On 12 Oct 2012, at 1:03 AM, Derek Cole derek.c...@gmail.com wrote:
I installed my_server_cert.pem as a trusted authority in firefox, however, it
still prompts that it is an Untrusted Connection and has the button to add
security exception. When I click this button, I noticed that under
On 12 Oct 2012, at 1:40 AM, Charles Mills charl...@mcn.org wrote:
How do you specify the name (URL) of the Web site in Firefox? Do you use
exactly the same name as you use with the test client (and the name in the
certificate)?
Firefox is saying the certificate is for myserver but you
On 12 Oct 2012, at 3:59 PM, Tom Browder tom.brow...@gmail.com wrote:
I have successfully generated SSL client certs (generated with openssl
1.0.1c) used by Safari, Firefox, and Chrome on Linux and Windows plus
IE 9 on Windows, but I cannot get successful access with either Safari
or Firefox
Hi all,
I understand as per RFC2585 that the MIME type for a CRL is
application/pkix-crl, but I am struggling to figure out whether there is a way
to specify using MIME types and/or content negotiation whether the CRL is PEM
encoded or DER encoded.
Is there a Content-Encoding for PEM
On 27 Oct 2012, at 2:18 PM, Stefan H. Holek ste...@epy.co.at wrote:
I understand as per RFC2585 that the MIME type for a CRL is
application/pkix-crl, but I am struggling to figure out whether there is a
way to specify using MIME types and/or content negotiation whether the CRL
is PEM
Hi all,
I would like to know how long a CRL has until it expires in seconds (or milli
or microseconds, don't care, I can convert), and am struggling to find a
formally supported way to do this.
What I would like to do is return the difference between a given ASN1_TIME and
the current time, or
On 07 Nov 2012, at 3:57 PM, Jakob Bohm jb-open...@wisemo.com wrote:
Look in the code that checks certificates for expiry (during certificate
validation), it probably calls an appropriate subroutine on the expiry
date in the X509 cert.
Already did that, the function you're referring to is
On 07 Nov 2012, at 4:08 PM, Dirk-Willem van Gulik di...@webweaving.org wrote:
The bit of code I stole from x509/x509_vfy.c works for me.
Dw.
if(!(X509_CRL_get_nextUpdate(crl))
return -1;
int i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
if (i
On 07 Nov 2012, at 4:50 PM, Ted Byers r.ted.by...@gmail.com wrote:
Why does it need to be something in openssl?
Ideally because it needs to be as secure as openssl.
I'm after an accurate time duration between two ASN1_TIME values, that is not
dependent on local conditions, or any external
On 16 Nov 2012, at 4:36 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Nov 15, 2012 at 10:41 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Thu, Nov 15, 2012 at 6:03 AM, Pravesh Rai pravesh@gmail.com wrote:
CryptGenRandom(hCryptProv, SEED_SIZE, buf); // On Windows OS
On 16 Nov 2012, at 4:37 PM, PraveenPVS meetpraveen...@gmail.com wrote:
I need to load RSA Public key which is stored in the char buffer. I came
across d2i_RSA_PUBKEY function to do the same (Please correct me if I am
wrong here).
The d2i in the function you're trying to use means from DER
On 19 Apr 2013, at 21:06, Felipe Gasper fel...@felipegasper.com wrote:
What are the big things out there that still don’t have SNI support?
As far as I know:
CentOS 5 (by default)
Android 2.x
original iPhone iPod Touch
IE on WinXP
I’m looking for “major obstacles to
On 17 Aug 2013, at 06:03, Unga unga...@yahoo.com wrote:
My encrypted file is with you. It is encrypted without a salt. I'm scared you
may use a sophisticated system to decrypt it and read the sensitive info. I
use a per file not guessable 150 character password. This password is not
On 07 Sep 2013, at 11:26 PM, Steve Marquess marqu...@opensslfoundation.com
wrote:
Note that Dual EC DRBG is *NOT* used by default and a calling
application must specifically and deliberately enable it; that cannot be
done accidentally. Any application which does so will hopefully be fully
Hi all,
I have a cert, a CA cert, and N intermediate certificates, each in three
separate files. I don't know the value of N during this process.
