Re: [Openvpn-devel] Obfuscation for Iran SSL blocking

[Jun Matsushita]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi David,

I replied to you directly, maybe it got caught in your spam filter?

Anyone else has some thoughts about developing an obfsproxy-style
component for OpenVPN?

Best,

Jun.

On 13/02/2012 13:09, David Sommerseth wrote:
> On 13/02/12 13:59, Jun Matsushita wrote:
>> This is my first post in this list. As probably a lot of you
>> heard, Iran has stepped up its filtering by apparently blocking
>> SSL/TLS using DPI. This is a good read about what's happening 
>> http://news.ycombinator.com/item?id=3575029. As these statistics
>> from TOR attest 
>> https://metrics.torproject.org/users.html?graph=direct-users=2012-01-12=2012-02-12=ir=on=72#direct-users
>
>> 
> 
> the impact has been immediate and surely concerns the majority of
> tools
>> out there.
> 
>> Does OpenVPN allow the use of some form of Obfuscation (such as
>> the one TOR is testing now and seem to work from within Iran 
>> https://www.torproject.org/projects/obfsproxy-instructions.html.en)?
>
>>  Anyone has thoughts about this or would be interested in
>> discussing the matter?
> 
> 
> Hi Jun,
> 
> OpenVPN uses SSL under the hood.  But it does some tricks to allow
> SSL over UDP (SSL is strictly designed for TCP).  This however
> makes some changes that many DPI firewalls *might* not identify
> OpenVPN traffic as SSL traffic.  But as it's not really an
> obfuscation which changes over time, it might still be possible to
> block it if this kind of traffic is detected.
> 
> However, the obfsproxy project sounds very interesting.  And it
> should be possible to use obfsproxy (as it can talk like a SOCKS
> proxy) with OpenVPN, by using the --socks-proxy argument.  But I'm
> not aware of any openvpn services providing obfsproxy services in
> conjunction with OpenVPN.
> 
> 
> kind regards,
> 
> David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPOXDCAAoJECoH9wygNueS5mMH/Rx1IKVJ57Zc5n0l+GVxzdgm
KvS0yt2Su2jD8pyzTujH3CSlCj4n8k7P+NMIN3vTtOfeBWfGhedgi8bQRgEkUB05
oPW/nCK18eRM1uIdBXw/EEudqoHVkBUXzISl04LFLmux7mh7ifGj9sFw/0S2q7mn
Md+qywN0m8+Af5jbQkVkak61lv5H7QK7JNYrFe20+PsV5JhrlZ4xCpJDef3hhGXH
Xl+OGzjv5fqgILOZYbcIWl+tlgNXQP/p/PFi8cmZUvyNV+hq+ACjySn2bDrPzD47
xNF6vXg8wKjYumCZTO2QxVbFPq6oM+3GVxyu6YQCpocPOYACn3ijIrzXUWxzMaM=
=w9je
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH] Check for ENABLE_MANAGEMENT for ENABLE_CLIENT_CR

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/02/12 19:40, i...@novg.net wrote:
> When building a very minimal OpenVPN for OpenWRT with 
> --disable-management among others, the compilaton fails due to 
> ENABLE_CLIENT_CR being defined, although the management interface, 
> which makes use of it, has been disabled.
> 
> The attached simple patch checks for ENABLE_MANAGEMENT before defining
> ENABLE_CLIENT_CR.
> 

I've already ACKed this patch in another response in this mail thread.  But
here is the complete overview of all patches pushed out on the master branch
for the -testing and -stable source trees.


commit 2ee0dc2bd72ec318fcc227af54e5ca7e1384a6cc
Author: Igor Novgorodov 
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Sun Feb 12 22:40:02 2012 +0400

The code blocks enabled by ENABLE_CLIENT_CR depends on management

If the management interface is not enabled, it makes no sense in
including the ENABLE_CLIENT_CR #ifdef blocks.  This will also in
some configurations cause build issues if these blocks are enabled.

Signed-off-by: Igor Novgorodov 
Acked-by: David Sommerseth 
Signed-off-by: David Sommerseth 

commit ecede953d6366e9fbfecea62cc1f61fd2347dab7
Author: David Sommerseth 
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Mon Feb 13 16:03:46 2012 +0100

Remove --show-gateway if debug info is not enabled (--disable-debug)

The --show-gateway feature depends on functions only being enabled when
--disable-debug is _not_ used.  As this I consider --show-gateway more
a handy function for debugging, removing this feature when
- --disable-debug
is used seems like the proper approach.

