNVBAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPMcm3ye5drswfxdySRXyWP -9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3SHpR7LZQdqnXXs5jLrLxkU0C8j6ysNstc -rbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rC -oznl2yY4rYsK7hljxxwk3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3V -p6ea5EQz6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNVHQ4E -FgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -gYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL1NlY3VyZUNlcnRpZmlj -YXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRwOi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlm -aWNhdGVTZXJ2aWNlcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm -4J4oqF7Tt/Q05qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj -Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtIgKvcnDe4IRRL -DXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJaD61JlfutuC23bkpgHl9j6Pw -pCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDlizeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1H -RR3B7Hzs/Sk= ------END CERTIFICATE----- - -Comodo Trusted Services root -============================ ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS -R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg -TGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEw -MDAwMDBaFw0yODEyMzEyMzU5NTlaMH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1h -bmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUw -IwYDVQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWWfnJSoBVC21ndZHoa0Lh7 -3TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMtTGo87IvDktJTdyR0nAducPy9C1t2ul/y -/9c3S0pgePfw+spwtOpZqqPOSC+pw7ILfhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6 -juljatEPmsbS9Is6FARW1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsS -ivnkBbA7kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0GA1Ud -DgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB -/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21vZG9jYS5jb20vVHJ1c3RlZENlcnRp -ZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRodHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENl -cnRpZmljYXRlU2VydmljZXMuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8Ntw -uleGFTQQuS9/HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32 -pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxISjBc/lDb+XbDA -BHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+xqFx7D+gIIxmOom0jtTYsU0l -R+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/AtyjcndBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O -9y5Xt5hwXsjEeLBi ------END CERTIFICATE----- - QuoVadis Root CA ================ -----BEGIN CERTIFICATE----- @@ -608,86 +446,6 @@ EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH llpwrN9M -----END CERTIFICATE----- -UTN USERFirst Hardware Root CA -============================== ------BEGIN CERTIFICATE----- -MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCBlzELMAkGA1UE -BhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhl -IFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAd -BgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgx -OTIyWjCBlzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0 -eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVz -ZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdhcmUwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlI -wrthdBKWHTxqctU8EGc6Oe0rE81m65UJM6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFd -tqdt++BxF2uiiPsA3/4aMXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8 -i4fDidNdoI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqIDsjf -Pe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9KsyoUhbAgMBAAGjgbkw -gbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFKFyXyYbKJhDlV0HN9WF -lp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNF -UkZpcnN0LUhhcmR3YXJlLmNybDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUF -BwMGBggrBgEFBQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM -//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28GpgoiskliCE7/yMgUsogW -XecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gECJChicsZUN/KHAG8HQQZexB2 -lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kn -iCrVWFCVH/A7HFe7fRQ5YiuayZSSKqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67 -nfhmqA== ------END CERTIFICATE----- - -Camerfirma Chambers of Commerce Root -==================================== ------BEGIN CERTIFICATE----- -MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe -QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i -ZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAx -NjEzNDNaFw0zNzA5MzAxNjEzNDRaMH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZp -cm1hIFNBIENJRiBBODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3Jn -MSIwIAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0BAQEFAAOC -AQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtbunXF/KGIJPov7coISjlU -xFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0dBmpAPrMMhe5cG3nCYsS4No41XQEMIwRH -NaqbYE6gZj3LJgqcQKH0XZi/caulAGgq7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jW -DA+wWFjbw2Y3npuRVDM30pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFV -d9oKDMyXroDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIGA1Ud -EwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5jaGFtYmVyc2lnbi5v -cmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p26EpW1eLTXYGduHRooowDgYDVR0P -AQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hh -bWJlcnNpZ24ub3JnMCcGA1UdEgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYD -VR0gBFEwTzBNBgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz -aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAAxBl8IahsAi -fJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZdp0AJPaxJRUXcLo0waLIJuvvD -L8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wN -UPf6s+xCX6ndbcj0dc97wXImsQEcXCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/n -ADydb47kMgkdTXg0eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1 -erfutGWaIZDgqtCYvDi1czyL+Nw= ------END CERTIFICATE----- - -Camerfirma Global Chambersign Root -================================== ------BEGIN CERTIFICATE----- -MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe -QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i -ZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYx -NDE4WhcNMzcwOTMwMTYxNDE4WjB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJt -YSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEg -MB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAw -ggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0Mi+ITaFgCPS3CU6gSS9J -1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/sQJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8O -by4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpVeAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl -6DJWk0aJqCWKZQbua795B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c -8lCrEqWhz0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0TAQH/ -BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1iZXJzaWduLm9yZy9j -aGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4wTcbOX60Qq+UDpfqpFDAOBgNVHQ8B -Af8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBj -aGFtYmVyc2lnbi5vcmcwKgYDVR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9y -ZzBbBgNVHSAEVDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh -bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0BAQUFAAOCAQEA -PDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUMbKGKfKX0j//U2K0X1S0E0T9Y -gOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXiryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJ -PJ7oKXqJ1/6v/2j1pReQvayZzKWGVwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4 -IBHNfTIzSJRUTN3cecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREes -t2d/AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== ------END CERTIFICATE----- - XRamp Global CA Root ==================== -----BEGIN CERTIFICATE----- @@ -760,47 +518,6 @@ KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3 QBFGmh95DmK/D5fs4C8fF5Q= -----END CERTIFICATE----- -StartCom Certification Authority -================================ ------BEGIN CERTIFICATE----- -MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN -U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu -ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0 -NjM2WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk -LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg -U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw -ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y -o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/ -Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d -eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt -2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z -6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ -osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/ -untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc -UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT -37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE -FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0 -Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNj -YS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUH -AgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRw -Oi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYg -U3RhcnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5 -LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENl -cnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUgYXQgaHR0cDovL2NlcnQuc3Rh -cnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilT -dGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC -AgEAFmyZ9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8jhvh -3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUWFjgKXlf2Ysd6AgXm -vB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHk -fY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3 -fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZ -EoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq -yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl -1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/7HW/ -lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkyShNOsF/5oirpt9P/FlUQqmMGqz9IgcgA38coro -g14= ------END CERTIFICATE----- - Taiwan GRCA =========== -----BEGIN CERTIFICATE----- @@ -831,38 +548,6 @@ CZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v3Aun+kbfYNucpllQdSNpc5Oy +fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYsfPQS -----END CERTIFICATE----- -Swisscom Root CA 1 -================== ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQG -EwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy -dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4 -MTgyMjA2MjBaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGln -aXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIIC -IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9m2BtRsiM -MW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdihFvkcxC7mlSpnzNApbjyF -NDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/TilftKaNXXsLmREDA/7n29uj/x2lzZAe -AR81sH8A25Bvxn570e56eqeqDFdvpG3FEzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkC -b6dJtDZd0KTeByy2dbcokdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn -7uHbHaBuHYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNFvJbN -cA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo19AOeCMgkckkKmUp -WyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjCL3UcPX7ape8eYIVpQtPM+GP+HkM5 -haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJWbjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNY -MUJDLXT5xp6mig/p/r+D5kNXJLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw -HQYDVR0hBBYwFDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j -BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzcK6FptWfUjNP9 -MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzfky9NfEBWMXrrpA9gzXrzvsMn -jgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7IkVh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQ -MbFamIp1TpBcahQq4FJHgmDmHtqBsfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4H -VtA4oJVwIHaM190e3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtl -vrsRls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ipmXeascCl -OS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HHb6D0jqTsNFFbjCYDcKF3 -1QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksfrK/7DZBaZmBwXarNeNQk7shBoJMBkpxq -nvy5JMWzFYJ+vq6VK+uxwNrjAWALXmmshFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCy -x/yP2FS1k2Kdzs9Z+z0YzirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMW -NY6E0F/6MBr1mmz0DlP5OlvRHA== ------END CERTIFICATE----- - DigiCert Assured ID Root CA =========================== -----BEGIN CERTIFICATE----- @@ -971,30 +656,6 @@ RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ -----END CERTIFICATE----- -DST ACES CA X6 -============== ------BEGIN CERTIFICATE----- -MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQG -EwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QxETAPBgNVBAsTCERTVCBBQ0VT -MRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0wMzExMjAyMTE5NThaFw0xNzExMjAyMTE5NTha -MFsxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UE -CxMIRFNUIEFDRVMxFzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPuktKe1jzI -DZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7gLFViYsx+tC3dr5BPTCa -pCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZHfAjIgrrep4c9oW24MFbCswKBXy314pow -GCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4aahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPy -MjwmR/onJALJfh1biEITajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1Ud -EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rkc3Qu -Y29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjtodHRwOi8vd3d3LnRy -dXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMtaW5kZXguaHRtbDAdBgNVHQ4EFgQU -CXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZIhvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V2 -5FYrnJmQ6AgwbN99Pe7lv7UkQIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6t -Fr8hlxCBPeP/h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq -nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpRrscL9yuwNwXs -vFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf29w4LTJxoeHtxMcfrHuBnQfO3 -oKfN5XozNmr6mis= ------END CERTIFICATE----- - SwissSign Gold CA - G2 ====================== -----BEGIN CERTIFICATE----- @@ -1237,27 +898,6 @@ FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= -----END CERTIFICATE----- -Security Communication EV RootCA1 -================================= ------BEGIN CERTIFICATE----- -MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDElMCMGA1UEChMc -U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMhU2VjdXJpdHkgQ29tbXVuaWNh -dGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIzMloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UE -BhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNl -Y3VyaXR5IENvbW11bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSERMqm4miO -/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gOzXppFodEtZDkBp2uoQSX -WHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4z -ZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDFMxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4 -bepJz11sS6/vmsJWXMY1VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK -9U2vP9eCOKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG -SIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HWtWS3irO4G8za+6xm -iEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZq51ihPZRwSzJIxXYKLerJRO1RuGG -Av8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDbEJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnW -mHyojf6GPgcWkuF75x3sM3Z+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEW -T1MKZPlO9L9OVL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490 ------END CERTIFICATE----- - OISTE WISeKey Global Root GA CA =============================== -----BEGIN CERTIFICATE----- @@ -1378,34 +1018,6 @@ sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw= -----END CERTIFICATE----- -T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3 -============================================================================================================================= ------BEGIN CERTIFICATE----- -MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRSMRgwFgYDVQQH -DA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJpbGltc2VsIHZlIFRla25vbG9q -aWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSwVEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ry -b25payB2ZSBLcmlwdG9sb2ppIEFyYcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNV -BAsMGkthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUg -S8O2ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAeFw0wNzA4 -MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIxGDAWBgNVBAcMD0dlYnpl -IC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmlsaW1zZWwgdmUgVGVrbm9sb2ppayBBcmHF -n3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBUQUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZl -IEtyaXB0b2xvamkgQXJhxZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2Ft -dSBTZXJ0aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7ZrIFNl -cnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4hgb46ezzb8R1Sf1n68yJMlaCQvEhO -Eav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yKO7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1 -xnnRFDDtG1hba+818qEhTsXOfJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR -6Oqeyjh1jmKwlZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL -hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQIDAQABo0IwQDAd -BgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmPNOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4 -N5EY3ATIZJkrGG2AA1nJrvhY0D7twyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLT -y9LQQfMmNkqblWwM7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYh -LBOhgLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5noN+J1q2M -dqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUsyZyQ2uypQjyttgI= ------END CERTIFICATE----- - certSIGN ROOT CA ================ -----BEGIN CERTIFICATE----- @@ -1426,27 +1038,6 @@ vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD -----END CERTIFICATE----- -CNNIC ROOT -========== ------BEGIN CERTIFICATE----- -MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJDTjEOMAwGA1UE -ChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2MDcwOTE0WhcNMjcwNDE2MDcw -OTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1Qw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzD -o+/hn7E7SIX1mlwhIhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tiz -VHa6dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZOV/kbZKKT -VrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrCGHn2emU1z5DrvTOTn1Or -czvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gNv7Sg2Ca+I19zN38m5pIEo3/PIKe38zrK -y5nLAgMBAAGjczBxMBEGCWCGSAGG+EIBAQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscC -wQ7vptU7ETAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991S -lgrHAsEO76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnKOOK5 -Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvHugDnuL8BV8F3RTIM -O/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7HgviyJA/qIYM/PmLXoXLT1tLYhFHxUV8 -BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fLbuXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2 -G8kS1sHNzYDzAgE8yGnLRUhj2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5m -mxE= ------END CERTIFICATE----- - GeoTrust Primary Certification Authority - G3 ============================================= -----BEGIN CERTIFICATE----- @@ -1674,37 +1265,6 @@ y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061 lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I= -----END CERTIFICATE----- -ACEDICOM Root -============= ------BEGIN CERTIFICATE----- -MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UEAwwNQUNFRElD -T00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMB4XDTA4 -MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEWMBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoG -A1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEF -AAOCAg8AMIICCgKCAgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHk -WLn709gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7XBZXehuD -YAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5PGrjm6gSSrj0RuVFCPYew -MYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAKt0SdE3QrwqXrIhWYENiLxQSfHY9g5QYb -m8+5eaA9oiM/Qj9r+hwDezCNzmzAv+YbX79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbk -HQl/Sog4P75n/TSW9R28MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTT -xKJxqvQUfecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI2Sf2 -3EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyHK9caUPgn6C9D4zq9 -2Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEaeZAwUswdbxcJzbPEHXEUkFDWug/Fq -TYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz -4SsrSbbXc6GqlPUB53NlTKxQMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU -9QHnc2VMrFAwRAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv -bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWImfQwng4/F9tqg -aHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3gvoFNTPhNahXwOf9jU8/kzJP -eGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKeI6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1Pwk -zQSulgUV1qzOMPPKC8W64iLgpq0i5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1 -ThCojz2GuHURwCRiipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oI -KiMnMCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZo5NjEFIq -nxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6zqylfDJKZ0DcMDQj3dcE -I2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacNGHk0vFQYXlPKNFHtRQrmjseCNj6nOGOp -MCwXEGCSn1WHElkQwg9naRHMTh5+Spqtr0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3o -tkYNbn5XOmeUwssfnHdKZ05phkOTOPu220+DkdRgfks+KzgHVZhepA== ------END CERTIFICATE----- - Microsec e-Szigno Root CA 2009 ============================== -----BEGIN CERTIFICATE----- @@ -2065,37 +1625,6 @@ Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI 03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= -----END CERTIFICATE----- -Certinomis - Autorité Racine -============================ ------BEGIN CERTIFICATE----- -MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjETMBEGA1UEChMK -Q2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAkBgNVBAMMHUNlcnRpbm9taXMg -LSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkG -A1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYw -JAYDVQQDDB1DZXJ0aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jYF1AMnmHa -wE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N8y4oH3DfVS9O7cdxbwly -Lu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWerP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw -2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92N -jMD2AR5vpTESOH2VwnHu7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9q -c1pkIuVC28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6lSTC -lrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1Enn1So2+WLhl+HPNb -xxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB0iSVL1N6aaLwD4ZFjliCK0wi1F6g -530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql095gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna -4NH4+ej9Uji29YnfAgMBAAGjWzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G -A1UdDgQWBBQNjLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ -KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9sov3/4gbIOZ/x -WqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZMOH8oMDX/nyNTt7buFHAAQCva -R6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40 -nJ+U8/aGH88bc62UeYdocMMzpXDn2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1B -CxMjidPJC+iKunqjo3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjv -JL1vnxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG5ERQL1TE -qkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWqpdEdnV1j6CTmNhTih60b -WfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZbdsLLO7XSAPCjDuGtbkD326C00EauFddE -wk01+dIL8hf2rGbVJLJP0RyZwG71fet0BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/ -vgt2Fl43N+bYdJeimUV5 ------END CERTIFICATE----- - TWCA Root Certification Authority ================================= -----BEGIN CERTIFICATE----- @@ -2244,75 +1773,6 @@ l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl iB6XzCGcKQENZetX2fNXlrtIzYE= -----END CERTIFICATE----- -StartCom Certification Authority -================================ ------BEGIN CERTIFICATE----- -MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN -U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu -ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0 -NjM3WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk -LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg -U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw -ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y -o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/ -Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d -eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt -2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z -6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ -osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/ -untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc -UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT -37uMdBNSSwIDAQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD -VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQ -Qa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCCATgwLgYIKwYBBQUHAgEWImh0 -dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu -c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENv -bW1lcmNpYWwgKFN0YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0 -aGUgc2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0 -aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t -L3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBG -cmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5 -fPGFf59Jb2vKXfuM/gTFwWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWm -N3PH/UvSTa0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst0OcN -Org+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNcpRJvkrKTlMeIFw6T -tn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKlCcWw0bdT82AUuoVpaiF8H3VhFyAX -e2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVFP0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA -2MFrLH9ZXF2RsXAiV+uKa0hK1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBs -HvUwyKMQ5bLmKhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE -JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ8dCAWZvLMdib -D4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnmfyWl8kgAwKQB2j8= ------END CERTIFICATE----- - -StartCom Certification Authority G2 -=================================== ------BEGIN CERTIFICATE----- -MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMN -U3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg -RzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UE -ChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dHkgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8O -o1XJJZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsDvfOpL9HG -4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnooD/Uefyf3lLE3PbfHkffi -Aez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/Q0kGi4xDuFby2X8hQxfqp0iVAXV16iul -Q5XqFYSdCI0mblWbq9zSOdIxHWDirMxWRST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbs -O+wmETRIjfaAKxojAuuKHDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8H -vKTlXcxNnw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM0D4L -nMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/iUUjXuG+v+E5+M5iS -FGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9Ha90OrInwMEePnWjFqmveiJdnxMa -z6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHgTuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJ -KoZIhvcNAQELBQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K -2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfXUfEpY9Z1zRbk -J4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl6/2o1PXWT6RbdejF0mCy2wl+ -JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG -/+gyRr61M3Z3qAFdlsHB1b6uJcDJHgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTc -nIhT76IxW1hPkWLIwpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/Xld -blhYXzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5lIxKVCCIc -l85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoohdVddLHRDiBYmxOlsGOm -7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulrso8uBtjRkcfGEvRM/TAXw8HaOFvjqerm -obp573PYtlNXLfbQ4ddI ------END CERTIFICATE----- - Buypass Class 2 Root CA ======================= -----BEGIN CERTIFICATE----- @@ -2419,31 +1879,6 @@ uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU dcGWxZ0= -----END CERTIFICATE----- -TURKTRUST Certificate Services Provider Root 2007 -================================================= ------BEGIN CERTIFICATE----- -MIIEPTCCAyWgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvzE/MD0GA1UEAww2VMOcUktUUlVTVCBF -bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEP -MA0GA1UEBwwGQW5rYXJhMV4wXAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUg -QmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgQXJhbMSxayAyMDA3MB4X -DTA3MTIyNTE4MzcxOVoXDTE3MTIyMjE4MzcxOVowgb8xPzA9BgNVBAMMNlTDnFJLVFJVU1QgRWxl -a3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTELMAkGA1UEBhMCVFIxDzAN -BgNVBAcMBkFua2FyYTFeMFwGA1UECgxVVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZlIEJp -bGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7Fni4gKGMpIEFyYWzEsWsgMjAwNzCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKu3PgqMyKVYFeaK7yc9SrToJdPNM8Ig3BnuiD9N -YvDdE3ePYakqtdTyuTFYKTsvP2qcb3N2Je40IIDu6rfwxArNK4aUyeNgsURSsloptJGXg9i3phQv -KUmi8wUG+7RP2qFsmmaf8EMJyupyj+sA1zU511YXRxcw9L6/P8JorzZAwan0qafoEGsIiveGHtya -KhUG9qPw9ODHFNRRf8+0222vR5YXm3dx2KdxnSQM9pQ/hTEST7ruToK4uT6PIzdezKKqdfcYbwnT -rqdUKDT74eA7YH2gvnmJhsifLfkKS8RQouf9eRbHegsYz85M733WB2+Y8a+xwXrXgTW4qhe04MsC -AwEAAaNCMEAwHQYDVR0OBBYEFCnFkKslrxHkYb+j/4hhkeYO/pyBMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAQDdr4Ouwo0RSVgrESLFF6QSU2TJ/s -Px+EnWVUXKgWAkD6bho3hO9ynYYKVZ1WKKxmLNA6VpM0ByWtCLCPyA8JWcqdmBzlVPi5RX9ql2+I -aE1KBiY3iAIOtsbWcpnOa3faYjGkVh+uX4132l32iPwa2Z61gfAyuOOI0JzzaqC5mxRZNTZPz/OO -Xl0XrRWV2N2y1RVuAE6zS89mlOTgzbUF2mNXi+WzqtvALhyQRNsaXRik7r4EW5nVcV9VZWRi1aKb -BFmGyGJ353yCRWo9F7/snXUMrqNvWtMvmDb08PUZqxFdyKbjKlhqQgnDvZImZjINXQhVdP+MmNAK -poRq0Tl9 ------END CERTIFICATE----- - D-TRUST Root Class 3 CA 2 2009 ============================== -----BEGIN CERTIFICATE----- @@ -2493,171 +1928,6 @@ NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv w9y4AyHqnxbxLFS1 -----END CERTIFICATE----- -PSCProcert -========== ------BEGIN CERTIFICATE----- -MIIJhjCCB26gAwIBAgIBCzANBgkqhkiG9w0BAQsFADCCAR4xPjA8BgNVBAMTNUF1dG9yaWRhZCBk -ZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9sYW5vMQswCQYDVQQGEwJWRTEQ -MA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlzdHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lz -dGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBl -cmludGVuZGVuY2lhIGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUw -IwYJKoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyODE2NTEwMFoXDTIw -MTIyNTIzNTk1OVowgdExJjAkBgkqhkiG9w0BCQEWF2NvbnRhY3RvQHByb2NlcnQubmV0LnZlMQ8w -DQYDVQQHEwZDaGFjYW8xEDAOBgNVBAgTB01pcmFuZGExKjAoBgNVBAsTIVByb3ZlZWRvciBkZSBD -ZXJ0aWZpY2Fkb3MgUFJPQ0VSVDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZp -Y2FjaW9uIEVsZWN0cm9uaWNhMQswCQYDVQQGEwJWRTETMBEGA1UEAxMKUFNDUHJvY2VydDCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANW39KOUM6FGqVVhSQ2oh3NekS1wwQYalNo97BVC -wfWMrmoX8Yqt/ICV6oNEolt6Vc5Pp6XVurgfoCfAUFM+jbnADrgV3NZs+J74BCXfgI8Qhd19L3uA -3VcAZCP4bsm+lU/hdezgfl6VzbHvvnpC2Mks0+saGiKLt38GieU89RLAu9MLmV+QfI4tL3czkkoh -RqipCKzx9hEC2ZUWno0vluYC3XXCFCpa1sl9JcLB/KpnheLsvtF8PPqv1W7/U0HU9TI4seJfxPmO -EO8GqQKJ/+MMbpfg353bIdD0PghpbNjU5Db4g7ayNo+c7zo3Fn2/omnXO1ty0K+qP1xmk6wKImG2 -0qCZyFSTXai20b1dCl53lKItwIKOvMoDKjSuc/HUtQy9vmebVOvh+qBa7Dh+PsHMosdEMXXqP+UH -0quhJZb25uSgXTcYOWEAM11G1ADEtMo88aKjPvM6/2kwLkDd9p+cJsmWN63nOaK/6mnbVSKVUyqU -td+tFjiBdWbjxywbk5yqjKPK2Ww8F22c3HxT4CAnQzb5EuE8XL1mv6JpIzi4mWCZDlZTOpx+FIyw -Bm/xhnaQr/2v/pDGj59/i5IjnOcVdo/Vi5QTcmn7K2FjiO/mpF7moxdqWEfLcU8UC17IAggmosvp -r2uKGcfLFFb14dq12fy/czja+eevbqQ34gcnAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/ -AgEBMDcGA1UdEgQwMC6CD3N1c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAz -Ni0wMB0GA1UdDgQWBBRBDxk4qpl/Qguk1yeYVKIXTC1RVDCCAVAGA1UdIwSCAUcwggFDgBStuyId -xuDSAaj9dlBSk+2YwU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0b3JpZGFkIGRlIENlcnRp -ZmljYWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xhbm8xCzAJBgNVBAYTAlZFMRAwDgYDVQQH -EwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0cml0byBDYXBpdGFsMTYwNAYDVQQKEy1TaXN0ZW1hIE5h -Y2lvbmFsIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5k -ZW5jaWEgZGUgU2VydmljaW9zIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkqhkiG -9w0BCQEWFmFjcmFpekBzdXNjZXJ0ZS5nb2IudmWCAQowDgYDVR0PAQH/BAQDAgEGME0GA1UdEQRG -MESCDnByb2NlcnQubmV0LnZloBUGBWCGXgIBoAwMClBTQy0wMDAwMDKgGwYFYIZeAgKgEgwQUklG -LUotMzE2MzUzNzMtNzB2BgNVHR8EbzBtMEagRKBChkBodHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52 -ZS9sY3IvQ0VSVElGSUNBRE8tUkFJWi1TSEEzODRDUkxERVIuY3JsMCOgIaAfhh1sZGFwOi8vYWNy -YWl6LnN1c2NlcnRlLmdvYi52ZTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9v -Y3NwLnN1c2NlcnRlLmdvYi52ZTBBBgNVHSAEOjA4MDYGBmCGXgMBAjAsMCoGCCsGAQUFBwIBFh5o -dHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9kcGMwDQYJKoZIhvcNAQELBQADggIBACtZ6yKZu4Sq -T96QxtGGcSOeSwORR3C7wJJg7ODU523G0+1ng3dS1fLld6c2suNUvtm7CpsR72H0xpkzmfWvADmN -g7+mvTV+LFwxNG9s2/NkAZiqlCxB3RWGymspThbASfzXg0gTB1GEMVKIu4YXx2sviiCtxQuPcD4q -uxtxj7mkoP3YldmvWb8lK5jpY5MvYB7Eqvh39YtsL+1+LrVPQA3uvFd359m21D+VJzog1eWuq2w1 -n8GhHVnchIHuTQfiSLaeS5UtQbHh6N5+LwUeaO6/u5BlOsju6rEYNxxik6SgMexxbJHmpHmJWhSn -FFAFTKQAVzAswbVhltw+HoSvOULP5dAssSS830DD7X9jSr3hTxJkhpXzsOfIt+FTvZLm8wyWuevo -5pLtp4EJFAv8lXrPj9Y0TzYS3F7RNHXGRoAvlQSMx4bEqCaJqD8Zm4G7UaRKhqsLEQ+xrmNTbSjq -3TNWOByyrYDT13K9mmyZY+gAu0F2BbdbmRiKw7gSXFbPVgx96OLP7bx0R/vu0xdOIk9W/1DzLuY5 -poLWccret9W6aAjtmcz9opLLabid+Qqkpj5PkygqYWwHJgD/ll9ohri4zspV4KuxPX+Y1zMOWj3Y -eMLEYC/HYvBhkdI4sPaeVdtAgAUSM84dkpvRabP/v/GSCmE1P93+hvS84Bpxs2Km ------END CERTIFICATE----- - -China Internet Network Information Center EV Certificates Root -============================================================== ------BEGIN CERTIFICATE----- -MIID9zCCAt+gAwIBAgIESJ8AATANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCQ04xMjAwBgNV -BAoMKUNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyMUcwRQYDVQQDDD5D -aGluYSBJbnRlcm5ldCBOZXR3b3JrIEluZm9ybWF0aW9uIENlbnRlciBFViBDZXJ0aWZpY2F0ZXMg -Um9vdDAeFw0xMDA4MzEwNzExMjVaFw0zMDA4MzEwNzExMjVaMIGKMQswCQYDVQQGEwJDTjEyMDAG -A1UECgwpQ2hpbmEgSW50ZXJuZXQgTmV0d29yayBJbmZvcm1hdGlvbiBDZW50ZXIxRzBFBgNVBAMM -PkNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyIEVWIENlcnRpZmljYXRl -cyBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm35z7r07eKpkQ0H1UN+U8i6y -jUqORlTSIRLIOTJCBumD1Z9S7eVnAztUwYyZmczpwA//DdmEEbK40ctb3B75aDFk4Zv6dOtouSCV -98YPjUesWgbdYavi7NifFy2cyjw1l1VxzUOFsUcW9SxTgHbP0wBkvUCZ3czY28Sf1hNfQYOL+Q2H -klY0bBoQCxfVWhyXWIQ8hBouXJE0bhlffxdpxWXvayHG1VA6v2G5BY3vbzQ6sm8UY78WO5upKv23 -KzhmBsUs4qpnHkWnjQRmQvaPK++IIGmPMowUc9orhpFjIpryp9vOiYurXccUwVswah+xt54ugQEC -7c+WXmPbqOY4twIDAQABo2MwYTAfBgNVHSMEGDAWgBR8cks5x8DbYqVPm6oYNJKiyoOCWTAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUfHJLOcfA22KlT5uqGDSSosqD -glkwDQYJKoZIhvcNAQEFBQADggEBACrDx0M3j92tpLIM7twUbY8opJhJywyA6vPtI2Z1fcXTIWd5 -0XPFtQO3WKwMVC/GVhMPMdoG52U7HW8228gd+f2ABsqjPWYWqJ1MFn3AlUa1UeTiH9fqBk1jjZaM -7+czV0I664zBechNdn3e9rG3geCg+aF4RhcaVpjwTj2rHO3sOdwHSPdj/gauwqRcalsyiMXHM4Ws -ZkJHwlgkmeHlPuV1LI5D1l08eB6olYIpUNHRFrrvwb562bTYzB5MRuF3sTGrvSrIzo9uoV1/A3U0 -5K2JRVRevq4opbs/eHnrc7MKDf2+yfdWrPa37S+bISnHOLaVxATywy39FCqQmbkHzJ8= ------END CERTIFICATE----- - -Swisscom Root CA 2 -================== ------BEGIN CERTIFICATE----- -MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBkMQswCQYDVQQG -EwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2VydGlmaWNhdGUgU2Vy -dmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3QgQ0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2 -MjUwNzM4MTRaMGQxCzAJBgNVBAYTAmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGln -aXRhbCBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIIC -IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvErjw0DzpPM -LgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r0rk0X2s682Q2zsKwzxNo -ysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJ -wDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVPACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpH -Wrumnf2U5NGKpV+GY3aFy6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1a -SgJA/MTAtukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL6yxS -NLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0uPoTXGiTOmekl9Ab -mbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrALacywlKinh/LTSlDcX3KwFnUey7QY -Ypqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velhk6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3 -qPyZ7iVNTA6z00yPhOgpD/0QVAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYw -HQYDVR0hBBYwFDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O -BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqhb97iEoHF8Twu -MA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4RfbgZPnm3qKhyN2abGu2sEzsO -v2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ -82YqZh6NM4OKb3xuqFp1mrjX2lhIREeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLz -o9v/tdhZsnPdTSpxsrpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcs -a0vvaGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciATwoCqISxx -OQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99nBjx8Oto0QuFmtEYE3saW -mA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5Wt6NlUe07qxS/TFED6F+KBZvuim6c779o -+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TC -rvJcwhbtkj6EPnNgiLx29CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX -5OfNeOI5wSsSnqaeG8XmDtkx2Q== ------END CERTIFICATE----- - -Swisscom Root EV CA 2 -===================== ------BEGIN CERTIFICATE----- -MIIF4DCCA8igAwIBAgIRAPL6ZOJ0Y9ON/RAdBB92ylgwDQYJKoZIhvcNAQELBQAwZzELMAkGA1UE -BhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdpdGFsIENlcnRpZmljYXRlIFNl -cnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290IEVWIENBIDIwHhcNMTEwNjI0MDk0NTA4WhcN -MzEwNjI1MDg0NTA4WjBnMQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsT -HERpZ2l0YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxHjAcBgNVBAMTFVN3aXNzY29tIFJvb3QgRVYg -Q0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMT3HS9X6lds93BdY7BxUglgRCgz -o3pOCvrY6myLURYaVa5UJsTMRQdBTxB5f3HSek4/OE6zAMaVylvNwSqD1ycfMQ4jFrclyxy0uYAy -Xhqdk/HoPGAsp15XGVhRXrwsVgu42O+LgrQ8uMIkqBPHoCE2G3pXKSinLr9xJZDzRINpUKTk4Rti -GZQJo/PDvO/0vezbE53PnUgJUmfANykRHvvSEaeFGHR55E+FFOtSN+KxRdjMDUN/rhPSays/p8Li -qG12W0OfvrSdsyaGOx9/5fLoZigWJdBLlzin5M8J0TbDC77aO0RYjb7xnglrPvMyxyuHxuxenPaH -Za0zKcQvidm5y8kDnftslFGXEBuGCxobP/YCfnvUxVFkKJ3106yDgYjTdLRZncHrYTNaRdHLOdAG -alNgHa/2+2m8atwBz735j9m9W8E6X47aD0upm50qKGsaCnw8qyIL5XctcfaCNYGu+HuB5ur+rPQa -m3Rc6I8k9l2dRsQs0h4rIWqDJ2dVSqTjyDKXZpBy2uPUZC5f46Fq9mDU5zXNysRojddxyNMkM3Ox -bPlq4SjbX8Y96L5V5jcb7STZDxmPX2MYWFCBUWVv8p9+agTnNCRxunZLWB4ZvRVgRaoMEkABnRDi -xzgHcgplwLa7JSnaFp6LNYth7eVxV4O1PHGf40+/fh6Bn0GXAgMBAAGjgYYwgYMwDgYDVR0PAQH/ -BAQDAgGGMB0GA1UdIQQWMBQwEgYHYIV0AVMCAgYHYIV0AVMCAjASBgNVHRMBAf8ECDAGAQH/AgED -MB0GA1UdDgQWBBRF2aWBbj2ITY1x0kbBbkUe88SAnTAfBgNVHSMEGDAWgBRF2aWBbj2ITY1x0kbB -bkUe88SAnTANBgkqhkiG9w0BAQsFAAOCAgEAlDpzBp9SSzBc1P6xXCX5145v9Ydkn+0UjrgEjihL -j6p7jjm02Vj2e6E1CqGdivdj5eu9OYLU43otb98TPLr+flaYC/NUn81ETm484T4VvwYmneTwkLbU -wp4wLh/vx3rEUMfqe9pQy3omywC0Wqu1kx+AiYQElY2NfwmTv9SoqORjbdlk5LgpWgi/UOGED1V7 -XwgiG/W9mR4U9s70WBCCswo9GcG/W6uqmdjyMb3lOGbcWAXH7WMaLgqXfIeTK7KK4/HsGOV1timH -59yLGn602MnTihdsfSlEvoqq9X46Lmgxk7lq2prg2+kupYTNHAq4Sgj5nPFhJpiTt3tm7JFe3VE/ -23MPrQRYCd0EApUKPtN236YQHoA96M2kZNEzx5LH4k5E4wnJTsJdhw4Snr8PyQUQ3nqjsTzyP6Wq -J3mtMX0f/fwZacXduT98zca0wjAefm6S139hdlqP65VNvBFuIXxZN5nQBrz5Bm0yFqXZaajh3DyA -HmBR3NdUIR7KYndP+tiPsys6DXhyyWhBWkdKwqPrGtcKqzwyVcgKEZzfdNbwQBUdyLmPtTbFr/gi -uMod89a2GQ+fYWVq6nTIfI/DT11lgh/ZDYnadXL77/FHZxOzyNEZiCcmmpl5fx7kLD977vHeTYuW -l8PVP3wbI+2ksx0WckNLIOFZfsLorSa/ovc= ------END CERTIFICATE----- - -CA Disig Root R1 -================ ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAlNLMRMw -EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp -ZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQyMDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sx -EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp -c2lnIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy -3QRkD2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/oOI7bm+V8 -u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3AfQ+lekLZWnDZv6fXARz2 -m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJeIgpFy4QxTaz+29FHuvlglzmxZcfe+5nk -CiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8noc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTa -YVKvJrT1cU/J19IG32PK/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6 -vpmumwKjrckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD3AjL -LhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE7cderVC6xkGbrPAX -ZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkCyC2fg69naQanMVXVz0tv/wQFx1is -XxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLdqvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ -04IwDQYJKoZIhvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR -xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaASfX8MPWbTx9B -LxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXoHqJPYNcHKfyyo6SdbhWSVhlM -CrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpBemOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5Gfb -VSUZP/3oNn6z4eGBrxEWi1CXYBmCAMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85 -YmLLW1AL14FABZyb7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKS -ds+xDzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvkF7mGnjix -lAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqFa3qdnom2piiZk4hA9z7N -UaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsTQ6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJ -a7+h89n07eLw4+1knj0vllJPgFOL ------END CERTIFICATE----- - CA Disig Root R2 ================ -----BEGIN CERTIFICATE----- @@ -3061,66 +2331,6 @@ G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP 82Z+ -----END CERTIFICATE----- -WoSign -====== ------BEGIN CERTIFICATE----- -MIIFdjCCA16gAwIBAgIQXmjWEXGUY1BWAGjzPsnFkTANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQG -EwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxKjAoBgNVBAMTIUNlcnRpZmljYXRpb24g -QXV0aG9yaXR5IG9mIFdvU2lnbjAeFw0wOTA4MDgwMTAwMDFaFw0zOTA4MDgwMTAwMDFaMFUxCzAJ -BgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEqMCgGA1UEAxMhQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkgb2YgV29TaWduMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA -vcqNrLiRFVaXe2tcesLea9mhsMMQI/qnobLMMfo+2aYpbxY94Gv4uEBf2zmoAHqLoE1UfcIiePyO -CbiohdfMlZdLdNiefvAA5A6JrkkoRBoQmTIPJYhTpA2zDxIIFgsDcSccf+Hb0v1naMQFXQoOXXDX -2JegvFNBmpGN9J42Znp+VsGQX+axaCA2pIwkLCxHC1l2ZjC1vt7tj/id07sBMOby8w7gLJKA84X5 -KIq0VC6a7fd2/BVoFutKbOsuEo/Uz/4Mx1wdC34FMr5esAkqQtXJTpCzWQ27en7N1QhatH/YHGkR -+ScPewavVIMYe+HdVHpRaG53/Ma/UkpmRqGyZxq7o093oL5d//xWC0Nyd5DKnvnyOfUNqfTq1+ez -EC8wQjchzDBwyYaYD8xYTYO7feUapTeNtqwylwA6Y3EkHp43xP901DfA4v6IRmAR3Qg/UDaruHqk -lWJqbrDKaiFaafPz+x1wOZXzp26mgYmhiMU7ccqjUu6Du/2gd/Tkb+dC221KmYo0SLwX3OSACCK2 -8jHAPwQ+658geda4BmRkAjHXqc1S+4RFaQkAKtxVi8QGRkvASh0JWzko/amrzgD5LkhLJuYwTKVY -yrREgk/nkR4zw7CT/xH8gdLKH3Ep3XZPkiWvHYG3Dy+MwwbMLyejSuQOmbp8HkUff6oZRZb9/D0C -AwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOFmzw7R -8bNLtwYgFP6HEtX2/vs+MA0GCSqGSIb3DQEBBQUAA4ICAQCoy3JAsnbBfnv8rWTjMnvMPLZdRtP1 -LOJwXcgu2AZ9mNELIaCJWSQBnfmvCX0KI4I01fx8cpm5o9dU9OpScA7F9dY74ToJMuYhOZO9sxXq -T2r09Ys/L3yNWC7F4TmgPsc9SnOeQHrAK2GpZ8nzJLmzbVUsWh2eJXLOC62qx1ViC777Y7NhRCOj -y+EaDveaBk3e1CNOIZZbOVtXHS9dCF4Jef98l7VNg64N1uajeeAz0JmWAjCnPv/So0M/BVoG6kQC -2nz4SNAzqfkHx5Xh9T71XXG68pWpdIhhWeO/yloTunK0jF02h+mmxTwTv97QRCbut+wucPrXnbes -5cVAWubXbHssw1abR80LzvobtCHXt2a49CUwi1wNuepnsvRtrtWhnk/Yn+knArAdBtaP4/tIEp9/ -EaEQPkxROpaw0RPxx9gmrjrKkcRpnd8BKWRRb2jaFOwIQZeQjdCygPLPwj2/kWjFgGcexGATVdVh -mVd8upUPYUk6ynW8yQqTP2cOEvIo4jEbwFcW3wh8GcF+Dx+FHgo2fFt+J7x6v+Db9NpSvd4MVHAx -kUOVyLzwPt0JfjBkUO1/AaQzZ01oT74V77D2AhGiGxMlOtzCWfHjXEa7ZywCRuoeSKbmW9m1vFGi -kpbbqsY3Iqb+zCB0oy2pLmvLwIIRIbWTee5Ehr7XHuQe+w== ------END CERTIFICATE----- - -WoSign China -============ ------BEGIN CERTIFICATE----- -MIIFWDCCA0CgAwIBAgIQUHBrzdgT/BtOOzNy0hFIjTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQG -EwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNVBAMMEkNBIOayg+mAmuagueiv -geS5pjAeFw0wOTA4MDgwMTAwMDFaFw0zOTA4MDgwMTAwMDFaMEYxCzAJBgNVBAYTAkNOMRowGAYD -VQQKExFXb1NpZ24gQ0EgTGltaXRlZDEbMBkGA1UEAwwSQ0Eg5rKD6YCa5qC56K+B5LmmMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0EkhHiX8h8EqwqzbdoYGTufQdDTc7WU1/FDWiD+k -8H/rD195L4mx/bxjWDeTmzj4t1up+thxx7S8gJeNbEvxUNUqKaqoGXqW5pWOdO2XCld19AXbbQs5 -uQF/qvbW2mzmBeCkTVL829B0txGMe41P/4eDrv8FAxNXUDf+jJZSEExfv5RxadmWPgxDT74wwJ85 -dE8GRV2j1lY5aAfMh09Qd5Nx2UQIsYo06Yms25tO4dnkUkWMLhQfkWsZHWgpLFbE4h4TV2TwYeO5 -Ed+w4VegG63XX9Gv2ystP9Bojg/qnw+LNVgbExz03jWhCl3W6t8Sb8D7aQdGctyB9gQjF+BNdeFy -b7Ao65vh4YOhn0pdr8yb+gIgthhid5E7o9Vlrdx8kHccREGkSovrlXLp9glk3Kgtn3R46MGiCWOc -76DbT52VqyBPt7D3h1ymoOQ3OMdc4zUPLK2jgKLsLl3Az+2LBcLmc272idX10kaO6m1jGx6KyX2m -+Jzr5dVjhU1zZmkR/sgO9MHHZklTfuQZa/HpelmjbX7FF+Ynxu8b22/8DU0GAbQOXDBGVWCvOGU6 -yke6rCzMRh+yRpY/8+0mBe53oWprfi1tWFxK1I5nuPHa1UaKJ/kR8slC/k7e3x9cxKSGhxYzoacX -GKUN5AXlK8IrC6KVkLn9YDxOiT7nnO4fuwECAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud -EwEB/wQFMAMBAf8wHQYDVR0OBBYEFOBNv9ybQV0T6GTwp+kVpOGBwboxMA0GCSqGSIb3DQEBCwUA -A4ICAQBqinA4WbbaixjIvirTthnVZil6Xc1bL3McJk6jfW+rtylNpumlEYOnOXOvEESS5iVdT2H6 -yAa+Tkvv/vMx/sZ8cApBWNromUuWyXi8mHwCKe0JgOYKOoICKuLJL8hWGSbueBwj/feTZU7n85iY -r83d2Z5AiDEoOqsuC7CsDCT6eiaY8xJhEPRdF/d+4niXVOKM6Cm6jBAyvd0zaziGfjk9DgNyp115 -j0WKWa5bIW4xRtVZjc8VX90xJc/bYNaBRHIpAlf2ltTW/+op2znFuCyKGo3Oy+dCMYYFaA6eFN0A -kLppRQjbbpCBhqcqBT/mhDn4t/lXX0ykeVoQDF7Va/81XwVRHmyjdanPUIPTfPRm94KNPQx96N97 -qA4bLJyuQHCH2u2nFoJavjVsIE4iYdm8UXrNemHcSxH5/mc0zy4EZmFcV5cjjPOGG0jfKq+nwf/Y -jj4Du9gqsPoUJbJRa4ZDhS4HIxaAjUz7tGM7zMN07RujHv41D198HRaG9Q7DlfEvr10lO1Hm13ZB -ONFLAzkopR6RctR9q5czxNM+4Gm2KHmgCY0c0f9BckgG/Jou5yD5m6Leie2uPAmvylezkolwQOQv -T8Jwg0DXJCxr5wkf09XHwQj02w47HAcLQxGEIYbpgNR12KvxAmLBsX5VYc8T1yaw15zLKYs4SgsO -kI26oQ== ------END CERTIFICATE----- - COMODO RSA Certification Authority ================================== -----BEGIN CERTIFICATE----- @@ -3425,30 +2635,6 @@ kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su -----END CERTIFICATE----- -TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 -==================================================== ------BEGIN CERTIFICATE----- -MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCVFIxDzAN -BgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZlIEJp -bGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1Qg -RWxla3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAw -ODA3MDFaFw0yMzA0MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0w -SwYDVQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnE -n2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBFbGVrdHJvbmlrIFNlcnRp -ZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEApCUZ4WWe60ghUEoI5RHwWrom/4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537 -jVJp45wnEFPzpALFp/kRGml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1m -ep5Fimh34khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z5UNP -9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0hO8EuPbJbKoCPrZV -4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QIDAQABo0IwQDAdBgNVHQ4EFgQUVpkH -HtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAJ5FdnsXSDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPo -BP5yCccLqh0lVX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq -URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nfpeYVhDfwwvJl -lpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CFYv4HAqGEVka+lgqaE9chTLd8 -B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW+qtB4Uu2NQvAmxU= ------END CERTIFICATE----- - Certinomis - Root CA ==================== -----BEGIN CERTIFICATE----- @@ -3502,42 +2688,6 @@ HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= -----END CERTIFICATE----- -Certification Authority of WoSign G2 -==================================== ------BEGIN CERTIFICATE----- -MIIDfDCCAmSgAwIBAgIQayXaioidfLwPBbOxemFFRDANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQG -EwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxLTArBgNVBAMTJENlcnRpZmljYXRpb24g -QXV0aG9yaXR5IG9mIFdvU2lnbiBHMjAeFw0xNDExMDgwMDU4NThaFw00NDExMDgwMDU4NThaMFgx -CzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEtMCsGA1UEAxMkQ2VydGlm -aWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEAvsXEoCKASU+/2YcRxlPhuw+9YH+v9oIOH9ywjj2X4FA8jzrvZjtFB5sg+OPXJYY1kBai -XW8wGQiHC38Gsp1ij96vkqVg1CuAmlI/9ZqD6TRay9nVYlzmDuDfBpgOgHzKtB0TiGsOqCR3A9Du -W/PKaZE1OVbFbeP3PU9ekzgkyhjpJMuSA93MHD0JcOQg5PGurLtzaaNjOg9FD6FKmsLRY6zLEPg9 -5k4ot+vElbGs/V6r+kHLXZ1L3PR8du9nfwB6jdKgGlxNIuG12t12s9R23164i5jIFFTMaxeSt+BK -v0mUYQs4kI9dJGwlezt52eJ+na2fmKEG/HgUYFf47oB3sQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+mCp62XF3RYUCE4MD42b4Pdkr2cwDQYJKoZI -hvcNAQELBQADggEBAFfDejaCnI2Y4qtAqkePx6db7XznPWZaOzG73/MWM5H8fHulwqZm46qwtyeY -P0nXYGdnPzZPSsvxFPpahygc7Y9BMsaV+X3avXtbwrAh449G3CE4Q3RM+zD4F3LBMvzIkRfEzFg3 -TgvMWvchNSiDbGAtROtSjFA9tWwS1/oJu2yySrHFieT801LYYRf+epSEj3m2M1m6D8QL4nCgS3gu -+sif/a+RZQp4OBXllxcU3fngLDT4ONCEIgDAFFEYKwLcMFrw6AF8NTojrwjkr6qOKEJJLvD1mTS+ -7Q9LGOHSJDy7XUe3IfKN0QqZjuNuPq1w4I+5ysxugTH2e5x6eeRncRg= ------END CERTIFICATE----- - -CA WoSign ECC Root -================== ------BEGIN CERTIFICATE----- -MIICCTCCAY+gAwIBAgIQaEpYcIBr8I8C+vbe6LCQkDAKBggqhkjOPQQDAzBGMQswCQYDVQQGEwJD -TjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNVBAMTEkNBIFdvU2lnbiBFQ0MgUm9v -dDAeFw0xNDExMDgwMDU4NThaFw00NDExMDgwMDU4NThaMEYxCzAJBgNVBAYTAkNOMRowGAYDVQQK -ExFXb1NpZ24gQ0EgTGltaXRlZDEbMBkGA1UEAxMSQ0EgV29TaWduIEVDQyBSb290MHYwEAYHKoZI -zj0CAQYFK4EEACIDYgAE4f2OuEMkq5Z7hcK6C62N4DrjJLnSsb6IOsq/Srj57ywvr1FQPEd1bPiU -t5v8KB7FVMxjnRZLU8HnIKvNrCXSf4/CwVqCXjCLelTOA7WRf6qU0NGKSMyCBSah1VES1ns2o0Iw -QDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUqv3VWqP2h4syhf3R -MluARZPzA7gwCgYIKoZIzj0EAwMDaAAwZQIxAOSkhLCB1T2wdKyUpOgOPQB0TKGXa/kNUTyh2Tv0 -Daupn75OcsqF1NnstTJFGG+rrQIwfcf3aWMvoeGY7xMQ0Xk/0f7qO3/eVvSQsRUR2LIiFdAvwyYu -a/GRspBl9JrmkO5K ------END CERTIFICATE----- - SZAFIR ROOT CA2 =============== -----BEGIN CERTIFICATE----- @@ -3953,3 +3103,212 @@ lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= -----END CERTIFICATE----- + +GDCA TrustAUTH R5 ROOT +====================== +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw +BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD +DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow +YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs +AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p +OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr +pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ +9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ +xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM +R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ +D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4 +oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx +9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9 +H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35 +6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd ++PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ +HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD +F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ +8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv +/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT +aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- + +TrustCor RootCert CA-1 +====================== +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYDVQQGEwJQQTEP +MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig +U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkx +MjMxMTcyMzE2WjCBpDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFu +YW1hIENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUGA1UECwwe +VHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZUcnVzdENvciBSb290Q2Vy +dCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv463leLCJhJrMxnHQFgKq1mq +jQCj/IDHUHuO1CAmujIS2CNUSSUQIpidRtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4 +pQa81QBeCQryJ3pS/C3Vseq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0 +JEsq1pme9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CVEY4h +gLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorWhnAbJN7+KIor0Gqw +/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/DeOxCbeKyKsZn3MzUOcwHwYDVR0j +BBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwDQYJKoZIhvcNAQELBQADggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5 +mDo4Nvu7Zp5I/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf +ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZyonnMlo2HD6C +qFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djtsL1Ac59v2Z3kf9YKVmgenFK+P +3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdNzl/HHk484IkzlQsPpTLWPFp5LBk= +-----END CERTIFICATE----- + +TrustCor RootCert CA-2 +====================== +-----BEGIN CERTIFICATE----- +MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNVBAYTAlBBMQ8w +DQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVzdENvciBT +eXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0 +eTEfMB0GA1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEy +MzExNzI2MzlaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5h +bWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0 +IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnIG7CKqJiJJWQdsg4foDSq8Gb +ZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9Nk +RvRUqdw6VC0xK5mC8tkq1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1 +oYxOdqHp2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nKDOOb +XUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hapeaz6LMvYHL1cEksr1 +/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF3wP+TfSvPd9cW436cOGlfifHhi5q +jxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQP +eSghYA2FFn3XVDjxklb9tTNMg9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+Ctg +rKAmrhQhJ8Z3mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh +8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAdBgNVHQ4EFgQU +2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6UnrybPZx9mCAZ5YwwYrIwDwYD +VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/h +Osh80QA9z+LqBrWyOrsGS2h60COXdKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnp +kpfbsEZC89NiqpX+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv +2wnL/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RXCI/hOWB3 +S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYaZH9bDTMJBzN7Bj8RpFxw +PIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dv +DDqPys/cA8GiCcjl/YBeyGBCARsaU1q7N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYU +RpFHmygk71dSTlxCnKr3Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANE +xdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp5KeX +RKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu1uwJ +-----END CERTIFICATE----- + +TrustCor ECA-1 +============== +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYDVQQGEwJQQTEP +MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig +U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkxFzAVBgNVBAMMDlRydXN0Q29yIEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3Mjgw +N1owgZwxCzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5 +MSQwIgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29y +IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3IgRUNBLTEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb3w9U73NjKYKtR8aja+3+XzP4Q1HpGjOR +MRegdMTUpwHmspI+ap3tDvl0mEDTPwOABoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23 +xFUfJ3zSCNV2HykVh0A53ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmc +p0yJF4OuowReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/wZ0+ +fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZFZtS6mFjBAgMBAAGj +YzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAfBgNVHSMEGDAWgBREnkj1zG1I1KBL +f/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF +AAOCAQEABT41XBVwm8nHc2FvcivUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u +/ukZMjgDfxT2AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F +hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50soIipX1TH0Xs +J5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BIWJZpTdwHjFGTot+fDz2LYLSC +jaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1WitJ/X5g== +-----END CERTIFICATE----- + +SSL.com Root Certification Authority RSA +======================================== +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM +BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x +MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw +MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM +LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C +Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8 +P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge +oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp +k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z +fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ +gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2 +UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8 +1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s +bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr +dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf +ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl +u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq +erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj +MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ +vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI +Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y +wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI +WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- + +SSL.com Root Certification Authority ECC +======================================== +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv +BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy +MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO +BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+ +8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR +hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT +jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW +e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z +5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority RSA R2 +============================================== +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w +DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u +MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI +DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD +VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh +hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w +cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO +Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+ +B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh +CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim +9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto +RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm +JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48 ++qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp +qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1 +++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx +Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G +guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz +OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7 +CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq +lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR +rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1 +hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX +9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority ECC +=========================================== +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy +BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw +MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM +LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy +3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O +BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe +5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ +N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm +m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- -- cgit v1.2.3 From d908f53607512b8bfa3fbf65cb6fc9623fab5c63 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 2 Aug 2018 22:49:30 -0700 Subject: add app_options field --- Zotlabs/Lib/Apps.php | 13 ++++++++++--- Zotlabs/Module/Probe.php | 7 +++---- Zotlabs/Module/Zfinger.php | 4 ---- Zotlabs/Update/_1217.php | 22 ++++++++++++++++++++++ boot.php | 2 +- install/schema_mysql.sql | 1 + install/schema_postgres.sql | 1 + 7 files changed, 38 insertions(+), 12 deletions(-) create mode 100644 Zotlabs/Update/_1217.php diff --git a/Zotlabs/Lib/Apps.php b/Zotlabs/Lib/Apps.php index f7aff1722..9027b13bc 100644 --- a/Zotlabs/Lib/Apps.php +++ b/Zotlabs/Lib/Apps.php @@ -927,10 +927,11 @@ class Apps { $darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : ''); $darray['app_system'] = ((x($arr,'system')) ? intval($arr['system']) : 0); $darray['app_deleted'] = ((x($arr,'deleted')) ? intval($arr['deleted']) : 0); + $darray['app_options'] = ((x($arr,'options')) ? intval($arr['options']) : 0); $created = datetime_convert(); - $r = q("insert into app ( app_id, app_sig, app_author, app_name, app_desc, app_url, app_photo, app_version, app_channel, app_addr, app_price, app_page, app_requires, app_created, app_edited, app_system, app_plugin, app_deleted ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', %d )", + $r = q("insert into app ( app_id, app_sig, app_author, app_name, app_desc, app_url, app_photo, app_version, app_channel, app_addr, app_price, app_page, app_requires, app_created, app_edited, app_system, app_plugin, app_deleted, app_options ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', %d, %d )", dbesc($darray['app_id']), dbesc($darray['app_sig']), dbesc($darray['app_author']), @@ -948,7 +949,8 @@ class Apps { dbesc($created), intval($darray['app_system']), dbesc($darray['app_plugin']), - intval($darray['app_deleted']) + intval($darray['app_deleted']), + intval($darray['app_options']) ); if($r) { @@ -1009,10 +1011,11 @@ class Apps { $darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : ''); $darray['app_system'] = ((x($arr,'system')) ? intval($arr['system']) : 0); $darray['app_deleted'] = ((x($arr,'deleted')) ? intval($arr['deleted']) : 0); + $darray['app_options'] = ((x($arr,'options')) ? intval($arr['options']) : 0); $edited = datetime_convert(); - $r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s', app_edited = '%s', app_system = %d, app_plugin = '%s', app_deleted = %d where app_id = '%s' and app_channel = %d", + $r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s', app_edited = '%s', app_system = %d, app_plugin = '%s', app_deleted = %d, app_options = %d where app_id = '%s' and app_channel = %d", dbesc($darray['app_sig']), dbesc($darray['app_author']), dbesc($darray['app_name']), @@ -1028,6 +1031,7 @@ class Apps { intval($darray['app_system']), dbesc($darray['app_plugin']), intval($darray['app_deleted']), + intval($darray['app_options']), dbesc($darray['app_id']), intval($darray['app_channel']) ); @@ -1117,6 +1121,9 @@ class Apps { if($app['app_system']) $ret['system'] = $app['app_system']; + if($app['app_options']) + $ret['options'] = $app['app_options']; + if($app['app_plugin']) $ret['plugin'] = trim($app['app_plugin']); diff --git a/Zotlabs/Module/Probe.php b/Zotlabs/Module/Probe.php index 2e65f107c..2c67c6aae 100644 --- a/Zotlabs/Module/Probe.php +++ b/Zotlabs/Module/Probe.php @@ -27,12 +27,11 @@ class Probe extends \Zotlabs\Web\Controller { $o .= '
';
 			if(! $j['success']) {
-				$o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n");
 				$o .= "https connection failed. Trying again with auto failover to http.\r\n\r\n";
 				$j = \Zotlabs\Zot\Finger::run($addr,$channel,true);
-				if(! $j['success']) 
-					$o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n");
-	
+				if(! $j['success']) {
+					return $o;	
+				}
 			}
 			if($do_import && $j)
 				$x = import_xchan($j);
diff --git a/Zotlabs/Module/Zfinger.php b/Zotlabs/Module/Zfinger.php
index 0f7f6a64b..6ed001df5 100644
--- a/Zotlabs/Module/Zfinger.php
+++ b/Zotlabs/Module/Zfinger.php
@@ -36,10 +36,6 @@ class Zfinger extends \Zotlabs\Web\Controller {
 
 		echo $ret;
 		killme();
-
-
-
-		json_return_and_die($x);
 	
 	}
 	
diff --git a/Zotlabs/Update/_1217.php b/Zotlabs/Update/_1217.php
new file mode 100644
index 000000000..15d2d06b3
--- /dev/null
+++ b/Zotlabs/Update/_1217.php
@@ -0,0 +1,22 @@
+
Date: Sat, 4 Aug 2018 13:50:49 -0700
Subject: ability for addons to create .pdl files and load them automatically

---
 boot.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/boot.php b/boot.php
index 6f34717b8..316e86758 100755
--- a/boot.php
+++ b/boot.php
@@ -2093,6 +2093,8 @@ function load_pdl() {
 
 		if((! $s) && (($p = theme_include($n)) != ''))
 			$s = @file_get_contents($p);
+		elseif(file_exists('addon/'. App::$module . '/' . $n))
+			$s = @file_get_contents('addon/'. App::$module . '/' . $n);
 		if($s) {
 			App::$comanche->parse($s);
 			App::$pdl = $s;
-- 
cgit v1.2.3


From aeb9d5cd90a3bcb79c8d0b1645ece47e8756f422 Mon Sep 17 00:00:00 2001
From: zotlabs 
Date: Sun, 5 Aug 2018 23:19:33 -0700
Subject: create alter_pdl hook

---
 boot.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/boot.php b/boot.php
index 316e86758..fca184555 100755
--- a/boot.php
+++ b/boot.php
@@ -2072,8 +2072,8 @@ function load_pdl() {
 	if (! count(App::$layout)) {
 
 		$arr = [
-				'module' => App::$module,
-				'layout' => ''
+			'module' => App::$module,
+			'layout' => ''
 		];
 		/**
 		 * @hooks load_pdl
@@ -2095,6 +2095,14 @@ function load_pdl() {
 			$s = @file_get_contents($p);
 		elseif(file_exists('addon/'. App::$module . '/' . $n))
 			$s = @file_get_contents('addon/'. App::$module . '/' . $n);
+
+		$arr = [
+			'module' => App::$module,
+			'layout' => $s
+		];
+		call_hooks('alter_pdl',$arr);
+		$s = $arr['layout'];
+
 		if($s) {
 			App::$comanche->parse($s);
 			App::$pdl = $s;
-- 
cgit v1.2.3


From 166879b8b04f8656a0ef105c319b8b4a82626bd9 Mon Sep 17 00:00:00 2001
From: zotlabs 
Date: Mon, 6 Aug 2018 17:43:22 -0700
Subject: bring some Zot6 libraries and interfaces to red/hubzilla

---
 Zotlabs/Lib/Activity.php     | 1725 +++++++++++++++++++++++++
 Zotlabs/Lib/Group.php        |  405 ++++++
 Zotlabs/Lib/Libsync.php      | 1019 +++++++++++++++
 Zotlabs/Lib/Libzot.php       | 2849 ++++++++++++++++++++++++++++++++++++++++++
 Zotlabs/Lib/Libzotdir.php    |  654 ++++++++++
 Zotlabs/Lib/Queue.php        |  278 +++++
 Zotlabs/Lib/Webfinger.php    |  109 ++
 Zotlabs/Lib/Zotfinger.php    |   50 +
 Zotlabs/Module/Zot.php       |   25 +
 Zotlabs/Zot6/Finger.php      |  146 +++
 Zotlabs/Zot6/IHandler.php    |   18 +
 Zotlabs/Zot6/Receiver.php    |  220 ++++
 Zotlabs/Zot6/Zot6Handler.php |  266 ++++
 13 files changed, 7764 insertions(+)
 create mode 100644 Zotlabs/Lib/Activity.php
 create mode 100644 Zotlabs/Lib/Group.php
 create mode 100644 Zotlabs/Lib/Libsync.php
 create mode 100644 Zotlabs/Lib/Libzot.php
 create mode 100644 Zotlabs/Lib/Libzotdir.php
 create mode 100644 Zotlabs/Lib/Queue.php
 create mode 100644 Zotlabs/Lib/Webfinger.php
 create mode 100644 Zotlabs/Lib/Zotfinger.php
 create mode 100644 Zotlabs/Module/Zot.php
 create mode 100644 Zotlabs/Zot6/Finger.php
 create mode 100644 Zotlabs/Zot6/IHandler.php
 create mode 100644 Zotlabs/Zot6/Receiver.php
 create mode 100644 Zotlabs/Zot6/Zot6Handler.php

diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
new file mode 100644
index 000000000..6ddbbb9db
--- /dev/null
+++ b/Zotlabs/Lib/Activity.php
@@ -0,0 +1,1725 @@
+ 'Object',
+			'id'   => z_root() . '/thing/' . $r[0]['obj_obj'],
+			'name' => $r[0]['obj_term']
+		];
+
+		if($r[0]['obj_image'])
+			$x['image'] = $r[0]['obj_image'];
+
+		return $x;
+
+	}
+
+	static function fetch_item($x) {
+
+		if (array_key_exists('source',$x)) {
+			// This item is already processed and encoded
+			return $x;
+		}
+
+		$r = q("select * from item where mid = '%s' limit 1",
+			dbesc($x['id'])
+		);
+		if($r) {
+			xchan_query($r,true);
+			$r = fetch_post_tags($r,true);
+			return self::encode_item($r[0]);
+		}
+	}
+
+	static function encode_item_collection($items,$id,$type,$extra = null) {
+
+		$ret = [
+			'id' => z_root() . '/' . $id,
+			'type' => $type,
+			'totalItems' => count($items),
+		];
+		if($extra)
+			$ret = array_merge($ret,$extra);
+
+		if($items) {
+			$x = [];
+			foreach($items as $i) {
+				$t = self::encode_activity($i);
+				if($t)
+					$x[] = $t;
+			}
+			if($type === 'OrderedCollection')
+				$ret['orderedItems'] = $x;
+			else
+				$ret['items'] = $x;
+		}
+
+		return $ret;
+	}
+
+	static function encode_follow_collection($items,$id,$type,$extra = null) {
+
+		$ret = [
+			'id' => z_root() . '/' . $id,
+			'type' => $type,
+			'totalItems' => count($items),
+		];
+		if($extra)
+			$ret = array_merge($ret,$extra);
+
+		if($items) {
+			$x = [];
+			foreach($items as $i) {
+				if($i['xchan_url']) {
+					$x[] = $i['xchan_url'];
+				}
+			}
+
+			if($type === 'OrderedCollection')
+				$ret['orderedItems'] = $x;
+			else
+				$ret['items'] = $x;
+		}
+
+		return $ret;
+	}
+
+
+
+
+	static function encode_item($i) {
+
+		$ret = [];
+
+		$objtype = self::activity_obj_mapper($i['obj_type']);
+
+		if(intval($i['item_deleted'])) {
+			$ret['type'] = 'Tombstone';
+			$ret['formerType'] = $objtype;
+			$ret['id'] = ((strpos($i['mid'],'http') === 0) ? $i['mid'] : z_root() . '/item/' . urlencode($i['mid']));
+			return $ret;
+		}
+
+		$ret['type'] = $objtype;
+
+		$ret['id']   = ((strpos($i['mid'],'http') === 0) ? $i['mid'] : z_root() . '/item/' . urlencode($i['mid']));
+
+		if($i['title'])
+			$ret['title'] = bbcode($i['title']);
+
+		$ret['published'] = datetime_convert('UTC','UTC',$i['created'],ATOM_TIME);
+		if($i['created'] !== $i['edited'])
+			$ret['updated'] = datetime_convert('UTC','UTC',$i['edited'],ATOM_TIME);
+		if($i['app']) {
+			$ret['instrument'] = [ 'type' => 'Service', 'name' => $i['app'] ];
+		}
+		if($i['location'] || $i['coord']) {
+			$ret['location'] = [ 'type' => 'Place' ];
+			if($i['location']) {
+				$ret['location']['name'] = $i['location'];
+			}
+			if($i['coord']) {
+				$l = explode(' ',$i['coord']);
+				$ret['location']['latitude'] = $l[0];
+				$ret['location']['longitude'] = $l[1];
+			}
+		}
+
+		$ret['attributedTo'] = $i['author']['xchan_url'];
+
+		if($i['id'] != $i['parent']) {
+			$ret['inReplyTo'] = ((strpos($i['parent_mid'],'http') === 0) ? $i['parent_mid'] : z_root() . '/item/' . urlencode($i['parent_mid']));
+		}
+
+		if($i['mimetype'] === 'text/bbcode') {
+			if($i['title'])
+				$ret['name'] = bbcode($i['title']);
+			if($i['summary'])
+				$ret['summary'] = bbcode($i['summary']);
+			$ret['content'] = bbcode($i['body']);
+			$ret['source'] = [ 'content' => $i['body'], 'mediaType' => 'text/bbcode' ];
+		}
+
+		$actor = self::encode_person($i['author'],false);
+		if($actor)
+			$ret['actor'] = $actor;
+		else
+			return [];
+
+		$t = self::encode_taxonomy($i);
+		if($t) {
+			$ret['tag']       = $t;
+		}
+
+		$a = self::encode_attachment($i);
+		if($a) {
+			$ret['attachment'] = $a;
+		}
+
+		return $ret;
+	}
+
+	static function decode_taxonomy($item) {
+
+		$ret = [];
+
+		if($item['tag']) {
+			foreach($item['tag'] as $t) {
+				if(! array_key_exists('type',$t))
+					$t['type'] = 'Hashtag';
+
+				switch($t['type']) {
+					case 'Hashtag':
+						$ret[] = [ 'ttype' => TERM_HASHTAG, 'url' => $t['href'], 'term' => escape_tags((substr($t['name'],0,1) === '#') ? substr($t['name'],1) : $t['name']) ];
+						break;
+
+					case 'Mention':
+						$mention_type = substr($t['name'],0,1);
+						if($mention_type === '!') {
+							$ret[] = [ 'ttype' => TERM_FORUM, 'url' => $t['href'], 'term' => escape_tags(substr($t['name'],1)) ];
+						}
+						else {
+							$ret[] = [ 'ttype' => TERM_MENTION, 'url' => $t['href'], 'term' => escape_tags((substr($t['name'],0,1) === '@') ? substr($t['name'],1) : $t['name']) ];
+						}
+						break;
+	
+					default:
+						break;
+				}
+			}
+		}
+
+		return $ret;
+	}
+
+
+	static function encode_taxonomy($item) {
+
+		$ret = [];
+
+		if($item['term']) {
+			foreach($item['term'] as $t) {
+				switch($t['ttype']) {
+					case TERM_HASHTAG:
+						// An id is required so if we don't have a url in the taxonomy, ignore it and keep going.
