espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-02 20:24:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/esp_https_ota_heap_failure' into 'master'

Browse Source 
HTTPS OTA: Removed unnecessary free()

See merge request idf/esp-idf!5048
This commit is contained in:
Angus Gratton
2019-06-26 09:03:16 +08:00
parent af430adb34 a2b5a93881
commit ba94bbf1f8
11 changed files with 245 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
components/esp_http_client/esp_http_client.c
View File

@@ -506,6 +506,10 @@ esp_http_client_handle_t esp_http_client_init(const esp_http_client_config_t *co
if (config->client_key_pem) { if (config->client_key_pem) {
esp_transport_ssl_set_client_key_data(ssl, config->client_key_pem, strlen(config->client_key_pem)); esp_transport_ssl_set_client_key_data(ssl, config->client_key_pem, strlen(config->client_key_pem));
} }
if (config->skip_cert_common_name_check) {
esp_transport_ssl_skip_common_name_check(ssl);
}
#endif #endif
if (_set_config(client, config) != ESP_OK) { if (_set_config(client, config) != ESP_OK) {

1
components/esp_http_client/include/esp_http_client.h
View File

@@ -120,6 +120,7 @@ typedef struct {
void *user_data; /*!< HTTP user_data context */ void *user_data; /*!< HTTP user_data context */
bool is_async; /*!< Set asynchronous mode, only supported with HTTPS for now */ bool is_async; /*!< Set asynchronous mode, only supported with HTTPS for now */
bool use_global_ca_store; /*!< Use a global ca_store for all the connections in which this bool is set. */ bool use_global_ca_store; /*!< Use a global ca_store for all the connections in which this bool is set. */
bool skip_cert_common_name_check; /*!< Skip any validation of server certificate CN field */
} esp_http_client_config_t; } esp_http_client_config_t;
/** /**

1
components/esp_https_ota/include/esp_https_ota.h
View File

@@ -70,6 +70,7 @@ esp_err_t esp_https_ota(const esp_http_client_config_t *config);
* completion of OTA operation or on failure in subsequent operations. * completion of OTA operation or on failure in subsequent operations.
* This API supports URL redirection, but if CA cert of URLs differ then it * This API supports URL redirection, but if CA cert of URLs differ then it
* should be appended to `cert_pem` member of `http_config`, which is a part of `ota_config`. * should be appended to `cert_pem` member of `http_config`, which is a part of `ota_config`.
* In case of error, this API explicitly sets `handle` to NULL.
* *
* @param[in] ota_config pointer to esp_https_ota_config_t structure * @param[in] ota_config pointer to esp_https_ota_config_t structure
* @param[out] handle pointer to an allocated data of type `esp_https_ota_handle_t` * @param[out] handle pointer to an allocated data of type `esp_https_ota_handle_t`