What I need to do is combine these certs into a P12 file, but crucially I need
to give the cert and the CA cert very specific nicknames for further
Hi all,
In a typical client certificate scenario, you might verify that a certificate
chain is complete, not expired, and trusted by a root certificate. If you were
to choose a way to authorize the certificate over and above the check that the
cert is valid, you might store it's subject in a
Hi all,
I am trying to load the name and value of an X509 extension programmatically
via the API (in other words, the openssl.cnf file isn't being used), and I am
struggling with openssl telling me that the tag doesn't exist.
The extension I want to load has the name keyUsage and value
On 18 Jan 2014, at 4:09 AM, Graham Leggett minf...@sharp.fm wrote:
I am trying to load the name and value of an X509 extension programmatically
via the API (in other words, the openssl.cnf file isn't being used), and I am
struggling with openssl telling me that the tag doesn't exist
On 18 Jan 2014, at 2:25 PM, Dr. Stephen Henson st...@openssl.org wrote:
Have a look at demos/x509/mkcert.c
I eventually found it was as simple as this:
*extension = X509V3_EXT_conf(NULL, NULL, (char *)name, (char *)val);
What threw me was whether it was ok to pass NULL or not (it is).
Hi all,
According to the man page for EVP_BytesToKey, Newer applications should
use more standard algorithms such as PKCS#5 v2.0 for key derivation.
Unfortunately the man page stops there, and doesn't give a clue as to
which openssl function should be used to derive a key in a compliant way.
[EMAIL PROTECTED] wrote:
Does openssl support RFC2898, and if so, what function should I be
looking at?
PKCS5_PBKDF2_HMAC_SHA1()
This function seems to be undocumented:
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
unsigned char *salt, int saltlen, int
Hi all,
I have found an anomaly in the EVP code with an ECB cipher which is
claiming to have an IV length greater than zero.
I am under the understanding that all ECB algorithms should have an IV
size of zero - is that correct?
The gdb trace is shown below - is this a potential bug or am I
Julian wrote:
Never ship a Shared OpenSSL library. Anyone can rebuild it to output the
socket buffer to disk prior to encryption and replace yours.
If someone can do that, you've been owned already, compiling it static
won't make any practical difference.
Regards,
Graham
--
smime.p7s
csross wrote:
I don't know what is the purpose of building openssl shared. I am building
apache with ssl statically built in. What does building a shared openssl
give me?
The ability to upgrade openssl without having to recompile anything else.
Regards,
Graham
--
smime.p7s
Description:
Victor Duchovni wrote:
Because in amost all cases that's exactly the right advice.
The cryptography learning that is sufficient and desirable is from books
such as Applied Cryptography which cover protocols and algorithms
at a high level. Studying the implementation or creating ones own
loody wrote:
Is there sample code or ducument I can realize how to use EVP?
On MacOSX, the normal man pages document the API for EVP*, I assume it
is the same on the other unix environments.
apropos EVP should get you started.
Regards,
Graham
--
smime.p7s
Description: S/MIME
carock wrote:
Can the same process be duplicated without going commercial? I need a
certificate that doesn't use a FQDN for the common name and I haven't found
a commercial one that allows that.
Set up your own CA, and issue your own certificates to your own
requirements. The problem then
carock wrote:
Unfortunately, I'm dealing with an HP Proliant server. Specifically the iLO
interface which is a backend management device embeded in the server.
This device has it's own SSL cert from the factory. With the latest rounds
of updates from Firefox, that browser now complains my
Peter Wilkes wrote:
so we ran this with a 64 bit int and noticed that 128 bits comes out.
can we safely ignore the other 64 bits? why are we getting 128 bits out?
Ciphers generally encrypt data in fixed-width blocks, which means you'll
end up with a final encrypted cyphertext of a multiple of
Tim Ward wrote:
Yes indeed. This is why I often go for commercial software in preference
fo free - it took me a day and a half to get a working Visual Studio
2005 debug DLL built, at a cost to my client of ... er ... well ... none
of anyone else's business really, but lots more than any
Kenneth Goldman wrote:
1 - Reading the source is only as reliable as the skill of the reader and
the comments in the code. I'd rather have the answers than a research
project.