Signed-off-by: David Sommerseth 
Acked-by: Gert Doering 

commit 22277ec675847f73203bf908144f9903d13e2869
Author: David Sommerseth 
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Mon Feb 13 15:52:00 2012 +0100

Fix compile issues when plug-ins are disabled.

Commit 1876ccd012e9e2ca6f8e1cd9e7e9bb4bf24ccecb modified
plugin_call() and introduced plugin_call_ssl().  But the similar
approach was missing for situations without plug-ins.

Solution: Rename plugin_call() in the #else !ENABLE_PLUGIN
section to plugin_call_ssl().  Then move the plugin_ssl() function
inside the #ifdef ENABLE_PLUGIN section outside the #ifdef, making
it available for builds with and without plug-ins enabled.

Signed-off-by: David Sommerseth 
Acked-by: Gert Doering 


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk85aukACgkQDC186MBRfrq0tACgojflVPWaBkrac+epuuk5Je2n
5NwAn3wyj5omLMZ1CtsGM3XpJBIyV/MU
=oXDO
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH] Made some options connection-entry specific

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/02/12 16:29, Jan Just Keijser wrote:
> Made some options connection-entry specific: fragment mssfix tun-mtu 
> tun-mtu-extra link-mtu mtu_discover_type explicit-exit-notification
> in order to support stuff like  remote host proto udp 
> fragment explicit-exit-notification 3   
> remote host proto tcp 
> 
> Signed-off-by: Jan Just Keijser  --- forward.c | 2
> +- init.c|   38 ++- occ.c |2 +- options.c
> |  125 +++-- 
> options.h |   36 +- sig.c |6 +- 6 files 
> changed, 107 insertions(+), 102 deletions(-)

ACK.  Applied to the master branch for -stable and -testing trees.

commit 76809cae0eae07817160b423d3f9551df1a1d68e
Author: Jan Just Keijser 
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Tue Feb 7 16:29:47 2012 +0100

Made some options connection-entry specific

Signed-off-by: Jan Just Keijser 
Acked-by: David Sommerseth 
Signed-off-by: David Sommerseth 


kind regards,

David Sommerseth



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk85atQACgkQDC186MBRfrpRcACeOAUc3CWM1ORg2hWBDSwwS4hQ
4B8AoK8lWaZQKO5m589P3TgjUB2IE9/v
=meS6
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCHv2] Windows UTF-8 input/output

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 23/11/11 19:08, Heiko Hund wrote:
> This patch makes openvpn read unicode from the console and convert
> the input to UTF-8. And then display UTF-8 output to the console 
> correctly.
> 
> Signed-off-by: Heiko Hund  --- configure.ac | 1
> + openvpn.c|4  win32.c  |   14 +- 3 files
> changed, 18 insertions(+), 1 deletions(-)
> 

ACKed and applied to master branch on -testing and -stable.

commit 6ba68180b89e0290855f70832243fc9b4370e4d2
Author: Heiko Hund 
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Wed Nov 23 19:08:34 2011 +0100

Windows UTF-8 input/output

Signed-off-by: Heiko Hund 
Acked-by: David Sommerseth 
Signed-off-by: David Sommerseth 


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk85asMACgkQDC186MBRfroynACfQNt0I34bvNV6r5VBmqkmFF/k
/LYAniC/Ch7k86CBGPRCRm284oaxuoaA
=qiCa
-END PGP SIGNATURE-

[Openvpn-devel] 2012-07 Snapshot Signature

[Eric Crist]

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.16 (FreeBSD)

iQEcBAABAgAGBQJPOWk/AAoJEHKWQhk5DQ0OU5gH/iNsoquLkbD+2fE37heOeV3c
oGQ8O+CMLydUBxUGHTnGKTaxnSOEfP1gU7Bdmueoxyeozt/2ETMBXOTLzXNiO2TW
BjLZx4k1xHPuzR9k+ug3mMui/YwxDy+KL+tZPxIJZpHMHwvMO59YBTBTl/jylVqZ
W6Vhaz6k2plzsWvwpJO1GSttGLkCHBPO/34qvgsl0bUNITW19ek+LjeH1gM7EMrf
G1wxI+dqfTvEp4JLVcY4Fcnm3mREc8UbP1ZuY5gsR07TIfQXQ0/SgI2Qdhl5VjYM
cWuDMEhmnBdOCEnDptgzm1knjA3RVQVp74KPpzHUGPexidgcan5p2LL/rQAmLlw=
=1n8J
-END PGP SIGNATURE-