18
components/esp_https_ota/src/esp_https_ota.c
View File

@@ -126,14 +126,19 @@ static esp_err_t _ota_write(esp_https_ota_t *https_ota_handle, const void *buffe
esp_err_t esp_https_ota_begin(esp_https_ota_config_t *ota_config, esp_https_ota_handle_t *handle) esp_err_t esp_https_ota_begin(esp_https_ota_config_t *ota_config, esp_https_ota_handle_t *handle)
{ {
esp_err_t err; esp_err_t err;
if (handle == NULL || ota_config == NULL || ota_config->http_config == NULL) { if (handle == NULL || ota_config == NULL || ota_config->http_config == NULL) {
ESP_LOGE(TAG, "esp_https_ota_begin: Invalid argument"); ESP_LOGE(TAG, "esp_https_ota_begin: Invalid argument");
if (handle) {
*handle = NULL;
}
return ESP_ERR_INVALID_ARG; return ESP_ERR_INVALID_ARG;
} }
#if !CONFIG_OTA_ALLOW_HTTP #if !CONFIG_OTA_ALLOW_HTTP
if (!ota_config->http_config->cert_pem) { if (!ota_config->http_config->cert_pem) {
ESP_LOGE(TAG, "Server certificate not found in esp_http_client config"); ESP_LOGE(TAG, "Server certificate not found in esp_http_client config");
*handle = NULL;
return ESP_ERR_INVALID_ARG; return ESP_ERR_INVALID_ARG;
} }
#endif #endif
@@ -141,6 +146,7 @@ esp_err_t esp_https_ota_begin(esp_https_ota_config_t *ota_config, esp_https_ota_
esp_https_ota_t *https_ota_handle = calloc(1, sizeof(esp_https_ota_t)); esp_https_ota_t *https_ota_handle = calloc(1, sizeof(esp_https_ota_t));
if (!https_ota_handle) { if (!https_ota_handle) {
ESP_LOGE(TAG, "Couldn't allocate memory to upgrade data buffer"); ESP_LOGE(TAG, "Couldn't allocate memory to upgrade data buffer");
*handle = NULL;
return ESP_ERR_NO_MEM; return ESP_ERR_NO_MEM;
} }
@@ -188,6 +194,7 @@ http_cleanup:
_http_cleanup(https_ota_handle->http_client); _http_cleanup(https_ota_handle->http_client);
failure: failure:
free(https_ota_handle); free(https_ota_handle);
*handle = NULL;
return err; return err;
} }
@@ -286,9 +293,12 @@ esp_err_t esp_https_ota_finish(esp_https_ota_handle_t https_ota_handle)
err = esp_ota_end(handle->update_handle); err = esp_ota_end(handle->update_handle);
/* falls through */ /* falls through */
case ESP_HTTPS_OTA_BEGIN: case ESP_HTTPS_OTA_BEGIN:
free(handle->ota_upgrade_buf); if (handle->ota_upgrade_buf) {
_http_cleanup(handle->http_client); free(handle->ota_upgrade_buf);
free(handle); }
if (handle->http_client) {
_http_cleanup(handle->http_client);
}
break; break;
default: default:
ESP_LOGE(TAG, "Invalid ESP HTTPS OTA State"); ESP_LOGE(TAG, "Invalid ESP HTTPS OTA State");
@@ -301,6 +311,7 @@ esp_err_t esp_https_ota_finish(esp_https_ota_handle_t https_ota_handle)
ESP_LOGE(TAG, "esp_ota_set_boot_partition failed! err=0x%d", err); ESP_LOGE(TAG, "esp_ota_set_boot_partition failed! err=0x%d", err);
} }
} }
free(handle);
return err; return err;
} }
@@ -341,7 +352,6 @@ esp_err_t esp_https_ota(const esp_http_client_config_t *config)
} }
esp_err_t ota_finish_err = esp_https_ota_finish(https_ota_handle); esp_err_t ota_finish_err = esp_https_ota_finish(https_ota_handle);
free(https_ota_handle);
if (err != ESP_OK) { if (err != ESP_OK) {
/* If there was an error in esp_https_ota_perform(), /* If there was an error in esp_https_ota_perform(),
then it is given more precedence than error in esp_https_ota_finish() then it is given more precedence than error in esp_https_ota_finish()

9
components/tcp_transport/include/esp_transport_ssl.h
View File

@@ -69,6 +69,15 @@ void esp_transport_ssl_set_client_cert_data(esp_transport_handle_t t, const char
*/ */
void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len); void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len);
/**
* @brief Skip validation of certificate's common name field
*
* @note Skipping CN validation is not recommended
*
* @param t ssl transport
*/
void esp_transport_ssl_skip_common_name_check(esp_transport_handle_t t);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

8
components/tcp_transport/transport_ssl.c
View File

@@ -192,6 +192,14 @@ void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char
} }
} }
void esp_transport_ssl_skip_common_name_check(esp_transport_handle_t t)
{
transport_ssl_t *ssl = esp_transport_get_context_data(t);
if (t && ssl) {
ssl->cfg.skip_common_name = true;
}
}
esp_transport_handle_t esp_transport_ssl_init() esp_transport_handle_t esp_transport_ssl_init()
{ {
esp_transport_handle_t t = esp_transport_init(); esp_transport_handle_t t = esp_transport_init();