+						if($t['url']) {
+							$ret[] = [ 'id' => $t['url'], 'name' => '#' . $t['term'] ];
+						}
+						break;
+
+					case TERM_FORUM:
+						$ret[] = [ 'type' => 'Mention', 'href' => $t['url'], 'name' => '!' . $t['term'] ];
+						break;
+
+					case TERM_MENTION:
+						$ret[] = [ 'type' => 'Mention', 'href' => $t['url'], 'name' => '@' . $t['term'] ];
+						break;
+	
+					default:
+						break;
+				}
+			}
+		}
+
+		return $ret;
+	}
+
+	static function encode_attachment($item) {
+
+		$ret = [];
+
+		if($item['attach']) {
+			$atts = json_decode($item['attach'],true);
+			if($atts) {
+				foreach($atts as $att) {
+					if(strpos($att['type'],'image')) {
+						$ret[] = [ 'type' => 'Image', 'url' => $att['href'] ];
+					}
+					else {
+						$ret[] = [ 'type' => 'Link', 'mediaType' => $att['type'], 'href' => $att['href'] ];
+					}
+				}
+			}
+		}
+
+		return $ret;
+	}
+
+
+	static function decode_attachment($item) {
+
+		$ret = [];
+
+		if($item['attachment']) {
+			foreach($item['attachment'] as $att) {
+				$entry = [];
+				if($att['href'])
+					$entry['href'] = $att['href'];
+				elseif($att['url'])
+					$entry['href'] = $att['url'];
+				if($att['mediaType'])
+					$entry['type'] = $att['mediaType'];
+				elseif($att['type'] === 'Image')
+					$entry['type'] = 'image/jpeg';
+				if($entry)
+					$ret[] = $entry;
+			}
+		}
+
+		return $ret;
+	}
+
+
+
+	static function encode_activity($i) {
+
+		$ret   = [];
+		$reply = false;
+
+		if(intval($i['item_deleted'])) {
+			$ret['type'] = 'Tombstone';
+			$ret['formerType'] = self::activity_obj_mapper($i['obj_type']);
+			$ret['id'] = ((strpos($i['mid'],'http') === 0) ? $i['mid'] : z_root() . '/item/' . urlencode($i['mid']));
+			return $ret;
+		}
+
+		$ret['type'] = self::activity_mapper($i['verb']);
+		$ret['id']   = ((strpos($i['mid'],'http') === 0) ? $i['mid'] : z_root() . '/activity/' . urlencode($i['mid']));
+
+		if($i['title'])
+			$ret['name'] = html2plain(bbcode($i['title']));
+
+		if($i['summary'])
+			$ret['summary'] = bbcode($i['summary']);
+
+		if($ret['type'] === 'Announce') {
+			$tmp = preg_replace('/\[share(.*?)\[\/share\]/ism',EMPTY_STR, $i['body']);
+			$ret['content'] = bbcode($tmp);
+			$ret['source'] = [
+				'content' => $i['body'],
+				'mediaType' => 'text/bbcode'
+			];
+		}
+
+		$ret['published'] = datetime_convert('UTC','UTC',$i['created'],ATOM_TIME);
+		if($i['created'] !== $i['edited'])
+			$ret['updated'] = datetime_convert('UTC','UTC',$i['edited'],ATOM_TIME);
+		if($i['app']) {
+			$ret['instrument'] = [ 'type' => 'Service', 'name' => $i['app'] ];
+		}
+		if($i['location'] || $i['coord']) {
+			$ret['location'] = [ 'type' => 'Place' ];
+			if($i['location']) {
+				$ret['location']['name'] = $i['location'];
+			}
+			if($i['coord']) {
+				$l = explode(' ',$i['coord']);
+				$ret['location']['latitude'] = $l[0];
+				$ret['location']['longitude'] = $l[1];
+			}
+		}
+
+		if($i['id'] != $i['parent']) {
+			$ret['inReplyTo'] = ((strpos($i['parent_mid'],'http') === 0) ? $i['parent_mid'] : z_root() . '/item/' . urlencode($i['parent_mid']));
+			$reply = true;
+
+			if($i['item_private']) {
+				$d = q("select xchan_url, xchan_addr, xchan_name from item left join xchan on xchan_hash = author_xchan where id = %d limit 1",
+					intval($i['parent'])
+				);
+				if($d) {
+					$is_directmessage = false;
+					$recips = get_iconfig($i['parent'], 'activitypub', 'recips');
+
+					if(in_array($i['author']['xchan_url'], $recips['to'])) {
+						$reply_url = $d[0]['xchan_url'];
+						$is_directmessage = true;
+					}
+					else {
+						$reply_url = z_root() . '/followers/' . substr($i['author']['xchan_addr'],0,strpos($i['author']['xchan_addr'],'@'));
+					}
+
+					$reply_addr = (($d[0]['xchan_addr']) ? $d[0]['xchan_addr'] : $d[0]['xchan_name']);
+				}
+			}
+
+		}
+
+		$actor = self::encode_person($i['author'],false);
+		if($actor)
+			$ret['actor'] = $actor;
+		else
+			return []; 
+
+		if($i['obj']) {
+			if(! is_array($i['obj'])) {
+				$i['obj'] = json_decode($i['obj'],true);
+			}
+			$obj = self::encode_object($i['obj']);
+			if($obj)
+				$ret['object'] = $obj;
+			else
+				return [];
+		}
+		else {
+			$obj = self::encode_item($i);
+			if($obj)
+				$ret['object'] = $obj;
+			else
+				return [];
+		}
+
+		if($i['target']) {
+			if(! is_array($i['target'])) {
+				$i['target'] = json_decode($i['target'],true);
+			}
+			$tgt = self::encode_object($i['target']);
+			if($tgt)
+				$ret['target'] = $tgt;
+			else
+				return [];
+		}
+
+		return $ret;
+	}
+
+	static function map_mentions($i) {
+		if(! $i['term']) {
+			return [];
+		}
+
+		$list = [];
+
+		foreach ($i['term'] as $t) {
+			if($t['ttype'] == TERM_MENTION) {
+				$list[] = $t['url'];
+			}
+		}
+
+		return $list;
+	}
+
+	static function map_acl($i,$mentions = false) {
+
+		$private = false;
+		$list = [];
+		$x = collect_recipients($i,$private);
+		if($x) {
+			stringify_array_elms($x);
+			if(! $x)
+				return;
+
+			$strict = (($mentions) ? true : get_config('activitypub','compliance'));
+
+			$sql_extra = (($strict) ? " and xchan_network = 'activitypub' " : '');
+
+			$details = q("select xchan_url, xchan_addr, xchan_name from xchan where xchan_hash in (" . implode(',',$x) . ") $sql_extra");
+
+			if($details) {
+				foreach($details as $d) {
+					if($mentions) {
+						$list[] = [ 'type' => 'Mention', 'href' => $d['xchan_url'], 'name' => '@' . (($d['xchan_addr']) ? $d['xchan_addr'] : $d['xchan_name']) ];
+					}
+					else { 
+						$list[] = $d['xchan_url'];
+					}
+				}
+			}
+		}
+
+		return $list;
+
+	}
+
+
+	static function encode_person($p, $extended = true) {
+
+		if(! $p['xchan_url'])
+			return [];
+
+		if(! $extended) {
+			return $p['xchan_url'];
+		}
+		$ret = [];
+
+		$ret['type']  = 'Person';
+		$ret['id']    = $p['xchan_url'];
+		if($p['xchan_addr'] && strpos($p['xchan_addr'],'@'))
+			$ret['preferredUsername'] = substr($p['xchan_addr'],0,strpos($p['xchan_addr'],'@'));
+		$ret['name']  = $p['xchan_name'];
+		$ret['updated'] = datetime_convert('UTC','UTC',$p['xchan_name_date'],ATOM_TIME);
+		$ret['icon']  = [
+			'type'      => 'Image',
+			'mediaType' => (($p['xchan_photo_mimetype']) ? $p['xchan_photo_mimetype'] : 'image/png' ),
+			'updated'   => datetime_convert('UTC','UTC',$p['xchan_photo_date'],ATOM_TIME),
+			'url'       => $p['xchan_photo_l'],
+			'height'    => 300,
+			'width'     => 300,
+		];
+		$ret['url'] = [
+			[ 
+				'type'      => 'Link',
+				'mediaType' => 'text/html',
+				'href'      => $p['xchan_url']
+			],
+			[
+				'type'      => 'Link',
+				'mediaType' => 'text/x-zot+json',
+				'href'      => $p['xchan_url']
+			]
+		];
+
+		$arr = [ 'xchan' => $p, 'encoded' => $ret ];
+		call_hooks('encode_person', $arr);
+		$ret = $arr['encoded'];
+
+
+		return $ret;
+	}
+
+
+	static function activity_mapper($verb) {
+
+		if(strpos($verb,'/') === false) {
+			return $verb;
+		}
+
+		$acts = [
+			'http://activitystrea.ms/schema/1.0/post'      => 'Create',
+			'http://activitystrea.ms/schema/1.0/share'     => 'Announce',
+			'http://activitystrea.ms/schema/1.0/update'    => 'Update',
+			'http://activitystrea.ms/schema/1.0/like'      => 'Like',
+			'http://activitystrea.ms/schema/1.0/favorite'  => 'Like',
+			'http://purl.org/zot/activity/dislike'         => 'Dislike',
+			'http://activitystrea.ms/schema/1.0/tag'       => 'Add',
+			'http://activitystrea.ms/schema/1.0/follow'    => 'Follow',
+			'http://activitystrea.ms/schema/1.0/unfollow'  => 'Unfollow',
+		];
+
+
+		if(array_key_exists($verb,$acts) && $acts[$verb]) {
+			return $acts[$verb];
+		}
+
+		// Reactions will just map to normal activities
+
+		if(strpos($verb,ACTIVITY_REACT) !== false)
+			return 'Create';
+		if(strpos($verb,ACTIVITY_MOOD) !== false)
+			return 'Create';
+
+		if(strpos($verb,ACTIVITY_POKE) !== false)
+			return 'Activity';
+
+		// We should return false, however this will trigger an uncaught execption  and crash 
+		// the delivery system if encountered by the JSON-LDSignature library
+ 
+		logger('Unmapped activity: ' . $verb);
+		return 'Create';
+	//	return false;
+}
+
+
+	static function activity_obj_mapper($obj) {
+
+		if(strpos($obj,'/') === false) {
+			return $obj;
+		}
+
+		$objs = [
+			'http://activitystrea.ms/schema/1.0/note'           => 'Note',
+			'http://activitystrea.ms/schema/1.0/comment'        => 'Note',
+			'http://activitystrea.ms/schema/1.0/person'         => 'Person',
+			'http://purl.org/zot/activity/profile'              => 'Profile',
+			'http://activitystrea.ms/schema/1.0/photo'          => 'Image',
+			'http://activitystrea.ms/schema/1.0/profile-photo'  => 'Icon',
+			'http://activitystrea.ms/schema/1.0/event'          => 'Event',
+			'http://activitystrea.ms/schema/1.0/wiki'           => 'Document',
+			'http://purl.org/zot/activity/location'             => 'Place',
+			'http://purl.org/zot/activity/chessgame'            => 'Game',
+			'http://purl.org/zot/activity/tagterm'              => 'zot:Tag',
+			'http://purl.org/zot/activity/thing'                => 'Object',
+			'http://purl.org/zot/activity/file'                 => 'zot:File',
+			'http://purl.org/zot/activity/mood'                 => 'zot:Mood',
+		
+		];
+
+		if(array_key_exists($obj,$objs)) {
+			return $objs[$obj];
+		}
+
+		logger('Unmapped activity object: ' . $obj);
+		return 'Note';
+
+		//	return false;
+
+	}
+
+
+	static function follow($channel,$act) {
+
+		$contact = null;
+		$their_follow_id = null;
+
+		/*
+		 * 
+		 * if $act->type === 'Follow', actor is now following $channel 
+		 * if $act->type === 'Accept', actor has approved a follow request from $channel 
+		 *	 
+		 */
+
+		$person_obj = $act->actor;
+
+		if($act->type === 'Follow') {
+			$their_follow_id  = $act->id;
+		}
+		elseif($act->type === 'Accept') {
+			$my_follow_id = z_root() . '/follow/' . $contact['id'];
+		}
+	
+		if(is_array($person_obj)) {
+
+			// store their xchan and hubloc
+
+			self::actor_store($person_obj['id'],$person_obj);
+
+			// Find any existing abook record 
+
+			$r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d limit 1",
+				dbesc($person_obj['id']),
+				intval($channel['channel_id'])
+			);
+			if($r) {
+				$contact = $r[0];
+			}
+		}
+
+		$x = \Zotlabs\Access\PermissionRoles::role_perms('social');
+		$p = \Zotlabs\Access\Permissions::FilledPerms($x['perms_connect']);
+		$their_perms = \Zotlabs\Access\Permissions::serialise($p);
+
+		if($contact && $contact['abook_id']) {
+
+			// A relationship of some form already exists on this site. 
+
+			switch($act->type) {
+
+				case 'Follow':
+
+					// A second Follow request, but we haven't approved the first one
+
+					if($contact['abook_pending']) {
+						return;
+					}
+
+					// We've already approved them or followed them first
+					// Send an Accept back to them
+
+					set_abconfig($channel['channel_id'],$person_obj['id'],'pubcrawl','their_follow_id', $their_follow_id);
+					\Zotlabs\Daemon\Master::Summon([ 'Notifier', 'permissions_accept', $contact['abook_id'] ]);
+					return;
+
+				case 'Accept':
+
+					// They accepted our Follow request - set default permissions
+	
+					set_abconfig($channel['channel_id'],$contact['abook_xchan'],'system','their_perms',$their_perms);
+
+					$abook_instance = $contact['abook_instance'];
+	
+					if(strpos($abook_instance,z_root()) === false) {
+						if($abook_instance) 
+							$abook_instance .= ',';
+						$abook_instance .= z_root();
+
+						$r = q("update abook set abook_instance = '%s', abook_not_here = 0 
+							where abook_id = %d and abook_channel = %d",
+							dbesc($abook_instance),
+							intval($contact['abook_id']),
+							intval($channel['channel_id'])
+						);
+					}
+		
+					return;
+				default:
+					return;
+	
+			}
+		}
+
+		// No previous relationship exists.
+
+		if($act->type === 'Accept') {
+			// This should not happen unless we deleted the connection before it was accepted.
+			return;
+		}
+
+		// From here on out we assume a Follow activity to somebody we have no existing relationship with
+
+		set_abconfig($channel['channel_id'],$person_obj['id'],'pubcrawl','their_follow_id', $their_follow_id);
+
+		// The xchan should have been created by actor_store() above
+
+		$r = q("select * from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' limit 1",
+			dbesc($person_obj['id'])
+		);
+
+		if(! $r) {
+			logger('xchan not found for ' . $person_obj['id']);
+			return;
+		}
+		$ret = $r[0];
+
+		$p = \Zotlabs\Access\Permissions::connect_perms($channel['channel_id']);
+		$my_perms  = \Zotlabs\Access\Permissions::serialise($p['perms']);
+		$automatic = $p['automatic'];
+
+		$closeness = get_pconfig($channel['channel_id'],'system','new_abook_closeness',80);
+
+		$r = abook_store_lowlevel(
+			[
+				'abook_account'   => intval($channel['channel_account_id']),
+				'abook_channel'   => intval($channel['channel_id']),
+				'abook_xchan'     => $ret['xchan_hash'],
+				'abook_closeness' => intval($closeness),
+				'abook_created'   => datetime_convert(),
+				'abook_updated'   => datetime_convert(),
+				'abook_connected' => datetime_convert(),
+				'abook_dob'       => NULL_DATE,
+				'abook_pending'   => intval(($automatic) ? 0 : 1),
+				'abook_instance'  => z_root()
+			]
+		);
+		
+		if($my_perms)
+			set_abconfig($channel['channel_id'],$ret['xchan_hash'],'system','my_perms',$my_perms);
+
+		if($their_perms)
+			set_abconfig($channel['channel_id'],$ret['xchan_hash'],'system','their_perms',$their_perms);
+
+
+		if($r) {
+			logger("New ActivityPub follower for {$channel['channel_name']}");
+
+			$new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash left join hubloc on hubloc_hash = xchan_hash where abook_channel = %d and abook_xchan = '%s' order by abook_created desc limit 1",
+				intval($channel['channel_id']),
+				dbesc($ret['xchan_hash'])
+			);
+			if($new_connection) {
+				\Zotlabs\Lib\Enotify::submit(
+					[
+						'type'	       => NOTIFY_INTRO,
+						'from_xchan'   => $ret['xchan_hash'],
+						'to_xchan'     => $channel['channel_hash'],
+						'link'         => z_root() . '/connedit/' . $new_connection[0]['abook_id'],
+					]
+				);
+
+				if($my_perms && $automatic) {
+					// send an Accept for this Follow activity
+					\Zotlabs\Daemon\Master::Summon([ 'Notifier', 'permissions_accept', $new_connection[0]['abook_id'] ]);
+					// Send back a Follow notification to them
+					\Zotlabs\Daemon\Master::Summon([ 'Notifier', 'permissions_create', $new_connection[0]['abook_id'] ]);
+				}
+
+				$clone = array();
+				foreach($new_connection[0] as $k => $v) {
+					if(strpos($k,'abook_') === 0) {
+						$clone[$k] = $v;
+					}
+				}
+				unset($clone['abook_id']);
+				unset($clone['abook_account']);
+				unset($clone['abook_channel']);
+		
+				$abconfig = load_abconfig($channel['channel_id'],$clone['abook_xchan']);
+
+				if($abconfig)
+					$clone['abconfig'] = $abconfig;
+
+				Libsync::build_sync_packet($channel['channel_id'], [ 'abook' => array($clone) ] );
+			}
+		}
+
+
+		/* If there is a default group for this channel and permissions are automatic, add this member to it */
+
+		if($channel['channel_default_group'] && $automatic) {
+			$g = Group::rec_byhash($channel['channel_id'],$channel['channel_default_group']);
+			if($g)
+				Group::member_add($channel['channel_id'],'',$ret['xchan_hash'],$g['id']);
+		}
+
+
+		return;
+
+	}
+
+
+	static function unfollow($channel,$act) {
+
+		$contact = null;
+
+		/* @FIXME This really needs to be a signed request. */
+
+		/* actor is unfollowing $channel */
+
+		$person_obj = $act->actor;
+
+		if(is_array($person_obj)) {
+
+			$r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d limit 1",
+				dbesc($person_obj['id']),
+				intval($channel['channel_id'])
+			);
+			if($r) {
+				// remove all permissions they provided
+				del_abconfig($channel['channel_id'],$r[0]['xchan_hash'],'system','their_perms',EMPTY_STR);
+			}
+		}
+
+		return;
+	}
+
+
+
+
+	static function actor_store($url,$person_obj) {
+
+		if(! is_array($person_obj))
+			return;
+
+		$name = $person_obj['name'];
+		if(! $name)
+			$name = $person_obj['preferredUsername'];
+		if(! $name)
+			$name = t('Unknown');
+
+		if($person_obj['icon']) {
+			if(is_array($person_obj['icon'])) {
+				if(array_key_exists('url',$person_obj['icon']))
+					$icon = $person_obj['icon']['url'];
+				else
+					$icon = $person_obj['icon'][0]['url'];
+			}
+			else
+				$icon = $person_obj['icon'];
+		}
+
+		if(is_array($person_obj['url']) && array_key_exists('href', $person_obj['url']))
+			$profile = $person_obj['url']['href'];
+		else
+			$profile = $url;
+
+
+		$inbox = $person_obj['inbox'];
+
+		$collections = [];
+
+		if($inbox) {
+			$collections['inbox'] = $inbox;
+			if($person_obj['outbox'])
+				$collections['outbox'] = $person_obj['outbox'];
+			if($person_obj['followers'])
+				$collections['followers'] = $person_obj['followers'];
+			if($person_obj['following'])
+				$collections['following'] = $person_obj['following'];
+			if($person_obj['endpoints'] && $person_obj['endpoints']['sharedInbox'])
+				$collections['sharedInbox'] = $person_obj['endpoints']['sharedInbox'];
+		}
+
+		if(array_key_exists('publicKey',$person_obj) && array_key_exists('publicKeyPem',$person_obj['publicKey'])) {
+			if($person_obj['id'] === $person_obj['publicKey']['owner']) {
+				$pubkey = $person_obj['publicKey']['publicKeyPem'];
+				if(strstr($pubkey,'RSA ')) {
+					$pubkey = rsatopem($pubkey);
+				}
+			}
+		}
+
+		$r = q("select * from xchan where xchan_hash = '%s' limit 1",
+			dbesc($url)
+		);
+		if(! $r) {
+			// create a new record
+			$r = xchan_store_lowlevel(
+				[
+					'xchan_hash'         => $url,
+					'xchan_guid'         => $url,
+					'xchan_pubkey'       => $pubkey,
+					'xchan_addr'         => '',
+					'xchan_url'          => $profile,
+					'xchan_name'         => $name,
+					'xchan_name_date'    => datetime_convert(),
+					'xchan_network'      => 'activitypub'
+				]
+			);
+		}
+		else {
+
+			// Record exists. Cache existing records for one week at most
+			// then refetch to catch updated profile photos, names, etc. 
+
+			$d = datetime_convert('UTC','UTC','now - 1 week');
+			if($r[0]['xchan_name_date'] > $d)
+				return;
+
+			// update existing record
+			$r = q("update xchan set xchan_name = '%s', xchan_pubkey = '%s', xchan_network = '%s', xchan_name_date = '%s' where xchan_hash = '%s'",
+				dbesc($name),
+				dbesc($pubkey),
+				dbesc('activitypub'),
+				dbesc(datetime_convert()),
+				dbesc($url)
+			);
+		}
+
+		if($collections) {
+			set_xconfig($url,'activitypub','collections',$collections);
+		}
+
+		$r = q("select * from hubloc where hubloc_hash = '%s' limit 1",
+			dbesc($url)
+		);
+
+
+		$m = parse_url($url);
+		if($m) {
+			$hostname = $m['host'];
+			$baseurl = $m['scheme'] . '://' . $m['host'] . (($m['port']) ? ':' . $m['port'] : '');
+		}
+
+		if(! $r) {
+			$r = hubloc_store_lowlevel(
+				[
+					'hubloc_guid'     => $url,
+					'hubloc_hash'     => $url,
+					'hubloc_addr'     => '',
+					'hubloc_network'  => 'activitypub',
+					'hubloc_url'      => $baseurl,
+					'hubloc_host'     => $hostname,
+					'hubloc_callback' => $inbox,
+					'hubloc_updated'  => datetime_convert(),
+					'hubloc_primary'  => 1
+				]
+			);
+		}
+
+		if(! $icon)
+			$icon = z_root() . '/' . get_default_profile_photo(300);
+
+		$photos = import_xchan_photo($icon,$url);
+		$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
+			dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])),
+			dbesc($photos[0]),
+			dbesc($photos[1]),
+			dbesc($photos[2]),
+			dbesc($photos[3]),
+			dbesc($url)
+		);
+
+	}
+
+
+	static function create_action($channel,$observer_hash,$act) {
+
+		if(in_array($act->obj['type'], [ 'Note', 'Article', 'Video' ])) {
+			self::create_note($channel,$observer_hash,$act);
+		}
+
+
+	}
+
+	static function announce_action($channel,$observer_hash,$act) {
+
+		if(in_array($act->type, [ 'Announce' ])) {
+			self::announce_note($channel,$observer_hash,$act);
+		}
+
+	}
+
+
+	static function like_action($channel,$observer_hash,$act) {
+
+		if(in_array($act->obj['type'], [ 'Note', 'Article', 'Video' ])) {
+			self::like_note($channel,$observer_hash,$act);
+		}
+
+
+	}
+
+	// sort function width decreasing
+
+	static function as_vid_sort($a,$b) {
+		if($a['width'] === $b['width'])
+			return 0;
+		return (($a['width'] > $b['width']) ? -1 : 1);
+	}
+
+	static function create_note($channel,$observer_hash,$act) {
+
+		$s = [];
+
+		// Mastodon only allows visibility in public timelines if the public inbox is listed in the 'to' field.
+		// They are hidden in the public timeline if the public inbox is listed in the 'cc' field.
+		// This is not part of the activitypub protocol - we might change this to show all public posts in pubstream at some point.
+		$pubstream = ((is_array($act->obj) && array_key_exists('to', $act->obj) && in_array(ACTIVITY_PUBLIC_INBOX, $act->obj['to'])) ? true : false);
+		$is_sys_channel = is_sys_channel($channel['channel_id']);
+
+		$parent = ((array_key_exists('inReplyTo',$act->obj)) ? urldecode($act->obj['inReplyTo']) : '');
+		if($parent) {
+
+			$r = q("select * from item where uid = %d and ( mid = '%s' or  mid = '%s' ) limit 1",
+				intval($channel['channel_id']),
+				dbesc($parent),
+				dbesc(basename($parent))
+			);
+
+			if(! $r) {
+				logger('parent not found.');
+				return;
+			}
+
+			if($r[0]['owner_xchan'] === $channel['channel_hash']) {
+				if(! perm_is_allowed($channel['channel_id'],$observer_hash,'send_stream') && ! ($is_sys_channel && $pubstream)) {
+					logger('no comment permission.');
+					return;
+				}
+			}
+
+			$s['parent_mid'] = $r[0]['mid'];
+			$s['owner_xchan'] = $r[0]['owner_xchan'];
+			$s['author_xchan'] = $observer_hash;
+
+		}
+		else {
+			if(! perm_is_allowed($channel['channel_id'],$observer_hash,'send_stream') && ! ($is_sys_channel && $pubstream)) {
+				logger('no permission');
+				return;
+			}
+			$s['owner_xchan'] = $s['author_xchan'] = $observer_hash;
+		}
+	
+		$abook = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
+			dbesc($observer_hash),
+			intval($channel['channel_id'])
+		);
+	
+		$content = self::get_content($act->obj);
+
+		if(! $content) {
+			logger('no content');
+			return;
+		}
+
+		$s['aid'] = $channel['channel_account_id'];
+		$s['uid'] = $channel['channel_id'];
+		$s['mid'] = urldecode($act->obj['id']);
+		$s['plink'] = urldecode($act->obj['id']);
+
+
+		if($act->data['published']) {
+			$s['created'] = datetime_convert('UTC','UTC',$act->data['published']);
+		}
+		elseif($act->obj['published']) {
+			$s['created'] = datetime_convert('UTC','UTC',$act->obj['published']);
+		}
+		if($act->data['updated']) {
+			$s['edited'] = datetime_convert('UTC','UTC',$act->data['updated']);
+		}
+		elseif($act->obj['updated']) {
+			$s['edited'] = datetime_convert('UTC','UTC',$act->obj['updated']);
+		}
+
+		if(! $s['created'])
+			$s['created'] = datetime_convert();
+
+		if(! $s['edited'])
+			$s['edited'] = $s['created'];
+
+
+		if(! $s['parent_mid'])
+			$s['parent_mid'] = $s['mid'];
+
+	
+		$s['title']    = self::bb_content($content,'name');
+		$s['summary']  = self::bb_content($content,'summary'); 
+		$s['body']     = self::bb_content($content,'content');
+		$s['verb']     = ACTIVITY_POST;
+		$s['obj_type'] = ACTIVITY_OBJ_NOTE;
+
+		$instrument = $act->get_property_obj('instrument');
+		if(! $instrument)
+			$instrument = $act->get_property_obj('instrument',$act->obj);
+
+		if($instrument && array_key_exists('type',$instrument) 
+			&& $instrument['type'] === 'Service' && array_key_exists('name',$instrument)) {
+			$s['app'] = escape_tags($instrument['name']);
+		}
+
+		if($channel['channel_system']) {
+			if(! \Zotlabs\Lib\MessageFilter::evaluate($s,get_config('system','pubstream_incl'),get_config('system','pubstream_excl'))) {
+				logger('post is filtered');
+				return;
+			}
+		}
+
+
+		if($abook) {
+			if(! post_is_importable($s,$abook[0])) {
+				logger('post is filtered');
+				return;
+			}
+		}
+
+		if($act->obj['conversation']) {
+			set_iconfig($s,'ostatus','conversation',$act->obj['conversation'],1);
+		}
+
+		$a = self::decode_taxonomy($act->obj);
+		if($a) {
+			$s['term'] = $a;
+		}
+
+		$a = self::decode_attachment($act->obj);
+		if($a) {
+			$s['attach'] = $a;
+		}
+
+		if($act->obj['type'] === 'Note' && $s['attach']) {
+			$s['body'] .= self::bb_attach($s['attach']);
+		}
+
+		// we will need a hook here to extract magnet links e.g. peertube
+		// right now just link to the largest mp4 we find that will fit in our
+		// standard content region
+
+		if($act->obj['type'] === 'Video') {
+
+			$vtypes = [
+				'video/mp4',
+				'video/ogg',
+				'video/webm'
+			];
+
+			$mps = [];
+			if(array_key_exists('url',$act->obj) && is_array($act->obj['url'])) {
+				foreach($act->obj['url'] as $vurl) {
+					if(in_array($vurl['mimeType'], $vtypes)) {
+						if(! array_key_exists('width',$vurl)) {
+							$vurl['width'] = 0;
+						}
+						$mps[] = $vurl;
+					}
+				}
+			}
+			if($mps) {
+				usort($mps,'as_vid_sort');
+				foreach($mps as $m) {
+					if(intval($m['width']) < 500) {
+						$s['body'] .= "\n\n" . '[video]' . $m['href'] . '[/video]';
+						break;
+					}
+				}
+			}
+		}
+
+		if($act->recips && (! in_array(ACTIVITY_PUBLIC_INBOX,$act->recips)))
+			$s['item_private'] = 1;
+
+		set_iconfig($s,'activitypub','recips',$act->raw_recips);
+		if($parent) {
+			set_iconfig($s,'activitypub','rawmsg',$act->raw,1);
+		}
+
+		$x = null;
+
+		$r = q("select created, edited from item where mid = '%s' and uid = %d limit 1",
+			dbesc($s['mid']),
+			intval($s['uid'])
+		);
+		if($r) {
+			if($s['edited'] > $r[0]['edited']) {
+				$x = item_store_update($s);
+			}
+			else {
+				return;
+			}
+		}
+		else {
+			$x = item_store($s);
+		}
+
+		if(is_array($x) && $x['item_id']) {
+			if($parent) {
+				if($s['owner_xchan'] === $channel['channel_hash']) {
+					// We are the owner of this conversation, so send all received comments back downstream
+					Zotlabs\Daemon\Master::Summon(array('Notifier','comment-import',$x['item_id']));
+				}
+				$r = q("select * from item where id = %d limit 1",
+					intval($x['item_id'])
+				);
+				if($r) {
+					send_status_notifications($x['item_id'],$r[0]);
+				}
+			}
+			sync_an_item($channel['channel_id'],$x['item_id']);
+		}
+
+	}
+
+
+	static function decode_note($act) {
+
+		$s = [];
+
+
+
+		$content = self::get_content($act->obj);
+
+		$s['owner_xchan']  = $act->actor['id'];
+		$s['author_xchan'] = $act->actor['id'];
+
+		$s['mid']        = $act->id;
+		$s['parent_mid'] = $act->parent_id;
+
+
+		if($act->data['published']) {
+			$s['created'] = datetime_convert('UTC','UTC',$act->data['published']);
+		}
+		elseif($act->obj['published']) {
+			$s['created'] = datetime_convert('UTC','UTC',$act->obj['published']);
+		}
+		if($act->data['updated']) {
+			$s['edited'] = datetime_convert('UTC','UTC',$act->data['updated']);
+		}
+		elseif($act->obj['updated']) {
+			$s['edited'] = datetime_convert('UTC','UTC',$act->obj['updated']);
+		}
+
+		if(! $s['created'])
+			$s['created'] = datetime_convert();
+
+		if(! $s['edited'])
+			$s['edited'] = $s['created'];
+
+		if(in_array($act->type,['Announce'])) {
+			$root_content = self::get_content($act->raw);
+
+			$s['title']    = self::bb_content($root_content,'name');
+			$s['summary']  = self::bb_content($root_content,'summary');
+			$s['body']     = (self::bb_content($root_content,'bbcode') ? : self::bb_content($root_content,'content'));
+
+			if(strpos($s['body'],'[share') === false) {
+
+				// @fixme - error check and set defaults
+
+				$name = urlencode($act->obj['actor']['name']);
+				$profile = $act->obj['actor']['id'];
+				$photo = $act->obj['icon']['url'];
+
+				$s['body'] .= "\r\n[share author='" . $name .
+					"' profile='" . $profile .
+					"' avatar='" . $photo . 
+					"' link='" . $act->obj['id'] .
+					"' auth='" . ((is_matrix_url($act->obj['id'])) ? 'true' : 'false' ) . 
+					"' posted='" . $act->obj['published'] . 
+					"' message_id='" . $act->obj['id'] . 
+				"']";
+			}
+		}
+		else {
+			$s['title']    = self::bb_content($content,'name');
+			$s['summary']  = self::bb_content($content,'summary');
+			$s['body']     = (self::bb_content($content,'bbcode') ? : self::bb_content($content,'content'));
+		}
+
+		$s['verb']     = self::activity_mapper($act->type);
+
+		if($act->type === 'Tombstone') {
+			$s['item_deleted'] = 1;
+		}
+
+		$s['obj_type'] = self::activity_obj_mapper($act->obj['type']);
+		$s['obj']      = $act->obj;
+
+		$instrument = $act->get_property_obj('instrument');
+		if(! $instrument)
+			$instrument = $act->get_property_obj('instrument',$act->obj);
+
+		if($instrument && array_key_exists('type',$instrument) 
+			&& $instrument['type'] === 'Service' && array_key_exists('name',$instrument)) {
+			$s['app'] = escape_tags($instrument['name']);
+		}
+
+		$a = self::decode_taxonomy($act->obj);
+		if($a) {
+			$s['term'] = $a;
+		}
+
+		$a = self::decode_attachment($act->obj);
+		if($a) {
+			$s['attach'] = $a;
+		}
+
+		// we will need a hook here to extract magnet links e.g. peertube
+		// right now just link to the largest mp4 we find that will fit in our
+		// standard content region
+
+		if($act->obj['type'] === 'Video') {
+
+			$vtypes = [
+				'video/mp4',
+				'video/ogg',
+				'video/webm'
+			];
+
+			$mps = [];
+			if(array_key_exists('url',$act->obj) && is_array($act->obj['url'])) {
+				foreach($act->obj['url'] as $vurl) {
+					if(in_array($vurl['mimeType'], $vtypes)) {
+						if(! array_key_exists('width',$vurl)) {
+							$vurl['width'] = 0;
+						}
+						$mps[] = $vurl;
+					}
+				}
+			}
+			if($mps) {
+				usort($mps,'as_vid_sort');
+				foreach($mps as $m) {
+					if(intval($m['width']) < 500) {
+						$s['body'] .= "\n\n" . '[video]' . $m['href'] . '[/video]';
+						break;
+					}
+				}
+			}
+		}
+
+		if($act->recips && (! in_array(ACTIVITY_PUBLIC_INBOX,$act->recips)))
+			$s['item_private'] = 1;
+
+		set_iconfig($s,'activitypub','recips',$act->raw_recips);
+
+		if($parent) {
+			set_iconfig($s,'activitypub','rawmsg',$act->raw,1);
+		}
+
+		return $s;
+
+	}
+
+
+
+	static function announce_note($channel,$observer_hash,$act) {
+
+		$s = [];
+
+		$is_sys_channel = is_sys_channel($channel['channel_id']);
+
+		// Mastodon only allows visibility in public timelines if the public inbox is listed in the 'to' field.
+		// They are hidden in the public timeline if the public inbox is listed in the 'cc' field.
+		// This is not part of the activitypub protocol - we might change this to show all public posts in pubstream at some point.
+		$pubstream = ((is_array($act->obj) && array_key_exists('to', $act->obj) && in_array(ACTIVITY_PUBLIC_INBOX, $act->obj['to'])) ? true : false);
+
+		if(! perm_is_allowed($channel['channel_id'],$observer_hash,'send_stream') && ! ($is_sys_channel && $pubstream)) {
+			logger('no permission');
+			return;
+		}
+
+		$content = self::get_content($act->obj);
+
+		if(! $content) {
+			logger('no content');
+			return;
+		}
+
+		$s['owner_xchan'] = $s['author_xchan'] = $observer_hash;
+
+		$s['aid'] = $channel['channel_account_id'];
+		$s['uid'] = $channel['channel_id'];
+		$s['mid'] = urldecode($act->obj['id']);
+		$s['plink'] = urldecode($act->obj['id']);
+
+		if(! $s['created'])
+			$s['created'] = datetime_convert();
+
+		if(! $s['edited'])
+			$s['edited'] = $s['created'];
+
+
+		$s['parent_mid'] = $s['mid'];
+
+		$s['verb']     = ACTIVITY_POST;
+		$s['obj_type'] = ACTIVITY_OBJ_NOTE;
+		$s['app']      = t('ActivityPub');
+
+		if($channel['channel_system']) {
+			if(! \Zotlabs\Lib\MessageFilter::evaluate($s,get_config('system','pubstream_incl'),get_config('system','pubstream_excl'))) {
+				logger('post is filtered');
+				return;
+			}
+		}
+
+		$abook = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
+			dbesc($observer_hash),
+			intval($channel['channel_id'])
+		);
+
+		if($abook) {
+			if(! post_is_importable($s,$abook[0])) {
+				logger('post is filtered');
+				return;
+			}
+		}
+
+		if($act->obj['conversation']) {
+			set_iconfig($s,'ostatus','conversation',$act->obj['conversation'],1);
+		}
+
+		$a = self::decode_taxonomy($act->obj);
+		if($a) {
+			$s['term'] = $a;
+		}
+
+		$a = self::decode_attachment($act->obj);
+		if($a) {
+			$s['attach'] = $a;
+		}
+
+		$body = "[share author='" . urlencode($act->sharee['name']) . 
+			"' profile='" . $act->sharee['url'] . 
+			"' avatar='" . $act->sharee['photo_s'] . 
+			"' link='" . ((is_array($act->obj['url'])) ? $act->obj['url']['href'] : $act->obj['url']) . 
+			"' auth='" . ((is_matrix_url($act->obj['url'])) ? 'true' : 'false' ) . 
+			"' posted='" . $act->obj['published'] . 
+			"' message_id='" . $act->obj['id'] . 
+		"']";
+
+		if($content['name'])
+			$body .= self::bb_content($content,'name') . "\r\n";
+
+		$body .= self::bb_content($content,'content');
+
+		if($act->obj['type'] === 'Note' && $s['attach']) {
+			$body .= self::bb_attach($s['attach']);
+		}
+
+		$body .= "[/share]";
+
+		$s['title']    = self::bb_content($content,'name');
+		$s['body']     = $body;
+
+		if($act->recips && (! in_array(ACTIVITY_PUBLIC_INBOX,$act->recips)))
+			$s['item_private'] = 1;
+
+		set_iconfig($s,'activitypub','recips',$act->raw_recips);
+
+		$r = q("select created, edited from item where mid = '%s' and uid = %d limit 1",
+			dbesc($s['mid']),
+			intval($s['uid'])
+		);
+		if($r) {
+			if($s['edited'] > $r[0]['edited']) {
+				$x = item_store_update($s);
+			}
+			else {
+				return;
+			}
+		}
+		else {
+			$x = item_store($s);
+		}
+
+
+		if(is_array($x) && $x['item_id']) {
+			if($parent) {
+				if($s['owner_xchan'] === $channel['channel_hash']) {
+					// We are the owner of this conversation, so send all received comments back downstream
+					Zotlabs\Daemon\Master::Summon(array('Notifier','comment-import',$x['item_id']));
+				}
+				$r = q("select * from item where id = %d limit 1",
+					intval($x['item_id'])
+				);
+				if($r) {
+					send_status_notifications($x['item_id'],$r[0]);
+				}
+			}
+			sync_an_item($channel['channel_id'],$x['item_id']);
+		}
+
+
+	}
+
+	static function like_note($channel,$observer_hash,$act) {
+
+		$s = [];
+
+		$parent = $act->obj['id'];
+	
+		if($act->type === 'Like')
+			$s['verb'] = ACTIVITY_LIKE;
+		if($act->type === 'Dislike')
+			$s['verb'] = ACTIVITY_DISLIKE;
+
+		if(! $parent)
+			return;
+
+		$r = q("select * from item where uid = %d and ( mid = '%s' or  mid = '%s' ) limit 1",
+			intval($channel['channel_id']),
+			dbesc($parent),
+			dbesc(urldecode(basename($parent)))
+		);
+
+		if(! $r) {
+			logger('parent not found.');
+			return;
+		}
+
+		xchan_query($r);
+		$parent_item = $r[0];
+
+		if($parent_item['owner_xchan'] === $channel['channel_hash']) {
+			if(! perm_is_allowed($channel['channel_id'],$observer_hash,'post_comments')) {
+				logger('no comment permission.');
+				return;
+			}
+		}
+
+		if($parent_item['mid'] === $parent_item['parent_mid']) {
+			$s['parent_mid'] = $parent_item['mid'];
+		}
+		else {
+			$s['thr_parent'] = $parent_item['mid'];
+			$s['parent_mid'] = $parent_item['parent_mid'];
+		}
+
+		$s['owner_xchan'] = $parent_item['owner_xchan'];
+		$s['author_xchan'] = $observer_hash;
+	
+		$s['aid'] = $channel['channel_account_id'];
+		$s['uid'] = $channel['channel_id'];
+		$s['mid'] = $act->id;
+
+		if(! $s['parent_mid'])
+			$s['parent_mid'] = $s['mid'];
+	
+
+		$post_type = (($parent_item['resource_type'] === 'photo') ? t('photo') : t('status'));
+
+		$links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $parent_item['plink']));
+		$objtype = (($parent_item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE );
+
+		$body = $parent_item['body'];
+
+		$z = q("select * from xchan where xchan_hash = '%s' limit 1",
+			dbesc($parent_item['author_xchan'])
+		);
+		if($z)
+			$item_author = $z[0];		
+
+		$object = json_encode(array(
+			'type'    => $post_type,
+			'id'      => $parent_item['mid'],
+			'parent'  => (($parent_item['thr_parent']) ? $parent_item['thr_parent'] : $parent_item['parent_mid']),
+			'link'    => $links,
+			'title'   => $parent_item['title'],
+			'content' => $parent_item['body'],
+			'created' => $parent_item['created'],
+			'edited'  => $parent_item['edited'],
+			'author'  => array(
+				'name'     => $item_author['xchan_name'],
+				'address'  => $item_author['xchan_addr'],
+				'guid'     => $item_author['xchan_guid'],
+				'guid_sig' => $item_author['xchan_guid_sig'],
+				'link'     => array(
+					array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item_author['xchan_url']),
+					array('rel' => 'photo', 'type' => $item_author['xchan_photo_mimetype'], 'href' => $item_author['xchan_photo_m'])),
+				),
+			), JSON_UNESCAPED_SLASHES
+		);
+
+		if($act->type === 'Like')
+			$bodyverb = t('%1$s likes %2$s\'s %3$s');
+		if($act->type === 'Dislike')
+			$bodyverb = t('%1$s doesn\'t like %2$s\'s %3$s');
+
+		$ulink = '[url=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/url]';
+		$alink = '[url=' . $parent_item['author']['xchan_url'] . ']' . $parent_item['author']['xchan_name'] . '[/url]';
+		$plink = '[url='. z_root() . '/display/' . urlencode($act->id) . ']' . $post_type . '[/url]';
+		$s['body'] =  sprintf( $bodyverb, $ulink, $alink, $plink );
+
+		$s['app']  = t('ActivityPub');
+
+		// set the route to that of the parent so downstream hubs won't reject it.
