Package: openvpn
Version: 2.4.7-1
Severity: normal

Dear Maintainer,

openvpn does not re-read CRLs on client connect in "capath" mode (that is,
a directory containing trusted CA certificates and CRLs).

I have a two-level CA setup (one root CA and one intermediate CA that emits
both server and client certificates). Please find attached the test
certificates I have used.


Here is my server config:

----------------------------------------------------------------

# daemon openvpn-server-client
user nobody
group nogroup

proto udp

key /etc/openvpn/server.key
cert /etc/openvpn/server.pem
capath /etc/openvpn/ca-certs
remote-cert-tls client
duplicate-cn
dh /etc/openvpn/dh2048.pem
cipher AES-256-CBC

float
lport 1194

dev tun
server 192.0.2.0 255.255.255.0
comp-lzo
passtos

keepalive 5 20
ping-timer-rem
persist-tun
persist-key

----------------------------------------------------------------


My client config (I guess it does not matter, but anyway):

----------------------------------------------------------------

# daemon openvpn-client-server
user nobody
group nogroup

proto udp

key /etc/openvpn/client.key
cert /etc/openvpn/client.pem
ca /etc/openvpn/ca-certs/ca-test-root.pem
verify-x509-name "example.com" name
remote-cert-tls server
cipher AES-256-CBC

remote localhost
resolv-retry 30
float
rport 1194
nobind

dev tun
client
comp-lzo
passtos

keepalive 5 20
ping-timer-rem
persist-tun
persist-key

----------------------------------------------------------------


I start the openvpn server with strace:

# strace -o /tmp/openvpn.strace openvpn --config config.server-client


... and watch openvpn accessing the capath directory in strace's log on another 
console:

# tail -f /tmp/openvpn.strace | grep -F "/etc/openvpn/ca-certs"

* first client connects *

stat("/etc/openvpn/ca-certs/b60149e5.0", {st_mode=S_IFREG|0644, st_size=7339, 
...}) = 0
openat(AT_FDCWD, "/etc/openvpn/ca-certs/b60149e5.0", O_RDONLY) = 5
stat("/etc/openvpn/ca-certs/b60149e5.1", 0x7ffd789d74c0) = -1 ENOENT (No such 
file or directory)
stat("/etc/openvpn/ca-certs/7f67f311.0", {st_mode=S_IFREG|0644, st_size=1870, 
...}) = 0
openat(AT_FDCWD, "/etc/openvpn/ca-certs/7f67f311.0", O_RDONLY) = 5
stat("/etc/openvpn/ca-certs/7f67f311.1", 0x7ffd789d74c0) = -1 ENOENT (No such 
file or directory)
stat("/etc/openvpn/ca-certs/b60149e5.r0", {st_mode=S_IFREG|0644, st_size=1003, 
...}) = 0
openat(AT_FDCWD, "/etc/openvpn/ca-certs/b60149e5.r0", O_RDONLY) = 5
stat("/etc/openvpn/ca-certs/b60149e5.r1", 0x7ffd789d7430) = -1 ENOENT (No such 
file or directory)
stat("/etc/openvpn/ca-certs/7f67f311.r0", {st_mode=S_IFREG|0644, st_size=991, 
...}) = 0
openat(AT_FDCWD, "/etc/openvpn/ca-certs/7f67f311.r0", O_RDONLY) = 5
stat("/etc/openvpn/ca-certs/7f67f311.r1", 0x7ffd789d7430) = -1 ENOENT (No such 
file or directory)
stat("/etc/openvpn/ca-certs/7f67f311.r1", 0x7ffd789d7430) = -1 ENOENT (No such 
file or directory)

* next client connects *

stat("/etc/openvpn/ca-certs/b60149e5.r1", 0x7ffd789d7430) = -1 ENOENT (No such 
file or directory)
stat("/etc/openvpn/ca-certs/7f67f311.r1", 0x7ffd789d7430) = -1 ENOENT (No such 
file or directory)
stat("/etc/openvpn/ca-certs/7f67f311.r1", 0x7ffd789d7430) = -1 ENOENT (No such 
file or directory)

* another client connects *

stat("/etc/openvpn/ca-certs/b60149e5.r1", 0x7ffd789d7430) = -1 ENOENT (No such 
file or directory)
stat("/etc/openvpn/ca-certs/7f67f311.r1", 0x7ffd789d7430) = -1 ENOENT (No such 
file or directory)
stat("/etc/openvpn/ca-certs/7f67f311.r1", 0x7ffd789d7430) = -1 ENOENT (No such 
file or directory)

(7f67f311 is the root CA, b60149e5 is the intermediate CA)

----------------------------------------------------------------


strace log shows that CRLs are read only when the first client connects.
When the next client connects, CRLs are attempted to access only using a wrong
filename ("*.r1" instead of "*.r0"), and open obviously fails.

This is a security problem if I later revoke a certificate, upload the new CRL,
but it does not have effect.

Please feel free to contact me if you need any further information.