146
examples/system/ota/simple_ota_example/example_test.py Normal file
View File

@@ -0,0 +1,146 @@
import re
import os
import sys
import socket
import BaseHTTPServer
import SimpleHTTPServer
from threading import Thread
import ssl
try:
import IDF
except ImportError:
# this is a test case write with tiny-test-fw.
# to run test cases outside tiny-test-fw,
# we need to set environment variable `TEST_FW_PATH`,
# then get and insert `TEST_FW_PATH` to sys path before import FW module
test_fw_path = os.getenv("TEST_FW_PATH")
if test_fw_path and test_fw_path not in sys.path:
sys.path.insert(0, test_fw_path)
import IDF
import DUT
server_cert = "-----BEGIN CERTIFICATE-----\n" \
"MIIDXTCCAkWgAwIBAgIJAP4LF7E72HakMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n"\
"BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"\
"aWRnaXRzIFB0eSBMdGQwHhcNMTkwNjA3MDk1OTE2WhcNMjAwNjA2MDk1OTE2WjBF\n"\
"MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"\
"ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"\
"CgKCAQEAlzfCyv3mIv7TlLkObxunKfCdrJ/zgdANrsx0RBtpEPhV560hWJ0fEin0\n"\
"nIOMpJSiF9E6QsPdr6Q+eogH4XnOMU9JE+iG743N1dPfGEzJvRlyct/Ck8SswKPC\n"\
"9+VXsnOdZmUw9y/xtANbURA/TspvPzz3Avv382ffffrJGh7ooOmaZSCZFlSYHLZA\n"\
"w/XlRr0sSRbLpFGY0gXjaAV8iHHiPDYLy4kZOepjV9U51xi+IGsL4w75zuMgsHyF\n"\
"3nJeGYHgtGVBrkL0ZKG5udY0wcBjysjubDJC4iSlNiq2HD3fhs7j6CZddV2v845M\n"\
"lVKNxP0kO4Uj4D8r+5USWC8JKfAwxQIDAQABo1AwTjAdBgNVHQ4EFgQU6OE7ssfY\n"\
"IIPTDThiUoofUpsD5NwwHwYDVR0jBBgwFoAU6OE7ssfYIIPTDThiUoofUpsD5Nww\n"\
"DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAXIlHS/FJWfmcinUAxyBd\n"\
"/xd5Lu8ykeru6oaUCci+Vk9lyoMMES7lQ+b/00d5x7AcTawkTil9EWpBTPTOTraA\n"\
"lzJMQhNKmSLk0iIoTtAJtSZgUSpIIozqK6lenxQQDsHbXKU6h+u9H6KZE8YcjsFl\n"\
"6vL7sw9BVotw/VxfgjQ5OSGLgoLrdVT0z5C2qOuwOgz1c7jNiJhtMdwN+cOtnJp2\n"\
"fuBgEYyE3eeuWogvkWoDcIA8r17Ixzkpq2oJsdvZcHZPIZShPKW2SHUsl98KDemu\n"\
"y0pQyExmQUbwKE4vbFb9XuWCcL9XaOHQytyszt2DeD67AipvoBwVU7/LBOvqnsmy\n"\
"hA==\n"\
"-----END CERTIFICATE-----\n"
server_key = "-----BEGIN PRIVATE KEY-----\n"\
"MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCXN8LK/eYi/tOU\n"\