+
+		$s['route'] = $parent_item['route'];
+		$s['item_private'] = $parent_item['item_private'];
+		$s['obj_type'] = $objtype;
+		$s['obj'] = $object;
+
+		if($act->obj['conversation']) {
+			set_iconfig($s,'ostatus','conversation',$act->obj['conversation'],1);
+		}
+
+		if($act->recips && (! in_array(ACTIVITY_PUBLIC_INBOX,$act->recips)))
+			$s['item_private'] = 1;
+
+		set_iconfig($s,'activitypub','recips',$act->raw_recips);
+
+		$result = item_store($s);
+
+		if($result['success']) {
+			// if the message isn't already being relayed, notify others
+			if(intval($parent_item['item_origin']))
+					Zotlabs\Daemon\Master::Summon(array('Notifier','comment-import',$result['item_id']));
+				sync_an_item($channel['channel_id'],$result['item_id']);
+		}
+
+		return;
+	}
+
+
+	static function bb_attach($attach) {
+
+		$ret = false;
+
+		foreach($attach as $a) {
+			if(strpos($a['type'],'image') !== false) {
+				$ret .= "\n\n" . '[img]' . $a['href'] . '[/img]';
+			}
+			if(array_key_exists('type',$a) && strpos($a['type'], 'video') === 0) {
+				$ret .= "\n\n" . '[video]' . $a['href'] . '[/video]';
+			}
+			if(array_key_exists('type',$a) && strpos($a['type'], 'audio') === 0) {
+				$ret .= "\n\n" . '[audio]' . $a['href'] . '[/audio]';
+			}
+		}
+
+		return $ret;
+	}
+
+
+
+	static function bb_content($content,$field) {
+
+		require_once('include/html2bbcode.php');
+
+		$ret = false;
+
+		if(is_array($content[$field])) {
+			foreach($content[$field] as $k => $v) {
+				$ret .= '[language=' . $k . ']' . html2bbcode($v) . '[/language]';
+			}
+		}
+		else {
+			if($field === 'bbcode' && array_key_exists('bbcode',$content)) {
+				$ret = $content[$field];
+			}
+			else {
+				$ret = html2bbcode($content[$field]);
+			}
+		}
+
+		return $ret;
+	}
+
+
+	static function get_content($act) {
+
+		$content = [];
+		if (! $act) {
+			return $content;
+		}
+
+		foreach ([ 'name', 'summary', 'content' ] as $a) {
+			if (($x = self::get_textfield($act,$a)) !== false) {
+				$content[$a] = $x;
+			}
+		}
+		if (array_key_exists('source',$act) && array_key_exists('mediaType',$act['source'])) {
+			if ($act['source']['mediaType'] === 'text/bbcode') {
+				$content['bbcode'] = purify_html($act['source']['content']);
+			}
+		}
+
+		return $content;
+	}
+
+
+	static function get_textfield($act,$field) {
+	
+		$content = false;
+
+		if(array_key_exists($field,$act) && $act[$field])
+			$content = purify_html($act[$field]);
+		elseif(array_key_exists($field . 'Map',$act) && $act[$field . 'Map']) {
+			foreach($act[$field . 'Map'] as $k => $v) {
+				$content[escape_tags($k)] = purify_html($v);
+			}
+		}
+		return $content;
+	}
+}
\ No newline at end of file
diff --git a/Zotlabs/Lib/Group.php b/Zotlabs/Lib/Group.php
new file mode 100644
index 000000000..f136a3614
--- /dev/null
+++ b/Zotlabs/Lib/Group.php
@@ -0,0 +1,405 @@
+may apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); 
+				}
+				return true;
+			}
+
+			do {
+				$dups = false;
+				$hash = random_string(32) . str_replace(['<','>'],['.','.'], $name);
+
+				$r = q("SELECT id FROM groups WHERE hash = '%s' LIMIT 1", dbesc($hash));
+				if($r)
+					$dups = true;
+			} while($dups == true);
+
+
+			$r = q("INSERT INTO groups ( hash, uid, visible, gname )
+				VALUES( '%s', %d, %d, '%s' ) ",
+				dbesc($hash),
+				intval($uid),
+				intval($public),
+				dbesc($name)
+			);
+			$ret = $r;
+		}
+
+		Libsync::build_sync_packet($uid,null,true);
+		return $ret;
+	}
+
+
+	static function remove($uid,$name) {
+		$ret = false;
+		if(x($uid) && x($name)) {
+			$r = q("SELECT id, hash FROM groups WHERE uid = %d AND gname = '%s' LIMIT 1",
+				intval($uid),
+				dbesc($name)
+			);
+			if($r) {
+				$group_id = $r[0]['id'];
+				$group_hash = $r[0]['hash'];
+			}
+
+			if(! $group_id)
+				return false;
+
+			// remove group from default posting lists
+			$r = q("SELECT channel_default_group, channel_allow_gid, channel_deny_gid FROM channel WHERE channel_id = %d LIMIT 1",
+			       intval($uid)
+			);
+			if($r) {
+				$user_info = $r[0];
+				$change = false;
+
+				if($user_info['channel_default_group'] == $group_hash) {
+					$user_info['channel_default_group'] = '';
+					$change = true;
+				}
+				if(strpos($user_info['channel_allow_gid'], '<' . $group_hash . '>') !== false) {
+					$user_info['channel_allow_gid'] = str_replace('<' . $group_hash . '>', '', $user_info['channel_allow_gid']);
+					$change = true;
+				}
+				if(strpos($user_info['channel_deny_gid'], '<' . $group_hash . '>') !== false) {
+					$user_info['channel_deny_gid'] = str_replace('<' . $group_hash . '>', '', $user_info['channel_deny_gid']);
+					$change = true;
+				}
+
+				if($change) {
+					q("UPDATE channel SET channel_default_group = '%s', channel_allow_gid = '%s', channel_deny_gid = '%s' 
+						WHERE channel_id = %d",
+						intval($user_info['channel_default_group']),
+						dbesc($user_info['channel_allow_gid']),
+						dbesc($user_info['channel_deny_gid']),
+						intval($uid)
+					);
+				}
+			}
+
+			// remove all members
+			$r = q("DELETE FROM group_member WHERE uid = %d AND gid = %d ",
+				intval($uid),
+				intval($group_id)
+			);
+
+			// remove group
+			$r = q("UPDATE groups SET deleted = 1 WHERE uid = %d AND gname = '%s'",
+				intval($uid),
+				dbesc($name)
+			);
+
+			$ret = $r;
+
+		}
+
+		Libsync::build_sync_packet($uid,null,true);
+
+		return $ret;
+	}
+
+
+	static function byname($uid,$name) {
+		if((! $uid) || (! strlen($name)))
+			return false;
+		$r = q("SELECT * FROM groups WHERE uid = %d AND gname = '%s' LIMIT 1",
+			intval($uid),
+			dbesc($name)
+		);
+		if($r)
+			return $r[0]['id'];
+		return false;
+	}
+
+
+	static function rec_byhash($uid,$hash) {
+		if((! $uid) || (! strlen($hash)))
+			return false;
+		$r = q("SELECT * FROM groups WHERE uid = %d AND hash = '%s' LIMIT 1",
+			intval($uid),
+			dbesc($hash)
+		);
+		if($r)
+			return $r[0];
+		return false;
+	}
+
+
+	static function member_remove($uid,$name,$member) {
+		$gid = self::byname($uid,$name);
+		if(! $gid)
+			return false;
+		if(! ( $uid && $gid && $member))
+			return false;
+		$r = q("DELETE FROM group_member WHERE uid = %d AND gid = %d AND xchan = '%s' ",
+			intval($uid),
+			intval($gid),
+			dbesc($member)
+		);
+
+		Libsync::build_sync_packet($uid,null,true);
+
+		return $r;
+	}
+
+
+	static function member_add($uid,$name,$member,$gid = 0) {
+		if(! $gid)
+			$gid = self::byname($uid,$name);
+		if((! $gid) || (! $uid) || (! $member))
+			return false;
+
+		$r = q("SELECT * FROM group_member WHERE uid = %d AND gid = %d AND xchan = '%s' LIMIT 1",	
+			intval($uid),
+			intval($gid),
+			dbesc($member)
+		);
+		if($r)
+			return true;	// You might question this, but 
+				// we indicate success because the group member was in fact created
+				// -- It was just created at another time
+	 	if(! $r)
+			$r = q("INSERT INTO group_member (uid, gid, xchan)
+				VALUES( %d, %d, '%s' ) ",
+				intval($uid),
+				intval($gid),
+				dbesc($member)
+		);
+
+		Libsync::build_sync_packet($uid,null,true);
+
+		return $r;
+	}
+
+
+	static function members($gid) {
+		$ret = array();
+		if(intval($gid)) {
+			$r = q("SELECT * FROM group_member 
+				LEFT JOIN abook ON abook_xchan = group_member.xchan left join xchan on xchan_hash = abook_xchan
+				WHERE gid = %d AND abook_channel = %d and group_member.uid = %d and xchan_deleted = 0 and abook_self = 0 and abook_blocked = 0 and abook_pending = 0 ORDER BY xchan_name ASC ",
+				intval($gid),
+				intval(local_channel()),
+				intval(local_channel())
+			);
+			if($r)
+				$ret = $r;
+		}
+		return $ret;
+	}
+
+	static function members_xchan($gid) {
+		$ret = [];
+		if(intval($gid)) {
+			$r = q("SELECT xchan FROM group_member WHERE gid = %d AND uid = %d",
+				intval($gid),
+				intval(local_channel())
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$ret[] = $rr['xchan'];
+				}
+			}
+		}
+		return $ret;
+	}
+
+	static function members_profile_xchan($uid,$gid) {
+		$ret = [];
+
+		if(intval($gid)) {
+			$r = q("SELECT abook_xchan as xchan from abook left join profile on abook_profile = profile_guid where profile.id = %d and profile.uid = %d",
+				intval($gid),
+				intval($uid)
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$ret[] = $rr['xchan'];
+				}
+			}
+		}
+		return $ret;
+	}
+
+
+
+
+	static function select($uid,$group = '') {
+	
+		$grps = [];
+		$o = '';
+
+		$r = q("SELECT * FROM groups WHERE deleted = 0 AND uid = %d ORDER BY gname ASC",
+			intval($uid)
+		);
+		$grps[] = array('name' => '', 'hash' => '0', 'selected' => '');
+		if($r) {
+			foreach($r as $rr) {
+				$grps[] = array('name' => $rr['gname'], 'id' => $rr['hash'], 'selected' => (($group == $rr['hash']) ? 'true' : ''));
+			}
+
+		}
+		logger('select: ' . print_r($grps,true), LOGGER_DATA);
+
+		$o = replace_macros(get_markup_template('group_selection.tpl'), array(
+			'$label' => t('Add new connections to this privacy group'),
+			'$groups' => $grps 
+		));
+		return $o;
+	}
+
+
+
+
+	static function widget($every="connections",$each="group",$edit = false, $group_id = 0, $cid = '',$mode = 1) {
+
+		$o = '';
+
+		if(! (local_channel() && feature_enabled(local_channel(),'groups'))) {
+			return '';
+		}
+
+		$groups = array();
+
+		$r = q("SELECT * FROM groups WHERE deleted = 0 AND uid = %d ORDER BY gname ASC",
+			intval($_SESSION['uid'])
+		);
+		$member_of = array();
+		if($cid) {
+			$member_of = self::containing(local_channel(),$cid);
+		} 
+
+		if($r) {
+			foreach($r as $rr) {
+				$selected = (($group_id == $rr['id']) ? ' group-selected' : '');
+			
+				if ($edit) {
+					$groupedit = [ 'href' => "group/".$rr['id'], 'title' => t('edit') ];
+				} 
+				else {
+					$groupedit = null;
+				}
+			
+				$groups[] = [
+					'id'		=> $rr['id'],
+					'enc_cid'   => base64url_encode($cid),
+					'cid'		=> $cid,
+					'text' 		=> $rr['gname'],
+					'selected' 	=> $selected,
+					'href'		=> (($mode == 0) ? $each.'?f=&gid='.$rr['id'] : $each."/".$rr['id']) . ((x($_GET,'new')) ? '&new=' . $_GET['new'] : '') . ((x($_GET,'order')) ? '&order=' . $_GET['order'] : ''),
+					'edit'		=> $groupedit,
+					'ismember'	=> in_array($rr['id'],$member_of),
+				];
+			}
+		}
+	
+	
+		$tpl = get_markup_template("group_side.tpl");
+		$o = replace_macros($tpl, array(
+			'$title'		=> t('Privacy Groups'),
+			'$edittext'     => t('Edit group'),
+			'$createtext' 	=> t('Add privacy group'),
+			'$ungrouped'    => (($every === 'contacts') ? t('Channels not in any privacy group') : ''),
+			'$groups'		=> $groups,
+			'$add'			=> t('add'),
+		));
+		
+	
+		return $o;
+	}
+
+
+	static function expand($g) {
+		if(! (is_array($g) && count($g)))
+			return array();
+
+		$ret = [];
+		$x   = [];
+
+		// private profile linked virtual groups
+
+		foreach($g as $gv) {
+			if(substr($gv,0,3) === 'vp.') {
+				$profile_hash = substr($gv,3);
+				if($profile_hash) {
+					$r = q("select abook_xchan from abook where abook_profile = '%s'",
+						dbesc($profile_hash)
+					);
+					if($r) {
+						foreach($r as $rv) {
+							$ret[] = $rv['abook_xchan'];
+						}
+					}
+				}
+			}
+			else {
+				$x[] = $gv;
+			}
+		}								 
+
+		if($x) {
+			stringify_array_elms($x,true);
+			$groups = implode(',', $x);
+			if($groups) {
+				$r = q("SELECT xchan FROM group_member WHERE gid IN ( select id from groups where hash in ( $groups ))");
+				if($r) {
+					foreach($r as $rr) {
+						$ret[] = $rr['xchan'];
+					}
+				}
+			}
+		}
+		return $ret;
+	}
+
+
+	static function member_of($c) {
+		$r = q("SELECT groups.gname, groups.id FROM groups LEFT JOIN group_member ON group_member.gid = groups.id WHERE group_member.xchan = '%s' AND groups.deleted = 0 ORDER BY groups.gname  ASC ",
+			dbesc($c)
+		);
+
+		return $r;
+
+	}
+
+	static function containing($uid,$c) {
+
+		$r = q("SELECT gid FROM group_member WHERE uid = %d AND group_member.xchan = '%s' ",
+			intval($uid),
+			dbesc($c)
+		);
+
+		$ret = array();
+		if($r) {
+			foreach($r as $rr)
+				$ret[] = $rr['gid'];
+		}
+	
+		return $ret;
+	}
+}
\ No newline at end of file
diff --git a/Zotlabs/Lib/Libsync.php b/Zotlabs/Lib/Libsync.php
new file mode 100644
index 000000000..938d484b7
--- /dev/null
+++ b/Zotlabs/Lib/Libsync.php
@@ -0,0 +1,1019 @@
+ $channel['channel_address'], 'url' => z_root() ];
+
+		if(array_key_exists($uid,\App::$config) && array_key_exists('transient',\App::$config[$uid])) {
+			$settings = \App::$config[$uid]['transient'];
+			if($settings) {
+				$info['config'] = $settings;
+			}
+		}
+
+		if($channel) {
+			$info['channel'] = array();
+			foreach($channel as $k => $v) {
+
+				// filter out any joined tables like xchan
+
+				if(strpos($k,'channel_') !== 0)
+					continue;
+
+				// don't pass these elements, they should not be synchronised
+
+
+				$disallowed = [
+					'channel_id','channel_account_id','channel_primary','channel_address',
+					'channel_deleted','channel_removed','channel_system'
+				];
+
+				if(! $keychange) {
+					$disallowed[] = 'channel_prvkey';
+				}
+
+				if(in_array($k,$disallowed))
+					continue;
+
+				$info['channel'][$k] = $v;
+			}
+		}
+
+		if($groups_changed) {
+			$r = q("select hash as collection, visible, deleted, gname as name from groups where uid = %d",
+				intval($uid)
+			);
+			if($r)
+				$info['collections'] = $r;
+
+			$r = q("select groups.hash as collection, group_member.xchan as member from groups left join group_member on groups.id = group_member.gid where group_member.uid = %d",
+				intval($uid)
+			);
+			if($r)
+				$info['collection_members'] = $r;
+		}
+
+		$interval = ((get_config('system','delivery_interval') !== false)
+			? intval(get_config('system','delivery_interval')) : 2 );
+
+		logger('Packet: ' . print_r($info,true), LOGGER_DATA, LOG_DEBUG);
+
+		$total = count($synchubs);
+
+		foreach($synchubs as $hub) {
+			$hash = random_string();
+			$n = Libzot::build_packet($channel,'sync',$env_recips,json_encode($info),'red',$hub['hubloc_sitekey'],$hub['site_crypto']);
+			Queue::insert(array(
+				'hash'       => $hash,
+				'account_id' => $channel['channel_account_id'],
+				'channel_id' => $channel['channel_id'],
+				'posturl'    => $hub['hubloc_callback'],
+				'notify'     => $n,
+				'msg'        => EMPTY_STR
+			));
+
+
+			$x = q("select count(outq_hash) as total from outq where outq_delivered = 0");
+			if(intval($x[0]['total']) > intval(get_config('system','force_queue_threshold',3000))) {
+				logger('immediate delivery deferred.', LOGGER_DEBUG, LOG_INFO);
+				Queue::update($hash);
+				continue;
+			}
+
+
+			\Zotlabs\Daemon\Master::Summon(array('Deliver', $hash));
+			$total = $total - 1;
+
+			if($interval && $total)
+				@time_sleep_until(microtime(true) + (float) $interval);
+		}
+	}
+
+	/**
+	 * @brief
+	 *
+	 * @param array $sender
+	 * @param array $arr
+	 * @param array $deliveries
+	 * @return array
+	 */
+
+	static function process_channel_sync_delivery($sender, $arr, $deliveries) {
+
+		require_once('include/import.php');
+
+		$result = [];
+
+		$keychange = ((array_key_exists('keychange',$arr)) ? true : false);
+
+		foreach ($deliveries as $d) {
+			$r = q("select * from channel where channel_hash = '%s' limit 1",
+				dbesc($sender)
+			);
+
+			$DR = new \Zotlabs\Lib\DReport(z_root(),$sender,$d,'sync');
+
+			if (! $r) {
+				$DR->update('recipient not found');
+				$result[] = $DR->get();
+				continue;
+			}
+
+			$channel = $r[0];
+
+			$DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>');
+
+			$max_friends = service_class_fetch($channel['channel_id'],'total_channels');
+			$max_feeds = account_service_class_fetch($channel['channel_account_id'],'total_feeds');
+
+			if($channel['channel_hash'] != $sender) {
+				logger('Possible forgery. Sender ' . $sender . ' is not ' . $channel['channel_hash']);
+				$DR->update('channel mismatch');
+				$result[] = $DR->get();
+				continue;
+			}
+
+			if($keychange) {
+				self::keychange($channel,$arr);
+				continue;
+			}
+
+			// if the clone is active, so are we
+
+			if(substr($channel['channel_active'],0,10) !== substr(datetime_convert(),0,10)) {
+				q("UPDATE channel set channel_active = '%s' where channel_id = %d",
+					dbesc(datetime_convert()),
+					intval($channel['channel_id'])
+				);
+			}
+
+			if(array_key_exists('config',$arr) && is_array($arr['config']) && count($arr['config'])) {
+				foreach($arr['config'] as $cat => $k) {
+					foreach($arr['config'][$cat] as $k => $v)
+						set_pconfig($channel['channel_id'],$cat,$k,$v);
+				}
+			}
+
+			if(array_key_exists('obj',$arr) && $arr['obj'])
+				sync_objs($channel,$arr['obj']);
+
+			if(array_key_exists('likes',$arr) && $arr['likes'])
+				import_likes($channel,$arr['likes']);
+
+			if(array_key_exists('app',$arr) && $arr['app'])
+				sync_apps($channel,$arr['app']);
+	
+			if(array_key_exists('chatroom',$arr) && $arr['chatroom'])
+				sync_chatrooms($channel,$arr['chatroom']);
+
+			if(array_key_exists('conv',$arr) && $arr['conv'])
+				import_conv($channel,$arr['conv']);
+
+			if(array_key_exists('mail',$arr) && $arr['mail'])
+				sync_mail($channel,$arr['mail']);
+	
+			if(array_key_exists('event',$arr) && $arr['event'])
+				sync_events($channel,$arr['event']);
+
+			if(array_key_exists('event_item',$arr) && $arr['event_item'])
+				sync_items($channel,$arr['event_item'],((array_key_exists('relocate',$arr)) ? $arr['relocate'] : null));
+
+			if(array_key_exists('item',$arr) && $arr['item'])
+				sync_items($channel,$arr['item'],((array_key_exists('relocate',$arr)) ? $arr['relocate'] : null));
+	
+			// deprecated, maintaining for a few months for upward compatibility
+			// this should sync webpages, but the logic is a bit subtle
+
+			if(array_key_exists('item_id',$arr) && $arr['item_id'])
+				sync_items($channel,$arr['item_id']);
+
+			if(array_key_exists('menu',$arr) && $arr['menu'])
+				sync_menus($channel,$arr['menu']);
+	
+			if(array_key_exists('file',$arr) && $arr['file'])
+				sync_files($channel,$arr['file']);
+
+			if(array_key_exists('wiki',$arr) && $arr['wiki'])
+				sync_items($channel,$arr['wiki'],((array_key_exists('relocate',$arr)) ? $arr['relocate'] : null));
+
+			if(array_key_exists('channel',$arr) && is_array($arr['channel']) && count($arr['channel'])) {
+
+				$remote_channel = $arr['channel'];
+				$remote_channel['channel_id'] = $channel['channel_id'];
+
+				if(array_key_exists('channel_pageflags',$arr['channel']) && intval($arr['channel']['channel_pageflags'])) {
+
+					// Several pageflags are site-specific and cannot be sync'd.
+					// Only allow those bits which are shareable from the remote and then 
+					// logically OR with the local flags
+
+					$arr['channel']['channel_pageflags'] = $arr['channel']['channel_pageflags'] & (PAGE_HIDDEN|PAGE_AUTOCONNECT|PAGE_APPLICATION|PAGE_PREMIUM|PAGE_ADULT);
+					$arr['channel']['channel_pageflags'] = $arr['channel']['channel_pageflags'] | $channel['channel_pageflags'];
+
+				}
+
+				$disallowed = [
+					'channel_id',        'channel_account_id',  'channel_primary',   'channel_prvkey',
+					'channel_address',   'channel_notifyflags', 'channel_removed',   'channel_deleted',
+					'channel_system',    'channel_r_stream',    'channel_r_profile', 'channel_r_abook',
+					'channel_r_storage', 'channel_r_pages',     'channel_w_stream',  'channel_w_wall',
+					'channel_w_comment', 'channel_w_mail',      'channel_w_like',    'channel_w_tagwall',
+					'channel_w_chat',    'channel_w_storage',   'channel_w_pages',   'channel_a_republish',
+					'channel_a_delegate'
+				];
+
+				$clean = array();
+				foreach($arr['channel'] as $k => $v) {
+					if(in_array($k,$disallowed))
+						continue;
+					$clean[$k] = $v;
+				}
+				if(count($clean)) {
+					foreach($clean as $k => $v) {
+						$r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v)
+							. "' where channel_id = " . intval($channel['channel_id']) );
+					}
+				}
+			}
+
+			if(array_key_exists('abook',$arr) && is_array($arr['abook']) && count($arr['abook'])) {
+				$total_friends = 0;
+				$total_feeds = 0;
+
+				$r = q("select abook_id, abook_feed from abook where abook_channel = %d",
+					intval($channel['channel_id'])
+				);
+				if($r) {
+					// don't count yourself
+					$total_friends = ((count($r) > 0) ? count($r) - 1 : 0);
+					foreach($r as $rr)
+						if(intval($rr['abook_feed']))
+							$total_feeds ++;
+				}
+
+
+				$disallowed = array('abook_id','abook_account','abook_channel','abook_rating','abook_rating_text','abook_not_here');
+
+				$fields = db_columns($abook);
+
+				foreach($arr['abook'] as $abook) {
+
+					$abconfig = null;
+
+					if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && count($abook['abconfig']))
+						$abconfig = $abook['abconfig'];
+
+					if(! array_key_exists('abook_blocked',$abook)) {
+						// convert from redmatrix
+						$abook['abook_blocked']     = (($abook['abook_flags'] & 0x0001) ? 1 : 0);
+						$abook['abook_ignored']     = (($abook['abook_flags'] & 0x0002) ? 1 : 0);
+						$abook['abook_hidden']      = (($abook['abook_flags'] & 0x0004) ? 1 : 0);
+						$abook['abook_archived']    = (($abook['abook_flags'] & 0x0008) ? 1 : 0);
+						$abook['abook_pending']     = (($abook['abook_flags'] & 0x0010) ? 1 : 0);
+						$abook['abook_unconnected'] = (($abook['abook_flags'] & 0x0020) ? 1 : 0);
+						$abook['abook_self']        = (($abook['abook_flags'] & 0x0080) ? 1 : 0);
+						$abook['abook_feed']        = (($abook['abook_flags'] & 0x0100) ? 1 : 0);
+					}
+
+					$clean = array();
+					if($abook['abook_xchan'] && $abook['entry_deleted']) {
+						logger('Removing abook entry for ' . $abook['abook_xchan']);
+
+						$r = q("select abook_id, abook_feed from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1",
+							dbesc($abook['abook_xchan']),
+							intval($channel['channel_id'])
+						);
+						if($r) {
+							contact_remove($channel['channel_id'],$r[0]['abook_id']);
+							if($total_friends)
+								$total_friends --;
+							if(intval($r[0]['abook_feed']))
+								$total_feeds --;
+						}
+						continue;
+					}
+
+					// Perform discovery if the referenced xchan hasn't ever been seen on this hub.
+					// This relies on the undocumented behaviour that red sites send xchan info with the abook
+					// and import_author_xchan will look them up on all federated networks
+
+					if($abook['abook_xchan'] && $abook['xchan_addr']) {
+						$h = Libzot::get_hublocs($abook['abook_xchan']);
+						if(! $h) {
+							$xhash = import_author_xchan(encode_item_xchan($abook));
+							if(! $xhash) {
+								logger('Import of ' . $abook['xchan_addr'] . ' failed.');
+								continue;
+							}
+						}
+					}
+
+					foreach($abook as $k => $v) {
+						if(in_array($k,$disallowed) || (strpos($k,'abook') !== 0)) {
+							continue;
+						}
+						if(! in_array($k,$fields)) {
+							continue;
+						}
+						$clean[$k] = $v;
+					}
+
+					if(! array_key_exists('abook_xchan',$clean))
+						continue;
+
+					if(array_key_exists('abook_instance',$clean) && $clean['abook_instance'] && strpos($clean['abook_instance'],z_root()) === false) {
+						$clean['abook_not_here'] = 1;
+					}
+
+
+					$r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
+						dbesc($clean['abook_xchan']),
+						intval($channel['channel_id'])
+					);
+
+					// make sure we have an abook entry for this xchan on this system
+
+					if(! $r) {
+						if($max_friends !== false && $total_friends > $max_friends) {
+							logger('total_channels service class limit exceeded');
+							continue;
+						}
+						if($max_feeds !== false && intval($clean['abook_feed']) && $total_feeds > $max_feeds) {
+							logger('total_feeds service class limit exceeded');
+							continue;
+						}
+						abook_store_lowlevel(
+							[
+								'abook_xchan'   => $clean['abook_xchan'],
+								'abook_account' => $channel['channel_account_id'],
+								'abook_channel' => $channel['channel_id']
+							]
+						);
+						$total_friends ++;
+						if(intval($clean['abook_feed']))
+							$total_feeds ++;
+					}
+
+					if(count($clean)) {
+						foreach($clean as $k => $v) {
+							if($k == 'abook_dob')
+								$v = dbescdate($v);
+
+							$r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v)
+							. "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id']));
+						}
+					}
+
+					// This will set abconfig vars if the sender is using old-style fixed permissions
+					// using the raw abook record as passed to us. New-style permissions will fall through
+					// and be set using abconfig
+
+					// translate_abook_perms_inbound($channel,$abook);
+
+					if($abconfig) {
+						/// @fixme does not handle sync of del_abconfig
+						foreach($abconfig as $abc) {
+							set_abconfig($channel['channel_id'],$abc['xchan'],$abc['cat'],$abc['k'],$abc['v']);
+						}
+					}
+				}
+			}
+
+			// sync collections (privacy groups) oh joy...
+
+			if(array_key_exists('collections',$arr) && is_array($arr['collections']) && count($arr['collections'])) {
+				$x = q("select * from groups where uid = %d",
+					intval($channel['channel_id'])
+				);
+				foreach($arr['collections'] as $cl) {
+					$found = false;
+					if($x) {
+						foreach($x as $y) {
+							if($cl['collection'] == $y['hash']) {
+								$found = true;
+								break;
+							}
+						}
+						if($found) {
+							if(($y['gname'] != $cl['name'])
+								|| ($y['visible'] != $cl['visible'])
+								|| ($y['deleted'] != $cl['deleted'])) {
+								q("update groups set gname = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d",
+									dbesc($cl['name']),
+									intval($cl['visible']),
+									intval($cl['deleted']),
+									dbesc($cl['collection']),
+									intval($channel['channel_id'])
+								);
+							}
+							if(intval($cl['deleted']) && (! intval($y['deleted']))) {
+								q("delete from group_member where gid = %d",
+									intval($y['id'])
+								);
+							}
+						}
+					}
+					if(! $found) {
+						$r = q("INSERT INTO groups ( hash, uid, visible, deleted, gname )
+							VALUES( '%s', %d, %d, %d, '%s' ) ",
+							dbesc($cl['collection']),
+							intval($channel['channel_id']),
+							intval($cl['visible']),
+							intval($cl['deleted']),
+							dbesc($cl['name'])
+						);
+					}
+
+					// now look for any collections locally which weren't in the list we just received.
+					// They need to be removed by marking deleted and removing the members.
+					// This shouldn't happen except for clones created before this function was written.
+
+					if($x) {
+						$found_local = false;
+						foreach($x as $y) {
+							foreach($arr['collections'] as $cl) {
+								if($cl['collection'] == $y['hash']) {
+									$found_local = true;
+									break;
+								}
+							}
+							if(! $found_local) {
+								q("delete from group_member where gid = %d",
+									intval($y['id'])
+								);
+								q("update groups set deleted = 1 where id = %d and uid = %d",
+									intval($y['id']),
+									intval($channel['channel_id'])
+								);
+							}
+						}
+					}
+				}
+
+				// reload the group list with any updates
+				$x = q("select * from groups where uid = %d",
+					intval($channel['channel_id'])
+				);
+
+				// now sync the members
+
+				if(array_key_exists('collection_members', $arr)
+					&& is_array($arr['collection_members'])
+					&& count($arr['collection_members'])) {
+
+					// first sort into groups keyed by the group hash
+					$members = array();
+					foreach($arr['collection_members'] as $cm) {
+						if(! array_key_exists($cm['collection'],$members))
+							$members[$cm['collection']] = array();
+
+						$members[$cm['collection']][] = $cm['member'];
+					}
+
+					// our group list is already synchronised
+					if($x) {
+						foreach($x as $y) {
+	
+							// for each group, loop on members list we just received
+							if(isset($y['hash']) && isset($members[$y['hash']])) {
+								foreach($members[$y['hash']] as $member) {
+									$found = false;
+									$z = q("select xchan from group_member where gid = %d and uid = %d and xchan = '%s' limit 1",
+										intval($y['id']),
+										intval($channel['channel_id']),
+										dbesc($member)
+									);
+									if($z)
+										$found = true;
+	
+									// if somebody is in the group that wasn't before - add them
+	
+									if(! $found) {
+										q("INSERT INTO group_member (uid, gid, xchan)
+											VALUES( %d, %d, '%s' ) ",
+											intval($channel['channel_id']),
+											intval($y['id']),
+											dbesc($member)
+										);
+									}
+								}
+							}
+	
+							// now retrieve a list of members we have on this site
+							$m = q("select xchan from group_member where gid = %d and uid = %d",
+								intval($y['id']),
+								intval($channel['channel_id'])
+							);
+							if($m) {
+								foreach($m as $mm) {
+									// if the local existing member isn't in the list we just received - remove them
+									if(! in_array($mm['xchan'],$members[$y['hash']])) {
+										q("delete from group_member where xchan = '%s' and gid = %d and uid = %d",
+											dbesc($mm['xchan']),
+											intval($y['id']),
+											intval($channel['channel_id'])
+										);
+									}
+								}
+							}
+						}
+					}
+				}
+			}
+
+			if(array_key_exists('profile',$arr) && is_array($arr['profile']) && count($arr['profile'])) {
+
+				$disallowed = array('id','aid','uid','guid');
+
+				foreach($arr['profile'] as $profile) {
+	
+					$x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1",
+						dbesc($profile['profile_guid']),
+						intval($channel['channel_id'])
+					);
+					if(! $x) {
+						profile_store_lowlevel(
+							[
+								'aid'          => $channel['channel_account_id'],
+								'uid'          => $channel['channel_id'],
+								'profile_guid' => $profile['profile_guid'],
+							]
+						);
+	
+						$x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1",
+							dbesc($profile['profile_guid']),
+							intval($channel['channel_id'])
+						);
+						if(! $x)
+							continue;
+					}
+					$clean = array();
+					foreach($profile as $k => $v) {
+						if(in_array($k,$disallowed))
+							continue;
+
+						if($profile['is_default'] && in_array($k,['photo','thumb']))
+							continue;
+
+						if($k === 'name')
+							$clean['fullname'] = $v;
+						elseif($k === 'with')
+							$clean['partner'] = $v;
+						elseif($k === 'work')
+							$clean['employment'] = $v;
+						elseif(array_key_exists($k,$x[0]))
+							$clean[$k] = $v;
+
+						/**
+						 * @TODO
+						 * We also need to import local photos if a custom photo is selected
+						 */
+
+						if((strpos($profile['thumb'],'/photo/profile/l/') !== false) || intval($profile['is_default'])) {
+							$profile['photo'] = z_root() . '/photo/profile/l/' . $channel['channel_id'];
+							$profile['thumb'] = z_root() . '/photo/profile/m/' . $channel['channel_id'];
+						}
+						else {
+							$profile['photo'] = z_root() . '/photo/' . basename($profile['photo']);
+							$profile['thumb'] = z_root() . '/photo/' . basename($profile['thumb']);
+						}
+					}
+
+					if(count($clean)) {
+						foreach($clean as $k => $v) {
+							$r = dbq("UPDATE profile set " . TQUOT . dbesc($k) . TQUOT . " = '" . dbesc($v)
+							. "' where profile_guid = '" . dbesc($profile['profile_guid'])
+							. "' and uid = " . intval($channel['channel_id']));
+						}
+					}
+				}
+			}
+
+			$addon = ['channel' => $channel, 'data' => $arr];
+			/**
+			 * @hooks process_channel_sync_delivery
+			 *   Called when accepting delivery of a 'sync packet' containing structure and table updates from a channel clone.
+			 *   * \e array \b channel
+			 *   * \e array \b data
+			 */
+			call_hooks('process_channel_sync_delivery', $addon);
+
+			$DR = new \Zotlabs\Lib\DReport(z_root(),$d,$d,'sync','channel sync delivered');
+
+			$DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>');
+
+			$result[] = $DR->get();
+		}
+
+		return $result;
+	}
+
+	/**
+	 * @brief Synchronises locations.
+	 *
+	 * @param array $sender
+	 * @param array $arr
+	 * @param boolean $absolute (optional) default false
+	 * @return array
+	 */
+
+	static function sync_locations($sender, $arr, $absolute = false) {
+
+		$ret = array();
+
+		if($arr['locations']) {
+
+			if($absolute)
+				self::check_location_move($sender['hash'],$arr['locations']);
+
+			$xisting = q("select * from hubloc where hubloc_hash = '%s'",
+				dbesc($sender['hash'])
+			);
+
+			// See if a primary is specified
+
+			$has_primary = false;
+			foreach($arr['locations'] as $location) {
+				if($location['primary']) {
+					$has_primary = true;
+					break;
+				}
+			}
+
+			// Ensure that they have one primary hub
+
+			if(! $has_primary)
+				$arr['locations'][0]['primary'] = true;
+
+			foreach($arr['locations'] as $location) {
+				if(! Libzot::verify($location['url'],$location['url_sig'],$sender['public_key'])) {
+					logger('Unable to verify site signature for ' . $location['url']);
+					$ret['message'] .= sprintf( t('Unable to verify site signature for %s'), $location['url']) . EOL;
+					continue;
+				}
+
+				for($x = 0; $x < count($xisting); $x ++) {
+					if(($xisting[$x]['hubloc_url'] === $location['url'])
+						&& ($xisting[$x]['hubloc_sitekey'] === $location['sitekey'])) {
+						$xisting[$x]['updated'] = true;
+					}
+				}
+
+				if(! $location['sitekey']) {
+					logger('Empty hubloc sitekey. ' . print_r($location,true));
+					continue;
+				}
+
+				// Catch some malformed entries from the past which still exist
+
+				if(strpos($location['address'],'/') !== false)
+					$location['address'] = substr($location['address'],0,strpos($location['address'],'/'));
+
+				// match as many fields as possible in case anything at all changed.