-
Eric F Crist
Secure Computing Networks
Certified in ABC by Sesame Street
Brought to you by the number 4
Certified Winner by Charlie Sheen
I can do it better than you, nanna nanna boo boo (School of Tosh.0)



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [Openvpn-devel] [PATCHv2] handle Windows unicode paths

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/02/12 15:13, Heiko Hund wrote:
> Openvpn for Windows is not compiled as a Unicode binary and thus
> cannot handle paths which contain non-ASCII characters using the argv
> vector. Characters that are not present in the system codepage are
> simply replaced with a question mark, e.g. if started as 'openvpn
> --config домой.ovpn' the file '?.ovpn' is tried to be opened as
> configuration.
> 
> The same applies to paths in config files which need to be UTF-8 
> encoded if they contain non ASCII characters. The option line 'key
> лев.pem' will lead to openvpn trying to open 'лев.pem' on a system
> with codepage 1252.
> 
> This patch makes openvpn read the command line in UCS-2 and convert it
> to UTF-8 internally. Windows stores names in the filesystem in UCS-2. 
> When using a paths openvpn converts it from UTF-8 to UCS-2 and uses
> the wide character Windows API function.
> 
> Signed-off-by: Heiko Hund  ---
> 
> This version of the patch was rebased to current master. It also
> handles the access(2) calls introduced in commit 0f2bc0dd by David
> correctly.
> 
> buffer.c |3 +- crypto.c |6 +- error.c
> |   17 +- manage.c |2 +- misc.c   |   41
> - misc.h   |   31  options.c|   37
> - packet_id.c  |6 +- pf.c |2 +- 
> plugin.c |3 +- ps.c |2 +- 
> ssl_openssl.c|  459
> +++--- ssl_verify.c
> |2 +- ssl_verify_openssl.c |6 +- status.c |   48
> ++ syshead.h|1 + win32.c  |   60
> ++-- win32.h  |3 + 18 files changed, 367
> insertions(+), 362 deletions(-)
> 

ACK and applied to master for -stable and -testing trees.

commit 71bbbd76c62630c88441237d72fe5b61f0b45b2a
Author: Heiko Hund 
List-Post: openvpn-devel@lists.sourceforge.net
Date:   Fri Feb 10 15:13:42 2012 +0100

handle Windows unicode paths

Signed-off-by: Heiko Hund 
Acked-by: David Sommerseth 
Signed-off-by: David Sommerseth 


kind regards,

David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk85ZCwACgkQDC186MBRfrqGJQCdHMudYYgOM/ZT9trN4eNimO6i
yeMAoIijsO70hmkaq+OeAWXV7Xn7cv2o
=68zX
-END PGP SIGNATURE-

Re: [Openvpn-devel] [PATCH] Check for ENABLE_MANAGEMENT for ENABLE_CLIENT_CR

[igor]

Thanks!

Well, i'm no OpenWRT developer, just customizing some packages for my 
needs,

but i thought that they are sending patches upstream :)

Anyway, if i happen to find anything, i'll post here.

What's for the second patch (gateway/debug stuff), it has been patched 
in OpenWRT too,

i just forgot to mention it:
https://dev.openwrt.org/browser/packages/net/openvpn-polarssl/patches/400-fix-undefined-print_default.gateway.patch

On Mon, 13 Feb 2012 16:07:04 +0100, David Sommerseth wrote:

On 13/02/12 14:00, Igor Novgorodov wrote:

I'm building latest GIT with:

./configure \
--disable-debug \
--disable-plugins \
--disable-management \
--disable-socks \
--disable-password-save \
--disable-multi \
--disable-server \
--disable-pkcs11 \
--disable-http \
--disable-port-share \
--disable-def-auth \
--disable-pf \
--disable-lzo \
--disable-selinux \
--disable-iproute2 \
--enable-small

(effectively, the version that supports only static keys and no 
fancy stuff)


Build fails with:
...
gcc -DHAVE_CONFIG_H -I. -I. -g -O2 -MT init.o -MD -MP -MF 
.deps/init.Tpo

-c -o init.o init.c
init.c: In function ‘do_route’:
init.c:1364:7: error: too few arguments to function ‘plugin_call’
plugin.h:196:1: note: declared here
init.c: In function ‘do_init_crypto_tls’:
init.c:2286:20: error: ‘const struct options’ has no member named 
‘sc_info’

make[2]: *** [init.o] Error 1
...