"uQ5vG6cp8J2sn/OB0A2uzHREG2kQ+FXnrSFYnR8SKfScg4yklKIX0TpCw92vpD56\n"\
"iAfhec4xT0kT6Ibvjc3V098YTMm9GXJy38KTxKzAo8L35Veyc51mZTD3L/G0A1tR\n"\
"ED9Oym8/PPcC+/fzZ999+skaHuig6ZplIJkWVJgctkDD9eVGvSxJFsukUZjSBeNo\n"\
"BXyIceI8NgvLiRk56mNX1TnXGL4gawvjDvnO4yCwfIXecl4ZgeC0ZUGuQvRkobm5\n"\
"1jTBwGPKyO5sMkLiJKU2KrYcPd+GzuPoJl11Xa/zjkyVUo3E/SQ7hSPgPyv7lRJY\n"\
"Lwkp8DDFAgMBAAECggEAfBhAfQE7mUByNbxgAgI5fot9eaqR1Nf+QpJ6X2H3KPwC\n"\
"02sa0HOwieFwYfj6tB1doBoNq7i89mTc+QUlIn4pHgIowHO0OGawomeKz5BEhjCZ\n"\
"4XeLYGSoODary2+kNkf2xY8JTfFEcyvGBpJEwc4S2VyYgRRx+IgnumTSH+N5mIKZ\n"\
"SXWNdZIuHEmkwod+rPRXs6/r+PH0eVW6WfpINEbr4zVAGXJx2zXQwd2cuV1GTJWh\n"\
"cPVOXLu+XJ9im9B370cYN6GqUnR3fui13urYbnWnEf3syvoH/zuZkyrVChauoFf8\n"\
"8EGb74/HhXK7Q2s8NRakx2c7OxQifCbcy03liUMmyQKBgQDFAob5B/66N4Q2cq/N\n"\
"MWPf98kYBYoLaeEOhEJhLQlKk0pIFCTmtpmUbpoEes2kCUbH7RwczpYko8tlKyoB\n"\
"6Fn6RY4zQQ64KZJI6kQVsjkYpcP/ihnOY6rbds+3yyv+4uPX7Eh9sYZwZMggE19M\n"\
"CkFHkwAjiwqhiiSlUxe20sWmowKBgQDEfx4lxuFzA1PBPeZKGVBTxYPQf+DSLCre\n"\
"ZFg3ZmrxbCjRq1O7Lra4FXWD3dmRq7NDk79JofoW50yD8wD7I0B7opdDfXD2idO8\n"\
"0dBnWUKDr2CAXyoLEINce9kJPbx4kFBQRN9PiGF7VkDQxeQ3kfS8CvcErpTKCOdy\n"\
"5wOwBTwJdwKBgDiTFTeGeDv5nVoVbS67tDao7XKchJvqd9q3WGiXikeELJyuTDqE\n"\
"zW22pTwMF+m3UEAxcxVCrhMvhkUzNAkANHaOatuFHzj7lyqhO5QPbh4J3FMR0X9X\n"\
"V8VWRSg+jA/SECP9koOl6zlzd5Tee0tW1pA7QpryXscs6IEhb3ns5R2JAoGAIkzO\n"\
"RmnhEOKTzDex611f2D+yMsMfy5BKK2f4vjLymBH5TiBKDXKqEpgsW0huoi8Gq9Uu\n"\
"nvvXXAgkIyRYF36f0vUe0nkjLuYAQAWgC2pZYgNLJR13iVbol0xHJoXQUHtgiaJ8\n"\
"GLYFzjHQPqFMpSalQe3oELko39uOC1CoJCHFySECgYBeycUnRBikCO2n8DNhY4Eg\n"\
"9Y3oxcssRt6ea5BZwgW2eAYi7/XqKkmxoSoOykUt3MJx9+EkkrL17bxFSpkj1tvL\n"\
"qvxn7egtsKjjgGNAxwXC4MwCvhveyUQQxtQb8AqGrGqo4jEEN0L15cnP38i2x1Uo\n"\
"muhfskWf4MABV0yTUaKcGg==\n"\
"-----END PRIVATE KEY-----\n"
def get_my_ip():
s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s1.connect(("8.8.8.8", 80))
my_ip = s1.getsockname()[0]
s1.close()
return my_ip
def start_https_server(ota_image_dir, server_ip, server_port):