--
Regards,
Zsolt



-- System Information:
Debian Release: 10.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'oldstable-updates'), (500, 
'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.196 (SMP w/4 CPU cores)
Locale: LANG=en_US.ISO-8859-2, LC_CTYPE=en_US.ISO-8859-2 (charmap=ISO-8859-2), 
LANGUAGE=en_US.ISO-8859-2 (charmap=ISO-8859-2
Shell: /bin/sh linked to /usr/bin/dash
Init: none (chroot environment)

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  iproute2               4.20.0-2
ii  libc6                  2.28-10
ii  liblz4-1               1.8.3-1
ii  liblzo2-2              2.10-0.1
ii  libpam0g               1.3.1-5
ii  libpkcs11-helper1      1.25.1-1
ii  libssl1.1              1.1.1d-0+deb10u1
ii  libsystemd0            241-7~deb10u1
ii  lsb-base               10.2019051400

Versions of packages openvpn recommends:
pn  easy-rsa  <none>

Versions of packages openvpn suggests:
ii  openssl                   1.1.1d-0+deb10u1
pn  openvpn-systemd-resolved  <none>
pn  resolvconf                <none>

-- debconf information:
  openvpn/create_tun: false
-----BEGIN CERTIFICATE-----
MIIFOTCCAyGgAwIBAgIJAKQ7dTrNqec0MA0GCSqGSIb3DQEBCwUAMDkxCzAJBgNV
BAYTAkhVMRMwEQYDVQQKDApUZXN0LCBJbmMuMRUwEwYDVQQDDAxUZXN0IFJvb3Qg
Q0EwIBcNMTkxMDA0MTUwMDAwWhgPMjExOTEwMDQxNTAwMDBaMDkxCzAJBgNVBAYT
AkhVMRMwEQYDVQQKDApUZXN0LCBJbmMuMRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0Ew
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjWjoIjKMVQ3EOc1f2p3Kd
w6G7D6rHMO/D7wpsDvf7QpYbYij/XW6tDU1UgzpXZRi21D+OENs2JgIuBORdMiMi
HF5RHfcankNB/70w2jurKbbUUX/TIttRJi1ma/j03hpuHsIp9zUpku5b9XlEF1KF
Idqrf5XO9aa3lBPI5ZzCNJqToWa2519JIRfO0m4y09RkeIRazCH4VFtRSiuv4dAM
7k+yCKVk8jzV7NModKHIpPD9DggJLYwij2i1he8h8U8ECXGNI/x3mmpFUmlTWPhU
qmmatpBmIChks6HYxLfibi64UAvDKnLAgSc6j0WZjAiGrLJNh02mzcZnXcD9oJGC
9vnx/RZroaChbQ64BjmAH4uKaob3gYyJpGtdVHwybT8hPxlPLdmu2WD0T0F2+s/o
alMXcM9o1UCmFw5jI2++wIDN0Ayf4xgD6aOKeMI9wrMD9eQH+cvV0lfG+OAJbSZv
8H8LfjZedrITDRxtPSvZ9WC0ftPSwapwDhaEI+VDUkYcAQEqEGLVtHoD3tjU62Bf
tS4hLBKM0AdLiHo9HaJ4JVHXmh497z5WGCR1sIa7hMqtWFkZeVZZQlqow2hIlDIR
bsWPtzSXNuRrZOtNcLj83t9wmWHItg7HGUrB5G43MUf4dP4V05weqJB87TEV9WTM
bzbNey7J5joNUnfwtXQ+ywIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
DwEB/wQEAwIBhjAdBgNVHQ4EFgQU1tNL+8Ew6w6agDFiIhZofM2wW8cwDQYJKoZI
hvcNAQELBQADggIBAFEMTdXeF3sm4D73D293qg6KoeIxM3MHUCiofArMMldQPVyf
ewXOMaYUbdJrf6QiG6F/Ow0Qja/luOgmXBh6003wbIU9MRkZzBUPCAR/B9B8/yHY
Krn9o7zXquh10tE050VZ3vJ3uf6mmAFgGeISAckN2zRJcQ4HC2xV9PBT4HB0afav
WcC9ltqFSQF2SETJVuy0sq7fFxJ4F+kxeQ0ibaT/RdbDIzOzWpfRw1ToOUsUz8A1
CV01VxfHecBo/fgcikmimZElo96pw7C6SgCfFM/tl+voNZoe3qE2gtMJAjyM8MaH
MzYrygKHh/Ovs7Dt+XV97xMjJDpr8uQ4ux2sFLRn8MvemTvw4eHCL1W9AanNnP45
dJTljUkUYkUDRt1Kj+wPRr8ac1mYOl/wU5dbzyePmMGUdJKYekXMfTbRp7b9099t
TkuGDuD38sAmxs/fXG6MECTU5hLbhGrGomVC0AGmAqPQiQB1VJK5lYX8t3YkScBg
owspiRozO84m02Ereq+7wkuZN3S+QgrKQPQNqwDo0Vjc5ckadlGYO+JsWln0sKmJ
HS/QyKsJHQ0Jkp9A0USPVbb/saelVBhgYiiRgHMN3fm0S9H7o1MXuSqCfcdZjisr