+
+				$r = q("select * from hubloc where hubloc_hash = '%s' and hubloc_guid = '%s' and hubloc_guid_sig = '%s' and hubloc_id_url = '%s' and hubloc_url = '%s' and hubloc_url_sig = '%s' and hubloc_site_id = '%s' and hubloc_host = '%s' and hubloc_addr = '%s' and hubloc_callback = '%s' and hubloc_sitekey = '%s' ",
+					dbesc($sender['hash']),
+					dbesc($sender['id']),
+					dbesc($sender['id_sig']),
+					dbesc($location['id_url']),
+					dbesc($location['url']),
+					dbesc($location['url_sig']),
+					dbesc($location['site_id']),
+					dbesc($location['host']),
+					dbesc($location['address']),
+					dbesc($location['callback']),
+					dbesc($location['sitekey'])
+				);
+				if($r) {
+					logger('Hub exists: ' . $location['url'], LOGGER_DEBUG);
+	
+					// update connection timestamp if this is the site we're talking to
+					// This only happens when called from import_xchan
+
+					$current_site = false;
+
+					$t = datetime_convert('UTC','UTC','now - 15 minutes');
+	
+					if(array_key_exists('site',$arr) && $location['url'] == $arr['site']['url']) {
+						q("update hubloc set hubloc_connected = '%s', hubloc_updated = '%s' where hubloc_id = %d and hubloc_connected < '%s'",
+							dbesc(datetime_convert()),
+							dbesc(datetime_convert()),
+							intval($r[0]['hubloc_id']),
+							dbesc($t)
+						);
+						$current_site = true;
+					}
+
+					if($current_site && intval($r[0]['hubloc_error'])) {
+						q("update hubloc set hubloc_error = 0 where hubloc_id = %d",
+							intval($r[0]['hubloc_id'])
+						);
+						if(intval($r[0]['hubloc_orphancheck'])) {
+							q("update hubloc set hubloc_orphancheck = 0 where hubloc_id = %d",
+								intval($r[0]['hubloc_id'])
+							);
+						}
+						q("update xchan set xchan_orphan = 0 where xchan_orphan = 1 and xchan_hash = '%s'",
+							dbesc($sender['hash'])
+						);
+					}
+
+					// Remove pure duplicates
+					if(count($r) > 1) {
+						for($h = 1; $h < count($r); $h ++) {
+							q("delete from hubloc where hubloc_id = %d",
+								intval($r[$h]['hubloc_id'])
+							);
+							$what .= 'duplicate_hubloc_removed ';
+							$changed = true;
+						}
+					}
+
+					if(intval($r[0]['hubloc_primary']) && (! $location['primary'])) {
+						$m = q("update hubloc set hubloc_primary = 0, hubloc_updated = '%s' where hubloc_id = %d",
+							dbesc(datetime_convert()),
+							intval($r[0]['hubloc_id'])
+						);
+						$r[0]['hubloc_primary'] = intval($location['primary']);
+						hubloc_change_primary($r[0]);
+						$what .= 'primary_hub ';
+						$changed = true;
+					}
+					elseif((! intval($r[0]['hubloc_primary'])) && ($location['primary'])) {
+						$m = q("update hubloc set hubloc_primary = 1, hubloc_updated = '%s' where hubloc_id = %d",
+							dbesc(datetime_convert()),
+							intval($r[0]['hubloc_id'])
+						);
+						// make sure hubloc_change_primary() has current data
+						$r[0]['hubloc_primary'] = intval($location['primary']);
+						hubloc_change_primary($r[0]);
+						$what .= 'primary_hub ';
+						$changed = true;
+					}
+					elseif($absolute) {
+						// Absolute sync - make sure the current primary is correctly reflected in the xchan
+						$pr = hubloc_change_primary($r[0]);
+						if($pr) {
+							$what .= 'xchan_primary ';
+							$changed = true;
+						}
+					}
+					if(intval($r[0]['hubloc_deleted']) && (! intval($location['deleted']))) {
+						$n = q("update hubloc set hubloc_deleted = 0, hubloc_updated = '%s' where hubloc_id = %d",
+							dbesc(datetime_convert()),
+							intval($r[0]['hubloc_id'])
+						);
+						$what .= 'undelete_hub ';
+						$changed = true;
+					}
+					elseif((! intval($r[0]['hubloc_deleted'])) && (intval($location['deleted']))) {
+						logger('deleting hubloc: ' . $r[0]['hubloc_addr']);
+						$n = q("update hubloc set hubloc_deleted = 1, hubloc_updated = '%s' where hubloc_id = %d",
+							dbesc(datetime_convert()),
+							intval($r[0]['hubloc_id'])
+						);
+						$what .= 'delete_hub ';
+						$changed = true;
+					}
+					continue;
+				}
+
+				// Existing hubs are dealt with. Now let's process any new ones.
+				// New hub claiming to be primary. Make it so by removing any existing primaries.
+
+				if(intval($location['primary'])) {
+					$r = q("update hubloc set hubloc_primary = 0, hubloc_updated = '%s' where hubloc_hash = '%s' and hubloc_primary = 1",
+						dbesc(datetime_convert()),
+						dbesc($sender['hash'])
+					);
+				}
+
+				logger('New hub: ' . $location['url']);
+
+				$r = hubloc_store_lowlevel(
+					[
+						'hubloc_guid'      => $sender['id'],
+						'hubloc_guid_sig'  => $sender['id_sig'],
+						'hubloc_id_url'    => $location['id_url'],
+						'hubloc_hash'      => $sender['hash'],
+						'hubloc_addr'      => $location['address'],
+						'hubloc_network'   => 'zot6',
+						'hubloc_primary'   => intval($location['primary']),
+						'hubloc_url'       => $location['url'],
+						'hubloc_url_sig'   => $location['url_sig'],
+						'hubloc_site_id'   => Libzot::make_xchan_hash($location['url'],$location['sitekey']),
+						'hubloc_host'      => $location['host'],
+						'hubloc_callback'  => $location['callback'],
+						'hubloc_sitekey'   => $location['sitekey'],
+						'hubloc_updated'   => datetime_convert(),
+						'hubloc_connected' => datetime_convert()
+					]
+				);
+
+				$what .= 'newhub ';
+				$changed = true;
+
+				if($location['primary']) {
+					$r = q("select * from hubloc where hubloc_addr = '%s' and hubloc_sitekey = '%s' limit 1",
+						dbesc($location['address']),
+						dbesc($location['sitekey'])
+					);
+					if($r)
+						hubloc_change_primary($r[0]);
+				}
+			}
+
+			// get rid of any hubs we have for this channel which weren't reported.
+
+			if($absolute && $xisting) {
+				foreach($xisting as $x) {
+					if(! array_key_exists('updated',$x)) {
+						logger('Deleting unreferenced hub location ' . $x['hubloc_addr']);
+						$r = q("update hubloc set hubloc_deleted = 1, hubloc_updated = '%s' where hubloc_id = %d",
+							dbesc(datetime_convert()),
+							intval($x['hubloc_id'])
+						);
+						$what .= 'removed_hub ';
+						$changed = true;
+					}
+				}
+			}
+		}
+		else {
+			logger('No locations to sync!');
+		}
+
+		$ret['change_message'] = $what;
+		$ret['changed'] = $changed;
+
+		return $ret;
+	}
+
+
+	static function keychange($channel,$arr) {
+
+		// verify the keychange operation
+		if(! Libzot::verify($arr['channel']['channel_pubkey'],$arr['keychange']['new_sig'],$channel['channel_prvkey'])) {
+			logger('sync keychange: verification failed');
+			return;
+		}
+
+		$sig = Libzot::sign($channel['channel_guid'],$arr['channel']['channel_prvkey']);
+		$hash = Libzot::make_xchan_hash($channel['channel_guid'],$arr['channel']['channel_pubkey']);
+
+
+		$r = q("update channel set channel_prvkey = '%s', channel_pubkey = '%s', channel_guid_sig = '%s',
+			channel_hash = '%s' where channel_id = %d",
+			dbesc($arr['channel']['channel_prvkey']),
+			dbesc($arr['channel']['channel_pubkey']),
+			dbesc($sig),
+			dbesc($hash),
+			intval($channel['channel_id'])
+		);
+		if(! $r) {
+			logger('keychange sync: channel update failed');
+			return;
+ 		}
+
+		$r = q("select * from channel where channel_id = %d",
+			intval($channel['channel_id'])
+		);
+
+		if(! $r) {
+			logger('keychange sync: channel retrieve failed');
+			return;
+		}
+
+		$channel = $r[0];
+
+		$h = q("select * from hubloc where hubloc_hash = '%s' and hubloc_url = '%s' ",
+			dbesc($arr['keychange']['old_hash']),
+			dbesc(z_root())
+		);
+
+		if($h) {
+			foreach($h as $hv) {
+				$hv['hubloc_guid_sig'] = $sig;
+				$hv['hubloc_hash']     = $hash;
+				$hv['hubloc_url_sig']  = Libzot::sign(z_root(),$channel['channel_prvkey']);
+				hubloc_store_lowlevel($hv);
+			}
+		}
+
+		$x = q("select * from xchan where xchan_hash = '%s' ",
+			dbesc($arr['keychange']['old_hash'])
+		);
+
+		$check = q("select * from xchan where xchan_hash = '%s'",
+			dbesc($hash)
+		);
+
+		if(($x) && (! $check)) {
+			$oldxchan = $x[0];
+			foreach($x as $xv) {
+				$xv['xchan_guid_sig']  = $sig;
+				$xv['xchan_hash']      = $hash;
+				$xv['xchan_pubkey']    = $channel['channel_pubkey'];
+				xchan_store_lowlevel($xv);
+				$newxchan = $xv;
+			}
+		}
+
+		$a = q("select * from abook where abook_xchan = '%s' and abook_self = 1",
+			dbesc($arr['keychange']['old_hash'])
+		);
+
+		if($a) {
+			q("update abook set abook_xchan = '%s' where abook_id = %d",
+				dbesc($hash),
+				intval($a[0]['abook_id'])
+			);
+		}
+
+		xchan_change_key($oldxchan,$newxchan,$arr['keychange']);
+
+	}
+
+}
\ No newline at end of file
diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php
new file mode 100644
index 000000000..ec9db4ce1
--- /dev/null
+++ b/Zotlabs/Lib/Libzot.php
@@ -0,0 +1,2849 @@
+ $type,
+			'encoding' => $encoding,
+			'sender'   => $channel['channel_hash'],
+			'site_id'  => self::make_xchan_hash(z_root(), get_config('system','pubkey')),
+			'version'  => System::get_zot_revision(),
+		];
+
+		if ($recipients) {
+			$data['recipients'] = $recipients;
+		}
+
+		if ($msg) {
+			$actor = channel_url($channel);
+			if ($encoding === 'activitystreams' && array_key_exists('actor',$msg) && is_string($msg['actor']) && $actor === $msg['actor']) {
+				$msg = JSalmon::sign($msg,$actor,$channel['channel_prvkey']);
+			}
+			$data['data'] = $msg;
+		}
+		else {
+			unset($data['encoding']);
+		}
+
+		logger('packet: ' . print_r($data,true), LOGGER_DATA, LOG_DEBUG);
+
+		if ($remote_key) {
+			$algorithm = self::best_algorithm($methods);
+			if ($algorithm) {
+				$data = crypto_encapsulate(json_encode($data),$remote_key, $algorithm);
+			}
+		}
+
+		return json_encode($data);
+	}
+
+
+	/**
+	 * @brief Choose best encryption function from those available on both sites.
+	 *
+	 * @param string $methods
+	 *   comma separated list of encryption methods
+	 * @return string first match from our site method preferences crypto_methods() array
+	 * of a method which is common to both sites; or 'aes256cbc' if no matches are found.
+	 */
+
+	static function best_algorithm($methods) {
+
+		$x = [
+			'methods' => $methods,
+			'result' => ''
+		];
+
+		/**
+		 * @hooks zot_best_algorithm
+		 *   Called when negotiating crypto algorithms with remote sites.
+		 *   * \e string \b methods - comma separated list of encryption methods
+		 *   * \e string \b result - the algorithm to return
+		 */
+	
+		call_hooks('zot_best_algorithm', $x);
+
+		if($x['result'])
+			return $x['result'];
+
+		if($methods) {
+			$x = explode(',', $methods);
+			if($x) {
+				$y = crypto_methods();
+				if($y) {
+					foreach($y as $yv) {
+						$yv = trim($yv);
+						if(in_array($yv, $x)) {
+							return($yv);
+						}
+					}
+				}
+			}
+		}
+
+		return '';
+	}
+
+
+	/**
+	 * @brief send a zot message
+	 *
+	 * @see z_post_url()
+	 *
+	 * @param string $url
+	 * @param array $data
+	 * @param array $channel (required if using zot6 delivery)
+	 * @param array $crypto (required if encrypted httpsig, requires hubloc_sitekey and site_crypto elements)
+	 * @return array see z_post_url() for returned data format
+	 */
+
+	static function zot($url, $data, $channel = null,$crypto = null) {
+
+		if($channel) {
+			$headers = [ 
+				'X-Zot-Token'  => random_string(), 
+				'Digest'       => HTTPSig::generate_digest_header($data), 
+				'Content-type' => 'application/x-zot+json'
+			];
+
+			$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel),false,'sha512', 
+				(($crypto) ? [ 'key' => $crypto['hubloc_sitekey'], 'algorithm' => self::best_algorithm($crypto['site_crypto']) ] : false));
+		}
+		else {
+			$h = [];
+		}
+
+		$redirects = 0;
+
+		return z_post_url($url,$data,$redirects,((empty($h)) ? [] : [ 'headers' => $h ]));
+	}
+
+
+	/**
+	 * @brief Refreshes after permission changed or friending, etc.
+	 *
+	 *
+	 * refresh is typically invoked when somebody has changed permissions of a channel and they are notified
+	 * to fetch new permissions via a finger/discovery operation. This may result in a new connection
+	 * (abook entry) being added to a local channel and it may result in auto-permissions being granted.
+	 *
+	 * Friending in zot is accomplished by sending a refresh packet to a specific channel which indicates a
+	 * permission change has been made by the sender which affects the target channel. The hub controlling
+	 * the target channel does targetted discovery (a zot-finger request requesting permissions for the local
+	 * channel). These are decoded here, and if necessary and abook structure (addressbook) is created to store
+	 * the permissions assigned to this channel.
+	 *
+	 * Initially these abook structures are created with a 'pending' flag, so that no reverse permissions are
+	 * implied until this is approved by the owner channel. A channel can also auto-populate permissions in
+	 * return and send back a refresh packet of its own. This is used by forum and group communication channels
+	 * so that friending and membership in the channel's "club" is automatic.
+	 *
+	 * @param array $them => xchan structure of sender
+	 * @param array $channel => local channel structure of target recipient, required for "friending" operations
+	 * @param array $force (optional) default false
+	 *
+	 * @return boolean
+	 *   * \b true if successful
+	 *   * otherwise \b false
+	 */
+
+	static function refresh($them, $channel = null, $force = false) {
+
+		logger('them: ' . print_r($them,true), LOGGER_DATA, LOG_DEBUG);
+		if ($channel)
+			logger('channel: ' . print_r($channel,true), LOGGER_DATA, LOG_DEBUG);
+
+		$url = null;
+
+		if ($them['hubloc_id_url']) {
+			$url = $them['hubloc_id_url'];
+		}
+		else {
+			$r = null;
+	
+			// if they re-installed the server we could end up with the wrong record - pointing to the old install.
+			// We'll order by reverse id to try and pick off the newest one first and hopefully end up with the
+			// correct hubloc. If this doesn't work we may have to re-write this section to try them all.
+
+			if(array_key_exists('xchan_addr',$them) && $them['xchan_addr']) {
+				$r = q("select hubloc_id_url, hubloc_primary from hubloc where hubloc_addr = '%s' order by hubloc_id desc",
+					dbesc($them['xchan_addr'])
+				);
+			}
+			if(! $r) {
+				$r = q("select hubloc_id_url, hubloc_primary from hubloc where hubloc_hash = '%s' order by hubloc_id desc",
+					dbesc($them['xchan_hash'])
+				);
+			}
+
+			if ($r) {
+				foreach ($r as $rr) {
+					if (intval($rr['hubloc_primary'])) {
+						$url = $rr['hubloc_id_url'];
+						$record = $rr;
+					}
+				}
+				if (! $url) {
+					$url = $r[0]['hubloc_id_url'];
+				}
+			}
+		}
+		if (! $url) {
+			logger('zot_refresh: no url');
+			return false;
+		}
+
+		$s = q("select site_dead from site where site_url = '%s' limit 1",
+			dbesc($url)
+		);
+
+		if($s && intval($s[0]['site_dead']) && (! $force)) {
+			logger('zot_refresh: site ' . $url . ' is marked dead and force flag is not set. Cancelling operation.');
+			return false;
+		}
+
+		$record = Zotfinger::exec($url,$channel);
+
+		// Check the HTTP signature
+
+		$hsig = $record['signature'];
+		if($hsig && $hsig['signer'] === $url && $hsig['header_valid'] === true && $hsig['content_valid'] === true)
+			$hsig_valid = true;
+
+		if(! $hsig_valid) {
+			logger('http signature not valid: ' . print_r($hsig,true));
+			return $result;
+		}
+
+
+		logger('zot-info: ' . print_r($record,true), LOGGER_DATA, LOG_DEBUG);
+
+		$x = self::import_xchan($record['data'], (($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
+
+		if(! $x['success'])
+			return false;
+
+		if($channel && $record['data']['permissions']) {
+			$old_read_stream_perm = their_perms_contains($channel['channel_id'],$x['hash'],'view_stream');
+			set_abconfig($channel['channel_id'],$x['hash'],'system','their_perms',$record['data']['permissions']);
+
+			if(array_key_exists('profile',$record['data']) && array_key_exists('next_birthday',$record['data']['profile'])) {
+				$next_birthday = datetime_convert('UTC','UTC',$record['data']['profile']['next_birthday']);
+			}
+			else {
+				$next_birthday = NULL_DATE;
+			}
+
+			$profile_assign = get_pconfig($channel['channel_id'],'system','profile_assign','');
+
+			// Keep original perms to check if we need to notify them
+			$previous_perms = get_all_perms($channel['channel_id'],$x['hash']);
+
+			$r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1",
+				dbesc($x['hash']),
+				intval($channel['channel_id'])
+			);
+
+			if($r) {
+
+				// connection exists
+
+				// if the dob is the same as what we have stored (disregarding the year), keep the one
+				// we have as we may have updated the year after sending a notification; and resetting
+				// to the one we just received would cause us to create duplicated events.
+
+				if(substr($r[0]['abook_dob'],5) == substr($next_birthday,5))
+					$next_birthday = $r[0]['abook_dob'];
+
+				$y = q("update abook set abook_dob = '%s'
+					where abook_xchan = '%s' and abook_channel = %d
+					and abook_self = 0 ",
+					dbescdate($next_birthday),
+					dbesc($x['hash']),
+					intval($channel['channel_id'])
+				);
+
+				if(! $y)
+					logger('abook update failed');
+				else {
+					// if we were just granted read stream permission and didn't have it before, try to pull in some posts
+					if((! $old_read_stream_perm) && (intval($permissions['view_stream'])))
+						\Zotlabs\Daemon\Master::Summon(array('Onepoll',$r[0]['abook_id']));
+				}
+			}
+			else {
+
+				$p = \Zotlabs\Access\Permissions::connect_perms($channel['channel_id']);
+				$my_perms = \Zotlabs\Access\Permissions::serialise($p['perms']);
+
+				$automatic = $p['automatic'];
+
+				// new connection
+
+				if($my_perms) {
+					set_abconfig($channel['channel_id'],$x['hash'],'system','my_perms',$my_perms);
+				}
+
+				$closeness = get_pconfig($channel['channel_id'],'system','new_abook_closeness');
+				if($closeness === false)
+					$closeness = 80;
+
+				$y = abook_store_lowlevel(
+					[
+						'abook_account'   => intval($channel['channel_account_id']),
+						'abook_channel'   => intval($channel['channel_id']),
+						'abook_closeness' => intval($closeness),
+						'abook_xchan'     => $x['hash'],
+						'abook_profile'   => $profile_assign,
+						'abook_created'   => datetime_convert(),
+						'abook_updated'   => datetime_convert(),
+						'abook_dob'       => $next_birthday,
+						'abook_pending'   => intval(($automatic) ? 0 : 1)
+					]
+				);
+
+				if($y) {
+					logger("New introduction received for {$channel['channel_name']}");
+					$new_perms = get_all_perms($channel['channel_id'],$x['hash']);
+	
+					// Send a clone sync packet and a permissions update if permissions have changed
+
+					$new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 order by abook_created desc limit 1",
+						dbesc($x['hash']),
+						intval($channel['channel_id'])
+					);
+
+					if($new_connection) {
+						if(! \Zotlabs\Access\Permissions::PermsCompare($new_perms,$previous_perms))
+							\Zotlabs\Daemon\Master::Summon(array('Notifier','permissions_create',$new_connection[0]['abook_id']));
+						Enotify::submit(
+							[
+							'type'       => NOTIFY_INTRO,
+							'from_xchan' => $x['hash'],
+							'to_xchan'   => $channel['channel_hash'],
+							'link'       => z_root() . '/connedit/' . $new_connection[0]['abook_id']
+							]
+						);
+
+						if(intval($permissions['view_stream'])) {
+							if(intval(get_pconfig($channel['channel_id'],'perm_limits','send_stream') & PERMS_PENDING)
+								|| (! intval($new_connection[0]['abook_pending'])))
+								\Zotlabs\Daemon\Master::Summon(array('Onepoll',$new_connection[0]['abook_id']));
+						}
+
+
+						// If there is a default group for this channel, add this connection to it
+						// for pending connections this will happens at acceptance time.
+
+						if(! intval($new_connection[0]['abook_pending'])) {
+							$default_group = $channel['channel_default_group'];
+							if($default_group) {
+								$g = Group::rec_byhash($channel['channel_id'],$default_group);
+								if($g)
+									Group::member_add($channel['channel_id'],'',$x['hash'],$g['id']);
+							}
+						}
+
+						unset($new_connection[0]['abook_id']);
+						unset($new_connection[0]['abook_account']);
+						unset($new_connection[0]['abook_channel']);
+						$abconfig = load_abconfig($channel['channel_id'],$new_connection['abook_xchan']);
+						if($abconfig)
+							$new_connection['abconfig'] = $abconfig;
+
+						Libsync::build_sync_packet($channel['channel_id'], array('abook' => $new_connection));
+					}
+				}
+
+			}
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	 * @brief Look up if channel is known and previously verified.
+	 *
+	 * A guid and a url, both signed by the sender, distinguish a known sender at a
+	 * known location.
+	 * This function looks these up to see if the channel is known and therefore
+	 * previously verified. If not, we will need to verify it.
+	 *
+	 * @param array $arr an associative array which must contain:
+	 *  * \e string \b id => id of conversant
+	 *  * \e string \b id_sig => id signed with conversant's private key
+	 *  * \e string \b location => URL of the origination hub of this communication
+	 *  * \e string \b location_sig => URL signed with conversant's private key
+	 * @param boolean $multiple (optional) default false
+	 *
+	 * @return array|null
+	 *   * null if site is blacklisted or not found
+	 *   * otherwise an array with an hubloc record
+	 */
+
+	static function gethub($arr, $multiple = false) {
+
+		if($arr['id'] && $arr['id_sig'] && $arr['location'] && $arr['location_sig']) {
+
+			if(! check_siteallowed($arr['location'])) {
+				logger('blacklisted site: ' . $arr['location']);
+				return null;
+			}
+
+			$limit = (($multiple) ? '' : ' limit 1 ');
+
+			$r = q("select hubloc.*, site.site_crypto from hubloc left join site on hubloc_url = site_url
+					where hubloc_guid = '%s' and hubloc_guid_sig = '%s'
+					and hubloc_url = '%s' and hubloc_url_sig = '%s'
+					and hubloc_site_id = '%s' $limit",
+				dbesc($arr['id']),
+				dbesc($arr['id_sig']),
+				dbesc($arr['location']),
+				dbesc($arr['location_sig']),
+				dbesc($arr['site_id'])
+			);
+			if($r) {
+				logger('Found', LOGGER_DEBUG);
+				return (($multiple) ? $r : $r[0]);
+			}
+		}
+		logger('Not found: ' . print_r($arr,true), LOGGER_DEBUG);
+
+		return false;
+	}
+
+
+
+
+	static function valid_hub($sender,$site_id) {
+
+		$r = q("select hubloc.*, site.site_crypto from hubloc left join site on hubloc_url = site_url where hubloc_hash = '%s' and hubloc_site_id = '%s' limit 1",
+			dbesc($sender),
+			dbesc($site_id)
+		);
+		if(! $r) {
+			return null;
+		}
+
+		if(! check_siteallowed($r[0]['hubloc_url'])) {
+			logger('blacklisted site: ' . $r[0]['hubloc_url']);
+			return null;
+		}
+
+		if(! check_channelallowed($r[0]['hubloc_hash'])) {
+			logger('blacklisted channel: ' . $r[0]['hubloc_hash']);
+			return null;
+		}
+
+		return $r[0];
+
+	}
+
+	/**
+	 * @brief Registers an unknown hub.
+	 *
+	 * A communication has been received which has an unknown (to us) sender.
+	 * Perform discovery based on our calculated hash of the sender at the
+	 * origination address. This will fetch the discovery packet of the sender,
+	 * which contains the public key we need to verify our guid and url signatures.
+	 *
+	 * @param array $arr an associative array which must contain:
+	 *  * \e string \b guid => guid of conversant
+	 *  * \e string \b guid_sig => guid signed with conversant's private key
+	 *  * \e string \b url => URL of the origination hub of this communication
+	 *  * \e string \b url_sig => URL signed with conversant's private key
+	 *
+	 * @return array An associative array with
+	 *  * \b success boolean true or false
+	 *  * \b message (optional) error string only if success is false
+	 */
+
+	static function register_hub($id) {
+
+		$id_hash = false;
+		$valid   = false;
+		$hsig_valid = false;
+
+		$result  = [ 'success' => false ];
+
+		if(! $id) {
+			return $result;
+		}
+
+		$record = Zotfinger::exec($id);
+
+		// Check the HTTP signature
+
+		$hsig = $record['signature'];
+		if($hsig['signer'] === $id && $hsig['header_valid'] === true && $hsig['content_valid'] === true) {
+			$hsig_valid = true;
+		}
+		if(! $hsig_valid) {
+			logger('http signature not valid: ' . print_r($hsig,true));
+			return $result;
+		}
+
+		$c = self::import_xchan($record['data']);
+		if($c['success']) {
+			$result['success'] = true;
+		}
+		else {
+			logger('Failure to verify zot packet');
+		}
+
+		return $result;
+	}
+
+	/**
+	 * @brief Takes an associative array of a fetch discovery packet and updates
+	 *   all internal data structures which need to be updated as a result.
+	 *
+	 * @param array $arr => json_decoded discovery packet
+	 * @param int $ud_flags
+	 *    Determines whether to create a directory update record if any changes occur, default is UPDATE_FLAGS_UPDATED
+	 *    $ud_flags = UPDATE_FLAGS_FORCED indicates a forced refresh where we unconditionally create a directory update record
+	 *      this typically occurs once a month for each channel as part of a scheduled ping to notify the directory
+	 *      that the channel still exists
+	 * @param array $ud_arr
+	 *    If set [typically by update_directory_entry()] indicates a specific update table row and more particularly
+	 *    contains a particular address (ud_addr) which needs to be updated in that table.
+	 *
+	 * @return array An associative array with:
+	 *   * \e boolean \b success boolean true or false
+	 *   * \e string \b message (optional) error string only if success is false
+	 */
+
+	static function import_xchan($arr, $ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
+
+		/**
+		 * @hooks import_xchan
+		 *   Called when processing the result of zot_finger() to store the result
+		 *   * \e array
+		 */
+		call_hooks('import_xchan', $arr);
+
+		$ret = array('success' => false);
+		$dirmode = intval(get_config('system','directory_mode'));
+
+		$changed = false;
+		$what = '';
+
+		if(! ($arr['id'] && $arr['id_sig'])) {
+			logger('No identity information provided. ' . print_r($arr,true));
+			return $ret;
+		}
+
+		$xchan_hash = self::make_xchan_hash($arr['id'],$arr['public_key']);
+		$arr['hash'] = $xchan_hash;
+
+		$import_photos = false;
+
+		$sig_methods = ((array_key_exists('signing',$arr) && is_array($arr['signing'])) ? $arr['signing'] : [ 'sha256' ]);
+		$verified = false;
+
+		if(! self::verify($arr['id'],$arr['id_sig'],$arr['public_key'])) {
+			logger('Unable to verify channel signature for ' . $arr['address']);
+			return $ret;
+		}
+		else {
+			$verified = true;
+		}
+
+		if(! $verified) {
+			$ret['message'] = t('Unable to verify channel signature');
+			return $ret;
+		}
+
+		logger('import_xchan: ' . $xchan_hash, LOGGER_DEBUG);
+
+		$r = q("select * from xchan where xchan_hash = '%s' limit 1",
+			dbesc($xchan_hash)
+		);
+
+		if(! array_key_exists('connect_url', $arr))
+			$arr['connect_url'] = '';
+
+		if($r) {
+			if($arr['photo'] && array_key_exists('updated',$arr['photo']) && $r[0]['xchan_photo_date'] != $arr['photo']['updated']) {
+				$import_photos = true;
+			}
+
+			// if we import an entry from a site that's not ours and either or both of us is off the grid - hide the entry.
+			/** @TODO: check if we're the same directory realm, which would mean we are allowed to see it */
+
+			$dirmode = get_config('system','directory_mode');
+
+			if((($arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE)) && ($arr['site']['url'] != z_root()))
+				$arr['searchable'] = false;
+
+			$hidden = (1 - intval($arr['searchable']));
+
+			$hidden_changed = $adult_changed = $deleted_changed = $pubforum_changed = 0;
+
+			if(intval($r[0]['xchan_hidden']) != (1 - intval($arr['searchable'])))
+				$hidden_changed = 1;
+			if(intval($r[0]['xchan_selfcensored']) != intval($arr['adult_content']))
+				$adult_changed = 1;
+			if(intval($r[0]['xchan_deleted']) != intval($arr['deleted']))
+				$deleted_changed = 1;
+			if(intval($r[0]['xchan_pubforum']) != intval($arr['public_forum']))
+				$pubforum_changed = 1;
+
+			if($arr['protocols']) {
+				$protocols = implode(',',$arr['protocols']);
+				if($protocols !== 'zot6') {
+					set_xconfig($xchan_hash,'system','protocols',$protocols);
+				}
+				else {
+					del_xconfig($xchan_hash,'system','protocols');
+				}
+			}
+
+			if(($r[0]['xchan_name_date'] != $arr['name_updated'])
+				|| ($r[0]['xchan_connurl'] != $arr['primary_location']['connections_url'])
+				|| ($r[0]['xchan_addr'] != $arr['primary_location']['address'])
+				|| ($r[0]['xchan_follow'] != $arr['primary_location']['follow_url'])
+				|| ($r[0]['xchan_connpage'] != $arr['connect_url'])
+				|| ($r[0]['xchan_url'] != $arr['primary_location']['url'])
+				|| $hidden_changed || $adult_changed || $deleted_changed || $pubforum_changed ) {
+				$rup = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_follow = '%s',
+					xchan_connpage = '%s', xchan_hidden = %d, xchan_selfcensored = %d, xchan_deleted = %d, xchan_pubforum = %d,
+					xchan_addr = '%s', xchan_url = '%s' where xchan_hash = '%s'",
+					dbesc(($arr['name']) ? escape_tags($arr['name']) : '-'),
+					dbesc($arr['name_updated']),
+					dbesc($arr['primary_location']['connections_url']),
+					dbesc($arr['primary_location']['follow_url']),
+					dbesc($arr['primary_location']['connect_url']),
+					intval(1 - intval($arr['searchable'])),
+					intval($arr['adult_content']),
+					intval($arr['deleted']),
+					intval($arr['public_forum']),
+					dbesc(escape_tags($arr['primary_location']['address'])),
+					dbesc(escape_tags($arr['primary_location']['url'])),
+					dbesc($xchan_hash)
+				);
+
+				logger('Update: existing: ' . print_r($r[0],true), LOGGER_DATA, LOG_DEBUG);
+				logger('Update: new: ' . print_r($arr,true), LOGGER_DATA, LOG_DEBUG);
+				$what .= 'xchan ';
+				$changed = true;
+			}
+		}
+		else {
+			$import_photos = true;
+
+			if((($arr['site']['directory_mode'] === 'standalone')
+					|| ($dirmode & DIRECTORY_MODE_STANDALONE))
+					&& ($arr['site']['url'] != z_root()))
+				$arr['searchable'] = false;
+
+			$x = xchan_store_lowlevel(
+				[
+					'xchan_hash'           => $xchan_hash,
+					'xchan_guid'           => $arr['id'],
+					'xchan_guid_sig'       => $arr['id_sig'],
+					'xchan_pubkey'         => $arr['public_key'],
+					'xchan_photo_mimetype' => $arr['photo_mimetype'],
+					'xchan_photo_l'        => $arr['photo'],
+					'xchan_addr'           => escape_tags($arr['primary_location']['address']),
+					'xchan_url'            => escape_tags($arr['primary_location']['url']),
+					'xchan_connurl'        => $arr['primary_location']['connections_url'],
+					'xchan_follow'         => $arr['primary_location']['follow_url'],
+					'xchan_connpage'       => $arr['connect_url'],
+					'xchan_name'           => (($arr['name']) ? escape_tags($arr['name']) : '-'),
+					'xchan_network'        => 'zot6',
+					'xchan_photo_date'     => $arr['photo_updated'],
+					'xchan_name_date'      => $arr['name_updated'],
+					'xchan_hidden'         => intval(1 - intval($arr['searchable'])),
+					'xchan_selfcensored'   => $arr['adult_content'],
+					'xchan_deleted'        => $arr['deleted'],
+					'xchan_pubforum'       => $arr['public_forum']
+				]
+			);
+
+			$what .= 'new_xchan';
+			$changed = true;
+		}
+
+		if($import_photos) {
+
+			require_once('include/photo/photo_driver.php');
+
+			// see if this is a channel clone that's hosted locally - which we treat different from other xchans/connections
+
+			$local = q("select channel_account_id, channel_id from channel where channel_hash = '%s' limit 1",
+				dbesc($xchan_hash)
+			);
+			if($local) {
+				$ph = z_fetch_url($arr['photo']['url'], true);
+				if($ph['success']) {
+
+					$hash = import_channel_photo($ph['body'], $arr['photo']['type'], $local[0]['channel_account_id'], $local[0]['channel_id']);
+
+					if($hash) {
+						// unless proven otherwise
+						$is_default_profile = 1;
+
+						$profile = q("select is_default from profile where aid = %d and uid = %d limit 1",
+							intval($local[0]['channel_account_id']),
+							intval($local[0]['channel_id'])
+						);
+						if($profile) {
+							if(! intval($profile[0]['is_default']))
+								$is_default_profile = 0;
+						}
+
+						// If setting for the default profile, unset the profile photo flag from any other photos I own
+						if($is_default_profile) {
+							q("UPDATE photo SET photo_usage = %d WHERE photo_usage = %d AND resource_id != '%s' AND aid = %d AND uid = %d",	
+								intval(PHOTO_NORMAL),
+								intval(PHOTO_PROFILE),
+								dbesc($hash),
+								intval($local[0]['channel_account_id']),
+								intval($local[0]['channel_id'])
+							);
+						}
+					}
+
+					// reset the names in case they got messed up when we had a bug in this function
+					$photos = array(
+						z_root() . '/photo/profile/l/' . $local[0]['channel_id'],
+						z_root() . '/photo/profile/m/' . $local[0]['channel_id'],
+						z_root() . '/photo/profile/s/' . $local[0]['channel_id'],
+						$arr['photo_mimetype'],
+						false
+					);
+				}
+			}
+			else {
+				$photos = import_xchan_photo($arr['photo']['url'], $xchan_hash);
+			}
+			if($photos) {
+				if($photos[4]) {
+					// importing the photo failed somehow. Leave the photo_date alone so we can try again at a later date.
+					// This often happens when somebody joins the matrix with a bad cert.
+					$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
+						where xchan_hash = '%s'",
+						dbesc($photos[0]),
+						dbesc($photos[1]),
+						dbesc($photos[2]),
+						dbesc($photos[3]),
+						dbesc($xchan_hash)
+					);
+				}
+				else {
+					$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
+						where xchan_hash = '%s'",
+						dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])),
+						dbesc($photos[0]),
+						dbesc($photos[1]),
+						dbesc($photos[2]),
+						dbesc($photos[3]),
+						dbesc($xchan_hash)
+					);
+				}
+				$what .= 'photo ';
+				$changed = true;
+			}
+		}
+
+		// what we are missing for true hub independence is for any changes in the primary hub to
+		// get reflected not only in the hublocs, but also to update the URLs and addr in the appropriate xchan
+
+		$s = Libsync::sync_locations($arr, $arr);
+
+		if($s) {
+			if($s['change_message'])
+				$what .= $s['change_message'];
+			if($s['changed'])
+				$changed = $s['changed'];
+			if($s['message'])
+				$ret['message'] .= $s['message'];
+		}
+
+		// Which entries in the update table are we interested in updating?
+
+		$address = (($ud_arr && $ud_arr['ud_addr']) ? $ud_arr['ud_addr'] : $arr['address']);
+
+
+		// Are we a directory server of some kind?
+
+		$other_realm = false;
+		$realm = get_directory_realm();
+		if(array_key_exists('site',$arr)
+			&& array_key_exists('realm',$arr['site'])
+			&& (strpos($arr['site']['realm'],$realm) === false))
+			$other_realm = true;
+
+
+		if($dirmode != DIRECTORY_MODE_NORMAL) {
+
+			// We're some kind of directory server. However we can only add directory information
+			// if the entry is in the same realm (or is a sub-realm). Sub-realms are denoted by
+			// including the parent realm in the name. e.g. 'RED_GLOBAL:foo' would allow an entry to
+			// be in directories for the local realm (foo) and also the RED_GLOBAL realm.
