instrumental_agent 2.1.0 → 3.0.0.alpha

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 95eafa56c7f6a610405a68634bd590c76d81a332
-  data.tar.gz: 5a1d84b622e6eb7cc931c2b29c170113fb3fdb6f
+SHA256:
+  metadata.gz: a45dc47aabd6ade8ea7198ea34f4bbc205a4979b1cae1ed18dbfabb4109df0b8
+  data.tar.gz: 67ebcbf6fca85da2087e6196dbcf57752ebe3470411c54241487ce834c2f5cf7
 SHA512:
-  metadata.gz: 77e15be11d00e7b900461a5321304ea8c39db039e2cdea298b2f1e6095986476d10d5f45ddfa457c26caa6fc26a41a0b515c62fa62802c3d323d529d4b917635
-  data.tar.gz: e9347c78c125ebc12a86970425d16e8c682a4355f8fe58e360edf23a7938e004ea6765d103970f2f57205cb6d163f59016574934c1548f10d35e4f5782108cde
+  metadata.gz: 1bfe306e6511e588aa58a258510b18f79fe4b70180b7ee8bd4fea0b967d80cf8cab3765228b4cd385f99537704557f918d92972b9cf6da0b646225b4a5c6bd87
+  data.tar.gz: feaf73f66d1ed593936bcd3aecf4e0ebccbc67fcf104905e28ad67e9d4e14575a0a3259a5c1fc9b2ac21ef212c2be64910c757bfc931668b48799d3466eeacc8

data/.ruby-version

@@ -1 +1 @@
-2.0.0-p648
+2.6.3

data/.travis.yml

@@ -1,8 +1,6 @@
 sudo: false
 language: ruby
 rvm:
-  - 2.0.0-p648
-  - 2.1.5
-  - 2.2.3
-  - 2.3.0
-  - 2.4.0
+  - 2.4.6
+  - 2.5.5
+  - 2.6.3

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+### 3.0.0.alpha [August 22, 2019]
+* Drop support for outdated versions of Ruby
+* Explicitly add support for new versions of Ruby
+* Better handling of SSL errors when connecting to Instrumental
+* Note: the agent API has NOT changed.  This is a major release because of the significant changes in Ruby versions officially supported.
+
 ### 2.1.0 [January 19, 2018]
 * Add support for capistrano 3
 

data/Gemfile

@@ -1,11 +1,6 @@
 source "https://rubygems.org"
 
 gemspec
-ruby_engine = defined?(RUBY_ENGINE) && RUBY_ENGINE
-if RUBY_VERSION < "1.9" && !%w{jruby rbx}.include?(ruby_engine)
-  # Built and installed via ext/mkrf_conf.rb
-  gem 'system_timer', '~> 1.2'
-end
 
 # fixes 2.3.0 ffi bundle error
-gem 'ffi', '~> 1.0.11'
+gem 'ffi', '~> 1.0.11'

data/instrumental_agent.gemspec

@@ -4,13 +4,13 @@ require "instrumental/version"
 Gem::Specification.new do |s|
   s.name        = "instrumental_agent"
   s.version     = Instrumental::VERSION
-  s.authors     = ["Elijah Miller", "Christopher Zelenak", "Kristopher Chambers", "Matthew Hassfurder"]
+  s.authors     = ["Expected Behavior"]
   s.email       = ["support@instrumentalapp.com"]
   s.homepage    = "http://github.com/instrumental/instrumental_agent-ruby"
   s.summary     = %q{Custom metric monitoring for Ruby applications via Instrumental}
   s.description = %q{This agent supports Instrumental custom metric monitoring for Ruby applications. It provides high-data reliability at high scale, without ever blocking your process or causing an exception.}
   s.license     = "MIT"
-  s.required_ruby_version = '>= 2.0.0'
+  s.required_ruby_version = '>= 2.4.6'
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/lib/instrumental/agent.rb