gTIafbp/uKPqwx47hk91zAXOr94B01N+6i6/NrEtcvhyXJU2PCJ3LRH3/ARX
-----END CERTIFICATE-----
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=HU, O=Test, Inc., CN=Test Root CA
        Validity
            Not Before: Oct  4 15:00:00 2019 GMT
            Not After : Oct  4 15:00:00 2039 GMT
        Subject: C=HU, O=Test, Inc., CN=Test Intermediate CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:d9:38:d2:10:b2:c1:0a:67:d1:14:c0:dd:d3:da:
                    f7:c1:98:b6:9f:06:1c:a2:13:c6:6b:11:d7:ff:55:
                    16:24:15:44:63:e3:e7:b2:97:f4:75:d8:49:0e:cc:
                    5a:83:1a:73:63:f6:73:b2:90:59:22:92:2d:a0:61:
                    b4:69:71:65:e8:06:c6:d0:b9:94:2c:d8:d8:8c:e9:
                    f0:38:48:34:da:12:62:4b:f1:29:d8:20:07:9e:af:
                    ee:be:a0:89:bf:e3:64:12:cc:c1:60:b0:f2:cb:c3:
                    32:67:62:b0:99:04:d1:2f:58:61:b0:b1:8f:9f:f3:
                    0f:14:cf:4e:a3:3a:e0:7f:30:2e:a8:72:17:02:a4:
                    23:e6:44:0e:91:13:ca:a3:4d:d5:ae:51:92:8e:87:
                    f1:c0:84:00:fb:01:7a:f1:9f:19:4e:e5:c0:3f:21:
                    e8:05:31:59:d8:a5:d2:84:62:51:25:cb:c6:db:7a:
                    8c:f9:57:f3:06:ad:4f:b4:7d:df:bc:35:2c:62:58:
                    3b:8d:5e:f4:d3:65:9b:2d:ff:13:63:be:1e:ce:2e:
                    08:84:f5:c2:a0:b7:e8:cb:7d:f5:5c:fd:34:af:f2:
                    e0:f8:c1:c2:3e:27:89:27:e7:f9:cd:16:08:f2:dd:
                    25:83:d1:da:72:94:59:dd:fc:a2:3d:f0:f3:9b:01:
                    46:af:50:ff:cb:e3:14:2e:7e:24:02:9f:30:00:69:
                    9f:e8:e6:9e:65:de:f8:4d:da:c8:00:21:44:bb:5c:
                    ab:d3:8d:43:d8:a0:0b:08:06:7c:94:29:e6:89:22:
                    c4:1d:99:16:bc:75:6d:b3:4d:4c:ae:d2:e4:18:0e:
                    6e:29:01:09:e0:6b:07:31:58:62:0e:5d:3d:81:f0:
                    8f:d7:96:04:e5:e4:1b:9e:eb:51:ec:db:0b:2a:af:
                    6b:dc:de:54:a5:5e:a9:de:0f:e4:70:97:53:a6:31:
                    6c:c0:e3:fa:9f:18:2f:3f:68:c4:9c:69:48:8b:07:
                    4f:b8:f8:51:3e:a2:9c:36:5b:57:49:55:3b:f5:4e:
                    70:a2:3e:ac:62:8d:40:44:1c:76:66:27:0c:19:f7:
                    7e:c6:af:7b:2a:9b:50:3c:c5:90:a8:08:44:e4:5f:
                    4e:27:9a:7e:0d:3e:07:c3:cd:df:72:4c:ca:51:93:
                    0a:73:0e:21:6f:bf:92:04:30:58:a0:33:30:7b:6c:
                    b0:94:5f:10:a8:2c:97:e3:ca:5e:5e:01:46:71:fd:
                    ba:94:71:07:af:8c:ae:7a:e5:f3:f7:bd:94:3c:d3:
                    6f:66:2f:34:dd:76:71:96:da:e1:a9:3c:3f:34:9f:
                    b9:c2:7d:35:e1:a1:51:ab:74:75:4a:3e:ec:99:c9:
                    08:34:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: X509v3 Any Policy

            X509v3 Subject Key Identifier: 
                A6:FD:24:2C:B0:C1:AA:72:54:6B:C3:92:C3:7E:DA:94:B6:2D:6F:2B
            X509v3 Authority Key Identifier: 
                