Here are even two errors, one of which (plugin_call) function is
addressed in OpenWRT patchset:

https://dev.openwrt.org/browser/packages/net/openvpn-polarssl/patches/300-fix-plugin_call-with-ssl.patch


I would love the OpenWRT guys o give us a heads up directly when 
something

like this is noticed.  Such things we really want to fix ASAP.






However, I didn't particular like the approach in that patch, so I've
attached another patch for review.  If this is acked, please consider 
using

this one instead (patch 0001).


And another is that i'm talking about.


I'm giving your patch an ACK, so that will go into the tree.  But 
even one

more fix is needed, which is in the second patch I attached.


kind regards,

David Sommerseth



On 13.02.2012 16:32, David Sommerseth wrote:
On 12/02/12 19:40, i...@novg.net wrote:

When building a very minimal OpenVPN for OpenWRT with
--disable-management among others, the compilaton fails due to
ENABLE_CLIENT_CR being defined, although the management 
interface,

which makes use of it, has been disabled.

The attached simple patch checks for ENABLE_MANAGEMENT before 
defining

ENABLE_CLIENT_CR.
Which version are you compiling?  I tried a couple of compile with 
the

latest version in git (master branch) in combination with
--disable-management and --enable-small ... And I could not manage 
to

trigger this one.  Our buildbot (even though, not testing all
combinations) have also not triggered this one.

Could you provide more version information and the configure 
arguments

you use?


kind regards,

David Sommerseth




--
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft 
developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, 
MVC3,

Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Check for ENABLE_MANAGEMENT for ENABLE_CLIENT_CR

[Gert Doering]

Hi,

On Mon, Feb 13, 2012 at 04:07:04PM +0100, David Sommerseth wrote:
> I would love the OpenWRT guys o give us a heads up directly when something
> like this is noticed.  Such things we really want to fix ASAP.

Seconded :-)

> However, I didn't particular like the approach in that patch, so I've
> attached another patch for review.  If this is acked, please consider using
> this one instead (patch 0001).
> 
> > And another is that i'm talking about.
> 
> I'm giving your patch an ACK, so that will go into the tree.  But even one
> more fix is needed, which is in the second patch I attached.

ACK.

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpyPxzEN1L7N.pgp
Description: PGP signature

Re: [Openvpn-devel] [PATCH] Check for ENABLE_MANAGEMENT for ENABLE_CLIENT_CR

[David Sommerseth]

On 13/02/12 14:00, Igor Novgorodov wrote:
> I'm building latest GIT with:
> 
> ./configure \
> --disable-debug \
> --disable-plugins \
> --disable-management \
> --disable-socks \
> --disable-password-save \
> --disable-multi \
> --disable-server \
> --disable-pkcs11 \
> --disable-http \
> --disable-port-share \
> --disable-def-auth \
> --disable-pf \
> --disable-lzo \
> --disable-selinux \
> --disable-iproute2 \
> --enable-small
> 
> (effectively, the version that supports only static keys and no fancy stuff)
> 
> Build fails with:
> ...
> gcc -DHAVE_CONFIG_H -I. -I. -g -O2 -MT init.o -MD -MP -MF .deps/init.Tpo 
> -c -o init.o init.c
> init.c: In function ‘do_route’:
> init.c:1364:7: error: too few arguments to function ‘plugin_call’
> plugin.h:196:1: note: declared here
> init.c: In function ‘do_init_crypto_tls’:
> init.c:2286:20: error: ‘const struct options’ has no member named ‘sc_info’
> make[2]: *** [init.o] Error 1
> ...
> 
> Here are even two errors, one of which (plugin_call) function is 
> addressed in OpenWRT patchset:
> https://dev.openwrt.org/browser/packages/net/openvpn-polarssl/patches/300-fix-plugin_call-with-ssl.patch

I would love the OpenWRT guys o give us a heads up directly when something
like this is noticed.  Such things we really want to fix ASAP.

However, I didn't particular like the approach in that patch, so I've
attached another patch for review.  If this is acked, please consider using
this one instead (patch 0001).