@@ -75,7 +75,6 @@ module Instrumental
       @synchronous     = !!options[:synchronous]
       @pid             = Process.pid
       @allow_reconnect = true
-      @certs           = certificates
       @dns_resolutions = 0
       @last_connect_at = 0
       @metrician       = options[:metrician].nil? ? true : !!options[:metrician]
@@ -271,7 +270,7 @@ module Instrumental
     end
 
     def report_exception(e)
-      logger.error "Exception occurred: #{e.message}\n#{e.backtrace.join("\n")}"
+      logger.error "Exception of type #{e.class} occurred:\n#{e.message}\n#{e.backtrace.join("\n")}"
     end
 
     def ipv4_address_for_host(host, port, moment_to_connect = Time.now.to_i)
@@ -350,23 +349,7 @@ module Instrumental
 
     def test_connection
       begin
-        # In the case where the socket is an OpenSSL::SSL::SSLSocket,
-        # on Ruby 1.8.6, 1.8.7 or 1.9.1, read_nonblock does not exist,
-        # and so the case of testing socket liveliness via a nonblocking
-        # read that catches a wait condition won't work.
-        #
-        # We grab the SSL socket's underlying IO object and perform the
-        # non blocking read there in order to ensure the socket is still
-        # valid
-        if @socket.respond_to?(:read_nonblock)
-          @socket.read_nonblock(1)
-        elsif @socket.respond_to?(:io)
-          # The SSL Socket may send down additional data at close time,
-          # so we perform two nonblocking reads, one to pull any pending
-          # data on the socket, and the second to actually perform the connection
-          # liveliness test
-          @socket.io.read_nonblock(1024) && @socket.io.read_nonblock(1024)
-        end
+        @socket.read_nonblock(1)
       rescue *wait_exceptions
         # noop
       end
@@ -427,81 +410,85 @@ module Instrumental
     end
 