+
+			if(array_key_exists('profile',$arr) && is_array($arr['profile']) && (! $other_realm)) {
+				$profile_changed = Libzotdir::import_directory_profile($xchan_hash,$arr['profile'],$address,$ud_flags, 1);
+				if($profile_changed) {
+					$what .= 'profile ';
+					$changed = true;
+				}
+			}
+			else {
+				logger('Profile not available - hiding');
+				// they may have made it private
+				$r = q("delete from xprof where xprof_hash = '%s'",
+					dbesc($xchan_hash)
+				);
+				$r = q("delete from xtag where xtag_hash = '%s' and xtag_flags = 0",
+					dbesc($xchan_hash)
+				);
+			}
+		}
+
+		if(array_key_exists('site',$arr) && is_array($arr['site'])) {
+			$profile_changed = self::import_site($arr['site']);
+			if($profile_changed) {
+				$what .= 'site ';
+				$changed = true;
+			}
+		}
+
+		if(($changed) || ($ud_flags == UPDATE_FLAGS_FORCED)) {
+			$guid = random_string() . '@' . \App::get_hostname();
+			Libzotdir::update_modtime($xchan_hash,$guid,$address,$ud_flags);
+			logger('Changed: ' . $what,LOGGER_DEBUG);
+		}
+		elseif(! $ud_flags) {
+			// nothing changed but we still need to update the updates record
+			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d) > 0 ",
+				intval(UPDATE_FLAGS_UPDATED),
+				dbesc($address),
+				intval(UPDATE_FLAGS_UPDATED)
+			);
+		}
+
+		if(! x($ret,'message')) {
+			$ret['success'] = true;
+			$ret['hash'] = $xchan_hash;
+		}
+
+		logger('Result: ' . print_r($ret,true), LOGGER_DATA, LOG_DEBUG);
+		return $ret;
+	}
+
+	/**
+	 * @brief Called immediately after sending a zot message which is using queue processing.
+	 *
+	 * Updates the queue item according to the response result and logs any information
+	 * returned to aid communications troubleshooting.
+	 *
+	 * @param string $hub - url of site we just contacted
+	 * @param array $arr - output of z_post_url()
+	 * @param array $outq - The queue structure attached to this request
+	 */
+
+	static function process_response($hub, $arr, $outq) {
+
+		logger('remote: ' . print_r($arr,true),LOGGER_DATA);
+
+		if(! $arr['success']) {
+			logger('Failed: ' . $hub);
+			return;
+		}
+
+		$x = json_decode($arr['body'], true);
+
+		if(! $x) {
+			logger('No json from ' . $hub);
+			logger('Headers: ' . print_r($arr['header'], true), LOGGER_DATA, LOG_DEBUG);
+		}
+
+		$x = crypto_unencapsulate($x, get_config('system','prvkey'));
+		if(! is_array($x)) {
+			$x = json_decode($x,true);
+		}
+
+		if(! $x['success']) {
+
+			// handle remote validation issues
+
+			$b = q("update dreport set dreport_result = '%s', dreport_time = '%s' where dreport_queue = '%s'",
+				dbesc(($x['message']) ? $x['message'] : 'unknown delivery error'),
+				dbesc(datetime_convert()),
+				dbesc($outq['outq_hash'])
+			);
+		}
+
+		if(array_key_exists('delivery_report',$x) && is_array($x['delivery_report'])) { 
+			foreach($x['delivery_report'] as $xx) {
+				if(is_array($xx) && array_key_exists('message_id',$xx) && DReport::is_storable($xx)) {
+					q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_name, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s', '%s','%s','%s','%s','%s' ) ",
+						dbesc($xx['message_id']),
+						dbesc($xx['location']),
+						dbesc($xx['recipient']),
+						dbesc($xx['name']),
+						dbesc($xx['status']),
+						dbesc(datetime_convert($xx['date'])),
+						dbesc($xx['sender'])
+					);
+				}
+			}
+
+			// we have a more descriptive delivery report, so discard the per hub 'queue' report.
+
+			q("delete from dreport where dreport_queue = '%s' ",
+				dbesc($outq['outq_hash'])
+			);
+		}
+
+		// update the timestamp for this site
+
+		q("update site set site_dead = 0, site_update = '%s' where site_url = '%s'",
+			dbesc(datetime_convert()),
+			dbesc(dirname($hub))
+		);
+
+		// synchronous message types are handled immediately
+		// async messages remain in the queue until processed.
+
+		if(intval($outq['outq_async']))
+			Queue::remove($outq['outq_hash'],$outq['outq_channel']);
+
+		logger('zot_process_response: ' . print_r($x,true), LOGGER_DEBUG);
+	}
+
+	/**
+	 * @brief
+	 *
+	 * We received a notification packet (in mod_post) that a message is waiting for us, and we've verified the sender.
+	 * Check if the site is using zot6 delivery and includes a verified HTTP Signature, signed content, and a 'msg' field,
+	 * and also that the signer and the sender match.
+	 * If that happens, we do not need to fetch/pickup the message - we have it already and it is verified.
+	 * Translate it into the form we need for zot_import() and import it.
+	 *
+	 * Otherwise send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign with our site
+	 * private key.
+	 * The entire pickup message is encrypted with the remote site's public key.
+	 * If everything checks out on the remote end, we will receive back a packet containing one or more messages,
+	 * which will be processed and delivered before this function ultimately returns.
+	 *
+	 * @see zot_import()
+	 *
+	 * @param array $arr
+	 *     decrypted and json decoded notify packet from remote site
+	 * @return array from zot_import()
+	 */
+
+	static function fetch($arr) {
+
+		logger('zot_fetch: ' . print_r($arr,true), LOGGER_DATA, LOG_DEBUG);
+
+		return self::import($arr);
+
+	}
+
+	/**
+	 * @brief Process incoming array of messages.
+	 *
+	 * Process an incoming array of messages which were obtained via pickup, and
+	 * import, update, delete as directed.
+	 *
+	 * The message types handled here are 'activity' (e.g. posts), and 'sync'.
+	 *
+	 * @param array $arr
+	 *  'pickup' structure returned from remote site
+	 * @param string $sender_url
+	 *  the url specified by the sender in the initial communication.
+	 *  We will verify the sender and url in each returned message structure and
+	 *  also verify that all the messages returned match the site url that we are
+	 *  currently processing.
+	 *
+	 * @returns array
+	 *   Suitable for logging remotely, enumerating the processing results of each message/recipient combination
+	 *   * [0] => \e string $channel_hash
+	 *   * [1] => \e string $delivery_status
+	 *   * [2] => \e string $address
+	 */
+
+	static function import($arr) {
+
+		$env = $arr;
+		$private = false;
+		$return = [];
+
+		$result = null;
+
+		logger('Notify: ' . print_r($env,true), LOGGER_DATA, LOG_DEBUG);
+
+		if(! is_array($env)) {
+			logger('decode error');
+			return;
+		}
+
+		$message_request = ((array_key_exists('message_id',$env)) ? true : false);
+		if($message_request)
+			logger('processing message request');
+
+		$has_data = array_key_exists('data',$env) && $env['data'];
+		$data = (($has_data) ? $env['data'] : false);
+		
+		$deliveries = null;
+
+		if(array_key_exists('recipients',$env) && count($env['recipients'])) {
+			logger('specific recipients');
+			logger('recipients: ' . print_r($env['recipients'],true),LOGGER_DEBUG);
+
+			$recip_arr = [];
+			foreach($env['recipients'] as $recip) {
+				$recip_arr[] =  $recip;
+			}
+
+			$r = false;
+			if($recip_arr) {
+				stringify_array_elms($recip_arr,true);
+				$recips = implode(',',$recip_arr);
+				$r = q("select channel_hash as hash from channel where channel_hash in ( " . $recips . " ) and channel_removed = 0 ");
+			}
+
+			if(! $r) {
+				logger('recips: no recipients on this site');
+				return;
+			}
+
+			// Response messages will inherit the privacy of the parent
+
+			if($env['type'] !== 'response')
+				$private = true;
+
+			$deliveries = ids_to_array($r,'hash');
+
+			// We found somebody on this site that's in the recipient list.
+		}
+		else {
+
+			logger('public post');
+
+
+			// Public post. look for any site members who are or may be accepting posts from this sender
+			// and who are allowed to see them based on the sender's permissions
+			// @fixme;
+
+			$deliveries = self::public_recips($env);
+
+
+		}
+
+		$deliveries = array_unique($deliveries);
+
+		if(! $deliveries) {
+			logger('No deliveries on this site');
+			return;
+		}
+
+
+		if($has_data) {
+
+			if(in_array($env['type'],['activity','response'])) {
+
+				if($env['encoding'] === 'zot') {
+					$arr = get_item_elements($data);
+	
+					$v = validate_item_elements($data,$arr);
+					
+					if(! $v['success']) {
+						logger('Activity rejected: ' . $v['message'] . ' ' . print_r($data,true));
+						return;
+					}
+				}
+				elseif($env['encoding'] === 'activitystreams') {
+
+					$AS = new \Zotlabs\Lib\ActivityStreams($data);
+					if(! $AS->is_valid()) {
+						logger('Activity rejected: ' . print_r($data,true));
+						return;
+					}
+					$arr = \Zotlabs\Lib\Activity::decode_note($AS);
+
+					logger($AS->debug());
+
+					$r = q("select hubloc_hash from hubloc where hubloc_id_url = '%s' limit 1",
+						dbesc($AS->actor['id'])
+					); 
+
+					if($r) {
+						$arr['author_xchan'] = $r[0]['hubloc_hash'];
+					}
+					// @fixme (in individual delivery, change owner if needed)
+					$arr['owner_xchan'] = $env['sender'];						
+					if($private) {
+						$arr['item_private'] = true;
+					}
+					// @fixme - spoofable
+					if($AS->data['hubloc']) {
+						$arr['item_verified'] = true;
+					}
+					if($AS->data['signed_data']) {
+						IConfig::Set($arr,'activitystreams','signed_data',$AS->data['signed_data'],false);
+					}
+
+				}
+
+				logger('Activity received: ' . print_r($arr,true), LOGGER_DATA, LOG_DEBUG);
+				logger('Activity recipients: ' . print_r($deliveries,true), LOGGER_DATA, LOG_DEBUG);
+
+				$relay = (($env['type'] === 'response') ? true : false );
+
+				$result = self::process_delivery($env['sender'],$arr,$deliveries,$relay,false,$message_request);
+			}
+			elseif($env['type'] === 'sync') {
+				// $arr = get_channelsync_elements($data);
+
+				$arr = json_decode($data,true);
+
+				logger('Channel sync received: ' . print_r($arr,true), LOGGER_DATA, LOG_DEBUG);
+				logger('Channel sync recipients: ' . print_r($deliveries,true), LOGGER_DATA, LOG_DEBUG);
+
+				$result = Libsync::process_channel_sync_delivery($env['sender'],$arr,$deliveries);
+			}
+		}
+		if ($result) {
+			$return = array_merge($return, $result);
+		}		
+		return $return;
+	}
+
+
+	static function is_top_level($env) {
+		if($env['encoding'] === 'zot' && array_key_exists('flags',$env) && in_array('thread_parent', $env['flags'])) {
+			return true;
+		}
+		if($env['encoding'] === 'activitystreams') {
+			if(array_key_exists('inReplyTo',$env['data']) && $env['data']['inReplyTo']) {
+				return false;
+			}
+			return true;
+		}
+		return false;
+	}
+
+
+	/**
+	 * @brief
+	 *
+	 * A public message with no listed recipients can be delivered to anybody who
+	 * has PERMS_NETWORK for that type of post, PERMS_AUTHED (in-network senders are
+	 * by definition authenticated) or PERMS_SITE and is one the same site,
+	 * or PERMS_SPECIFIC and the sender is a contact who is granted permissions via
+	 * their connection permissions in the address book.
+	 * Here we take a given message and construct a list of hashes of everybody
+	 * on the site that we should try and deliver to.
+	 * Some of these will be rejected, but this gives us a place to start.
+	 *
+	 * @param array $msg
+	 * @return NULL|array
+	 */
+
+	static function public_recips($msg) {
+
+		require_once('include/channel.php');
+
+		$check_mentions = false;
+		$include_sys = false;
+
+		if($msg['type'] === 'activity') {
+			$disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false;
+			if(! $disable_discover_tab)
+				$include_sys = true;
+
+			$perm = 'send_stream';
+
+			if(self::is_top_level($msg)) {
+				$check_mentions = true;
+			}
+		}
+		elseif($msg['type'] === 'mail')
+			$perm = 'post_mail';
+
+		$r = [];
+
+		$c = q("select channel_id, channel_hash from channel where channel_removed = 0");
+
+		if($c) {
+			foreach($c as $cc) {
+				if(perm_is_allowed($cc['channel_id'],$msg['sender'],$perm)) {
+					$r[] = $cc['channel_hash'];
+				}
+			}
+		}
+
+		if($include_sys) {
+			$sys = get_sys_channel();
+			if($sys)
+				$r[] = $sys['channel_hash'];
+		}
+
+
+
+		// look for any public mentions on this site
+		// They will get filtered by tgroup_check() so we don't need to check permissions now
+
+		if($check_mentions) {
+			// It's a top level post. Look at the tags. See if any of them are mentions and are on this hub.
+			if(array_path_exists('data/object/tag',$msg)) {
+				if(is_array($msg['data']['object']['tag']) && $msg['data']['object']['tag']) {
+					foreach($msg['data']['object']['tag'] as $tag) {
+						if($tag['type'] === 'Mention' && (strpos($tag['href'],z_root()) !== false)) {
+							$address = basename($tag['href']);
+							if($address) {
+								$z = q("select channel_hash as hash from channel where channel_address = '%s'
+									and channel_removed = 0 limit 1",
+									dbesc($address)
+								);
+								if($z) {
+									$r[] = $z[0]['hash'];
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+		else {
+			// This is a comment. We need to find any parent with ITEM_UPLINK set. But in fact, let's just return
+			// everybody that stored a copy of the parent. This way we know we're covered. We'll check the
+			// comment permissions when we deliver them.
+
+			if(array_path_exists('data/inReplyTo',$msg)) {
+				$z = q("select owner_xchan as hash from item where parent_mid = '%s' ",
+					dbesc($msg['data']['inReplyTo'])
+				);
+				if($z) {
+					foreach($z as $zv) {
+						$r[] = $zv['hash'];
+					}
+				}
+			}
+		}
+
+		// There are probably a lot of duplicates in $r at this point. We need to filter those out.
+		// It's a bit of work since it's a multi-dimensional array
+
+		if($r) {
+			$r = array_unique($r);
+		}
+
+		logger('public_recips: ' . print_r($r,true), LOGGER_DATA, LOG_DEBUG);
+		return $r;
+	}
+
+
+	/**
+	 * @brief
+	 *
+	 * @param array $sender
+	 * @param array $arr
+	 * @param array $deliveries
+	 * @param boolean $relay
+	 * @param boolean $public (optional) default false
+	 * @param boolean $request (optional) default false
+	 * @return array
+	 */
+
+	static function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $request = false) {
+
+		$result = [];
+
+		// We've validated the sender. Now make sure that the sender is the owner or author
+
+		if(! $public) {
+			if($sender != $arr['owner_xchan'] && $sender != $arr['author_xchan']) {
+				logger("Sender $sender is not owner {$arr['owner_xchan']} or author {$arr['author_xchan']} - mid {$arr['mid']}");
+				return;
+			}
+		}
+
+		foreach($deliveries as $d) {
+
+			$local_public = $public;
+
+			$DR = new \Zotlabs\Lib\DReport(z_root(),$sender,$d,$arr['mid']);
+
+			$channel = channelx_by_hash($d);
+
+			if (! $channel) {
+				$DR->update('recipient not found');
+				$result[] = $DR->get();
+				continue;
+			}
+
+			$DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>');
+
+			/**
+			 * We need to block normal top-level message delivery from our clones, as the delivered
+			 * message doesn't have ACL information in it as the cloned copy does. That copy
+			 * will normally arrive first via sync delivery, but this isn't guaranteed.
+			 * There's a chance the current delivery could take place before the cloned copy arrives
+			 * hence the item could have the wrong ACL and *could* be used in subsequent deliveries or
+			 * access checks. 
+			 */
+
+			if($sender === $channel['channel_hash'] && $arr['author_xchan'] === $channel['channel_hash'] && $arr['mid'] === $arr['parent_mid']) {
+				$DR->update('self delivery ignored');
+				$result[] = $DR->get();
+				continue;
+			}
+
+			// allow public postings to the sys channel regardless of permissions, but not
+			// for comments travelling upstream. Wait and catch them on the way down.
+			// They may have been blocked by the owner.
+
+			if(intval($channel['channel_system']) && (! $arr['item_private']) && (! $relay)) {
+				$local_public = true;
+
+				$r = q("select xchan_selfcensored from xchan where xchan_hash = '%s' limit 1",
+					dbesc($sender['hash'])
+				);
+				// don't import sys channel posts from selfcensored authors
+				if($r && (intval($r[0]['xchan_selfcensored']))) {
+					$local_public = false;
+					continue;
+				}
+				if(! MessageFilter::evaluate($arr,get_config('system','pubstream_incl'),get_config('system','pubstream_excl'))) {
+					$local_public = false;
+					continue;
+				}
+			}
+
+			$tag_delivery = tgroup_check($channel['channel_id'],$arr);
+
+			$perm = 'send_stream';
+			if(($arr['mid'] !== $arr['parent_mid']) && ($relay))
+				$perm = 'post_comments';
+
+			// This is our own post, possibly coming from a channel clone
+
+			if($arr['owner_xchan'] == $d) {
+				$arr['item_wall'] = 1;
+			}
+			else {
+				$arr['item_wall'] = 0;
+			}
+
+			if((! perm_is_allowed($channel['channel_id'],$sender,$perm)) && (! $tag_delivery) && (! $local_public)) {
+				logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}");
+				$DR->update('permission denied');
+				$result[] = $DR->get();
+				continue;
+			}
+
+			if($arr['mid'] != $arr['parent_mid']) {
+
+				// check source route.
+				// We are only going to accept comments from this sender if the comment has the same route as the top-level-post,
+				// this is so that permissions mismatches between senders apply to the entire conversation
+				// As a side effect we will also do a preliminary check that we have the top-level-post, otherwise
+				// processing it is pointless.
+	
+				$r = q("select route, id from item where mid = '%s' and uid = %d limit 1",
+					dbesc($arr['parent_mid']),
+					intval($channel['channel_id'])
+				);
+				if(! $r) {
+					$DR->update('comment parent not found');
+					$result[] = $DR->get();
+
+					// We don't seem to have a copy of this conversation or at least the parent
+					// - so request a copy of the entire conversation to date.
+					// Don't do this if it's a relay post as we're the ones who are supposed to
+					// have the copy and we don't want the request to loop.
+					// Also don't do this if this comment came from a conversation request packet.
+					// It's possible that comments are allowed but posting isn't and that could
+					// cause a conversation fetch loop. We can detect these packets since they are
+					// delivered via a 'notify' packet type that has a message_id element in the
+					// initial zot packet (just like the corresponding 'request' packet type which
+					// makes the request).
+					// We'll also check the send_stream permission - because if it isn't allowed,
+					// the top level post is unlikely to be imported and
+					// this is just an exercise in futility.
+
+					if((! $relay) && (! $request) && (! $local_public)
+						&& perm_is_allowed($channel['channel_id'],$sender,'send_stream')) {
+						\Zotlabs\Daemon\Master::Summon(array('Notifier', 'request', $channel['channel_id'], $sender, $arr['parent_mid']));
+					}
+					continue;
+				}
+				if($relay) {
+					// reset the route in case it travelled a great distance upstream
+					// use our parent's route so when we go back downstream we'll match
+					// with whatever route our parent has.
+					$arr['route'] = $r[0]['route'];
+				}
+				else {
+
+					// going downstream check that we have the same upstream provider that
+					// sent it to us originally. Ignore it if it came from another source
+					// (with potentially different permissions).
+					// only compare the last hop since it could have arrived at the last location any number of ways.
+					// Always accept empty routes and firehose items (route contains 'undefined') .
+
+					$existing_route = explode(',', $r[0]['route']);
+					$routes = count($existing_route);
+					if($routes) {
+						$last_hop = array_pop($existing_route);
+						$last_prior_route = implode(',',$existing_route);
+					}
+					else {
+						$last_hop = '';
+						$last_prior_route = '';
+					}
+
+					if(in_array('undefined',$existing_route) || $last_hop == 'undefined' || $sender == 'undefined')
+						$last_hop = '';
+
+					$current_route = (($arr['route']) ? $arr['route'] . ',' : '') . $sender;
+
+					if($last_hop && $last_hop != $sender) {
+						logger('comment route mismatch: parent route = ' . $r[0]['route'] . ' expected = ' . $current_route, LOGGER_DEBUG);
+						logger('comment route mismatch: parent msg = ' . $r[0]['id'],LOGGER_DEBUG);
+						$DR->update('comment route mismatch');
+						$result[] = $DR->get();
+						continue;
+					}
+
+					// we'll add sender onto this when we deliver it. $last_prior_route now has the previously stored route
+					// *except* for the sender which would've been the last hop before it got to us.
+
+					$arr['route'] = $last_prior_route;
+				}
+			}
+
+			$ab = q("select * from abook where abook_channel = %d and abook_xchan = '%s'",
+				intval($channel['channel_id']),
+				dbesc($arr['owner_xchan'])
+			);
+			$abook = (($ab) ? $ab[0] : null);
+
+			if(intval($arr['item_deleted'])) {
+
+				// remove_community_tag is a no-op if this isn't a community tag activity
+				self::remove_community_tag($sender,$arr,$channel['channel_id']);
+	
+				// set these just in case we need to store a fresh copy of the deleted post.
+				// This could happen if the delete got here before the original post did.
+
+				$arr['aid'] = $channel['channel_account_id'];
+				$arr['uid'] = $channel['channel_id'];
+	
+				$item_id = delete_imported_item($sender,$arr,$channel['channel_id'],$relay);
+				$DR->update(($item_id) ? 'deleted' : 'delete_failed');
+				$result[] = $DR->get();
+
+				if($relay && $item_id) {
+					logger('process_delivery: invoking relay');
+					\Zotlabs\Daemon\Master::Summon(array('Notifier','relay',intval($item_id)));
+					$DR->update('relayed');
+					$result[] = $DR->get();
+				}
+
+				continue;
+			}
+
+
+			$r = q("select * from item where mid = '%s' and uid = %d limit 1",
+				dbesc($arr['mid']),
+				intval($channel['channel_id'])
+			);
+			if($r) {
+				// We already have this post.
+				$item_id = $r[0]['id'];
+
+				if(intval($r[0]['item_deleted'])) {
+					// It was deleted locally.
+					$DR->update('update ignored');
+					$result[] = $DR->get();
+
+					continue;
+				}
+				// Maybe it has been edited?
+				elseif($arr['edited'] > $r[0]['edited']) {
+					$arr['id'] = $r[0]['id'];
+					$arr['uid'] = $channel['channel_id'];
+					if(($arr['mid'] == $arr['parent_mid']) && (! post_is_importable($arr,$abook))) {
+						$DR->update('update ignored');
+						$result[] = $DR->get();
+					}
+					else {
+						$item_result = self::update_imported_item($sender,$arr,$r[0],$channel['channel_id'],$tag_delivery);
+						$DR->update('updated');
+						$result[] = $DR->get();
+						if(! $relay)
+							add_source_route($item_id,$sender);
+					}
+				}
+				else {
+					$DR->update('update ignored');
+					$result[] = $DR->get();
+
+					// We need this line to ensure wall-to-wall comments are relayed (by falling through to the relay bit),
+					// and at the same time not relay any other relayable posts more than once, because to do so is very wasteful.
+					if(! intval($r[0]['item_origin']))
+						continue;
+				}
+			}
+			else {
+				$arr['aid'] = $channel['channel_account_id'];
+				$arr['uid'] = $channel['channel_id'];
+
+				// if it's a sourced post, call the post_local hooks as if it were
+				// posted locally so that crosspost connectors will be triggered.
+
+				if(check_item_source($arr['uid'], $arr)) {
+					/**
+					 * @hooks post_local
+					 *   Called when an item has been posted on this machine via mod/item.php (also via API).
+					 *   * \e array with an item
+					 */
+					call_hooks('post_local', $arr);
+				}
+
+				$item_id = 0;
+
+				if(($arr['mid'] == $arr['parent_mid']) && (! post_is_importable($arr,$abook))) {
+					$DR->update('post ignored');
+					$result[] = $DR->get();
+				}
+				else {
+					$item_result = item_store($arr);
+					if($item_result['success']) {
+						$item_id = $item_result['item_id'];
+						$parr = [
+								'item_id' => $item_id,
+								'item' => $arr,
+								'sender' => $sender,
+								'channel' => $channel
+						];
+						/**
+						 * @hooks activity_received
+						 *   Called when an activity (post, comment, like, etc.) has been received from a zot source.
+						 *   * \e int \b item_id
+						 *   * \e array \b item
+						 *   * \e array \b sender
+						 *   * \e array \b channel
+						 */	
+						call_hooks('activity_received', $parr);
+						// don't add a source route if it's a relay or later recipients will get a route mismatch
+						if(! $relay)
+							add_source_route($item_id,$sender);
+					}
+					$DR->update(($item_id) ? 'posted' : 'storage failed: ' . $item_result['message']);
+					$result[] = $DR->get();
+				}
+			}
+
+			// preserve conversations with which you are involved from expiration
+
+			$stored = (($item_result && $item_result['item']) ? $item_result['item'] : false);
+			if((is_array($stored)) && ($stored['id'] != $stored['parent'])
+				&& ($stored['author_xchan'] === $channel['channel_hash'])) {
+				retain_item($stored['item']['parent']);
+			}
+
+			if($relay && $item_id) {
+				logger('Invoking relay');
+				\Zotlabs\Daemon\Master::Summon(array('Notifier','relay',intval($item_id)));
+				$DR->addto_update('relayed');
+				$result[] = $DR->get();
+			}
+		}
+
+		if(! $deliveries)
+			$result[] = array('', 'no recipients', '', $arr['mid']);
+
+		logger('Local results: ' . print_r($result, true), LOGGER_DEBUG);
+
+		return $result;
+	}
+
+	/**
+	 * @brief Remove community tag.
+	 *
+	 * @param array $sender an associative array with
+	 *   * \e string \b hash a xchan_hash
+	 * @param array $arr an associative array
+	 *   * \e int \b verb
+	 *   * \e int \b obj_type
+	 *   * \e int \b mid
+	 * @param int $uid
+	 */
+
+	static function remove_community_tag($sender, $arr, $uid) {
+
+		if(! (activity_match($arr['verb'], ACTIVITY_TAG) && ($arr['obj_type'] == ACTIVITY_OBJ_TAGTERM)))
+			return;
+
+		logger('remove_community_tag: invoked');
+
+		if(! get_pconfig($uid,'system','blocktags')) {
+			logger('Permission denied.');
+			return;
+		}
+
+		$r = q("select * from item where mid = '%s' and uid = %d limit 1",
+			dbesc($arr['mid']),
+			intval($uid)
+		);
+		if(! $r) {
+			logger('No item');
+			return;
+		}
+
+		if(($sender != $r[0]['owner_xchan']) && ($sender != $r[0]['author_xchan'])) {
+			logger('Sender not authorised.');
+			return;
+		}
+
+		$i = $r[0];
+	
+		if($i['target'])
+			$i['target'] = json_decode($i['target'],true);
+		if($i['object'])
+			$i['object'] = json_decode($i['object'],true);
+
+		if(! ($i['target'] && $i['object'])) {
+			logger('No target/object');
+			return;
+		}
+
+		$message_id = $i['target']['id'];
+
+		$r = q("select id from item where mid = '%s' and uid = %d limit 1",
+			dbesc($message_id),
+			intval($uid)
+		);
+		if(! $r) {
+			logger('No parent message');
+			return;
+		}
+
+		q("delete from term where uid = %d and oid = %d and otype = %d and ttype in  ( %d, %d ) and term = '%s' and url = '%s'",
+			intval($uid),
+			intval($r[0]['id']),
+			intval(TERM_OBJ_POST),
+			intval(TERM_HASHTAG),
+			intval(TERM_COMMUNITYTAG),
+			dbesc($i['object']['title']),
+			dbesc(get_rel_link($i['object']['link'],'alternate'))
+		);
+	}
+
+	/**
+	 * @brief Updates an imported item.
+	 *
+	 * @see item_store_update()
+	 *
+	 * @param array $sender
+	 * @param array $item
+	 * @param array $orig
+	 * @param int $uid
+	 * @param boolean $tag_delivery
+	 */
+	
+	static function update_imported_item($sender, $item, $orig, $uid, $tag_delivery) {
+
+		// If this is a comment being updated, remove any privacy information
+		// so that item_store_update will set it from the original.
+
+		if($item['mid'] !== $item['parent_mid']) {
+			unset($item['allow_cid']);
+			unset($item['allow_gid']);
+			unset($item['deny_cid']);
+			unset($item['deny_gid']);
+			unset($item['item_private']);
+		}
+
+		// we need the tag_delivery check for downstream flowing posts as the stored post
+		// may have a different owner than the one being transmitted.
+
+		if(($sender != $orig['owner_xchan'] && $sender != $orig['author_xchan']) && (! $tag_delivery)) {
+			logger('sender is not owner or author');
+			return;
+		}
+
+
+		$x = item_store_update($item);
+
+		// If we're updating an event that we've saved locally, we store the item info first
+		// because event_addtocal will parse the body to get the 'new' event details
+
+		if($orig['resource_type'] === 'event') {
+			$res = event_addtocal($orig['id'], $uid);
+			if(! $res)
+				logger('update event: failed');
+		}
+
+		if(! $x['item_id'])
+			logger('update_imported_item: failed: ' . $x['message']);
+		else
+			logger('update_imported_item');
+
+		return $x;
+	}
+
+	/**
+	 * @brief Deletes an imported item.
+	 *
+	 * @param array $sender
+	 *   * \e string \b hash a xchan_hash
+	 * @param array $item
+	 * @param int $uid
+	 * @param boolean $relay
+	 * @return boolean|int post_id
+	 */
+
+	static function delete_imported_item($sender, $item, $uid, $relay) {
+
+		logger('invoked', LOGGER_DEBUG);
+
+		$ownership_valid = false;
+		$item_found = false;
+		$post_id = 0;
+
+		$r = q("select id, author_xchan, owner_xchan, source_xchan, item_deleted from item where ( author_xchan = '%s' or owner_xchan = '%s' or source_xchan = '%s' )
+			and mid = '%s' and uid = %d limit 1",
+			dbesc($sender['hash']),
+			dbesc($sender['hash']),
+			dbesc($sender['hash']),
+			dbesc($item['mid']),
+			intval($uid)
+		);
+
+		if($r) {
+			if($r[0]['author_xchan'] === $sender || $r[0]['owner_xchan'] === $sender || $r[0]['source_xchan'] === $sender)
+				$ownership_valid = true;
+
+			$post_id = $r[0]['id'];
+			$item_found = true;
+		}
+		else {
+
+			// perhaps the item is still in transit and the delete notification got here before the actual item did. Store it with the deleted flag set.
+			// item_store() won't try to deliver any notifications or start delivery chains if this flag is set.
+			// This means we won't end up with potentially even more delivery threads trying to push this delete notification.
+			// But this will ensure that if the (undeleted) original post comes in at a later date, we'll reject it because it will have an older timestamp.
+
+			logger('delete received for non-existent item - storing item data.');
+
+			if($item['author_xchan'] === $sender || $item['owner_xchan'] === $sender || $item['source_xchan'] === $sender) {
+				$ownership_valid = true;
+				$item_result = item_store($item);
+				$post_id = $item_result['item_id'];
+			}
+		}
+
+		if($ownership_valid === false) {
+			logger('delete_imported_item: failed: ownership issue');
+			return false;
+		}
+
+		if($item_found) {
+			if(intval($r[0]['item_deleted'])) {
+				logger('delete_imported_item: item was already deleted');
+				if(! $relay)
+					return false;
+
+				// This is a bit hackish, but may have to suffice until the notification/delivery loop is optimised
+				// a bit further. We're going to strip the ITEM_ORIGIN on this item if it's a comment, because
+				// it was already deleted, and we're already relaying, and this ensures that no other process or
+				// code path downstream can relay it again (causing a loop). Since it's already gone it's not coming
+				// back, and we aren't going to (or shouldn't at any rate) delete it again in the future - so losing
+				// this information from the metadata should have no other discernible impact.
+
+				if (($r[0]['id'] != $r[0]['parent']) && intval($r[0]['item_origin'])) {
+					q("update item set item_origin = 0 where id = %d and uid = %d",
+						intval($r[0]['id']),
+						intval($r[0]['uid'])
+					);
+				}
+			}
+
+
+			// Use phased deletion to set the deleted flag, call both tag_deliver and the notifier to notify downstream channels
+			// and then clean up after ourselves with a cron job after several days to do the delete_item_lowlevel() (DROPITEM_PHASE2).
+
+			drop_item($post_id, false, DROPITEM_PHASE1);
+			tag_deliver($uid, $post_id);
+		}
+
+		return $post_id;
+	}
+
+	static function process_mail_delivery($sender, $arr, $deliveries) {
+
+		$result = array();
+
+		if($sender != $arr['from_xchan']) {
+			logger('process_mail_delivery: sender is not mail author');
+			return;
+		}
+
+		foreach($deliveries as $d) {
+	
+			$DR = new \Zotlabs\Lib\DReport(z_root(),$sender,$d,$arr['mid']);
+
+			$r = q("select * from channel where channel_hash = '%s' limit 1",
+				dbesc($d['hash'])
+			);
+
+			if(! $r) {
+				$DR->update('recipient not found');
+				$result[] = $DR->get();
+				continue;
+			}
+
+			$channel = $r[0];
+			$DR->set_name($channel['channel_name'] . ' <' . channel_reddress($channel) . '>');
+
+
+			if(! perm_is_allowed($channel['channel_id'],$sender,'post_mail')) {
+
+				/* 
+				 * Always allow somebody to reply if you initiated the conversation. It's anti-social
+				 * and a bit rude to send a private message to somebody and block their ability to respond.
+				 * If you are being harrassed and want to put an end to it, delete the conversation.
+				 */
+
+				$return = false;
+				if($arr['parent_mid']) {
+					$return = q("select * from mail where mid = '%s' and channel_id = %d limit 1",
+						dbesc($arr['parent_mid']),
+						intval($channel['channel_id'])
+					);
+				}
+				if(! $return) {
+					logger("permission denied for mail delivery {$channel['channel_id']}");
+					$DR->update('permission denied');
+					$result[] = $DR->get();
+					continue;
+				}
+			}
+
+
+			$r = q("select id from mail where mid = '%s' and channel_id = %d limit 1",
+				dbesc($arr['mid']),
+				intval($channel['channel_id'])
+			);
+			if($r) {
+				if(intval($arr['mail_recalled'])) {
+					$x = q("delete from mail where id = %d and channel_id = %d",
+						intval($r[0]['id']),
+						intval($channel['channel_id'])
+					);
+					$DR->update('mail recalled');
+					$result[] = $DR->get();
+					logger('mail_recalled');
+				}
+				else {
+					$DR->update('duplicate mail received');
+					$result[] = $DR->get();
+					logger('duplicate mail received');
+				}
+				continue;
+			}
+			else {
+				$arr['account_id'] = $channel['channel_account_id'];
+				$arr['channel_id'] = $channel['channel_id'];
+				$item_id = mail_store($arr);
+				$DR->update('mail delivered');
+				$result[] = $DR->get();
+			}
+		}
+
+		return $result;
+	}
+
+
+	/**
+	 * @brief Processes delivery of profile.
+	 *
+	 * @see import_directory_profile()
+	 * @param array $sender an associative array
+	 *   * \e string \b hash a xchan_hash
+	 * @param array $arr
+	 * @param array $deliveries (unused)
+	 */
+
+	static function process_profile_delivery($sender, $arr, $deliveries) {
+
+		logger('process_profile_delivery', LOGGER_DEBUG);
+
+		$r = q("select xchan_addr from xchan where xchan_hash = '%s' limit 1",
+				dbesc($sender['hash'])
+		);
+		if($r) {
+			Libzotdir::import_directory_profile($sender, $arr, $r[0]['xchan_addr'], UPDATE_FLAGS_UPDATED, 0);
+		}
+	}
+
+
+	/**
+	 * @brief
+	 *
+	 * @param array $sender an associative array
+	 *   * \e string \b hash a xchan_hash
+	 * @param array $arr
+	 * @param array $deliveries (unused) deliveries is irrelevant
+	 */
+	static function process_location_delivery($sender, $arr, $deliveries) {
+
+		// deliveries is irrelevant
+		logger('process_location_delivery', LOGGER_DEBUG);
+
+		$r = q("select * from xchan where xchan_hash = '%s' limit 1",
+			dbesc($sender)
+		);
+		if($r) {
+			$xchan = [ 'id' => $r[0]['xchan_guid'], 'id_sig' => $r[0]['xchan_guid_sig'],
+				'hash' => $r[0]['xchan_hash'], 'public_key' => $r[0]['xchan_pubkey'] ];
+		}
+		if(array_key_exists('locations',$arr) && $arr['locations']) {
+			$x = Libsync::sync_locations($xchan,$arr,true);
+			logger('results: ' . print_r($x,true), LOGGER_DEBUG);
+			if($x['changed']) {
+				$guid = random_string() . '@' . App::get_hostname();
+				Libzotdir::update_modtime($sender,$r[0]['xchan_guid'],$arr['locations'][0]['address'],UPDATE_FLAGS_UPDATED);
+			}
+		}
+	}
+
+	/**
+	 * @brief Checks for a moved channel and sets the channel_moved flag.