# parser = argparse.ArgumentParser()
# parser.add_argument('-p', '--port', dest='port', type= int,
# help= "Server Port", default= 8000)
# args = parser.parse_args()
os.chdir(ota_image_dir)
server_file = os.path.join(ota_image_dir, "server_cert.pem")
cert_file_handle = open(server_file, "w+")
cert_file_handle.write(server_cert)
cert_file_handle.close()
key_file = os.path.join(ota_image_dir, "server_key.pem")
key_file_handle = open("server_key.pem", "w+")
key_file_handle.write(server_key)
key_file_handle.close()
httpd = BaseHTTPServer.HTTPServer((server_ip, server_port),
SimpleHTTPServer.SimpleHTTPRequestHandler)
httpd.socket = ssl.wrap_socket(httpd.socket,
keyfile=key_file,
certfile=server_file, server_side=True)
httpd.serve_forever()
@IDF.idf_example_test(env_tag="Example_WIFI")
def test_examples_protocol_simple_ota_example(env, extra_data):
"""
steps: |
1. join AP
2. Fetch OTA image over HTTPS
3. Reboot with the new OTA image
"""
dut1 = env.get_dut("simple_ota_example", "examples/system/ota/simple_ota_example")
# check and log bin size
binary_file = os.path.join(dut1.app.binary_path, "simple_ota.bin")
bin_size = os.path.getsize(binary_file)
IDF.log_performance("simple_ota_bin_size", "{}KB".format(bin_size // 1024))
IDF.check_performance("simple_ota_bin_size", bin_size // 1024)
# start test
host_ip = get_my_ip()
thread1 = Thread(target=start_https_server, args=(dut1.app.binary_path, host_ip, 8000))
thread1.daemon = True
thread1.start()
dut1.start_app()
dut1.expect("Loaded app from partition at offset 0x10000", timeout=30)
try:
ip_address = dut1.expect(re.compile(r" sta ip: ([^,]+),"), timeout=30)
print("Connected to AP with IP: {}".format(ip_address))
except DUT.ExpectTimeout:
raise ValueError('ENV_TEST_FAILURE: Cannot connect to AP')
thread1.close()
dut1.expect("Starting OTA example", timeout=30)
print("writing to device: {}".format("https://" + host_ip + ":8000/simple_ota.bin"))
dut1.write("https://" + host_ip + ":8000/simple_ota.bin")
dut1.expect("Loaded app from partition at offset 0x110000", timeout=60)
dut1.expect("Starting OTA example", timeout=30)
if __name__ == '__main__':
test_examples_protocol_simple_ota_example()