keyid:D6:D3:4B:FB:C1:30:EB:0E:9A:80:31:62:22:16:68:7C:CD:B0:5B:C7

    Signature Algorithm: sha256WithRSAEncryption
         73:04:f4:b6:9d:4c:55:ca:8a:22:1a:16:ad:c1:75:2a:55:6d:
         c6:a8:15:38:05:5a:14:12:82:f7:e6:80:21:f5:fe:3b:c3:cd:
         eb:6a:f7:40:f5:79:d0:9f:a1:be:ab:5d:84:63:44:42:46:f7:
         fe:93:2b:ac:ea:c4:e1:75:09:1f:e3:8f:e1:0e:79:f4:94:d9:
         f3:6e:eb:17:91:fd:e2:cf:58:35:1c:9d:5f:f6:a8:b4:af:d7:
         bd:6e:a2:32:5b:74:33:17:0f:4a:e6:62:08:c1:b1:f7:0d:cb:
         9d:c4:b6:66:ad:af:c1:6a:8b:b6:e4:aa:f5:80:99:28:70:90:
         1a:81:dc:55:39:08:35:4d:63:3f:e5:2d:de:b0:34:c8:7a:b2:
         17:7b:4a:4d:ff:b8:de:0a:e0:54:3d:1a:07:6e:75:3f:b2:66:
         fc:9c:a1:d0:95:4f:70:17:f9:28:81:4e:49:3a:e3:80:f5:d4:
         45:02:fb:4e:dd:ab:8f:c2:43:95:5a:92:af:96:a8:c5:a9:10:
         10:98:0b:01:3d:c3:2f:b3:e0:e2:8d:9d:68:8e:b0:65:d9:f0:
         c8:26:c0:4b:e7:db:4b:64:3c:a9:64:af:27:c2:8d:6b:86:30:
         4c:4d:4d:e8:cb:8e:c4:35:ff:eb:93:b4:97:fc:77:55:0d:99:
         1f:03:ea:f5:68:29:5f:ca:e2:d3:10:db:35:c6:e5:85:d0:60:
         1a:65:b6:f4:c4:fc:87:45:e5:62:91:d7:fb:4b:57:91:38:34:
         e9:be:0f:11:a8:d0:c8:02:dd:98:57:09:0e:7f:c5:a0:e9:8e:
         93:15:be:97:fd:55:f2:df:c1:8e:21:05:71:57:2e:89:1d:7c:
         eb:f9:9b:68:d6:66:8c:3a:51:86:d1:cb:2a:e8:82:49:a9:ab:
         a6:c7:91:19:f0:e5:61:3c:7f:42:60:8d:d0:17:f1:48:33:e4:
         81:91:ea:db:06:75:a8:cc:c8:1e:2b:b1:0d:e8:ef:b8:0c:28:
         41:7b:56:b8:8d:28:f1:2d:f0:6d:d7:6c:c9:6d:57:15:51:d9:
         15:c8:34:12:2a:bb:ae:6f:6a:b8:cc:c6:b2:66:c8:20:61:58:
         91:cc:4a:58:43:f3:f3:33:5e:aa:6a:77:d9:8b:e4:26:6b:76:
         a6:05:b9:f8:a0:89:42:de:df:2f:0b:a1:79:5b:9e:e8:af:d0:
         5d:e4:e0:24:9c:40:55:6b:cc:68:e1:0c:11:cb:07:b4:fc:8e:
         b6:f1:4d:48:5b:b1:33:30:8f:91:89:eb:c8:a9:89:05:7c:f6:
         66:1f:76:cc:6c:02:34:27:65:30:15:27:ae:0a:17:8f:8d:72:
         7f:df:ea:90:bb:da:81:bc
-----BEGIN CERTIFICATE-----
MIIFjzCCA3egAwIBAgIBATANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJIVTET
MBEGA1UECgwKVGVzdCwgSW5jLjEVMBMGA1UEAwwMVGVzdCBSb290IENBMB4XDTE5
MTAwNDE1MDAwMFoXDTM5MTAwNDE1MDAwMFowQTELMAkGA1UEBhMCSFUxEzARBgNV
BAoMClRlc3QsIEluYy4xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZWRpYXRlIENBMIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2TjSELLBCmfRFMDd09r3wZi2
nwYcohPGaxHX/1UWJBVEY+Pnspf0ddhJDsxagxpzY/ZzspBZIpItoGG0aXFl6AbG
0LmULNjYjOnwOEg02hJiS/Ep2CAHnq/uvqCJv+NkEszBYLDyy8MyZ2KwmQTRL1hh
sLGPn/MPFM9OozrgfzAuqHIXAqQj5kQOkRPKo03VrlGSjofxwIQA+wF68Z8ZTuXA
PyHoBTFZ2KXShGJRJcvG23qM+VfzBq1PtH3fvDUsYlg7jV7002WbLf8TY74ezi4I
hPXCoLfoy331XP00r/Lg+MHCPieJJ+f5zRYI8t0lg9HacpRZ3fyiPfDzmwFGr1D/
y+MULn4kAp8wAGmf6OaeZd74TdrIACFEu1yr041D2KALCAZ8lCnmiSLEHZkWvHVt
s01MrtLkGA5uKQEJ4GsHMVhiDl09gfCP15YE5eQbnutR7NsLKq9r3N5UpV6p3g/k
cJdTpjFswOP6nxgvP2jEnGlIiwdPuPhRPqKcNltXSVU79U5woj6sYo1ARBx2ZicM
Gfd+xq97KptQPMWQqAhE5F9OJ5p+DT4Hw83fckzKUZMKcw4hb7+SBDBYoDMwe2yw
lF8QqCyX48peXgFGcf26lHEHr4yueuXz972UPNNvZi803XZxltrhqTw/NJ+5wn01