+	 *
+	 * Currently the effect of this flag is to turn the channel into 'read-only' mode.
+	 * New content will not be processed (there was still an issue with blocking the
+	 * ability to post comments as of 10-Mar-2016).
+	 * We do not physically remove the channel at this time. The hub admin may choose
+	 * to do so, but is encouraged to allow a grace period of several days in case there
+	 * are any issues migrating content. This packet will generally be received by the
+	 * original site when the basic channel import has been processed.
+	 *
+	 * This will only be executed on the old location
+	 * if a new location is reported and there is only one location record.
+	 * The rest of the hubloc syncronisation will be handled within
+	 * sync_locations
+	 *
+	 * @param string $sender_hash A channel hash
+	 * @param array $locations
+	 */
+
+	static function check_location_move($sender_hash, $locations) {
+
+		if(! $locations)
+			return;
+
+		if(count($locations) != 1)
+			return;
+
+		$loc = $locations[0];
+
+		$r = q("select * from channel where channel_hash = '%s' limit 1",
+			dbesc($sender_hash)
+		);
+
+		if(! $r)
+			return;
+
+		if($loc['url'] !== z_root()) {
+			$x = q("update channel set channel_moved = '%s' where channel_hash = '%s' limit 1",
+				dbesc($loc['url']),
+				dbesc($sender_hash)
+			);
+
+			// federation plugins may wish to notify connections
+			// of the move on singleton networks
+
+			$arr = [
+				'channel' => $r[0],
+				'locations' => $locations
+			];
+			/**
+			 * @hooks location_move
+			 *   Called when a new location has been provided to a UNO channel (indicating a move rather than a clone).
+			 *   * \e array \b channel
+			 *   * \e array \b locations
+			 */
+			call_hooks('location_move', $arr);
+		}
+	}
+
+
+
+	/**
+	 * @brief Returns an array with all known distinct hubs for this channel.
+	 *
+	 * @see self::get_hublocs()
+	 * @param array $channel an associative array which must contain
+	 *  * \e string \b channel_hash the hash of the channel
+	 * @return array an array with associative arrays
+	 */
+
+	static function encode_locations($channel) {
+		$ret = [];
+
+		$x = self::get_hublocs($channel['channel_hash']);
+
+		if($x && count($x)) {
+			foreach($x as $hub) {
+
+				// if this is a local channel that has been deleted, the hubloc is no good - make sure it is marked deleted
+				// so that nobody tries to use it.
+
+				if(intval($channel['channel_removed']) && $hub['hubloc_url'] === z_root())
+					$hub['hubloc_deleted'] = 1;
+
+				$ret[] = [
+					'host'     => $hub['hubloc_host'],
+					'address'  => $hub['hubloc_addr'],
+					'id_url'   => $hub['hubloc_id_url'],
+					'primary'  => (intval($hub['hubloc_primary']) ? true : false),
+					'url'      => $hub['hubloc_url'],
+					'url_sig'  => $hub['hubloc_url_sig'],
+					'site_id'  => $hub['hubloc_site_id'],
+					'callback' => $hub['hubloc_callback'],
+					'sitekey'  => $hub['hubloc_sitekey'],
+					'deleted'  => (intval($hub['hubloc_deleted']) ? true : false)
+				];
+			}
+		}
+
+		return $ret;
+	}
+
+
+	/**
+	 * @brief
+	 *
+	 * @param array $arr
+	 * @param string $pubkey
+	 * @return boolean true if updated or inserted
+	 */
+	
+	static function import_site($arr) {
+
+		if( (! is_array($arr)) || (! $arr['url']) || (! $arr['site_sig']))
+			return false;
+
+		if(! self::verify($arr['url'], $arr['site_sig'], $arr['sitekey'])) {
+			logger('Bad url_sig');
+			return false;
+		}
+
+		$update = false;
+		$exists = false;
+
+		$r = q("select * from site where site_url = '%s' limit 1",
+			dbesc($arr['url'])
+		);
+		if($r) {
+			$exists = true;
+			$siterecord = $r[0];
+		}
+
+		$site_directory = 0;
+		if($arr['directory_mode'] == 'normal')
+			$site_directory = DIRECTORY_MODE_NORMAL;
+		if($arr['directory_mode'] == 'primary')
+			$site_directory = DIRECTORY_MODE_PRIMARY;
+		if($arr['directory_mode'] == 'secondary')
+			$site_directory = DIRECTORY_MODE_SECONDARY;
+		if($arr['directory_mode'] == 'standalone')
+			$site_directory = DIRECTORY_MODE_STANDALONE;
+
+		$register_policy = 0;
+		if($arr['register_policy'] == 'closed')
+			$register_policy = REGISTER_CLOSED;
+		if($arr['register_policy'] == 'open')
+			$register_policy = REGISTER_OPEN;
+		if($arr['register_policy'] == 'approve')
+			$register_policy = REGISTER_APPROVE;
+
+		$access_policy = 0;
+		if(array_key_exists('access_policy',$arr)) {
+			if($arr['access_policy'] === 'private')
+				$access_policy = ACCESS_PRIVATE;
+			if($arr['access_policy'] === 'paid')
+				$access_policy = ACCESS_PAID;
+			if($arr['access_policy'] === 'free')
+				$access_policy = ACCESS_FREE;
+			if($arr['access_policy'] === 'tiered')
+				$access_policy = ACCESS_TIERED;
+		}
+
+		// don't let insecure sites register as public hubs
+
+		if(strpos($arr['url'],'https://') === false)
+			$access_policy = ACCESS_PRIVATE;
+
+		if($access_policy != ACCESS_PRIVATE) {
+			$x = z_fetch_url($arr['url'] . '/siteinfo.json');
+			if(! $x['success'])
+				$access_policy = ACCESS_PRIVATE;
+		}
+
+		$directory_url = htmlspecialchars($arr['directory_url'],ENT_COMPAT,'UTF-8',false);
+		$url = htmlspecialchars(strtolower($arr['url']),ENT_COMPAT,'UTF-8',false);
+		$sellpage = htmlspecialchars($arr['sellpage'],ENT_COMPAT,'UTF-8',false);
+		$site_location = htmlspecialchars($arr['location'],ENT_COMPAT,'UTF-8',false);
+		$site_realm = htmlspecialchars($arr['realm'],ENT_COMPAT,'UTF-8',false);
+		$site_project = htmlspecialchars($arr['project'],ENT_COMPAT,'UTF-8',false);
+		$site_crypto = ((array_key_exists('encryption',$arr) && is_array($arr['encryption'])) ? htmlspecialchars(implode(',',$arr['encryption']),ENT_COMPAT,'UTF-8',false) : '');
+		$site_version = ((array_key_exists('version',$arr)) ? htmlspecialchars($arr['version'],ENT_COMPAT,'UTF-8',false) : '');
+
+		// You can have one and only one primary directory per realm.
+		// Downgrade any others claiming to be primary. As they have
+		// flubbed up this badly already, don't let them be directory servers at all.
+
+		if(($site_directory === DIRECTORY_MODE_PRIMARY)
+			&& ($site_realm === get_directory_realm())
+			&& ($arr['url'] != get_directory_primary())) {
+			$site_directory = DIRECTORY_MODE_NORMAL;
+		}
+
+		$site_flags = $site_directory;
+
+		if(array_key_exists('zot',$arr)) {
+			set_sconfig($arr['url'],'system','zot_version',$arr['zot']);
+		}
+
+		if($exists) {
+			if(($siterecord['site_flags'] != $site_flags)
+				|| ($siterecord['site_access'] != $access_policy)
+				|| ($siterecord['site_directory'] != $directory_url)
+				|| ($siterecord['site_sellpage'] != $sellpage)
+				|| ($siterecord['site_location'] != $site_location)
+				|| ($siterecord['site_register'] != $register_policy)
+				|| ($siterecord['site_project'] != $site_project)
+				|| ($siterecord['site_realm'] != $site_realm)
+				|| ($siterecord['site_crypto'] != $site_crypto)
+				|| ($siterecord['site_version'] != $site_version)   ) {
+
+				$update = true;
+
+	//			logger('import_site: input: ' . print_r($arr,true));
+	//			logger('import_site: stored: ' . print_r($siterecord,true));
+
+				$r = q("update site set site_dead = 0, site_location = '%s', site_flags = %d, site_access = %d, site_directory = '%s', site_register = %d, site_update = '%s', site_sellpage = '%s', site_realm = '%s', site_type = %d, site_project = '%s', site_version = '%s', site_crypto = '%s'
+					where site_url = '%s'",
+					dbesc($site_location),
+					intval($site_flags),
+					intval($access_policy),
+					dbesc($directory_url),
+					intval($register_policy),
+					dbesc(datetime_convert()),
+					dbesc($sellpage),
+					dbesc($site_realm),
+					intval(SITE_TYPE_ZOT),
+					dbesc($site_project),
+					dbesc($site_version),
+					dbesc($site_crypto),
+					dbesc($url)
+				);
+				if(! $r) {
+					logger('Update failed. ' . print_r($arr,true));
+				}
+			}
+			else {
+				// update the timestamp to indicate we communicated with this site
+				q("update site set site_dead = 0, site_update = '%s' where site_url = '%s'",
+					dbesc(datetime_convert()),
+					dbesc($url)
+				);
+			}
+		}
+		else {
+			$update = true;
+
+			$r = site_store_lowlevel(
+				[
+					'site_location'  => $site_location,
+					'site_url'       => $url,
+					'site_access'    => intval($access_policy),
+					'site_flags'     => intval($site_flags),
+					'site_update'    => datetime_convert(),
+					'site_directory' => $directory_url,
+					'site_register'  => intval($register_policy),
+					'site_sellpage'  => $sellpage,
+					'site_realm'     => $site_realm,
+					'site_type'      => intval(SITE_TYPE_ZOT),
+					'site_project'   => $site_project,
+					'site_version'   => $site_version,
+					'site_crypto'    => $site_crypto
+				]
+			);
+
+			if(! $r) {
+				logger('Record create failed. ' . print_r($arr,true));
+			}
+		}
+
+		return $update;
+	}
+
+	/**
+	 * @brief Returns path to /rpost
+	 *
+	 * @todo We probably should make rpost discoverable.
+	 *
+	 * @param array $observer
+	 *   * \e string \b xchan_url
+	 * @return string
+	 */
+	static function get_rpost_path($observer) {
+		if(! $observer)
+			return '';
+
+		$parsed = parse_url($observer['xchan_url']);
+
+		return $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : '') . '/rpost?f=';
+	}
+
+	/**
+	 * @brief
+	 *
+	 * @param array $x
+	 * @return boolean|string return false or a hash
+	 */
+
+	static function import_author_zot($x) {
+
+		// Check that we have both a hubloc and xchan record - as occasionally storage calls will fail and
+		// we may only end up with one; which results in posts with no author name or photo and are a bit
+		// of a hassle to repair. If either or both are missing, do a full discovery probe.
+
+		$hash = self::make_xchan_hash($x['id'],$x['key']);
+
+		$desturl = $x['url'];
+
+		$r1 = q("select hubloc_url, hubloc_updated, site_dead from hubloc left join site on
+			hubloc_url = site_url where hubloc_guid = '%s' and hubloc_guid_sig = '%s' and hubloc_primary = 1 limit 1",
+			dbesc($x['id']),
+			dbesc($x['id_sig'])
+		);
+
+		$r2 = q("select xchan_hash from xchan where xchan_guid = '%s' and xchan_guid_sig = '%s' limit 1",
+			dbesc($x['id']),
+			dbesc($x['id_sig'])
+		);
+
+		$site_dead = false;
+
+		if($r1 && intval($r1[0]['site_dead'])) {
+			$site_dead = true;
+		}
+
+		// We have valid and somewhat fresh information. Always true if it is our own site.
+
+		if($r1 && $r2 && ( $r1[0]['hubloc_updated'] > datetime_convert('UTC','UTC','now - 1 week') || $r1[0]['hubloc_url'] === z_root() ) ) {
+			logger('in cache', LOGGER_DEBUG);
+			return $hash;
+		}
+
+		logger('not in cache or cache stale - probing: ' . print_r($x,true), LOGGER_DEBUG,LOG_INFO);
+
+		// The primary hub may be dead. Try to find another one associated with this identity that is
+		// still alive. If we find one, use that url for the discovery/refresh probe. Otherwise, the dead site
+		// is all we have and there is no point probing it. Just return the hash indicating we have a
+		// cached entry and the identity is valid. It's just unreachable until they bring back their
+		// server from the grave or create another clone elsewhere.
+
+		if($site_dead) {
+			logger('dead site - ignoring', LOGGER_DEBUG,LOG_INFO);
+
+			$r = q("select hubloc_id_url from hubloc left join site on hubloc_url = site_url
+				where hubloc_hash = '%s' and site_dead = 0",
+				dbesc($hash)
+			);
+			if($r) {
+				logger('found another site that is not dead: ' . $r[0]['hubloc_url'], LOGGER_DEBUG,LOG_INFO);
+				$desturl = $r[0]['hubloc_url'];
+			}
+			else {
+				return $hash;
+			}
+		}
+
+		$them = [ 'hubloc_id_url' => $desturl ];
+		if(self::refresh($them))
+			return $hash;
+
+		return false;
+	}
+
+	static function zotinfo($arr) {
+
+		$ret = [];
+
+		$zhash     = ((x($arr,'guid_hash'))  ? $arr['guid_hash']   : '');
+		$zguid     = ((x($arr,'guid'))       ? $arr['guid']        : '');
+		$zguid_sig = ((x($arr,'guid_sig'))   ? $arr['guid_sig']    : '');
+		$zaddr     = ((x($arr,'address'))    ? $arr['address']     : '');
+		$ztarget   = ((x($arr,'target_url')) ? $arr['target_url']  : '');
+		$zsig      = ((x($arr,'target_sig')) ? $arr['target_sig']  : '');
+		$zkey      = ((x($arr,'key'))        ? $arr['key']         : '');
+		$mindate   = ((x($arr,'mindate'))    ? $arr['mindate']     : '');
+		$token     = ((x($arr,'token'))      ? $arr['token']   : '');
+		$feed      = ((x($arr,'feed'))       ? intval($arr['feed']) : 0);
+
+		if($ztarget) {
+			$t = q("select * from hubloc where hubloc_id_url = '%s' limit 1",
+				dbesc($ztarget)
+			);
+			if($t) {
+	
+				$ztarget_hash = $t[0]['hubloc_hash'];
+
+			}
+			else {
+			
+				// should probably perform discovery of the requestor (target) but if they actually had
+				// permissions we would know about them and we only want to know who they are to 
+				// enumerate their specific permissions
+		
+				$ztarget_hash = EMPTY_STR;
+			}
+		}
+
+
+		$r = null;
+
+		if(strlen($zhash)) {
+			$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
+				where channel_hash = '%s' limit 1",
+				dbesc($zhash)
+			);
+		}
+		elseif(strlen($zguid) && strlen($zguid_sig)) {
+			$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
+				where channel_guid = '%s' and channel_guid_sig = '%s' limit 1",
+				dbesc($zguid),
+				dbesc($zguid_sig)
+			);
+		}
+		elseif(strlen($zaddr)) {
+			if(strpos($zaddr,'[system]') === false) {       /* normal address lookup */
+				$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
+					where ( channel_address = '%s' or xchan_addr = '%s' ) limit 1",
+					dbesc($zaddr),
+					dbesc($zaddr)
+				);
+			}
+
+			else {
+
+				/**
+				 * The special address '[system]' will return a system channel if one has been defined,
+				 * Or the first valid channel we find if there are no system channels.
+				 *
+				 * This is used by magic-auth if we have no prior communications with this site - and
+				 * returns an identity on this site which we can use to create a valid hub record so that
+				 * we can exchange signed messages. The precise identity is irrelevant. It's the hub
+				 * information that we really need at the other end - and this will return it.
+				 *
+				 */
+
+				$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
+					where channel_system = 1 order by channel_id limit 1");
+				if(! $r) {
+					$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
+						where channel_removed = 0 order by channel_id limit 1");
+				}
+			}
+		}
+		else {
+			$ret['message'] = 'Invalid request';
+			return($ret);
+		}
+
+		if(! $r) {
+			$ret['message'] = 'Item not found.';
+			return($ret);
+		}
+
+		$e = $r[0];
+
+		$id = $e['channel_id'];
+
+		$sys_channel     = (intval($e['channel_system'])   ? true : false);
+		$special_channel = (($e['channel_pageflags'] & PAGE_PREMIUM)  ? true : false);
+		$adult_channel   = (($e['channel_pageflags'] & PAGE_ADULT)    ? true : false);
+		$censored        = (($e['channel_pageflags'] & PAGE_CENSORED) ? true : false);
+		$searchable      = (($e['channel_pageflags'] & PAGE_HIDDEN)   ? false : true);
+		$deleted         = (intval($e['xchan_deleted']) ? true : false);
+
+		if($deleted || $censored || $sys_channel)
+			$searchable = false;
+
+		$public_forum = false;
+
+		$role = get_pconfig($e['channel_id'],'system','permissions_role');
+		if($role === 'forum' || $role === 'repository') {
+			$public_forum = true;
+		}
+		else {
+			// check if it has characteristics of a public forum based on custom permissions.
+			$m = \Zotlabs\Access\Permissions::FilledAutoperms($e['channel_id']);
+			if($m) {
+				foreach($m as $k => $v) {
+					if($k == 'tag_deliver' && intval($v) == 1)
+						$ch ++;
+					if($k == 'send_stream' && intval($v) == 0)
+						$ch ++;
+				}
+				if($ch == 2)
+					$public_forum = true;
+			}
+		}
+
+
+		//  This is for birthdays and keywords, but must check access permissions
+		$p = q("select * from profile where uid = %d and is_default = 1",
+			intval($e['channel_id'])
+		);
+
+		$profile = array();
+
+		if($p) {
+
+			if(! intval($p[0]['publish']))
+				$searchable = false;
+
+			$profile['description']   = $p[0]['pdesc'];
+			$profile['birthday']      = $p[0]['dob'];
+			if(($profile['birthday'] != '0000-00-00') && (($bd = z_birthday($p[0]['dob'],$e['channel_timezone'])) !== ''))
+				$profile['next_birthday'] = $bd;
+
+			if($age = age($p[0]['dob'],$e['channel_timezone'],''))
+				$profile['age'] = $age;
+			$profile['gender']        = $p[0]['gender'];
+			$profile['marital']       = $p[0]['marital'];
+			$profile['sexual']        = $p[0]['sexual'];
+			$profile['locale']        = $p[0]['locality'];
+			$profile['region']        = $p[0]['region'];
+			$profile['postcode']      = $p[0]['postal_code'];
+			$profile['country']       = $p[0]['country_name'];
+			$profile['about']         = $p[0]['about'];
+			$profile['homepage']      = $p[0]['homepage'];
+			$profile['hometown']      = $p[0]['hometown'];
+
+			if($p[0]['keywords']) {
+				$tags = array();
+				$k = explode(' ',$p[0]['keywords']);
+				if($k) {
+					foreach($k as $kk) {
+						if(trim($kk," \t\n\r\0\x0B,")) {
+							$tags[] = trim($kk," \t\n\r\0\x0B,");
+						}
+					}
+				}
+				if($tags)
+					$profile['keywords'] = $tags;
+			}
+		}
+
+		// Communication details
+
+		$ret['id']             = $e['xchan_guid'];
+		$ret['id_sig']         = self::sign($e['xchan_guid'], $e['channel_prvkey']);
+
+		$ret['primary_location'] = [ 
+			'address'            =>  $e['xchan_addr'],
+			'url'                =>  $e['xchan_url'],
+			'connections_url'    =>  $e['xchan_connurl'],
+			'follow_url'         =>  $e['xchan_follow'],
+		];
+
+		$ret['public_key']     = $e['xchan_pubkey'];
+		$ret['username']       = $e['channel_address'];
+		$ret['name']           = $e['xchan_name'];
+		$ret['name_updated']   = $e['xchan_name_date'];
+		$ret['photo'] = [
+			'url'     => $e['xchan_photo_l'],
+			'type'    => $e['xchan_photo_mimetype'],
+			'updated' => $e['xchan_photo_date']
+		];
+
+		$ret['channel_role'] = get_pconfig($e['channel_id'],'system','permissions_role','custom');
+
+		$ret['searchable']     = $searchable;
+		$ret['adult_content']  = $adult_channel;
+		$ret['public_forum']   = $public_forum;
+		
+		$ret['comments']       = map_scope(\Zotlabs\Access\PermissionLimits::Get($e['channel_id'],'post_comments'));
+		$ret['mail']           = map_scope(\Zotlabs\Access\PermissionLimits::Get($e['channel_id'],'post_mail'));
+
+		if($deleted)
+			$ret['deleted']        = $deleted;
+
+		if(intval($e['channel_removed']))
+			$ret['deleted_locally'] = true;
+
+		// premium or other channel desiring some contact with potential followers before connecting.
+		// This is a template - %s will be replaced with the follow_url we discover for the return channel.
+
+		if($special_channel) {
+			$ret['connect_url'] = (($e['xchan_connpage']) ? $e['xchan_connpage'] : z_root() . '/connect/' . $e['channel_address']);
+		}
+
+		// This is a template for our follow url, %s will be replaced with a webbie
+		if(! $ret['follow_url'])
+			$ret['follow_url'] = z_root() . '/follow?f=&url=%s';
+
+		$permissions = get_all_perms($e['channel_id'],$ztarget_hash,false);
+
+		if($ztarget_hash) {
+			$permissions['connected'] = false;
+			$b = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
+				dbesc($ztarget_hash),
+				intval($e['channel_id'])
+			);
+			if($b)
+				$permissions['connected'] = true;
+		}
+
+		if($permissions['view_profile'])
+			$ret['profile']  = $profile;
+
+
+		$concise_perms = [];
+		if($permissions) {
+			foreach($permissions as $k => $v) {
+				if($v) {
+					$concise_perms[] = $k;
+				}
+			}
+			$permissions = implode(',',$concise_perms);
+		}
+
+		$ret['permissions'] = $permissions;
+		$ret['permissions_for']         = $ztarget;
+
+
+		// array of (verified) hubs this channel uses
+
+		$x = self::encode_locations($e);
+		if($x)
+			$ret['locations'] = $x;
+
+		$ret['site'] = self::site_info();
+
+		call_hooks('zotinfo',$ret);
+
+		return($ret);
+
+	}
+
+
+	static function site_info() {
+
+		$signing_key = get_config('system','prvkey');
+		$sig_method  = get_config('system','signature_algorithm','sha256');
+
+		$ret = [];
+		$ret['site'] = [];
+		$ret['site']['url'] = z_root();
+		$ret['site']['site_sig'] = self::sign(z_root(), $signing_key);
+		$ret['site']['post'] = z_root() . '/zot';
+		$ret['site']['openWebAuth']  = z_root() . '/owa';
+		$ret['site']['authRedirect'] = z_root() . '/magic';
+		$ret['site']['sitekey'] = get_config('system','pubkey');
+
+		$dirmode = get_config('system','directory_mode');
+		if(($dirmode === false) || ($dirmode == DIRECTORY_MODE_NORMAL))
+			$ret['site']['directory_mode'] = 'normal';
+
+		if($dirmode == DIRECTORY_MODE_PRIMARY)
+			$ret['site']['directory_mode'] = 'primary';
+		elseif($dirmode == DIRECTORY_MODE_SECONDARY)
+			$ret['site']['directory_mode'] = 'secondary';
+		elseif($dirmode == DIRECTORY_MODE_STANDALONE)
+			$ret['site']['directory_mode'] = 'standalone';
+		if($dirmode != DIRECTORY_MODE_NORMAL)
+			$ret['site']['directory_url'] = z_root() . '/dirsearch';
+
+
+		$ret['site']['encryption'] = crypto_methods();
+		$ret['site']['zot'] = System::get_zot_revision();
+
+		// hide detailed site information if you're off the grid
+
+		if($dirmode != DIRECTORY_MODE_STANDALONE) {
+
+			$register_policy = intval(get_config('system','register_policy'));
+	
+			if($register_policy == REGISTER_CLOSED)
+				$ret['site']['register_policy'] = 'closed';
+			if($register_policy == REGISTER_APPROVE)
+				$ret['site']['register_policy'] = 'approve';
+			if($register_policy == REGISTER_OPEN)
+				$ret['site']['register_policy'] = 'open';
+
+
+			$access_policy = intval(get_config('system','access_policy'));
+
+			if($access_policy == ACCESS_PRIVATE)
+				$ret['site']['access_policy'] = 'private';
+			if($access_policy == ACCESS_PAID)
+				$ret['site']['access_policy'] = 'paid';
+			if($access_policy == ACCESS_FREE)
+				$ret['site']['access_policy'] = 'free';
+			if($access_policy == ACCESS_TIERED)
+				$ret['site']['access_policy'] = 'tiered';
+
+			$ret['site']['accounts'] = account_total();
+
+			require_once('include/channel.php');
+			$ret['site']['channels'] = channel_total();
+
+			$ret['site']['admin'] = get_config('system','admin_email');
+
+			$visible_plugins = array();
+			if(is_array(\App::$plugins) && count(\App::$plugins)) {
+				$r = q("select * from addon where hidden = 0");
+				if($r)
+					foreach($r as $rr)
+						$visible_plugins[] = $rr['aname'];
+			}
+
+			$ret['site']['plugins']    = $visible_plugins;
+			$ret['site']['sitehash']   = get_config('system','location_hash');
+			$ret['site']['sitename']   = get_config('system','sitename');
+			$ret['site']['sellpage']   = get_config('system','sellpage');
+			$ret['site']['location']   = get_config('system','site_location');
+			$ret['site']['realm']      = get_directory_realm();
+			$ret['site']['project']    = System::get_platform_name();
+			$ret['site']['version']    = System::get_project_version();
+
+		}
+
+		return $ret['site'];
+
+	}
+
+	/**
+	 * @brief
+	 *
+	 * @param array $hub
+	 * @param string $sitekey (optional, default empty)
+	 *
+	 * @return string hubloc_url
+	 */
+
+	static function update_hub_connected($hub, $site_id = '') {
+
+		if ($site_id) {
+
+			/*
+			 * This hub has now been proven to be valid.
+			 * Any hub with the same URL and a different sitekey cannot be valid.
+			 * Get rid of them (mark them deleted). There's a good chance they were re-installs.
+			 */
+
+			q("update hubloc set hubloc_deleted = 1, hubloc_error = 1 where hubloc_hash = '%s' and hubloc_url = '%s' and hubloc_site_id != '%s' ",
+				dbesc($hub['hubloc_hash']),
+				dbesc($hub['hubloc_url']),
+				dbesc($site_id)
+			);
+
+		}
+		else {
+			$site_id = $hub['hubloc_site_id'];
+		}
+
+		// $sender['sitekey'] is a new addition to the protocol to distinguish
+		// hublocs coming from re-installed sites. Older sites will not provide
+		// this field and we have to still mark them valid, since we can't tell
+		// if this hubloc has the same sitekey as the packet we received.
+		// Update our DB to show when we last communicated successfully with this hub
+		// This will allow us to prune dead hubs from using up resources
+
+		$t = datetime_convert('UTC', 'UTC', 'now - 15 minutes');
+
+		$r = q("update hubloc set hubloc_connected = '%s' where hubloc_id = %d and hubloc_site_id = '%s' and hubloc_connected < '%s' ",
+			dbesc(datetime_convert()),
+			intval($hub['hubloc_id']),
+			dbesc($site_id),
+			dbesc($t)
+		);
+
+		// a dead hub came back to life - reset any tombstones we might have
+
+		if (intval($hub['hubloc_error'])) {
+			q("update hubloc set hubloc_error = 0 where hubloc_id = %d and hubloc_site_id = '%s' ",
+				intval($hub['hubloc_id']),
+				dbesc($site_id)
+			);
+			if (intval($hub['hubloc_orphancheck'])) {
+				q("update hubloc set hubloc_orphancheck = 0 where hubloc_id = %d and hubloc_site_id = '%s' ",
+					intval($hub['hubloc_id']),
+					dbesc($site_id)
+				);
+			}
+			q("update xchan set xchan_orphan = 0 where xchan_orphan = 1 and xchan_hash = '%s'",
+				dbesc($hub['hubloc_hash'])
+			);
+		}
+
+		return $hub['hubloc_url'];
+	}
+
+
+	static function sign($data,$key,$alg = 'sha256') {
+		if(! $key)
+			return 'no key';
+		$sig = '';
+		openssl_sign($data,$sig,$key,$alg);
+		return $alg . '.' . base64url_encode($sig);
+	}
+
+	static function verify($data,$sig,$key) {
+
+		$verify = 0;
+
+		$x = explode('.',$sig,2);
+
+		if ($key && count($x) === 2) {
+			$alg = $x[0];
+			$signature = base64url_decode($x[1]);
+	
+			$verify = @openssl_verify($data,$signature,$key,$alg);
+
+			if ($verify === (-1)) {
+				while ($msg = openssl_error_string()) {
+					logger('openssl_verify: ' . $msg,LOGGER_NORMAL,LOG_ERR);
+				}
+				btlogger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR); 
+			}
+		}
+		return(($verify > 0) ? true : false);
+	}
+
+
+
+	static function is_zot_request() {
+
+		$x = getBestSupportedMimeType([ 'application/x-zot+json' ]);
+		return(($x) ? true : false);
+	}
+
+}
diff --git a/Zotlabs/Lib/Libzotdir.php b/Zotlabs/Lib/Libzotdir.php
new file mode 100644
index 000000000..91d089c86
--- /dev/null
+++ b/Zotlabs/Lib/Libzotdir.php
@@ -0,0 +1,654 @@
+ $preferred ];
+		}
+		else {
+			return [];
+		}
+	}
+
+
+	/**
+	 * Directories may come and go over time. We will need to check that our
+	 * directory server is still valid occasionally, and reset to something that
+	 * is if our directory has gone offline for any reason
+	 */
+
+	static function check_upstream_directory() {
+
+		$directory = get_config('system', 'directory_server');
+
+		// it's possible there is no directory server configured and the local hub is being used.
+		// If so, default to preserving the absence of a specific server setting.
+
+		$isadir = true;
+
+		if ($directory) {
+			$j = Zotfinger::exec($directory);
+			if(array_path_exists('data/directory_mode',$j)) {
+				if ($j['data']['directory_mode'] === 'normal') {
+					$isadir = false;
+				}
+			}
+		}
+
+		if (! $isadir)
+			set_config('system', 'directory_server', '');
+	}
+
+
+	static function get_directory_setting($observer, $setting) {
+
+		if ($observer)
+			$ret = get_xconfig($observer, 'directory', $setting);
+		else
+			$ret = ((array_key_exists($setting,$_SESSION)) ? intval($_SESSION[$setting]) : false);
+
+		if($ret === false)
+			$ret = get_config('directory', $setting);
+
+
+		// 'safemode' is the default if there is no observer or no established preference. 
+
+		if($setting === 'safemode' && $ret === false)
+			$ret = 1;
+
+		if($setting === 'globaldir' && intval(get_config('system','localdir_hide')))
+			$ret = 1;
+
+		return $ret;
+	}
+
+	/**
+	 * @brief Called by the directory_sort widget.
+	 */
+	static function dir_sort_links() {
+
+		$safe_mode = 1;
+
+		$observer = get_observer_hash();
+
+		$safe_mode = self::get_directory_setting($observer, 'safemode');
+		$globaldir = self::get_directory_setting($observer, 'globaldir');
+		$pubforums = self::get_directory_setting($observer, 'pubforums');
+
+		$hide_local = intval(get_config('system','localdir_hide'));
+		if($hide_local)
+			$globaldir = 1;
+
+
+		// Build urls without order and pubforums so it's easy to tack on the changed value
+		// Probably there's an easier way to do this
+
+		$directory_sort_order = get_config('system','directory_sort_order');
+		if(! $directory_sort_order)
+			$directory_sort_order = 'date';
+
+		$current_order = (($_REQUEST['order']) ? $_REQUEST['order'] : $directory_sort_order);
+		$suggest = (($_REQUEST['suggest']) ? '&suggest=' . $_REQUEST['suggest'] : '');
+
+		$url = 'directory?f=';
+
+		$tmp = array_merge($_GET,$_POST);
+		unset($tmp['suggest']);
+		unset($tmp['pubforums']);
+		unset($tmp['global']);
+		unset($tmp['safe']);
+		unset($tmp['q']);
+		unset($tmp['f']);
+		$forumsurl = $url . http_build_query($tmp) . $suggest;
+
+		$o = replace_macros(get_markup_template('dir_sort_links.tpl'), [
+			'$header'    => t('Directory Options'),
+			'$forumsurl' => $forumsurl,
+			'$safemode'  => array('safemode', t('Safe Mode'),$safe_mode,'',array(t('No'), t('Yes')),' onchange=\'window.location.href="' . $forumsurl . '&safe="+(this.checked ? 1 : 0)\''),
+			'$pubforums' => array('pubforums', t('Public Forums Only'),$pubforums,'',array(t('No'), t('Yes')),' onchange=\'window.location.href="' . $forumsurl . '&pubforums="+(this.checked ? 1 : 0)\''),
+			'$hide_local' => $hide_local,
+			'$globaldir' => array('globaldir', t('This Website Only'), 1-intval($globaldir),'',array(t('No'), t('Yes')),' onchange=\'window.location.href="' . $forumsurl . '&global="+(this.checked ? 0 : 1)\''),
+		]);
+
+		return $o;
+	}
+
+	/**
+	 * @brief Checks the directory mode of this hub.
+	 *
+	 * Checks the directory mode of this hub to see if it is some form of directory server. If it is,
+	 * get the directory realm of this hub. Fetch a list of all other directory servers in this realm and request
+	 * a directory sync packet. This will contain both directory updates and new ratings. Store these all in the DB. 
+	 * In the case of updates, we will query each of them asynchronously from a poller task. Ratings are stored 
+	 * directly if the rater's signature matches.
+	 *
+	 * @param int $dirmode;
+	 */
+
+	static function sync_directories($dirmode) {
+
+		if ($dirmode == DIRECTORY_MODE_STANDALONE || $dirmode == DIRECTORY_MODE_NORMAL)
+			return;
+
+		$realm = get_directory_realm();
+		if ($realm == DIRECTORY_REALM) {
+			$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_type = %d and ( site_realm = '%s' or site_realm = '') ",
+				intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
+				dbesc(z_root()),
+				intval(SITE_TYPE_ZOT),
+				dbesc($realm)
+			);
+		} 
+		else {
+			$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_realm like '%s' and site_type = %d ",
+				intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
+				dbesc(z_root()),
+				dbesc(protect_sprintf('%' . $realm . '%')),
+				intval(SITE_TYPE_ZOT)
+			);
+		}
+
+		// If there are no directory servers, setup the fallback master
+		/** @FIXME What to do if we're in a different realm? */
+
+		if ((! $r) && (z_root() != DIRECTORY_FALLBACK_MASTER)) {
+
+			$x = site_store_lowlevel(
+				[
+					'site_url'       => DIRECTORY_FALLBACK_MASTER,
+					'site_flags'     => DIRECTORY_MODE_PRIMARY,
+					'site_update'    => NULL_DATE, 
+					'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch',
+					'site_realm'     => DIRECTORY_REALM,
+					'site_valid'     => 1,
+				]
+			);
+
+			$r = q("select * from site where site_flags in (%d, %d) and site_url != '%s' and site_type = %d ",
+				intval(DIRECTORY_MODE_PRIMARY),
+				intval(DIRECTORY_MODE_SECONDARY),
+				dbesc(z_root()),
+				intval(SITE_TYPE_ZOT)
+			);
+		}
+		if (! $r)
+			return;
+
+		foreach ($r as $rr) {
+			if (! $rr['site_directory'])
+				continue;
+
+			logger('sync directories: ' . $rr['site_directory']);
+
+			// for brand new directory servers, only load the last couple of days.
+			// It will take about a month for a new directory to obtain the full current repertoire of channels.
+			/** @FIXME Go back and pick up earlier ratings if this is a new directory server. These do not get refreshed. */
+
+			$token = get_config('system','realm_token');
+
+			$syncdate = (($rr['site_sync'] <= NULL_DATE) ? datetime_convert('UTC','UTC','now - 2 days') : $rr['site_sync']);
+			$x = z_fetch_url($rr['site_directory'] . '?f=&sync=' . urlencode($syncdate) . (($token) ? '&t=' . $token : ''));
+
+			if (! $x['success'])
+				continue;
+
+			$j = json_decode($x['body'],true);
+			if (!($j['transactions']) || ($j['ratings']))
+				continue;
+
+			q("update site set site_sync = '%s' where site_url = '%s'",
+				dbesc(datetime_convert()),
+				dbesc($rr['site_url'])
+			);
+
+			logger('sync_directories: ' . $rr['site_url'] . ': ' . print_r($j,true), LOGGER_DATA);
+
+			if (is_array($j['transactions']) && count($j['transactions'])) {
+				foreach ($j['transactions'] as $t) {
+					$r = q("select * from updates where ud_guid = '%s' limit 1",
+						dbesc($t['transaction_id'])
+					);
+					if($r)
+						continue;
+
+					$ud_flags = 0;
+					if (is_array($t['flags']) && in_array('deleted',$t['flags']))
+						$ud_flags |= UPDATE_FLAGS_DELETED;
+					if (is_array($t['flags']) && in_array('forced',$t['flags']))
+						$ud_flags |= UPDATE_FLAGS_FORCED;
+	
+					$z = q("insert into updates ( ud_hash, ud_guid, ud_date, ud_flags, ud_addr )
+						values ( '%s', '%s', '%s', %d, '%s' ) ",
+						dbesc($t['hash']),
+						dbesc($t['transaction_id']),
+						dbesc($t['timestamp']),
+						intval($ud_flags),
+						dbesc($t['address'])
+					);
+				}
+			}
+		}
+	}
+
+
+
+	/**
+	 * @brief
+	 *
+	 * Given an update record, probe the channel, grab a zot-info packet and refresh/sync the data.