     def run_worker_loop
+      @failures = 0
+      begin
+      logger.info "connecting to collector"
       command_and_args = nil
       command_options = nil
-      logger.info "connecting to collector"
-      with_timeout(CONNECT_TIMEOUT) do
-        @socket = open_socket(@sockaddr_in, @secure, @verify_cert)
-      end
-      logger.info "connected to collector at #{host}:#{port}"
-      hello_options = {
-        "version" => "ruby/instrumental_agent/#{VERSION}",
-        "hostname" => HOSTNAME,
-        "pid" => Process.pid,
-        "runtime" => "#{defined?(RUBY_ENGINE) ? RUBY_ENGINE : "ruby"}/#{RUBY_VERSION}p#{RUBY_PATCHLEVEL}",
-        "platform" => RUBY_PLATFORM
-      }.to_a.flatten.map { |v| v.to_s.gsub(/\s+/, "_") }.join(" ")
-
-      send_with_reply_timeout "hello #{hello_options}"
-      send_with_reply_timeout "authenticate #{@api_key}"
-      @failures = 0
-      loop do
-        command_and_args, command_options = @queue.pop
-        if command_and_args
-          sync_resource = command_options && command_options[:sync_resource]
-          test_connection
-          case command_and_args
-          when 'exit'
-            logger.info "Exiting, #{@queue.size} commands remain"
-            return true
-          when 'flush'
-            release_resource = true
-          else
-            logger.debug "Sending: #{command_and_args.chomp}"
-            @socket.puts command_and_args
-          end
-          command_and_args = nil
-          command_options = nil
-          if sync_resource
-            @sync_mutex.synchronize do
-              sync_resource.signal
+        with_timeout(CONNECT_TIMEOUT) do
+          @socket = open_socket(@sockaddr_in, @secure, @verify_cert)
+        end
+        logger.info "connected to collector at #{host}:#{port}"
+        hello_options = {
+          "version" => "ruby/instrumental_agent/#{VERSION}",
+          "hostname" => HOSTNAME,
+          "pid" => Process.pid,
+          "runtime" => "#{defined?(RUBY_ENGINE) ? RUBY_ENGINE : "ruby"}/#{RUBY_VERSION}p#{RUBY_PATCHLEVEL}",
+          "platform" => RUBY_PLATFORM
+        }.to_a.flatten.map { |v| v.to_s.gsub(/\s+/, "_") }.join(" ")
+
+        send_with_reply_timeout "hello #{hello_options}"
+        send_with_reply_timeout "authenticate #{@api_key}"
+
+        loop do
+          command_and_args, command_options = @queue.pop
+          if command_and_args
+            sync_resource = command_options && command_options[:sync_resource]
+            test_connection
+            case command_and_args
+            when 'exit'
+              logger.info "Exiting, #{@queue.size} commands remain"
+              return true
+            when 'flush'
+              release_resource = true
+            else
+              logger.debug "Sending: #{command_and_args.chomp}"
+              @socket.puts command_and_args
+            end
+            command_and_args = nil
+            command_options = nil
+            if sync_resource
+              @sync_mutex.synchronize do
+                sync_resource.signal
+              end
             end
           end
         end
-      end
-    rescue Exception => err
-      allow_reconnect = @allow_reconnect
-      case err
-      when EOFError
+      rescue Exception => err
+        allow_reconnect = @allow_reconnect
+        case err
+        when EOFError
         # nop
-      when Errno::ECONNREFUSED, Errno::EHOSTUNREACH, Errno::EADDRINUSE, Timeout::Error
-        # If the connection has been refused by Instrumental
-        # or we cannot reach the server
-        # or the connection state of this socket is in a race
-        logger.error "unable to connect to Instrumental, hanging up with #{@queue.size} messages remaining"
-        logger.debug "Exception: #{err.inspect}\n#{err.backtrace.join("\n")}"
-        allow_reconnect = false
-      else
-        report_exception(err)
-      end
-      if allow_reconnect == false ||
-        (command_options && command_options[:allow_reconnect] == false)
-        logger.info "Not trying to reconnect"
-        @failures = 0
-        return
-      end
-      if command_and_args
-        logger.debug "requeueing: #{command_and_args}"
-        @queue << command_and_args
+        when Errno::ECONNREFUSED, Errno::EHOSTUNREACH, Errno::EADDRINUSE, Timeout::Error, OpenSSL::SSL::SSLError
+          # If the connection has been refused by Instrumental
+          # or we cannot reach the server
+          # or the connection state of this socket is in a race
+          # or SSL is not functioning properly for some reason
+          logger.error "unable to connect to Instrumental, hanging up with #{@queue.size} messages remaining"
+          logger.debug "Exception: #{err.inspect}\n#{err.backtrace.join("\n")}"
+          allow_reconnect = false
+        else
+          report_exception(err)
+        end
+        if allow_reconnect == false ||
+           (command_options && command_options[:allow_reconnect] == false)
+          logger.info "Not trying to reconnect"
+          @failures = 0
+          return
+        end
+        if command_and_args
+          logger.debug "requeueing: #{command_and_args}"
+          @queue << command_and_args
+        end
+        disconnect
+        @failures += 1
+        delay = [(@failures - 1) ** BACKOFF, MAX_RECONNECT_DELAY].min
+        logger.error "disconnected, #{@failures} failures in a row, reconnect in #{delay}..."
+        sleep delay
+        retry
+      ensure
+        disconnect
       end
-      disconnect
-      @failures += 1
-      delay = [(@failures - 1) ** BACKOFF, MAX_RECONNECT_DELAY].min
-      logger.error "disconnected, #{@failures} failures in a row, reconnect in #{delay}..."
-      sleep delay
-      retry
-    ensure
-      disconnect
     end
 
     def setup_cleanup_at_exit
@@ -541,18 +528,5 @@ module Instrumental
     def allows_secure?
       defined?(OpenSSL)
     end
-
-    def certificates
-      if allows_secure?
-        base_dir = File.expand_path(File.join(File.dirname(__FILE__), "..", ".."))
-        %w{equifax geotrust rapidssl}.map do |name|
-          OpenSSL::X509::Certificate.new(File.open(File.join(base_dir, "certs", "#{name}.ca.pem")))
-        end
-      else
-        []
-      end
-    end
-
   end
-
 end