4aFRq3R1Sj7smckINO0CAwEAAaOBmTCBljASBgNVHRMBAf8ECDAGAQH/AgEAMA4G
A1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEQYD
VR0gBAowCDAGBgRVHSAAMB0GA1UdDgQWBBSm/SQssMGqclRrw5LDftqUti1vKzAf
BgNVHSMEGDAWgBTW00v7wTDrDpqAMWIiFmh8zbBbxzANBgkqhkiG9w0BAQsFAAOC
AgEAcwT0tp1MVcqKIhoWrcF1KlVtxqgVOAVaFBKC9+aAIfX+O8PN62r3QPV50J+h
vqtdhGNEQkb3/pMrrOrE4XUJH+OP4Q559JTZ827rF5H94s9YNRydX/aotK/XvW6i
Mlt0MxcPSuZiCMGx9w3LncS2Zq2vwWqLtuSq9YCZKHCQGoHcVTkINU1jP+Ut3rA0
yHqyF3tKTf+43grgVD0aB251P7Jm/Jyh0JVPcBf5KIFOSTrjgPXURQL7Tt2rj8JD
lVqSr5aoxakQEJgLAT3DL7Pg4o2daI6wZdnwyCbAS+fbS2Q8qWSvJ8KNa4YwTE1N
6MuOxDX/65O0l/x3VQ2ZHwPq9WgpX8ri0xDbNcblhdBgGmW29MT8h0XlYpHX+0tX
kTg06b4PEajQyALdmFcJDn/FoOmOkxW+l/1V8t/BjiEFcVcuiR186/mbaNZmjDpR
htHLKuiCSamrpseRGfDlYTx/QmCN0BfxSDPkgZHq2wZ1qMzIHiuxDejvuAwoQXtW
uI0o8S3wbddsyW1XFVHZFcg0Eiq7rm9quMzGsmbIIGFYkcxKWEPz8zNeqmp32Yvk
Jmt2pgW5+KCJQt7fLwuheVue6K/QXeTgJJxAVWvMaOEMEcsHtPyOtvFNSFuxMzCP
kYnryKmJBXz2Zh92zGwCNCdlMBUnrgoXj41yf9/qkLvagbw=
-----END CERTIFICATE-----
-----BEGIN X509 CRL-----
MIICszCBnAIBATANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJIVTETMBEGA1UE
CgwKVGVzdCwgSW5jLjEVMBMGA1UEAwwMVGVzdCBSb290IENBFw0xOTEwMDQxNTAw
MDBaFw0yOTEwMDQxNTAwMDBaoC8wLTAfBgNVHSMEGDAWgBTW00v7wTDrDpqAMWIi
Fmh8zbBbxzAKBgNVHRQEAwIBATANBgkqhkiG9w0BAQsFAAOCAgEAbALX0+YIUqBJ
ACJhZpp+fs+f44SGVPgsjf3jpj4sfc4dSxeufhSMIJdy3+hpqxcZGQQmKf6ZsYFL
5Q96t5n0ZyoJGAgv7JNaD5UL0LPekqzPz2tL/f0r9vToj6o/b4zoRyBViVg2Isrk
23CzhCqc3FUyAm4lzUU+k0BhyBlg9LzCLufeDJnvPh4bzgj7PGOydhR9mnLfvfQ9
IZoGBYkm0hzUhD4T0Z7B6RqfMVovVquFP8L5mWDkLggnM6nmPCQnmUfu6W5LWULu
Gkm8Ytw219hHUZ3ilPe8STvh3vPO9OvzjczgDX0+MEtG7Ynxp6/Dw3yUcnO/VXyv
aJliGLxATYKWCGzUqEx4I25ofxw6+qrADmPIB9dfCnw5q1W7ogufmfAOZssEpehP
JbLWIH4lAoRwv7+yEb/ftHWHKzl+eSxovhFcb8uovmj99nvYVbcQkSEs7cJd+KkY
TTZ0MJCPhwFmFjdrDd7lrsVERMU1oKDBHzZcuxIT5vga15NnZzOGhnzhg5EWAe5d
46Z014GT2dVdqIZnRpiEpcSO9HMNZ5u/HCP+dTNZpbamgouUURjUBHJmjYwNU2l8
qV2AVhBAEG2OdB+wQEvXjT22E9v9i/GlGC1FHmRoHuHRMIpq14y9L+7yT0TTpMkc
jAkFnD7vJP3YkHvy+53MdcnTu4StC8Y=
-----END X509 CRL-----
-----BEGIN X509 CRL-----
MIICuzCBpAIBATANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJIVTETMBEGA1UE
CgwKVGVzdCwgSW5jLjEdMBsGA1UEAwwUVGVzdCBJbnRlcm1lZGlhdGUgQ0EXDTE5
MTAwNDE1MDAwMFoXDTI5MTAwNDE1MDAwMFqgLzAtMB8GA1UdIwQYMBaAFKb9JCyw
wapyVGvDksN+2pS2LW8rMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4ICAQCr
NFD6cWp5a8NdBnDOdSjGWavdJLvQisFeWEn7b2bJS8Hv8RbuL8LvSIqKbi0GzvJ6
tlBw/cbzsybAGGqmipI3l2n45IYS0L6KGVqG8l6pUOW/uAqbcGUNhnUFqcCzGOCz
weiMQiu6ixzaQyDxI7Ftr5/pNpCKIV20RIdX6i0hnzLgPb+08xtRvxyi8wa5T35Z
Nr3GqqhB2JWJgXnbCkdhfwQL236ZrOGh3cVxKOcOTkiRicEowv+yeoVBGvDpA8ZZ
3hFTxrkE8SivKITOTAJ3Y+66b21YRqbN9V0MnMlW/5OIN7JH1qmDcZMPvuSoWPQh
aGTaaOLUS/KH9YdGSWnfp45UsE57H4WrM1KRtrDj3kgNhgXrZ9HXAXU1hw5oQRb/
yRcv3FenM59dsGJsMV1fv5aK2nxtAusi+eH8+EVvL7At6nTVrVY6EDc4JtbvAYxw
4wm5bHSHT+tBmf4ZAzfkq+hB3aqdXk6KQ5flamM0njEXE107GsAFsYbNwN1elRyg
q5PHZbD8nMDP2WX8Nv45API9i9zwRkRiwNBuhPGT9/5UAGMGlTC9FHt9q951oRZX
wFSBkDAceeXH6tcvHkvaHJK+kIekDMoQo5QVFsCzznnnEP2ZJGjNYbA6MIw1ygIs
fCLdi5mdjf0lapG3EOD6TeK+uqOs8MU6xdDh+J7jRA==
-----END X509 CRL-----