> And another is that i'm talking about.

I'm giving your patch an ACK, so that will go into the tree.  But even one
more fix is needed, which is in the second patch I attached.


kind regards,

David Sommerseth


> On 13.02.2012 16:32, David Sommerseth wrote:
> On 12/02/12 19:40, i...@novg.net wrote:
 When building a very minimal OpenVPN for OpenWRT with
 --disable-management among others, the compilaton fails due to
 ENABLE_CLIENT_CR being defined, although the management interface,
 which makes use of it, has been disabled.

 The attached simple patch checks for ENABLE_MANAGEMENT before defining
 ENABLE_CLIENT_CR.
> Which version are you compiling?  I tried a couple of compile with the
> latest version in git (master branch) in combination with
> --disable-management and --enable-small ... And I could not manage to
> trigger this one.  Our buildbot (even though, not testing all
> combinations) have also not triggered this one.
> 
> Could you provide more version information and the configure arguments
> you use?
> 
> 
> kind regards,
> 
> David Sommerseth
> 
> 
> 
> --
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
> 

From a0cc57dc54aefd0507a83174fb6c0e7a2b47b90f Mon Sep 17 00:00:00 2001
From: David Sommerseth 
List-Post: openvpn-devel@lists.sourceforge.net
Date: Mon, 13 Feb 2012 15:52:00 +0100
Subject: [PATCH 1/2] Fix compile issues when plug-ins are disabled.

Commit 1876ccd012e9e2ca6f8e1cd9e7e9bb4bf24ccecb modified
plugin_call() and introduced plugin_call_ssl().  But the similar
approach was missing for situations without plug-ins.

Solution: Rename plugin_call() in the #else !ENABLE_PLUGIN
section to plugin_call_ssl().  Then move the plugin_ssl() function
inside the #ifdef ENABLE_PLUGIN section outside the #ifdef, making
it available for builds with and without plug-ins enabled.

Signed-off-by: David Sommerseth 
---
 plugin.h |   31 +++
 1 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/plugin.h b/plugin.h
index 948ab88..6f75e27 100644
--- a/plugin.h
+++ b/plugin.h
@@ -133,20 +133,6 @@ int plugin_call_ssl (const struct plugin_list *pl,
 #endif
 		);
 
-static inline int
-plugin_call(const struct plugin_list *pl,
-	const int type,
-	const struct argv *av,
-	struct plugin_return *pr,
-	struct env_set *es)
-{
-  return plugin_call_ssl(pl, type, av, pr, es
-#ifdef USE_SSL
-  , -1, NULL
-#endif
-  );
-}
-
 void plugin_list_close (struct plugin_list *pl);
 bool plugin_defined (const struct plugin_list *pl, const int type);
 
@@ -182,7 +168,6 @@ plugin_return_init (struct plugin_return *pr)
 }
 
 #else
-
 struct plugin_list { int dummy; };
 struct plugin_return { int dummy; };
 
@@ -193,7 +178,7 @@ plugin_defined (const struct plugin_list *pl, const int type)
 }
 
 static inline int
-plugin_call (const struct plugin_list *pl,
+plugin_call_ssl (const struct plugin_list *pl,
 	 const int type,
 	 const struct argv *av,
 	 struct 

Re: [Openvpn-devel] [PATCH] Check for ENABLE_MANAGEMENT for ENABLE_CLIENT_CR

[David Sommerseth]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 12/02/12 19:40, i...@novg.net wrote:
> When building a very minimal OpenVPN for OpenWRT with 
> --disable-management among others, the compilaton fails due to 
> ENABLE_CLIENT_CR being defined, although the management interface, 
> which makes use of it, has been disabled.
> 
> The attached simple patch checks for ENABLE_MANAGEMENT before defining
> ENABLE_CLIENT_CR.

Which version are you compiling?  I tried a couple of compile with the
latest version in git (master branch) in combination with
- --disable-management and --enable-small ... And I could not manage to
trigger this one.  Our buildbot (even though, not testing all
combinations) have also not triggered this one.

Could you provide more version information and the configure arguments
you use?


kind regards,

David Sommerseth

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk85AuIACgkQDC186MBRfroHEACfbJfdxCqMM0rp+wqlWx6yxc6F
T+UAnAkQ1T7n0vb4F1cOqxaLTmQyQ4Zh
=Gwvf
-END PGP SIGNATURE-