data/lib/instrumental/version.rb

@@ -1,3 +1,3 @@
 module Instrumental
-  VERSION = "2.1.0"
+  VERSION = "3.0.0.alpha"
 end

data/spec/agent_spec.rb

@@ -9,6 +9,8 @@ def wait(n=0.2, &block)
       if (Time.now - start) < 5
         sleep n
         retry
+      else
+        raise ex
       end
     end
   else
@@ -226,16 +228,16 @@ shared_examples "Instrumental Agent" do
             allow(agent.logger).to receive(:debug)
             expect(agent.logger).to receive(:debug).with("Dropping command, queue full(3): increment overflow_test 4 300 1")
             expect(agent.logger).to receive(:debug).with("Dropping command, queue full(3): increment overflow_test 5 300 1")
-            5.times do |i|
-              agent.increment('overflow_test', i + 1, 300)
-            end
-            wait do
-              expect(server.commands).to include("increment overflow_test 1 300 1")
-              expect(server.commands).to include("increment overflow_test 2 300 1")
-              expect(server.commands).to include("increment overflow_test 3 300 1")
-              expect(server.commands).to_not include("increment overflow_test 4 300 1")
-              expect(server.commands).to_not include("increment overflow_test 5 300 1")
+            1.upto(5) do |i|
+              agent.increment('overflow_test', i, 300)
             end
+
+            wait
+            expect(agent.queue.size).to eq(3)
+            expect(agent.queue.pop.first).to start_with("increment overflow_test 1 300 1")
+            expect(agent.queue.pop.first).to start_with("increment overflow_test 2 300 1")
+            expect(agent.queue.pop.first).to start_with("increment overflow_test 3 300 1")
+            expect(agent.queue.size).to eq(0)
           end
         end
       end
@@ -479,7 +481,7 @@ shared_examples "Instrumental Agent" do
       context 'server hangup' do
         it "should cancel the worker thread when the host has hung up" do
           # Start the background agent thread and let it send one metric successfully
-          agent.gauge('connection_failure', 1, 1234)
+          agent.gauge('connection_failure1', 1, 1234)
           wait do
             expect(server.commands.grep(/connection_failure/).size).to eq(1)
           end
@@ -487,7 +489,7 @@ shared_examples "Instrumental Agent" do
           server.stop
           wait
           # Send one metric to the stopped server
-          agent.gauge('connection_failure', 1, 1234)
+          agent.gauge('connection_failure2', 1, 1234)
           # The agent thread should have stopped running since the network write would
           # have failed. The queue will still contain the metric that has yet to be sent
           wait do
@@ -524,6 +526,71 @@ shared_examples "Instrumental Agent" do
           end
         end
 