So would I. But far too often, in code of all kinds, this documentation
doesn't exist. As an investor I would far
Randy Turner wrote:
As an investor, I would rather have my coders use a product with
documentation to make progress
on the actual goals of the product, rather than reverse-engineer the
information they're trying to look for.
Obviously, as I already stated below:
So would I.
Regards,
Sebastián Treu wrote:
are thes equivalent to each others? or should I use the openssl
toolkit? I ask this cause sha1sum results are 41 bytes long. the
SHA-1() doc says 20bytes for output.
Check whether the binary sha1 hashes are being encoded along the way. A
common way to encode sha1 hashes
Hi all,
I am currently struggling to get to the bottom of a problem verifying
a PKCS7 message, and before I can make any headway, I need access to
the error message.
The error message I am getting is this:
error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error
which, given
On 07 Mar 2010, at 12:13 AM, Graham Leggett wrote:
Can anyone tell me what function I should be using to retrieve the
error saved by ERR_add_error_data()?
After some reverse engineering, it turns out ERR_get_error_line_data()
does the trick. It was the file and line parameters that threw
Hi all,
Now that I have my full error message, the problem I have is that the
verification is failing because the certificate has expired:
error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:
Verify error:certificate has expired
The error message is correct - the
On 2010/03/20 6:55 PM, Nuno Gonçalves wrote:
Questions:
Is normal that firefox hangs when it doesn't have a valid certificate
to provide?
Openssl output looks OK?(or the error in the end is a exception?)
I am not 100% sure of the details, but I do recall a hang being a
symptom of using a
Hi all,
I am trying to load a CRL, and currently my options seem to be
choosing one of the following:
X509_STORE_add_lookup(certstore, X509_LOOKUP_hash_dir())
X509_STORE_add_lookup(certstore, X509_LOOKUP_file())
The dilemma I face is that I need to do this in a non blocking fashion
in an
On 21 Jan 2011, at 7:20 PM, Dr. Stephen Henson wrote:
You can read the CRL into an X509_CRL stucture using d2i_X509_CRL()
or the
PEM functions using a memory BIO.
Once you have the X509_CRL structure you can add the CRL with
X509_STORE_add_crl().
When reading a CRL in a directory, is it
On 20 Mar 2011, at 9:35 PM, Victor Duchovni wrote:
What's the obstacle to a global variable that is initialized once and
never changes? You also only need to call:
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
once, ... so there needs to be some once-only code in your
On 06 May 2011, at 9:23 PM, derleader mail wrote:
Can you show us the source code. Paste it into pastebin.org.
We do non blocking SSL by accepting the socket in the normal way
(using accept, not SSL_accept), and then wrapping the socket in a BIO
like this:
BIO *sbio =
Hi all,
I have some openssl code that creates a certificate based on a SPKAC, and then
attempts to send the certificate back to the browser. This works fine in
Firefox, but doesn't working in Safari, or at least it does work, except that
Safari doesn't recognise the MIME type of the
Hi all,
I have a need to encrypt a block of text (a cookie) in such a way that the
contents of the cookie can be protected[1] if and when the cookie is
stolen in transit.
I would like to use EVP_EncryptInit and friends to do this, and this
function requires that I provide a key and iv to be used
Hi all,
The SSL_CTX_use_PrivateKey_file() and SSL_CTX_use_certificate_file()
allow you to assign a key and cert respectively to an SSL_CTX.
I have been hunting for a while, and I have as yet not found the
opposite functions, to extract the cert and key from an SSL_CTX.
Am I missing
On Wed, November 21, 2007 2:39 pm, Lidia Fernández wrote:
I have to encrypt a file in c with openssl and then i have to decrypt in
Java.
In Java i use to decrypt the algorithm
Cipher cipher = Cipher.getInstance(DES/ECB/PKCS5Padding);
With OpenSSL i use
openssl enc -a -des-ecb -in
Hi all,
Is there a function in OpenSSL that is capable of listing the possible
ciphers that are supported by EVP_get_cipher_byname()?
Regards,
Graham
--
__
OpenSSL Project http://www.openssl.org
Hi all,
While trying to install v0.9.7e of openssl on a Solaris v2.8 machine, the
build completes fine, but it bombs out during make install as below.