+	 *
+	 * Ignore updating records marked as deleted.
+	 *
+	 * If successful, sets ud_last in the DB to the current datetime for this
+	 * reddress/webbie.
+	 *
+	 * @param array $ud Entry from update table
+	 */
+
+	static function update_directory_entry($ud) {
+
+		logger('update_directory_entry: ' . print_r($ud,true), LOGGER_DATA);
+
+		if ($ud['ud_addr'] && (! ($ud['ud_flags'] & UPDATE_FLAGS_DELETED))) {
+			$success = false;
+
+			$href = \Zotlabs\Lib\Webfinger::zot_url(punify($url));
+			if($href) {
+				$zf = \Zotlabs\Lib\Zotfinger::exec($href);
+			}
+			if(is_array($zf) && array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) {
+				$xc = Libzot::import_xchan($zf['data'], 0, $ud);
+			}
+			else {
+				q("update updates set ud_last = '%s' where ud_addr = '%s'",
+					dbesc(datetime_convert()),
+					dbesc($ud['ud_addr'])
+				);
+			}
+		}
+	}
+
+
+	/**
+	 * @brief Push local channel updates to a local directory server.
+	 *
+	 * This is called from include/directory.php if a profile is to be pushed to the
+	 * directory and the local hub in this case is any kind of directory server.
+	 *
+	 * @param int $uid
+	 * @param boolean $force
+	 */
+
+	static function local_dir_update($uid, $force) {
+
+	
+		logger('local_dir_update: uid: ' . $uid, LOGGER_DEBUG);
+
+		$p = q("select channel.channel_hash, channel_address, channel_timezone, profile.* from profile left join channel on channel_id = uid where uid = %d and is_default = 1",
+			intval($uid)
+		);
+
+		$profile = array();
+		$profile['encoding'] = 'zot';
+
+		if ($p) {
+			$hash = $p[0]['channel_hash'];
+
+			$profile['description'] = $p[0]['pdesc'];
+			$profile['birthday']    = $p[0]['dob'];
+			if ($age = age($p[0]['dob'],$p[0]['channel_timezone'],''))  
+				$profile['age'] = $age;
+
+			$profile['gender']      = $p[0]['gender'];
+			$profile['marital']     = $p[0]['marital'];
+			$profile['sexual']      = $p[0]['sexual'];
+			$profile['locale']      = $p[0]['locality'];
+			$profile['region']      = $p[0]['region'];
+			$profile['postcode']    = $p[0]['postal_code'];
+			$profile['country']     = $p[0]['country_name'];
+			$profile['about']       = $p[0]['about'];
+			$profile['homepage']    = $p[0]['homepage'];
+			$profile['hometown']    = $p[0]['hometown'];
+
+			if ($p[0]['keywords']) {
+				$tags = array();
+				$k = explode(' ', $p[0]['keywords']);
+				if ($k)
+					foreach ($k as $kk)
+						if (trim($kk))
+							$tags[] = trim($kk);
+
+				if ($tags)
+					$profile['keywords'] = $tags;
+			}
+
+			$hidden = (1 - intval($p[0]['publish']));
+
+			logger('hidden: ' . $hidden);
+
+			$r = q("select xchan_hidden from xchan where xchan_hash = '%s' limit 1",
+				dbesc($p[0]['channel_hash'])
+			);
+
+			if(intval($r[0]['xchan_hidden']) != $hidden) {
+				$r = q("update xchan set xchan_hidden = %d where xchan_hash = '%s'",
+					intval($hidden),
+					dbesc($p[0]['channel_hash'])
+				);
+			}
+
+			$arr = [ 'channel_id' => $uid, 'hash' => $hash, 'profile' => $profile ];
+			call_hooks('local_dir_update', $arr);
+
+			$address = channel_reddress($p[0]);
+
+			if (perm_is_allowed($uid, '', 'view_profile')) {
+				self::import_directory_profile($hash, $arr['profile'], $address, 0);
+			}
+			else {
+				// they may have made it private
+				$r = q("delete from xprof where xprof_hash = '%s'",
+					dbesc($hash)
+				);
+				$r = q("delete from xtag where xtag_hash = '%s'",
+					dbesc($hash)
+				);
+			}
+	
+		}
+
+		$ud_hash = random_string() . '@' . \App::get_hostname();
+		self::update_modtime($hash, $ud_hash, channel_reddress($p[0]),(($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
+	}
+
+
+
+	/**
+	 * @brief Imports a directory profile.
+	 *
+	 * @param string $hash
+	 * @param array $profile
+	 * @param string $addr
+	 * @param number $ud_flags (optional) UPDATE_FLAGS_UPDATED
+	 * @param number $suppress_update (optional) default 0
+	 * @return boolean $updated if something changed
+	 */
+
+	static function import_directory_profile($hash, $profile, $addr, $ud_flags = UPDATE_FLAGS_UPDATED, $suppress_update = 0) {
+
+		logger('import_directory_profile', LOGGER_DEBUG);
+		if (! $hash)
+			return false;
+
+		$arr = array();
+
+		$arr['xprof_hash']         = $hash;
+		$arr['xprof_dob']          = (($profile['birthday'] === '0000-00-00') ? $profile['birthday'] : datetime_convert('','',$profile['birthday'],'Y-m-d')); // !!!! check this for 0000 year
+		$arr['xprof_age']          = (($profile['age'])         ? intval($profile['age']) : 0);
+		$arr['xprof_desc']         = (($profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : '');	
+		$arr['xprof_gender']       = (($profile['gender'])      ? htmlspecialchars($profile['gender'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_marital']      = (($profile['marital'])     ? htmlspecialchars($profile['marital'],     ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_sexual']       = (($profile['sexual'])      ? htmlspecialchars($profile['sexual'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_locale']       = (($profile['locale'])      ? htmlspecialchars($profile['locale'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_region']       = (($profile['region'])      ? htmlspecialchars($profile['region'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_postcode']     = (($profile['postcode'])    ? htmlspecialchars($profile['postcode'],    ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_country']      = (($profile['country'])     ? htmlspecialchars($profile['country'],     ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_about']        = (($profile['about'])       ? htmlspecialchars($profile['about'],       ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_homepage']     = (($profile['homepage'])    ? htmlspecialchars($profile['homepage'],    ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_hometown']     = (($profile['hometown'])    ? htmlspecialchars($profile['hometown'],    ENT_COMPAT,'UTF-8',false) : '');
+
+		$clean = array();
+		if (array_key_exists('keywords', $profile) and is_array($profile['keywords'])) {
+			self::import_directory_keywords($hash,$profile['keywords']);
+			foreach ($profile['keywords'] as $kw) {
+				$kw = trim(htmlspecialchars($kw,ENT_COMPAT, 'UTF-8', false));
+				$kw = trim($kw, ',');
+				$clean[] = $kw;
+			}
+		}
+
+		$arr['xprof_keywords'] = implode(' ',$clean);
+
+		// Self censored, make it so
+		// These are not translated, so the German "erwachsenen" keyword will not censor the directory profile. Only the English form - "adult".
+
+
+		if(in_arrayi('nsfw',$clean) || in_arrayi('adult',$clean)) {
+			q("update xchan set xchan_selfcensored = 1 where xchan_hash = '%s'",
+				dbesc($hash)
+			);
+		}
+
+		$r = q("select * from xprof where xprof_hash = '%s' limit 1",
+			dbesc($hash)
+		);
+
+		if ($arr['xprof_age'] > 150)
+			$arr['xprof_age'] = 150;
+		if ($arr['xprof_age'] < 0)
+			$arr['xprof_age'] = 0;
+
+		if ($r) {
+			$update = false;
+			foreach ($r[0] as $k => $v) {
+				if ((array_key_exists($k,$arr)) && ($arr[$k] != $v)) {
+					logger('import_directory_profile: update ' . $k . ' => ' . $arr[$k]);
+					$update = true;
+					break;
+				}
+			}
+			if ($update) {
+				q("update xprof set
+					xprof_desc = '%s',
+					xprof_dob = '%s',
+					xprof_age = %d,
+					xprof_gender = '%s',
+					xprof_marital = '%s',
+					xprof_sexual = '%s',
+					xprof_locale = '%s',
+					xprof_region = '%s',
+					xprof_postcode = '%s',
+					xprof_country = '%s',
+					xprof_about = '%s',
+					xprof_homepage = '%s',
+					xprof_hometown = '%s',
+					xprof_keywords = '%s'
+					where xprof_hash = '%s'",
+					dbesc($arr['xprof_desc']),
+					dbesc($arr['xprof_dob']),
+					intval($arr['xprof_age']),
+					dbesc($arr['xprof_gender']),
+					dbesc($arr['xprof_marital']),
+					dbesc($arr['xprof_sexual']),
+					dbesc($arr['xprof_locale']),
+					dbesc($arr['xprof_region']),
+					dbesc($arr['xprof_postcode']),
+					dbesc($arr['xprof_country']),
+					dbesc($arr['xprof_about']),
+					dbesc($arr['xprof_homepage']),
+					dbesc($arr['xprof_hometown']),
+					dbesc($arr['xprof_keywords']),
+					dbesc($arr['xprof_hash'])
+				);
+			}
+		} else {
+			$update = true;
+			logger('New profile');
+			q("insert into xprof (xprof_hash, xprof_desc, xprof_dob, xprof_age, xprof_gender, xprof_marital, xprof_sexual, xprof_locale, xprof_region, xprof_postcode, xprof_country, xprof_about, xprof_homepage, xprof_hometown, xprof_keywords) values ('%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
+				dbesc($arr['xprof_hash']),
+				dbesc($arr['xprof_desc']),
+				dbesc($arr['xprof_dob']),
+				intval($arr['xprof_age']),
+				dbesc($arr['xprof_gender']),
+				dbesc($arr['xprof_marital']),
+				dbesc($arr['xprof_sexual']),
+				dbesc($arr['xprof_locale']),
+				dbesc($arr['xprof_region']),
+				dbesc($arr['xprof_postcode']),
+				dbesc($arr['xprof_country']),
+				dbesc($arr['xprof_about']),
+				dbesc($arr['xprof_homepage']),
+				dbesc($arr['xprof_hometown']),
+				dbesc($arr['xprof_keywords'])
+			);
+		}
+
+		$d = [
+			'xprof' => $arr,
+			'profile' => $profile,
+			'update' => $update
+		];
+		/**
+		 * @hooks import_directory_profile
+		 *   Called when processing delivery of a profile structure from an external source (usually for directory storage).
+		 *   * \e array \b xprof
+		 *   * \e array \b profile
+		 *   * \e boolean \b update
+		 */
+		call_hooks('import_directory_profile', $d);
+
+		if (($d['update']) && (! $suppress_update))
+			self::update_modtime($arr['xprof_hash'],random_string() . '@' . \App::get_hostname(), $addr, $ud_flags);
+
+		return $d['update'];
+	}
+
+	/**
+	 * @brief
+	 *
+	 * @param string $hash An xtag_hash
+	 * @param array $keywords
+	 */
+
+	static function import_directory_keywords($hash, $keywords) {
+
+		$existing = array();
+		$r = q("select * from xtag where xtag_hash = '%s' and xtag_flags = 0",
+			dbesc($hash)
+		);
+
+		if($r) {
+			foreach($r as $rr)
+				$existing[] = $rr['xtag_term'];
+		}
+
+		$clean = array();
+		foreach($keywords as $kw) {
+			$kw = trim(htmlspecialchars($kw,ENT_COMPAT, 'UTF-8', false));
+			$kw = trim($kw, ',');
+			$clean[] = $kw;
+		}
+
+		foreach($existing as $x) {
+			if(! in_array($x, $clean))
+				$r = q("delete from xtag where xtag_hash = '%s' and xtag_term = '%s' and xtag_flags = 0",
+					dbesc($hash),
+					dbesc($x)
+				);
+		}
+		foreach($clean as $x) {
+			if(! in_array($x, $existing)) {
+				$r = q("insert into xtag ( xtag_hash, xtag_term, xtag_flags) values ( '%s' ,'%s', 0 )",
+					dbesc($hash),
+					dbesc($x)
+				);
+			}
+		}
+	}
+
+
+	/**
+	 * @brief
+	 *
+	 * @param string $hash
+	 * @param string $guid
+	 * @param string $addr
+	 * @param int $flags (optional) default 0
+	 */
+
+	static function update_modtime($hash, $guid, $addr, $flags = 0) {
+
+		$dirmode = intval(get_config('system', 'directory_mode'));
+
+		if($dirmode == DIRECTORY_MODE_NORMAL)
+			return;
+
+		if($flags) {
+			q("insert into updates (ud_hash, ud_guid, ud_date, ud_flags, ud_addr ) values ( '%s', '%s', '%s', %d, '%s' )",
+				dbesc($hash),
+				dbesc($guid),
+				dbesc(datetime_convert()),
+				intval($flags),
+				dbesc($addr)
+			);	
+		}
+		else {
+			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ",
+				intval(UPDATE_FLAGS_UPDATED),
+				dbesc($addr),
+				intval(UPDATE_FLAGS_UPDATED)
+			);
+		}
+	}
+
+
+
+
+
+
+}
\ No newline at end of file
diff --git a/Zotlabs/Lib/Queue.php b/Zotlabs/Lib/Queue.php
new file mode 100644
index 000000000..baa1da70d
--- /dev/null
+++ b/Zotlabs/Lib/Queue.php
@@ -0,0 +1,278 @@
+ $base,
+						'site_update' => datetime_convert(),
+						'site_dead'   => 0,
+						'site_type'   => intval(($outq['outq_driver'] === 'post') ? SITE_TYPE_NOTZOT : SITE_TYPE_UNKNOWN),
+						'site_crypto' => ''
+					]
+				);
+			}
+		}
+
+		$arr = array('outq' => $outq, 'base' => $base, 'handled' => false, 'immediate' => $immediate);
+		call_hooks('queue_deliver',$arr);
+		if($arr['handled'])
+			return;
+
+		// "post" queue driver - used for diaspora and friendica-over-diaspora communications.
+
+		if($outq['outq_driver'] === 'post') {
+			$result = z_post_url($outq['outq_posturl'],$outq['outq_msg']);
+			if($result['success'] && $result['return_code'] < 300) {
+				logger('deliver: queue post success to ' . $outq['outq_posturl'], LOGGER_DEBUG);
+				if($base) {
+					q("update site set site_update = '%s', site_dead = 0 where site_url = '%s' ",
+						dbesc(datetime_convert()),
+						dbesc($base)
+					);
+				}
+				q("update dreport set dreport_result = '%s', dreport_time = '%s' where dreport_queue = '%s'",
+					dbesc('accepted for delivery'),
+					dbesc(datetime_convert()),
+					dbesc($outq['outq_hash'])
+				);
+				self::remove($outq['outq_hash']);
+
+				// server is responding - see if anything else is going to this destination and is piled up 
+				// and try to send some more. We're relying on the fact that do_delivery() results in an 
+				// immediate delivery otherwise we could get into a queue loop. 
+
+				if(! $immediate) {
+					$x = q("select outq_hash from outq where outq_posturl = '%s' and outq_delivered = 0",
+						dbesc($outq['outq_posturl'])
+					);
+	
+					$piled_up = array();
+					if($x) {
+						foreach($x as $xx) {
+							 $piled_up[] = $xx['outq_hash'];
+						}
+					}
+					if($piled_up) {
+						// call do_delivery() with the force flag
+						do_delivery($piled_up, true);
+					}
+				}
+			}
+			else {
+				logger('deliver: queue post returned ' . $result['return_code'] 
+					. ' from ' . $outq['outq_posturl'],LOGGER_DEBUG);
+					self::update($outq['outq_hash'],10);
+			}
+			return;
+		}
+
+		// normal zot delivery
+
+		logger('deliver: dest: ' . $outq['outq_posturl'], LOGGER_DEBUG);
+
+
+		if($outq['outq_posturl'] === z_root() . '/zot') {
+			// local delivery
+			$zot = new \Zotlabs\Zot6\Receiver(new \Zotlabs\Zot6\Zot6Handler(),$outq['outq_notify']);
+			$result = $zot->run(true);
+			logger('returned_json: ' . json_encode($result,JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES), LOGGER_DATA);
+			logger('deliver: local zot delivery succeeded to ' . $outq['outq_posturl']);
+			Libzot::process_response($outq['outq_posturl'],[ 'success' => true, 'body' => json_encode($result) ], $outq);
+		}
+		else {
+			logger('remote');
+			$channel = null;
+
+			if($outq['outq_channel']) {
+				$channel = channelx_by_n($outq['outq_channel']);
+			}
+
+			$host_crypto = null;
+
+			if($channel && $base) {
+				$h = q("select hubloc_sitekey, site_crypto from hubloc left join site on hubloc_url = site_url where site_url = '%s' order by hubloc_id desc limit 1",
+					dbesc($base)
+				);
+				if($h) {
+					$host_crypto = $h[0];
+				}
+			}
+
+			$msg = $outq['outq_notify'];
+
+			$result = Libzot::zot($outq['outq_posturl'],$msg,$channel,$host_crypto);
+
+			if($result['success']) {
+				logger('deliver: remote zot delivery succeeded to ' . $outq['outq_posturl']);
+				Libzot::process_response($outq['outq_posturl'],$result, $outq);
+			}
+			else {
+				logger('deliver: remote zot delivery failed to ' . $outq['outq_posturl']);
+				logger('deliver: remote zot delivery fail data: ' . print_r($result,true), LOGGER_DATA);
+				self::update($outq['outq_hash'],10);
+			}
+		}
+		return;
+	}
+}
+
diff --git a/Zotlabs/Lib/Webfinger.php b/Zotlabs/Lib/Webfinger.php
new file mode 100644
index 000000000..c2364ac4d
--- /dev/null
+++ b/Zotlabs/Lib/Webfinger.php
@@ -0,0 +1,109 @@
+ [ 'Accept: application/jrd+json, */*' ] ]);
+
+		if($s['success']) {
+			$j = json_decode($s['body'], true);
+			return($j);
+		}
+
+		return false;
+	}
+
+	static function parse_resource($resource) {
+
+		self::$resource = urlencode($resource);
+
+		if(strpos($resource,'http') === 0) {
+			$m = parse_url($resource);
+			if($m) {
+				if($m['scheme'] !== 'https') {
+					return false;
+				}
+				self::$server = $m['host'] . (($m['port']) ? ':' . $m['port'] : '');
+			}
+			else {
+				return false;
+			}
+		}
+		elseif(strpos($resource,'tag:') === 0) {
+			$arr = explode(':',$resource); // split the tag
+			$h = explode(',',$arr[1]); // split the host,date
+			self::$server = $h[0];
+		}
+		else {
+			$x = explode('@',$resource);
+			$username = $x[0];
+			if(count($x) > 1) {
+				self::$server = $x[1];
+			}
+			else {
+				return false;
+			}
+			if(strpos($resource,'acct:') !== 0) {
+				self::$resource = urlencode('acct:' . $resource);
+			}
+		}
+
+	}
+
+	/**
+	 * @brief fetch a webfinger resource and return a zot6 discovery url if present
+	 *
+	 */ 
+
+	static function zot_url($resource) {
+
+		$arr = self::exec($resource);
+
+		if(is_array($arr) && array_key_exists('links',$arr)) {
+			foreach($arr['links'] as $link) {
+				if(array_key_exists('rel',$link) && $link['rel'] === PROTOCOL_ZOT6) {
+					if(array_key_exists('href',$link) && $link['href'] !== EMPTY_STR) {
+						return $link['href'];
+					}
+				}
+			}
+		}
+		return false;
+	}
+
+
+
+}
\ No newline at end of file
diff --git a/Zotlabs/Lib/Zotfinger.php b/Zotlabs/Lib/Zotfinger.php
new file mode 100644
index 000000000..537e440d4
--- /dev/null
+++ b/Zotlabs/Lib/Zotfinger.php
@@ -0,0 +1,50 @@
+ 'application/x-zot+json', 
+				'X-Zot-Token' => random_string(),
+			];
+			$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel),false);
+		}
+		else {
+			$h = [ 'Accept: application/x-zot+json' ]; 
+		}
+				
+		$result = [];
+
+
+		$redirects = 0;
+		$x = z_fetch_url($resource,false,$redirects, [ 'headers' => $h  ] );
+
+		if($x['success']) {
+			
+			$result['signature'] = HTTPSig::verify($x);
+    
+			$result['data'] = json_decode($x['body'],true);
+
+			if($result['data'] && is_array($result['data']) && array_key_exists('encrypted',$result['data']) && $result['data']['encrypted']) {
+				$result['data'] = json_decode(crypto_unencapsulate($result['data'],get_config('system','prvkey')),true);
+			}
+
+			return $result;
+		}
+
+		return false;
+	}
+
+
+
+}
\ No newline at end of file
diff --git a/Zotlabs/Module/Zot.php b/Zotlabs/Module/Zot.php
new file mode 100644
index 000000000..8c34dced1
--- /dev/null
+++ b/Zotlabs/Module/Zot.php
@@ -0,0 +1,25 @@
+run(),'application/x-zot+jzon');
+	}
+
+}
diff --git a/Zotlabs/Zot6/Finger.php b/Zotlabs/Zot6/Finger.php
new file mode 100644
index 000000000..f1fe41352
--- /dev/null
+++ b/Zotlabs/Zot6/Finger.php
@@ -0,0 +1,146 @@
+ true) or array('success' => false);
+	 */
+
+	static public function run($webbie, $channel = null, $autofallback = true) {
+
+		$ret = array('success' => false);
+
+		self::$token = random_string();
+
+		if (strpos($webbie, '@') === false) {
+			$address = $webbie;
+			$host = \App::get_hostname();
+		} else {
+			$address = substr($webbie,0,strpos($webbie,'@'));
+			$host = substr($webbie,strpos($webbie,'@')+1);
+			if(strpos($host,'/'))
+				$host = substr($host,0,strpos($host,'/'));
+		}
+
+		$xchan_addr = $address . '@' . $host;
+
+		if ((! $address) || (! $xchan_addr)) {
+			logger('zot_finger: no address :' . $webbie);
+
+			return $ret;
+		}
+
+		logger('using xchan_addr: ' . $xchan_addr, LOGGER_DATA, LOG_DEBUG);
+
+		// potential issue here; the xchan_addr points to the primary hub.
+		// The webbie we were called with may not, so it might not be found
+		// unless we query for hubloc_addr instead of xchan_addr
+
+		$r = q("select xchan.*, hubloc.* from xchan
+			left join hubloc on xchan_hash = hubloc_hash
+			where xchan_addr = '%s' and hubloc_primary = 1 limit 1",
+			dbesc($xchan_addr)
+		);
+
+		if($r) {
+			$url = $r[0]['hubloc_url'];
+
+			if($r[0]['hubloc_network'] && $r[0]['hubloc_network'] !== 'zot') {
+				logger('zot_finger: alternate network: ' . $webbie);
+				logger('url: ' . $url . ', net: ' . var_export($r[0]['hubloc_network'],true), LOGGER_DATA, LOG_DEBUG);
+				return $ret;
+			}
+		} else {
+			$url = 'https://' . $host;
+		}
+
+		$rhs = '/.well-known/zot-info';
+		$https = ((strpos($url,'https://') === 0) ? true : false);
+
+		logger('zot_finger: ' . $address . ' at ' . $url, LOGGER_DEBUG);
+
+		if ($channel) {
+			$postvars = array(
+				'address'    => $address,
+				'target'     => $channel['channel_guid'],
+				'target_sig' => $channel['channel_guid_sig'],
+				'key'        => $channel['channel_pubkey'],
+				'token'      => self::$token
+			);
+
+			$headers = [];
+			$headers['X-Zot-Channel'] = $channel['channel_address'] . '@' . \App::get_hostname();
+			$headers['X-Zot-Nonce']   = random_string();
+			$xhead = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],
+				'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false);
+
+			$retries = 0;
+
+			$result = z_post_url($url . $rhs,$postvars,$retries, [ 'headers' => $xhead ]);
+
+			if ((! $result['success']) && ($autofallback)) {
+				if ($https) {
+					logger('zot_finger: https failed. falling back to http');
+					$result = z_post_url('http://' . $host . $rhs,$postvars, $retries, [ 'headers' => $xhead ]);
+				}
+			}
+		} 
+		else {
+			$rhs .= '?f=&address=' . urlencode($address) . '&token=' . self::$token;
+
+			$result = z_fetch_url($url . $rhs);
+			if((! $result['success']) && ($autofallback)) {
+				if($https) {
+					logger('zot_finger: https failed. falling back to http');
+					$result = z_fetch_url('http://' . $host . $rhs);
+				}
+			}
+		}
+
+		if(! $result['success']) {
+			logger('zot_finger: no results');
+
+			return $ret;
+		}
+
+		$x = json_decode($result['body'], true);
+
+		$verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : ''));
+
+		if($x && (! $verify['header_valid'])) {
+			$signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null);
+			if($signed_token) {
+				$valid = zot_verify('token.' . self::$token, base64url_decode($signed_token), $x['key']);
+				if(! $valid) {
+					logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_ERR);
+
+					return $ret;
+				}
+			}
+			else {
+				logger('No signed token from '  . $url . $rhs, LOGGER_NORMAL, LOG_WARNING);
+				return $ret;
+			}
+		}
+
+		return $x;
+	}
+
+}
diff --git a/Zotlabs/Zot6/IHandler.php b/Zotlabs/Zot6/IHandler.php
new file mode 100644
index 000000000..53b6caa89
--- /dev/null
+++ b/Zotlabs/Zot6/IHandler.php
@@ -0,0 +1,18 @@
+error       = false;
+		$this->validated   = false;
+		$this->messagetype = '';
+		$this->response    = [ 'success' => false ];
+		$this->handler     = $handler;
+		$this->data        = null;
+		$this->rawdata     = null;
+		$this->site_id     = null;
+		$this->prvkey      = Config::get('system','prvkey');
+
+		if($localdata) {
+			$this->rawdata = $localdata;
+		}
+		else {
+			$this->rawdata = file_get_contents('php://input');
+
+			// All access to the zot endpoint must use http signatures
+
+			if (! $this->Valid_Httpsig()) {
+				logger('signature failed');
+				$this->error = true;
+				$this->response['message'] = 'signature invalid';
+				return;
+			}
+		}
+
+		logger('received raw: ' . print_r($this->rawdata,true), LOGGER_DATA);
+
+
+		if ($this->rawdata) {
+			$this->data = json_decode($this->rawdata,true);
+		}
+		else {
+			$this->error = true;
+			$this->response['message'] = 'no data';
+		}
+
+		logger('received_json: ' . json_encode($this->data,JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES), LOGGER_DATA);
+
+		logger('received: ' . print_r($this->data,true), LOGGER_DATA);
+
+		if ($this->data && is_array($this->data)) {
+			$this->encrypted = ((array_key_exists('encrypted',$this->data) && intval($this->data['encrypted'])) ? true : false);
+
+			if ($this->encrypted && $this->prvkey) {
+				$uncrypted = crypto_unencapsulate($this->data,$this->prvkey);
+				if ($uncrypted) {
+					$this->data = json_decode($uncrypted,true);
+				}
+				else {
+					$this->error = true;
+					$this->response['message'] = 'no data';
+				}
+			}
+		}
+	}
+
+
+	function run() {
+
+		if ($this->error) {
+			// make timing attacks on the decryption engine a bit more difficult
+			usleep(mt_rand(10000,100000));
+			return($this->response); 
+		}
+
+		if ($this->data) {
+			if (array_key_exists('type',$this->data)) {
+				$this->messagetype = $this->data['type'];
+			}
+
+			if (! $this->messagetype) {
+				$this->error = true;
+				$this->response['message'] = 'no datatype';
+				return $this->response;
+			}
+
+			$this->sender     = ((array_key_exists('sender',$this->data))     ? $this->data['sender'] : null);
+			$this->recipients = ((array_key_exists('recipients',$this->data)) ? $this->data['recipients'] : null);
+			$this->site_id    = ((array_key_exists('site_id',$this->data))    ? $this->data['site_id'] : null);
+		}
+
+		if ($this->sender) {
+			$result = $this->ValidateSender();
+			if (! $result) {
+				$this->error = true;
+				return $this->response;
+			}
+		}
+
+		return $this->Dispatch();
+	}
+
+	function ValidateSender() {
+
+		$hub = Libzot::valid_hub($this->sender,$this->site_id);
+
+		if (! $hub) {
+			$x = Libzot::register_hub($this->sigdata['signer']);
+			if($x['success']) {
+				$hub = Libzot::valid_hub($this->sender,$this->site_id);
+			}	
+			if(! $hub) {
+	           	$this->response['message'] = 'sender unknown';
+				return false;
+			}
+		}
+
+		if (! check_siteallowed($hub['hubloc_url'])) {
+			$this->response['message'] = 'forbidden';
+			return false;
+		}
+
+		if (! check_channelallowed($this->sender)) {
+			$this->response['message'] = 'forbidden';
+			return false;
+		}
+
+		Libzot::update_hub_connected($hub,$this->site_id);
+
+		$this->validated = true;
+		$this->hub = $hub;
+		return true;
+    }
+
+
+	function Valid_Httpsig() {
+
+		$result = false;
+
+		$this->sigdata = HTTPSig::verify($this->rawdata);
+
+		if ($this->sigdata && $this->sigdata['header_signed'] && $this->sigdata['header_valid']) {
+			$result = true;
+
+			// It is OK to not have signed content - not all messages provide content.
+			// But if it is signed, it has to be valid
+
+			if (($this->sigdata['content_signed']) && (! $this->sigdata['content_valid'])) {
+					$result = false;
+			}
+		}
+		return $result;
+	}	
+		
+	function Dispatch() {
+
+		switch ($this->messagetype) {
+
+			case 'request':
+				$this->response = $this->handler->Request($this->data,$this->hub);
+				break;
+
+			case 'purge':
+				$this->response = $this->handler->Purge($this->sender,$this->recipients,$this->hub);
+				break;
+
+			case 'refresh':
+				$this->response = $this->handler->Refresh($this->sender,$this->recipients,$this->hub);
+				break;
+
+			case 'rekey':
+				$this->response = $this->handler->Rekey($this->sender, $this->data,$this->hub);
+				break;
+
+			case 'activity':
+			case 'response': // upstream message
+			case 'sync':
+			default:
+				$this->response = $this->handler->Notify($this->data,$this->hub);
+				break;
+
+		}
+
+		logger('response_to_return: ' . print_r($this->response,true),LOGGER_DATA);
+
+		if ($this->encrypted) {
+			$this->EncryptResponse();
+		}
+
+		return($this->response); 
+	}
+
+	function EncryptResponse() {
+		$algorithm = Libzot::best_algorithm($this->hub['site_crypto']);
+		if ($algorithm) {
+			$this->response = crypto_encapsulate(json_encode($this->response),$this->hub['hubloc_sitekey'], $algorithm);
+		}
+	}
+
+}
+
+
+
diff --git a/Zotlabs/Zot6/Zot6Handler.php b/Zotlabs/Zot6/Zot6Handler.php
new file mode 100644
index 000000000..5597921cc
--- /dev/null
+++ b/Zotlabs/Zot6/Zot6Handler.php
@@ -0,0 +1,266 @@
+ false ];
+
+		logger('notify received from ' . $hub['hubloc_url']);
+
+		$x = Libzot::fetch($data);
+		$ret['delivery_report'] = $x;
+	
+
+		$ret['success'] = true;
+		return $ret;
+	}
+
+
+
+	/**
+	 * @brief Remote channel info (such as permissions or photo or something)
+	 * has been updated. Grab a fresh copy and sync it.
+	 *
+	 * The difference between refresh and force_refresh is that force_refresh
+	 * unconditionally creates a directory update record, even if no changes were
+	 * detected upon processing.
+	 *
+	 * @param array $sender
+	 * @param array $recipients
+	 *
+	 * @return json_return_and_die()
+	 */
+
+	static function reply_refresh($sender, $recipients,$hub) {
+		$ret = array('success' => false);
+
+		if($recipients) {
+
+			// This would be a permissions update, typically for one connection
+
+			foreach ($recipients as $recip) {
+				$r = q("select channel.*,xchan.* from channel
+					left join xchan on channel_hash = xchan_hash
+					where channel_hash ='%s' limit 1",
+					dbesc($recip)
+				);
+
+				$x = Libzot::refresh( [ 'hubloc_id_url' => $hub['hubloc_id_url'] ], $r[0], (($msgtype === 'force_refresh') ? true : false));
+			}
+		}
+		else {
+			// system wide refresh
+
+			$x = Libzot::refresh( [ 'hubloc_id_url' => $hub['hubloc_id_url'] ], null, (($msgtype === 'force_refresh') ? true : false));
+		}
+
+		$ret['success'] = true;
+		return $ret;
+	}
+
+
+
+	/**
+	 * @brief Process a message request.
+	 *
+	 * If a site receives a comment to a post but finds they have no parent to attach it with, they
+	 * may send a 'request' packet containing the message_id of the missing parent. This is the handler
+	 * for that packet. We will create a message_list array of the entire conversation starting with
+	 * the missing parent and invoke delivery to the sender of the packet.
+	 *
+	 * Zotlabs/Daemon/Deliver.php (for local delivery) and 
+	 * mod/post.php???? @fixme (for web delivery) detect the existence of
+	 * this 'message_list' at the destination and split it into individual messages which are
+	 * processed/delivered in order.
+	 *
+	 *
+	 * @param array $data
+	 * @return array
+	 */
+	
+	static function reply_message_request($data,$hub) {
+		$ret = [ 'success' => false ];
+
+		$message_id = EMPTY_STR;
+
+		if(array_key_exists('data',$data))
+		$ptr = $data['data'];
+		if(is_array($ptr) && array_key_exists(0,$ptr)) {
+			$ptr = $ptr[0];
+		}
+		if(is_string($ptr)) {
+			$message_id = $ptr;
+		}
+		if(is_array($ptr) && array_key_exists('id',$ptr)) {
+			$message_id = $ptr['id'];
+		}
+
+		if (! $message_id) {
+			$ret['message'] = 'no message_id';
+			logger('no message_id');
+			return $ret;
+		}
+
+		$sender = $hub['hubloc_hash'];
+
+		/*
+		 * Find the local channel in charge of this post (the first and only recipient of the request packet)
+		 */
+
+		$arr = $data['recipients'][0];
+
+		$c = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_hash = '%s' limit 1",
+			dbesc($arr['portable_id'])
+		);
+		if (! $c) {
+			logger('recipient channel not found.');
+			$ret['message'] .= 'recipient not found.' . EOL;
+			return $ret;
+		}
+
+		/*
+		 * fetch the requested conversation
+		 */
+
+		$messages = zot_feed($c[0]['channel_id'],$sender_hash, [ 'message_id' => $data['message_id'], 'encoding' => 'activitystreams' ]);
+
+		return (($messages) ? : [] );
+
+	}
+
+	static function rekey_request($sender,$data,$hub) {
+
+		$ret = array('success' => false);
+
+		//	newsig is newkey signed with oldkey
+
+		// The original xchan will remain. In Zot/Receiver we will have imported the new xchan and hubloc to verify
+		// the packet authenticity. What we will do now is verify that the keychange operation was signed by the
+		// oldkey, and if so change all the abook, abconfig, group, and permission elements which reference the
+		// old xchan_hash.
+
+		if((! $data['old_key']) && (! $data['new_key']) && (! $data['new_sig']))
+			return $ret;
+
+
+		$old = null;
+
+		if(Libzot::verify($data['old_guid'],$data['old_guid_sig'],$data['old_key'])) {
+			$oldhash = make_xchan_hash($data['old_guid'],$data['old_key']);
+			$old = q("select * from xchan where xchan_hash = '%s' limit 1",
+				dbesc($oldhash)
+			);
+		}
+		else 
+			return $ret;
+
+
+		if(! $old) {
+			return $ret;
+		}
+
+		$xchan = $old[0];
+
+		if(! Libzot::verify($data['new_key'],$data['new_sig'],$xchan['xchan_pubkey'])) {
+			return $ret;
+		}
+
+		$r = q("select * from xchan where xchan_hash = '%s' limit 1",
+			dbesc($sender)
+		);
+
+		$newxchan = $r[0];
+
+		// @todo
+		// if ! $update create a linked identity
+
+
+		xchan_change_key($xchan,$newxchan,$data);
+
+		$ret['success'] = true;
+		return $ret;
+	}
+
+
+	/**
+	 * @brief
+	 *
+	 * @param array $sender
+	 * @param array $recipients
+	 *
+	 * return json_return_and_die()
+	 */
+
+	static function reply_purge($sender, $recipients, $hub) {
+
+		$ret = array('success' => false);
+
+		if ($recipients) {
+			// basically this means "unfriend"
+			foreach ($recipients as $recip) {
+				$r = q("select channel.*,xchan.* from channel
+					left join xchan on channel_hash = xchan_hash
+					where channel_hash = '%s' and channel_guid_sig = '%s' limit 1",
+					dbesc($recip)
+				);
+				if ($r) {
+					$r = q("select abook_id from abook where uid = %d and abook_xchan = '%s' limit 1",
+						intval($r[0]['channel_id']),
+						dbesc($sender)
+					);
+					if ($r) {
+						contact_remove($r[0]['channel_id'],$r[0]['abook_id']);
+					}
+				}
+			}
+			$ret['success'] = true;
+		}
+		else {
+
+			// Unfriend everybody - basically this means the channel has committed suicide
+
+			remove_all_xchan_resources($sender);
+
+			$ret['success'] = true;
+		}
+
+		return $ret;
+	}
+
+
+
+
+
+
+}
-- 
cgit v1.2.3