+        it "should restart the worker thread after hanging it up during a bad ssl handshake event" do
+          # Start the background agent thread and let it send one metric successfully
+          agent.gauge('connection_failure', 1, 1234)
+          wait do
+            expect(server.commands.grep(/connection_failure/).size).to eq(1)
+          end
+          # Make the agent return the relevant exception on the next connection test
+          test_connection_fail = true
+          tc = agent.method(:test_connection)
+          allow(agent).to receive(:test_connection) do |*args, &block|
+            test_connection_fail ? raise(OpenSSL::SSL::SSLError.new) : tc.call(*args)
+          end
+
+          # Send one metric to the agent
+          agent.gauge('connection_failure', 1, 1234)
+          # The agent thread should have stopped running since the network write would
+          # have failed.
+          wait do
+            expect(agent.send(:running?)).to eq(false)
+          end
+          # The command is not in the queue
+          expect(agent.queue.size).to eq(0)
+          # allow the agent to behave normally
+          test_connection_fail = false
+          # Sending another metric should kickstart the background worker thread
+          agent.gauge('connection_failure', 1, 1234)
+          # The agent should now be running the background thread, and the queue should be empty
+          wait do
+            expect(agent.send(:running?)).to eq(true)
+            expect(agent.queue.size).to eq(0)
+            expect(server.commands.grep(/connection_failure/).size).to eq(2)
+          end
+        end
+
+        it "should accurately count failures so that backoff can work as intended" do
+          # Start the background agent thread and let it send one metric successfully
+          agent.gauge('connection_failure', 1, 1234)
+          wait do
+            expect(server.commands.grep(/connection_failure/).size).to eq(1)
+          end
+
+          # configure test_connection to fail in a way that won't kill the inner loop
+          test_connection_fail = true
+          tc = agent.method(:test_connection)
+          allow(agent).to receive(:test_connection) do |*args, &block|
+            test_connection_fail ? raise("test_connection_fail") : tc.call(*args)
+          end
+
+          # send some metrics
+          agent.gauge('connection_failure_1', 1, 1234)
+          agent.gauge('connection_failure_2', 1, 1234)
+          agent.gauge('connection_failure_3', 1, 1234)
+          wait do
+            expect(agent.instance_variable_get(:@failures)).to be > 0
+            expect(agent.queue.size).to be > 0
+          end
+
+          # let the loop proceed
+          test_connection_fail = false
+
+          wait do
+            expect(agent.send(:running?)).to eq(true)
+            expect(agent.queue.size).to eq(0)
+          end
+        end
       end
 
 

metadata

@@ -1,100 +1,97 @@
 --- !ruby/object:Gem::Specification
 name: instrumental_agent
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 3.0.0.alpha
 platform: ruby
 authors:
-- Elijah Miller
-- Christopher Zelenak
-- Kristopher Chambers
-- Matthew Hassfurder
+- Expected Behavior
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-19 00:00:00.000000000 Z
+date: 2019-08-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: metrician
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
   name: fuubar
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: This agent supports Instrumental custom metric monitoring for Ruby applications.
@@ -106,19 +103,16 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .ruby-version
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".ruby-version"
+- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - Guardfile
 - LICENSE
 - README.md
 - Rakefile
-- certs/equifax.ca.pem
-- certs/geotrust.ca.pem
-- certs/rapidssl.ca.pem
 - instrumental_agent.gemspec
 - lib/instrumental/agent.rb
 - lib/instrumental/capistrano.rb
@@ -145,17 +139,16 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 2.0.0
+      version: 2.4.6
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.0.14.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Custom metric monitoring for Ruby applications via Instrumental

data/certs/equifax.ca.pem

@@ -1,69 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 903804111 (0x35def4cf)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-        Validity
-            Not Before: Aug 22 16:41:51 1998 GMT
-            Not After : Aug 22 16:41:51 2018 GMT
-        Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:c1:5d:b1:58:67:08:62:ee:a0:9a:2d:1f:08:6d:
-                    91:14:68:98:0a:1e:fe:da:04:6f:13:84:62:21:c3:
-                    d1:7c:ce:9f:05:e0:b8:01:f0:4e:34:ec:e2:8a:95:
-                    04:64:ac:f1:6b:53:5f:05:b3:cb:67:80:bf:42:02:
-                    8e:fe:dd:01:09:ec:e1:00:14:4f:fc:fb:f0:0c:dd:
-                    43:ba:5b:2b:e1:1f:80:70:99:15:57:93:16:f1:0f:
-                    97:6a:b7:c2:68:23:1c:cc:4d:59:30:ac:51:1e:3b:
-                    af:2b:d6:ee:63:45:7b:c5:d9:5f:50:d2:e3:50:0f:
-                    3a:88:e7:bf:14:fd:e0:c7:b9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 CRL Distribution Points: 
-                DirName:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority/CN=CRL1
-
-            X509v3 Private Key Usage Period: 
-                Not After: Aug 22 16:41:51 2018 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
-
-            X509v3 Subject Key Identifier: 
-                48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0...V3.0c....
-    Signature Algorithm: sha1WithRSAEncryption
-        58:ce:29:ea:fc:f7:de:b5:ce:02:b9:17:b5:85:d1:b9:e3:e0:
-        95:cc:25:31:0d:00:a6:92:6e:7f:b6:92:63:9e:50:95:d1:9a:
-        6f:e4:11:de:63:85:6e:98:ee:a8:ff:5a:c8:d3:55:b2:66:71:
-        57:de:c0:21:eb:3d:2a:a7:23:49:01:04:86:42:7b:fc:ee:7f:
-        a2:16:52:b5:67:67:d3:40:db:3b:26:58:b2:28:77:3d:ae:14:
-        77:61:d6:fa:2a:66:27:a0:0d:fa:a7:73:5c:ea:70:f1:94:21:
-        65:44:5f:fa:fc:ef:29:68:a9:a2:87:79:ef:79:ef:4f:ac:07:
-        77:38
------BEGIN CERTIFICATE-----
-MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
-UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
-dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
-MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
-dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
-AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
-BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
-cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
-AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
-MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
-aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
-ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
-IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
-MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
-A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
-7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
-1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
------END CERTIFICATE-----