Google has found two other questions on mailing lists about this problem
(one on NetBSD, one on Irix) but these questions were never answered. One
Clemens Chiba said:
I use Winsocks and OpenSSL in a client application which simulates
HTTPS request, and it works fine as long as I don't use a proxy
(proxy name/port same as host name/port).
But if I set a proxy it does not work anymore. This is clear
because the proxy does not know where
Hi all,
Is it possible to compile openssl v0.9.5a as a shared library under
Solaris v2.6?
The default compilation builds static libs only. There does not seem to
be any mention of shared library support anywhere in any of the build
docs, and the standard --enable-shared doesn't work.
Any
Hi all,
After the make install step after compiling v0.9.6 beta 1 of OpenSSL, my
/usr/local/ssl/lib directory looked like this:
[3:22pm] root@dsnstar:/opt/local/ssl/lib# ls -al
total 15364
drwxr-xr-x 2 root other512 Sep 15 15:21 ./
drwxr-xr-x 9 root other512 Sep 15
On 13 Apr 2014, at 12:25 PM, Hanno Böck ha...@hboeck.de wrote:
I wasn't really sure where to ask this, but I think this list is
appropriate.
While having read so much about heartbleed, one question stays
unanswered for me all the time:
What's the use of this heartbeat extension? I mean not
On 13 Apr 2014, at 2:04 PM, Michael Ströder mich...@stroeder.com wrote:
No, it does *not* answer the question.
The question was: Who is currently using it?
Just to clarify any possible confusion, whether or not a piece of software
actively uses the heartbeat makes no difference to the bug,
On 23 Apr 2014, at 2:23 PM, Kaushal Shriyan kaushalshri...@gmail.com wrote:
I am new to SSL/TLS Certificates. Please help me understand what is the
difference between ROOT CA Certs and Intermediate Certs or Chain Certs. I
will appreciate if i can refer to some books or tutorials to know
Hi all,
In the HLS protocol[1], there is the option of serving encrypted data protected
by a simple symmetrical key and AES-128. The symmetrical key is served to the
client over a secure connection, and the data is then retrieved separately over
a probably-insecure-but-cacheable connection and
Hi all,
Looking at the headers in the FIPS module of openssl, I see none of the
EVP_Encrypt* functions are available. Am I assuming correctly that no
symmetrical encryption is possible at all in FIPS mode?
Regards,
Graham
—
Hi all,
Can anyone confirm the order in which certs are returned by
SSL_get_peer_cert_chain()?
Regards,
Graham
—
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hi all,
I have a need to parse the first incoming hello packet on an incoming TLS
connection and based on the presence (or absence) of the SNI header, choose to
pass the connection through to another server.
What openssl functions should I be looking at to do this?
Regards,
Graham
—
On 28 Oct 2014, at 1:30 PM, Florian Weimer f...@deneb.enyo.de wrote:
* Graham Leggett:
I have a need to parse the first incoming hello packet on an
incoming TLS connection and based on the presence (or absence) of
the SNI header, choose to pass the connection through to another
server
Hi all,
I just tried out the most recent version of freeradius (v3.0.7), and it failed
to start up with the following message:
Thu Mar 5 11:12:33 2015 : Info: Debugger not attached
Thu Mar 5 11:12:33 2015 : Error: Refusing to start with libssl version OpenSSL
1.0.1e-fips 11 Feb 2013
On 22 Feb 2015, at 11:22 PM, Tinker ti...@openmailbox.org wrote:
I need your authoritative answer on the following question.
[snip stuff that is too long]
You are totally overthinking this.
The SSL protocol involves negotiation, during which the sender and the receiver
exchange data with
On 21 Feb 2015, at 12:58 PM, Serj Rakitov ra...@yandex.com wrote:
I set socket to non-blocking mode.
1. If I do SSL_read() and get result =0 and then SSL_get_error() returns
SSL_ERROR_WANT_WRITE what must I to do?