Attachment: server.key
Description: application/pgp-keys

-----BEGIN CERTIFICATE-----
MIIFrjCCA5agAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJIVTET
MBEGA1UECgwKVGVzdCwgSW5jLjEdMBsGA1UEAwwUVGVzdCBJbnRlcm1lZGlhdGUg
Q0EwHhcNMTkxMDA0MTUwMDAwWhcNMjkxMDA0MTUwMDAwWjA7MQswCQYDVQQGEwJI
VTEWMBQGA1UECgwNRXhhbXBsZSwgSW5jLjEUMBIGA1UEAwwLZXhhbXBsZS5jb20w
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDNUMuAQZ1ZnwSrhUHYVuTI
cU5lOe2jTqSvn6r2iot+0IZvjL7GHWs+9xRWoqtmTHr030T89gTxz9poOPF6KwBJ
Vw04y+vNvDPPO/Lx/+wOm3zEeONwur8xNh8qksqO8zlKrluimvFpKRAOS/mSdr8E
2fDQF8DfQCnImfBZ5L1oni4NJXXDxGW6/P9KRo3Ao2TmTVA6ECHWEEVRV0SXzXhJ
aYfgRKS+ihHnFuYvzNcQxjO59uj80UZ/QZ02wHcEHDJy4v8v8FWoxIfe5rqv09FF
PDOk/nYCRZ2zrhOuA9xHMigJDYYWcfD3xaUaIClqipE1Wb/9xkM+Up+o2NBthuMS
9QWvHctsMB47ICexdiPpiudbtBCCz4W38KvTtroqdS0stJCosB2N5u3u4pFkXuLX
lpiW9w2hlQ8WAL08LuR/6oY+zJcR6HCn+657fifuKVNMTJgMZZfaDPQP3AWtIIc8
Cz6Q8khW7d/Zmgkj2M11IDW+MJUeEsqg7NRf7Z7mMSMU17Msqai+jTl/o5wiojet
jJKC/wJ5NGuckUAKNZn528WPbYy+ikF+GrLVwks+TVJfZrrebdCxnZeEeM5eg71V
44wnJRlZXrZxn184OwabqlpjPsJ27n2gJzt2NgrKtfNfHpm+NoEWKvsGPN4ixOzt
W5maZ2lTx4kG2rtJcMNQ5QIDAQABo4G2MIGzMAwGA1UdEwEB/wQCMAAwDgYDVR0P
AQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEGA1UdIAQKMAgwBgYEVR0g
ADAdBgNVHQ4EFgQUsHvK5TCtZ+tGBcc/L9WvPvyO1LcwHwYDVR0jBBgwFoAUpv0k
LLDBqnJUa8OSw37alLYtbyswKwYDVR0RBCQwIoILZXhhbXBsZS5jb22CDSouZXhh
bXBsZS5jb22HBMAAAgEwDQYJKoZIhvcNAQELBQADggIBAH6XXLo5kKUvuUpw6ljI
xLH+LymVuI3HzkeveOn7njs6toeMk7PE2rmE43d8IUSZ6+TSKdLlqTuEZ+ImTuX7
wcXBoZdl4KqK7rVE/nAiCXmZdI10PlQpRnL1SyDjKiXuj27DlaKKZJnrkA4N28EA
GyExfOo7odf5P+AapHZS+7LNkFblNhImgwziJWg2H+IeC3bskG5dxubxFuJe4Rpb
HErPel0ehHV4X5xLLZElxKgE3qMrMIN5DU7ZxNg0TKh9g7X25XKSLu01p4/MClfb
3e6hSW3cQvjPyntL5YNWFlFnsnvtAXQ/lqjYAHIP3mHWFpHUG22xGyioUiebUQxW
2tIzt0gRH1J3ezEMHy99qfq2CkZsRTtEARmt9eEyaQ6IEhefrhTpgawdiOXOYi0P
4xWtATVTOl0+Lz4UGZ/6NSytvmh8dwWp2pZBw1Ln9jTT1mHVK78Th/TfLKacifi3
pciigVNgHm0yjB728RygcXRKMMxGbEgShJUO60CmO0gyuCaE1xoGAd+8f/ZO8UK2
VFy+ysC7vhbPVrHL8f99rGr2VrrcHkgJSr/prtHgMoTaQHp6zP/GYxogttftQH9V
ih31i15yvmBpyk2hRBpf5E3K2AGQ0tBeFFwhTaogXfo8pHL4pNVDEMETaxKrXR3Q