18
examples/system/ota/simple_ota_example/main/Kconfig.projbuild
View File

@@ -1,8 +1,20 @@
menu "Example Configuration" menu "Example Configuration"
config EXAMPLE_FIRMWARE_UPGRADE_URL config EXAMPLE_FIRMWARE_UPGRADE_URL
string "Firmware Upgrade URL" string "firmware upgrade url endpoint"
default "https://192.168.2.106:8070/hello-world.bin" default "https://192.168.0.3:8070/hello-world.bin"
help help
URL of server which hosts the firmware image. URL of server which hosts the firmware
image.
config EXAMPLE_FIRMWARE_UPGRADE_URL_FROM_STDIN
bool
default y if EXAMPLE_FIRMWARE_UPGRADE_URL = "FROM_STDIN"
config EXAMPLE_SKIP_COMMON_NAME_CHECK
bool "Skip server certificate CN fieldcheck"
default n
help
This allows you to skip the validation of OTA server certificate CN field.
endmenu endmenu

24
examples/system/ota/simple_ota_example/main/simple_ota_example.c
View File

@@ -15,6 +15,9 @@
#include "esp_ota_ops.h" #include "esp_ota_ops.h"
#include "esp_http_client.h" #include "esp_http_client.h"
#include "esp_https_ota.h" #include "esp_https_ota.h"
#include "protocol_examples_common.h"
#include "string.h"
#include "nvs.h" #include "nvs.h"
#include "nvs_flash.h" #include "nvs_flash.h"
#include "protocol_examples_common.h" #include "protocol_examples_common.h"
@@ -23,6 +26,8 @@ static const char *TAG = "simple_ota_example";
extern const uint8_t server_cert_pem_start[] asm("_binary_ca_cert_pem_start"); extern const uint8_t server_cert_pem_start[] asm("_binary_ca_cert_pem_start");
extern const uint8_t server_cert_pem_end[] asm("_binary_ca_cert_pem_end"); extern const uint8_t server_cert_pem_end[] asm("_binary_ca_cert_pem_end");
#define OTA_URL_SIZE 256
esp_err_t _http_event_handler(esp_http_client_event_t *evt) esp_err_t _http_event_handler(esp_http_client_event_t *evt)
{ {
switch (evt->event_id) { switch (evt->event_id) {
@@ -60,6 +65,25 @@ void simple_ota_example_task(void *pvParameter)
.cert_pem = (char *)server_cert_pem_start, .cert_pem = (char *)server_cert_pem_start,
.event_handler = _http_event_handler, .event_handler = _http_event_handler,
}; };
#ifdef CONFIG_EXAMPLE_FIRMWARE_UPGRADE_URL_FROM_STDIN
char url_buf[OTA_URL_SIZE];
if (strcmp(config.url, "FROM_STDIN") == 0) {
example_configure_stdin_stdout();
fgets(url_buf, OTA_URL_SIZE, stdin);
int len = strlen(url_buf);
url_buf[len - 1] = '\0';
config.url = url_buf;
} else {
ESP_LOGE(TAG, "Configuration mismatch: wrong firmware upgrade image url");
abort();
}
#endif
#ifdef CONFIG_EXAMPLE_SKIP_COMMON_NAME_CHECK
config.skip_cert_common_name_check = true;
#endif
esp_err_t ret = esp_https_ota(&config); esp_err_t ret = esp_https_ota(&config);
if (ret == ESP_OK) { if (ret == ESP_OK) {
esp_restart(); esp_restart();

2
examples/system/ota/simple_ota_example/sdkconfig.ci Normal file
View File

@@ -0,0 +1,2 @@
CONFIG_EXAMPLE_FIRMWARE_UPGRADE_URL="FROM_STDIN"
CONFIG_EXAMPLE_SKIP_COMMON_NAME_CHECK=y

21
examples/system/ota/simple_ota_example/server_certs/ca_cert.pem
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAP4LF7E72HakMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTkwNjA3MDk1OTE2WhcNMjAwNjA2MDk1OTE2WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAlzfCyv3mIv7TlLkObxunKfCdrJ/zgdANrsx0RBtpEPhV560hWJ0fEin0
nIOMpJSiF9E6QsPdr6Q+eogH4XnOMU9JE+iG743N1dPfGEzJvRlyct/Ck8SswKPC
9+VXsnOdZmUw9y/xtANbURA/TspvPzz3Avv382ffffrJGh7ooOmaZSCZFlSYHLZA
w/XlRr0sSRbLpFGY0gXjaAV8iHHiPDYLy4kZOepjV9U51xi+IGsL4w75zuMgsHyF
3nJeGYHgtGVBrkL0ZKG5udY0wcBjysjubDJC4iSlNiq2HD3fhs7j6CZddV2v845M
lVKNxP0kO4Uj4D8r+5USWC8JKfAwxQIDAQABo1AwTjAdBgNVHQ4EFgQU6OE7ssfY
IIPTDThiUoofUpsD5NwwHwYDVR0jBBgwFoAU6OE7ssfYIIPTDThiUoofUpsD5Nww
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAXIlHS/FJWfmcinUAxyBd
/xd5Lu8ykeru6oaUCci+Vk9lyoMMES7lQ+b/00d5x7AcTawkTil9EWpBTPTOTraA
lzJMQhNKmSLk0iIoTtAJtSZgUSpIIozqK6lenxQQDsHbXKU6h+u9H6KZE8YcjsFl
6vL7sw9BVotw/VxfgjQ5OSGLgoLrdVT0z5C2qOuwOgz1c7jNiJhtMdwN+cOtnJp2
fuBgEYyE3eeuWogvkWoDcIA8r17Ixzkpq2oJsdvZcHZPIZShPKW2SHUsl98KDemu
y0pQyExmQUbwKE4vbFb9XuWCcL9XaOHQytyszt2DeD67AipvoBwVU7/LBOvqnsmy
hA==
-----END CERTIFICATE-----