Is it enough to call SSL_write(ssl,0,0) one time and then again call
On 04 Apr 2015, at 9:46 PM, Michael Clark mich...@metaparadigm.com wrote:
I am having an issue where the server crashes on subsequent connections
*if* I close the connection file descriptor. See the note in
openssl_async_echo_server.cc on line 239. If I leak a file descriptor
and the next
On 3 Sep 2015, at 19:23, Viktor Dukhovni wrote:
> Cat those files into /dev/urandom or /dev/random. That'll mix them
> into the system's entropy pool. Then generate keys as usual from
> /dev/urandom.
I have used a deck of playing cards as a source of entropy, saved
Hi all,
I am trying to use “openssl verify” as a sanity check to determine whether a
set of certificates are sane and valid in a script that issues (or reissues)
the certificates, and I’m struggling with the output of the “openssl verify”
command.
This is output I get while verifying three
Hi all,
I am having a problem where an iPhone running iOS v9.3.3 is attempting to
connect to httpd+openssl on CentOS7 and suddenly failing when this used to work
in the past.
The client (iOS) seems to believe the SSL handshake is successful, and so
attempts to send some application data. The
On 14 Nov 2017, at 12:00 PM, mahesh gs wrote:
> We have application that provide DTLS security for SCTP connections. During
> our testing we found that API "SSL_connect " fail and always returns
> SSL_ERROR_WANT_READ which causes infinite loop in the application.
Are you
On 09 Nov 2017, at 4:17 AM, Michael Wojcik
wrote:
>> New, (NONE), Cipher is (NONE)
>> SSL-Session:
>>Protocol : TLSv1.2
>>Cipher:
>
> Yeah. TLSv1.2, no cipher. My guess is the server is allowing the 1.2 protocol
> level but not supporting any
On 09 Nov 2017, at 2:57 PM, Michael Wojcik
wrote:
>> This is openssl v1.0.1f (ubuntu xenial) talking to openssl v1.0.1f (ubuntu
>> xenial), although
>> trying openssl as shipped by MacOS Sierra on the client side gives the same
>> result.
>
> At least prior to
Hi all,
I am having quite a time trying to get postgresql v9.5 to talk over SSL on
Ubuntu Xenial, running openssl v1.0.1f. Previously my setup was Ubuntu Trusty,
and this works fine.
The questions I have based on the info below:
- It is the openssl s_client side that is triggering the
On 24 Jul 2018, at 18:06, Viktor Dukhovni wrote:
>> Or is it correct in v1.1.0 and above to just not initialise anything at all,
>> not clean anything up at all, and expect openssl to “do the right thing”
>> when mod_ssl is unloaded?
>
> Yes. And *especially* when the code that depends on
Hi all,
Over at httpd we’re struggling with crashes and instability caused by attempts
by various independent libraries we link to, all of which in turn link to
openssl, initialising openssl multiple times. In turn these separate libraries
might de-initialise openssl on shutdown expecting a
On 24 Jul 2018, at 12:15, Graham Leggett wrote:
> Over at httpd we’re struggling with crashes and instability caused by
> attempts by various independent libraries we link to, all of which in turn
> link to openssl, initialising openssl multiple times. In turn these separate
> lib
On 19 Mar 2019, at 18:00, Viktor Dukhovni wrote
:
> Well, the *standard* structure for passing around just the unsigned
> data underlying a CSR (X509_REQ), is a CertificationRequestInfo
> (X509_REQ_INFO). So if the modules are to use *standard* structures
> to communicate. The object being
Hi all,
While porting some code across from RHEL6 (openssl-1.0.1e-42) to RHEL7
(openssl-1.0.2k-16), I am getting the failure below where previously the code
worked.
The code creates an X509_REQ, populates it, and then passes this to a module.
Before passing it to the module, the structure is
On 18 Mar 2019, at 18:49, Viktor Dukhovni wrote:
> A mandatory part of the CSR is missing. It is malformed.
Some further digging shows the CSR is indeed malformed - the old openssl code
created a CSR like this:
507:d=2 hl=2 l= 1 prim: OBJECT:itu-t
while the new openssl code
On 18 Mar 2019, at 22:27, Viktor Dukhovni wrote:
>> (Even in the 1.1 API, where they are opaque, i2d_re_X509_REQ_tbs will encode
>> a given X509_REQ's X509_REQ_INFO for you.)