FMrDyGq9ZU+TiXmt29xuuADT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFjzCCA3egAwIBAgIBATANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJIVTET
MBEGA1UECgwKVGVzdCwgSW5jLjEVMBMGA1UEAwwMVGVzdCBSb290IENBMB4XDTE5
MTAwNDE1MDAwMFoXDTM5MTAwNDE1MDAwMFowQTELMAkGA1UEBhMCSFUxEzARBgNV
BAoMClRlc3QsIEluYy4xHTAbBgNVBAMMFFRlc3QgSW50ZXJtZWRpYXRlIENBMIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2TjSELLBCmfRFMDd09r3wZi2
nwYcohPGaxHX/1UWJBVEY+Pnspf0ddhJDsxagxpzY/ZzspBZIpItoGG0aXFl6AbG
0LmULNjYjOnwOEg02hJiS/Ep2CAHnq/uvqCJv+NkEszBYLDyy8MyZ2KwmQTRL1hh
sLGPn/MPFM9OozrgfzAuqHIXAqQj5kQOkRPKo03VrlGSjofxwIQA+wF68Z8ZTuXA
PyHoBTFZ2KXShGJRJcvG23qM+VfzBq1PtH3fvDUsYlg7jV7002WbLf8TY74ezi4I
hPXCoLfoy331XP00r/Lg+MHCPieJJ+f5zRYI8t0lg9HacpRZ3fyiPfDzmwFGr1D/
y+MULn4kAp8wAGmf6OaeZd74TdrIACFEu1yr041D2KALCAZ8lCnmiSLEHZkWvHVt
s01MrtLkGA5uKQEJ4GsHMVhiDl09gfCP15YE5eQbnutR7NsLKq9r3N5UpV6p3g/k
cJdTpjFswOP6nxgvP2jEnGlIiwdPuPhRPqKcNltXSVU79U5woj6sYo1ARBx2ZicM
Gfd+xq97KptQPMWQqAhE5F9OJ5p+DT4Hw83fckzKUZMKcw4hb7+SBDBYoDMwe2yw
lF8QqCyX48peXgFGcf26lHEHr4yueuXz972UPNNvZi803XZxltrhqTw/NJ+5wn01
4aFRq3R1Sj7smckINO0CAwEAAaOBmTCBljASBgNVHRMBAf8ECDAGAQH/AgEAMA4G
A1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwEQYD
VR0gBAowCDAGBgRVHSAAMB0GA1UdDgQWBBSm/SQssMGqclRrw5LDftqUti1vKzAf
BgNVHSMEGDAWgBTW00v7wTDrDpqAMWIiFmh8zbBbxzANBgkqhkiG9w0BAQsFAAOC
AgEAcwT0tp1MVcqKIhoWrcF1KlVtxqgVOAVaFBKC9+aAIfX+O8PN62r3QPV50J+h
vqtdhGNEQkb3/pMrrOrE4XUJH+OP4Q559JTZ827rF5H94s9YNRydX/aotK/XvW6i
Mlt0MxcPSuZiCMGx9w3LncS2Zq2vwWqLtuSq9YCZKHCQGoHcVTkINU1jP+Ut3rA0
yHqyF3tKTf+43grgVD0aB251P7Jm/Jyh0JVPcBf5KIFOSTrjgPXURQL7Tt2rj8JD
lVqSr5aoxakQEJgLAT3DL7Pg4o2daI6wZdnwyCbAS+fbS2Q8qWSvJ8KNa4YwTE1N
6MuOxDX/65O0l/x3VQ2ZHwPq9WgpX8ri0xDbNcblhdBgGmW29MT8h0XlYpHX+0tX
kTg06b4PEajQyALdmFcJDn/FoOmOkxW+l/1V8t/BjiEFcVcuiR186/mbaNZmjDpR
htHLKuiCSamrpseRGfDlYTx/QmCN0BfxSDPkgZHq2wZ1qMzIHiuxDejvuAwoQXtW
uI0o8S3wbddsyW1XFVHZFcg0Eiq7rm9quMzGsmbIIGFYkcxKWEPz8zNeqmp32Yvk
Jmt2pgW5+KCJQt7fLwuheVue6K/QXeTgJJxAVWvMaOEMEcsHtPyOtvFNSFuxMzCP
kYnryKmJBXz2Zh92zGwCNCdlMBUnrgoXj41yf9/qkLvagbw=
-----END CERTIFICATE-----