data/certs/geotrust.ca.pem

@@ -1,80 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1227750 (0x12bbe6)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
-        Validity
-            Not Before: May 21 04:00:00 2002 GMT
-            Not After : Aug 21 04:00:00 2018 GMT
-        Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:da:cc:18:63:30:fd:f4:17:23:1a:56:7e:5b:df:
-                    3c:6c:38:e4:71:b7:78:91:d4:bc:a1:d8:4c:f8:a8:
-                    43:b6:03:e9:4d:21:07:08:88:da:58:2f:66:39:29:
-                    bd:05:78:8b:9d:38:e8:05:b7:6a:7e:71:a4:e6:c4:
-                    60:a6:b0:ef:80:e4:89:28:0f:9e:25:d6:ed:83:f3:
-                    ad:a6:91:c7:98:c9:42:18:35:14:9d:ad:98:46:92:
-                    2e:4f:ca:f1:87:43:c1:16:95:57:2d:50:ef:89:2d:
-                    80:7a:57:ad:f2:ee:5f:6b:d2:00:8d:b9:14:f8:14:
-                    15:35:d9:c0:46:a3:7b:72:c8:91:bf:c9:55:2b:cd:
-                    d0:97:3e:9c:26:64:cc:df:ce:83:19:71:ca:4e:e6:
-                    d4:d5:7b:a9:19:cd:55:de:c8:ec:d2:5e:38:53:e5:
-                    5c:4f:8c:2d:fe:50:23:36:fc:66:e6:cb:8e:a4:39:
-                    19:00:b7:95:02:39:91:0b:0e:fe:38:2e:d1:1d:05:
-                    9a:f6:4d:3e:6f:0f:07:1d:af:2c:1e:8f:60:39:e2:
-                    fa:36:53:13:39:d4:5e:26:2b:db:3d:a8:14:bd:32:
-                    eb:18:03:28:52:04:71:e5:ab:33:3d:e1:38:bb:07:
-                    36:84:62:9c:79:ea:16:30:f4:5f:c0:2b:e8:71:6b:
-                    e4:f9
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
-
-            X509v3 Subject Key Identifier: 
-                C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 CRL Distribution Points: 
-                URI:http://crl.geotrust.com/crls/secureca.crl
-
-            X509v3 Certificate Policies: 
-                Policy: X509v3 Any Policy
-                  CPS: https://www.geotrust.com/resources/repository
-
-    Signature Algorithm: sha1WithRSAEncryption
-        76:e1:12:6e:4e:4b:16:12:86:30:06:b2:81:08:cf:f0:08:c7:
-        c7:71:7e:66:ee:c2:ed:d4:3b:1f:ff:f0:f0:c8:4e:d6:43:38:
-        b0:b9:30:7d:18:d0:55:83:a2:6a:cb:36:11:9c:e8:48:66:a3:
-        6d:7f:b8:13:d4:47:fe:8b:5a:5c:73:fc:ae:d9:1b:32:19:38:
-        ab:97:34:14:aa:96:d2:eb:a3:1c:14:08:49:b6:bb:e5:91:ef:
-        83:36:eb:1d:56:6f:ca:da:bc:73:63:90:e4:7f:7b:3e:22:cb:
-        3d:07:ed:5f:38:74:9c:e3:03:50:4e:a1:af:98:ee:61:f2:84:
-        3f:12
------BEGIN CERTIFICATE-----
-MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
-MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
-aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
-WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
-AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
-OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
-T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
-JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
-Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
-PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
-aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
-TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
-LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
-BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
-dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
-AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
-NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
-b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
------END CERTIFICATE-----