>
> Yes, i2d_re_X509_REQ_tbs is the key function for constructing the
> "to be signed" (tbs) request:
>
> int
On 18 Mar 2019, at 22:02, Dave Coombs wrote:
>> This makes sense - however there don’t appear to be any APIs in openssl that
>> allow you to manipulate a X509_REQ_INFO structure. I can create it, and
>> encode/decode it, but there is no X509_REQ_INFO_get_subject_name() (or
>> friends) to
On 19 Mar 2019, at 03:22, Viktor Dukhovni wrote:
>> On Mar 18, 2019, at 8:22 PM, Graham Leggett wrote:
>>
>> How would I decode the X509_REQ_INFO structure on the other side, turning it
>> back into X509_REQ?
>
> The function returns the DER form of the CRI, w
On 18 Mar 2019, at 04:55, Viktor Dukhovni wrote:
> On Mon, Mar 18, 2019 at 01:06:19AM +0200, Graham Leggett wrote:
>
>> [root@localhost ~]# openssl req -in req.bin -inform der
>> unable to load X509 request
>> 139903756527504:error:0D0C40D8:asn1 encoding
>> ro
On 18 Mar 2019, at 12:51, Graham Leggett wrote:
>> which has a non-zero length signature algorithm OID (l = 9). Your
>> example has "l=0" where one would expect the signature OID after
>> the extensions.
>
> How do I fix openssl to parse this as it did
Hi all,
I am currently reviewing the shutdown behaviour in both httpd’s mod_ssl and
apr’s apr-crypto-openssl modules.
Am I right in understanding that from openssl v1.1.0 and upwards, all the
following calls are no longer necessary, will be called automatically atexit by
the openssl library,
On 14 Jun 2019, at 09:41, Matt Caswell wrote:
> Correct. *All* of the above calls are no-ops in 1.1.0+, e.g:
>
> # define EVP_cleanup() while(0) continue
>
> There are one or two caveats around auto-init and auto-deinit of the library.
> The documentation for it is here:
>
>
Hi all,
I have a WIndows 10 system with a smartcard attached to it.
Firefox+Smartcard works great.
Edge using the smartcard to the same site returns the following:
[Fri Aug 02 13:47:43.238262 2019] [ssl:info] [pid 20742:tid 139771397486336]
SSL Library Error: error:0407006A:rsa
On 04 Aug 2019, at 01:56, Viktor Dukhovni wrote:
> An RSA signature verification operation (block type 01) failed,
> typically because the public used to check the signature does
> not match the private key used to sign the data.
Thanks for confirming this.
> Is this a server-side log or a
Hi all,
I am trying to create a "Degenerate certificates-only CMS Signed-Data” using
openssl openssl-1.1.1c (from CentOS8) as described by
https://tools.ietf.org/html/draft-gutmann-scep-15#section-3.4, and in the
process I am getting the entry "Error: Object has zero length” in the PKCS7
Hi all,
According to the manpage at
https://www.openssl.org/docs/man1.1.0/man3/BIO_s_file.html the macro BIO_tell()
casts to int:
/opt/local/include//openssl/bio.h:# define BIO_tell(b)
(int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
What happens if the file being parsed is larger than can fit in
Hi all,
While running code that calls X509_verify_cert(), the trusted root certificates
(“BEGIN TRUSTED CERTIFICATE”) loaded into the verification are failing
verification with “certificate rejected”:
2: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE: verify failed:
certificate
Hi all,
The ENGINE API is deprecated in favour of the new Provider API.
What is the provider equivalent function that replaces
ENGINE_load_private_key()?
Regards,
Graham
—
On 13 Dec 2021, at 12:15, Tomas Mraz wrote:
> One option would be for a provider to provide provider-storemgmt
> implementation to load a key from its special URI. You'd then use
> OSSL_STORE from the application to load a private key from that special
> URI.
>
> Another, rather simplistic,
Hi all,
When the openssl interactive mode was still possible, you could set up an
engine and then use it as follows:
OpenSSL> engine -t dynamic -pre
SO_PATH:/usr/lib64/openssl/engines/engine_pkcs11.so -pre ID:pkcs11 -pre
LIST_ADD:1 -pre LOAD -pre
90 matches
Mail list logo