Attachment: client.key
Description: application/pgp-keys

-----BEGIN CERTIFICATE-----
MIIFfzCCA2egAwIBAgIBAjANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJIVTET
MBEGA1UECgwKVGVzdCwgSW5jLjEdMBsGA1UEAwwUVGVzdCBJbnRlcm1lZGlhdGUg
Q0EwHhcNMTkxMDA0MTUwMDAwWhcNMjkxMDA0MTUwMDAwWjA5MQswCQYDVQQGEwJI
VTEWMBQGA1UECgwNRXhhbXBsZSwgSW5jLjESMBAGA1UEAwwJVXNlciBOYW1lMIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwOiu50iXRgrZPARQ8XSs4jfJ
vs91Ej9brOsRDFAtUuMGvgSX0X52LlnIVZ++XOMKC3jSxoI7KOVQRXhiYQ54we10
WUp628YviHwkXh/PM7sNoYAZmyT8oe15rd6P+G7X6xo7tjlvVQ6mqYcnKKjeZc+P
ByUpXw9m4LvQtjUb9HaXEexYRyXoLutwOiDDedQZzK6TzBbbxdiFLjaVFPa+9dKw
cF2+3C+zvNWvHdw7l0B2Wz1IJA2pU9IqPUdbtnofxfmfftAflSyMpXqSd601NljM
dh7D8Ua3nZsiLapaS1ElxUY+i25ehrBKcJfcH5qtJvZqQ9XKPbX3YUhCqTVLM7Jk
cLykduYcZFEgJlunS9gDOLZOouhwzKqdZpY8A6VQANZMhydEbfIsTtCncVCTN8iT
DCNhviMWwQ+8gvqJWkcBvRAkgoDH6taOcN+GUTaomFlkWJ4oOD/R1x0dUIg42yhR
5ehjxUqgHtyubtPBlJslg5RnYqem3Onlu+xcV1in79MkhQ4xoF6eQwvo4DgBtkVV
lV5C7+iIYh/zyzBm18WQo1NgqfLc9aMltrlJu9/ZfOY2G2ujlCsZR4RR3YSN24X4
qSifVXFYWC30viXqUBViQn54avkAoZp7kHP2ZhIR5BjltMk09mUIRglu/TGExTni
63T1yLtMxZO4PaMIkm0CAwEAAaOBiTCBhjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB
/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDAjARBgNVHSAECjAIMAYGBFUdIAAw
HQYDVR0OBBYEFINXa5RbJtlKNBCmxKDUuGaZpCJ5MB8GA1UdIwQYMBaAFKb9JCyw
wapyVGvDksN+2pS2LW8rMA0GCSqGSIb3DQEBCwUAA4ICAQBAQYbpSMat5ansaMRZ
AMuzViEz04B/y1wgdx+zQuHfm8eOm9DB/jiLMU/RJ5CrMLNn3z8ycYnzdlen8+86
4GPKDBZVgXJmfgWUYNun7Geef+q7qrnQ4L0NOPZjrW8xU84wvNVBaAiodA5TEzXc
FWtmHg6WhoKEQlT6DiGKxUni5zg6fOkwFeqvHD5fH/qC036hd6Exqgj+zXjqmjeB
WIlgvXYXBqL8Y5eXGokD9pxaki6Yv5gsiwKiaMAPhqu+rPd10txG/kR3+yoNyyvO
oVfclY4s584OsnPIWE/I8Zjqy9SBKMe0MrBM1IkDHnoFFGG2J2BoQ2kTrLgSiobX
BI1hI7a/+/zWYBJvjmKRpBfOTh+a94XT3/1VzdUGfizMKrt5QTIIXHaw2U1/HyxJ
zg/OTCGv/2bkOicStFrG1p+9FNdHdDR4W4xAWDEXMKxzfY3voH8WvbrBQJUA1hp6
SjXupqhL+uuRYlkgm1z6TOQEb/26BskXewvcQB9u8ywxiDrexw2T/vcJw8tDZyNu
UXHk7acH3bKZoA8qGvBAhPVLk3+KRhpQb933040AhSlcK2HGy6d1Kl2H0Ev2sKYO
qa5nyiOGTEMNFxOs5vO5YSOG+ZSlnwwSfi3xGtylZWhwQfp1FPuJ+nYgOl9c7cU0
dC0EINxZQ2zWt30nbXWuNHLO0w==
-----END CERTIFICATE-----

Reply via email to