data/certs/rapidssl.ca.pem

@@ -1,94 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 146039 (0x23a77)
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
-        Validity
-            Not Before: Aug 29 21:39:32 2014 GMT
-            Not After : May 20 21:39:32 2022 GMT
-        Subject: C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (2048 bit)
-                Modulus (2048 bit):
-                    00:af:54:9b:d9:58:5d:1e:2c:56:c6:d5:e8:7f:f4:
-                    7d:16:03:ff:d0:8b:5a:e4:8e:a7:dd:54:2e:d4:04:
-                    c0:5d:98:9c:8d:90:0f:bc:10:65:5f:da:9a:d6:44:
-                    7c:c0:9f:b5:e9:4a:8c:0b:06:43:04:bb:f4:96:e2:
-                    26:f6:61:01:91:66:31:22:c3:34:34:5f:3f:3f:91:
-                    2f:44:5f:dc:c7:14:b6:03:9f:86:4b:0e:a3:ff:a0:
-                    80:02:83:c3:d3:1f:69:52:d6:9d:64:0f:c9:83:e7:
-                    1b:c4:70:ac:94:e7:c3:a4:6a:2c:bd:b8:9e:69:d8:
-                    be:0a:8f:16:63:5a:68:71:80:7b:30:de:15:04:bf:
-                    cc:d3:bf:3e:48:05:55:7a:b3:d7:10:0c:03:fc:9b:
-                    fd:08:a7:8c:8c:db:a7:8e:f1:1e:63:dc:b3:01:2f:
-                    7f:af:57:c3:3c:48:a7:83:68:21:a7:2f:e7:a7:3f:
-                    f0:b5:0c:fc:f5:84:d1:53:bc:0e:72:4f:60:0c:42:
-                    b8:98:ad:19:88:57:d7:04:ec:87:bf:7e:87:4e:a3:
-                    21:f9:53:fd:36:98:48:8d:d6:f8:bb:48:f2:29:c8:
-                    64:d1:cc:54:48:53:8b:af:b7:65:1e:bf:29:33:29:
-                    d9:29:60:48:f8:ff:91:bc:57:58:e5:35:2e:bb:69:
-                    b6:59
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Authority Key Identifier: 
-                keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E
-
-            X509v3 Subject Key Identifier: 
-                C3:9C:F3:FC:D3:46:08:34:BB:CE:46:7F:A0:7C:5B:F3:E2:08:CB:59
-            X509v3 Basic Constraints: critical
-                CA:TRUE, pathlen:0
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 CRL Distribution Points: 
-                URI:http://g.symcb.com/crls/gtglobal.crl
-
-            Authority Information Access: 
-                OCSP - URI:http://g.symcd.com
-
-            X509v3 Certificate Policies: 
-                Policy: 2.16.840.1.113733.1.7.54
-                  CPS: http://www.geotrust.com/resources/cps
-
-    Signature Algorithm: sha256WithRSAEncryption
-        a3:58:1e:c6:43:32:ac:ac:2f:93:78:b7:ea:ae:54:40:47:2d:
-        7e:78:8d:50:f6:f8:66:ac:d6:4f:73:d6:44:ef:af:0b:cc:5b:
-        c1:f4:4f:9a:8f:49:7e:60:af:c2:27:c7:16:f1:fb:93:81:90:
-        a9:7c:ef:6f:7e:6e:45:94:16:84:bd:ec:49:f1:c4:0e:f4:af:
-        04:59:83:87:0f:2c:3b:97:c3:5a:12:9b:7b:04:35:7b:a3:95:
-        33:08:7b:93:71:22:42:b3:a9:d9:6f:4f:81:92:fc:07:b6:79:
-        bc:84:4a:9d:77:09:f1:c5:89:f2:f0:b4:9c:54:aa:12:7b:0d:
-        ba:4f:ef:93:19:ec:ef:7d:4e:61:a3:8e:76:9c:59:cf:8c:94:
-        b1:84:97:f7:1a:b9:07:b8:b2:c6:4f:13:79:db:bf:4f:51:1b:
-        7f:69:0d:51:2a:c1:d6:15:ff:37:51:34:65:51:f4:1e:be:38:
-        6a:ec:0e:ab:bf:3d:7b:39:05:7b:f4:f3:fb:1a:a1:d0:c8:7e:
-        4e:64:8d:cd:8c:61:55:90:fe:3a:ca:5d:25:0f:f8:1d:a3:4a:
-        74:56:4f:1a:55:40:70:75:25:a6:33:2e:ba:4b:a5:5d:53:9a:
-        0d:30:e1:8d:5f:61:2c:af:cc:ef:b0:99:a1:80:ff:0b:f2:62:
-        4c:70:26:98
------BEGIN CERTIFICATE-----
-MIIEJTCCAw2gAwIBAgIDAjp3MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
-MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
-YWwgQ0EwHhcNMTQwODI5MjEzOTMyWhcNMjIwNTIwMjEzOTMyWjBHMQswCQYDVQQG
-EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXUmFwaWRTU0wg
-U0hBMjU2IENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv
-VJvZWF0eLFbG1eh/9H0WA//Qi1rkjqfdVC7UBMBdmJyNkA+8EGVf2prWRHzAn7Xp
-SowLBkMEu/SW4ib2YQGRZjEiwzQ0Xz8/kS9EX9zHFLYDn4ZLDqP/oIACg8PTH2lS
-1p1kD8mD5xvEcKyU58Okaiy9uJ5p2L4KjxZjWmhxgHsw3hUEv8zTvz5IBVV6s9cQ
-DAP8m/0Ip4yM26eO8R5j3LMBL3+vV8M8SKeDaCGnL+enP/C1DPz1hNFTvA5yT2AM
-QriYrRmIV9cE7Ie/fodOoyH5U/02mEiN1vi7SPIpyGTRzFRIU4uvt2UevykzKdkp
-YEj4/5G8V1jlNS67abZZAgMBAAGjggEdMIIBGTAfBgNVHSMEGDAWgBTAephojYn7
-qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUw5zz/NNGCDS7zkZ/oHxb8+IIy1kwEgYD
-VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwNQYDVR0fBC4wLDAqoCig
-JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMC4GCCsGAQUF
-BwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL2cuc3ltY2QuY29tMEwGA1UdIARF
-MEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3Ry
-dXN0LmNvbS9yZXNvdXJjZXMvY3BzMA0GCSqGSIb3DQEBCwUAA4IBAQCjWB7GQzKs
-rC+TeLfqrlRARy1+eI1Q9vhmrNZPc9ZE768LzFvB9E+aj0l+YK/CJ8cW8fuTgZCp
-fO9vfm5FlBaEvexJ8cQO9K8EWYOHDyw7l8NaEpt7BDV7o5UzCHuTcSJCs6nZb0+B
-kvwHtnm8hEqddwnxxYny8LScVKoSew26T++TGezvfU5ho452nFnPjJSxhJf3GrkH
-uLLGTxN5279PURt/aQ1RKsHWFf83UTRlUfQevjhq7A6rvz17OQV79PP7GqHQyH5O
-ZI3NjGFVkP46yl0lD/gdo0p0Vk8aVUBwdSWmMy66S6VdU5oNMOGNX2Esr8zvsJmh
-gP8L8mJMcCaY
------END CERTIFICATE-----