rubygems-update 2.1.5 → 2.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 547e9e32aaae7d7c3e3bdbbb062487fcf8cc74ba
-  data.tar.gz: c4a1eb35b004dccf640ee945f60180ff788fd55a
+  metadata.gz: cb17f443c52c3e9d111c851bc1586c5a95ed1a11
+  data.tar.gz: 8aaf7b4e989d1a519adee5c7abe0f47aedd60680
 SHA512:
-  metadata.gz: 1eaa80a01f37f17db7f43a904dfda441286c919b493110923f28735d1b540f73e954e7ce74b99d625ffc834420a6c7fd88b1f37999c59f550c9949381e402c27
-  data.tar.gz: 11f86585794ca193303b9316107a44be25de32c6791eec0385f4f7f0aa4388007d9f25b3880f778db0fbf86adb62a68278f66a79e644b8850d40a4b0021322de
+  metadata.gz: 424cbda40e4f296d31ed0c257a9b4ede1b138658523afc34ef9886bbc258a02e96fbceb75b322c186522b6024d1239313c7a8028f3262aa8ee2c7778186d6d9e
+  data.tar.gz: 1db97669760cc8a82a966bca59108cdf3cd9b6290bc807b8ee5038ae8a44f9c7f037a94b2a505529c4eecb8705bd260202dcd00f56d0f948765cdcca635d96f6

data/History.txt

@@ -1,5 +1,22 @@
 # coding: UTF-8
 
+=== 2.1.6 / 2013-10-08
+
+Bug fixes:
+
+* Added certificates to follow the s3.amazonaws.com certificate change.  Fixes
+  #665 by emeyekayee.  Fixes #671 by jonforums.
+* Remove redundant built-in certificates not needed for https://rubygems.org
+  Fixes #654 by Vít Ondruch.
+* Added test for missing certificates for https://s3.amazonaws.com or
+  https://rubygems.org.  Pull request #673 by Hannes Georg.
+* RubyGems now allows a Pathname for Kernel#require like the built-in
+  Kernel#require.  Pull request #663 by Aaron Patterson.
+* Required rbconfig in Gem::ConfigFile for Ruby 1.9.1 compatibility.  (Ruby
+  1.9.1 is no longer receiving security fixes, so please update to a newer
+  version.)  Issue #676 by Michal Papis.  Issue wayneeseguin/rvm#2262 by
+  Thomas Sänger.
+
 === 2.1.5 / 2013-09-24
 
 Security fixes:
@@ -138,6 +155,15 @@ Bug fixes:
 * Fixed credential creation for `gem push` when `--host` is not given.  Pull
   request #622 by Arthur Nogueira Neves
 
+=== 2.0.10 / 2013-09-24
+
+Security fixes:
+
+* RubyGems 2.1.4 and earlier are vulnerable to excessive CPU usage due to a
+  backtracking in Gem::Version validation.  See CVE-2013-4363 for full details
+  including vulnerable APIs.  Fixed versions include 2.1.5, 2.0.10, 1.8.27 and
+  1.8.23.2 (for Ruby 1.9.3).
+
 === 2.0.9 / 2013-09-13
 
 Bug fixes:
@@ -624,6 +650,15 @@ $SAFE=1.  There is no functional difference compared to Ruby 2.0.0.preview2
   * URI scheme matching is no longer case-sensitive.  Fixes #322
   * ext/builder now checks $MAKE as well as $make (okkez)
 
+=== 1.8.27 / 2013-09-24
+
+Security fixes:
+
+* RubyGems 2.1.4 and earlier are vulnerable to excessive CPU usage due to a
+  backtracking in Gem::Version validation.  See CVE-2013-4363 for full details
+  including vulnerable APIs.  Fixed versions include 2.1.5, 2.0.10, 1.8.27 and
+  1.8.23.2 (for Ruby 1.9.3).
+
 === 1.8.26 / 2013-09-09
 
 Security fixes:
@@ -655,6 +690,15 @@ Bug fixes:
   * Install the .pem files properly. Fixes #320
   * Remove OpenSSL dependency from the http code path
 
+=== 1.8.23.2 / 2013-09-24
+
+Security fixes:
+
+* RubyGems 2.1.4 and earlier are vulnerable to excessive CPU usage due to a
+  backtracking in Gem::Version validation.  See CVE-2013-4363 for full details
+  including vulnerable APIs.  Fixed versions include 2.1.5, 2.0.10, 1.8.27 and
+  1.8.23.2 (for Ruby 1.9.3).
+
 === 1.8.23.1 / 2013-09-09
 
 Security fixes:

data/Manifest.txt

@@ -125,10 +125,9 @@ lib/rubygems/source_specific_file.rb
 lib/rubygems/spec_fetcher.rb
 lib/rubygems/specification.rb
 lib/rubygems/ssl_certs/.document
-lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem
-lib/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem
-lib/rubygems/ssl_certs/GeoTrust_Global_CA.pem
-lib/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem
+lib/rubygems/ssl_certs/Class3PublicPrimaryCertificationAuthority.pem
+lib/rubygems/ssl_certs/EntrustnetSecureServerCertificationAuthority.pem
+lib/rubygems/ssl_certs/GeoTrustGlobalCA.pem
 lib/rubygems/stub_specification.rb
 lib/rubygems/syck_hack.rb
 lib/rubygems/test_case.rb
@@ -191,6 +190,7 @@ test/rubygems/specifications/bar-0.0.2.gemspec
 test/rubygems/specifications/foo-0.0.1.gemspec
 test/rubygems/ssl_cert.pem
 test/rubygems/ssl_key.pem
+test/rubygems/test_bundled_ca.rb
 test/rubygems/test_config.rb
 test/rubygems/test_deprecate.rb
 test/rubygems/test_gem.rb
@@ -294,3 +294,4 @@ test/rubygems/wrong_key_cert_32.pem
 util/CL2notes
 util/create_certs.rb
 util/create_encrypted_key.rb
+util/update_bundled_ca_certificates.rb

data/Rakefile

@@ -58,6 +58,7 @@ hoe = Hoe.spec 'rubygems-update' do
 
   self.extra_rdoc_files = Dir["*.rdoc"] + %w[
     CVE-2013-4287.txt
+    CVE-2013-4363.txt
   ]
 
   spec_extras['rdoc_options'] = proc do |rdoc_options|

data/lib/rubygems.rb

@@ -8,7 +8,7 @@
 require 'rbconfig'
 
 module Gem
-  VERSION = '2.1.5'
+  VERSION = '2.1.6'
 end
 
 # Must be first since it unloads the prelude from 1.9.2

data/lib/rubygems/config_file.rb

@@ -5,6 +5,7 @@
 #++
 
 require 'rubygems/user_interaction'
+require 'rbconfig'
 
 ##
 # Gem::ConfigFile RubyGems options and gem command options from gemrc.

data/lib/rubygems/core_ext/kernel_require.rb

@@ -38,6 +38,8 @@ module Kernel
   def require path
     RUBYGEMS_ACTIVATION_MONITOR.enter
 
+    path = path.to_path if path.respond_to? :to_path
+
     spec = Gem.find_unresolved_default_spec(path)
     if spec
       Gem.remove_unresolved_default_spec(spec)

data/lib/rubygems/ssl_certs/Class3PublicPrimaryCertificationAuthority.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+-----END CERTIFICATE-----

data/lib/rubygems/ssl_certs/EntrustnetSecureServerCertificationAuthority.pem

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
+ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
+KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
+ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
+MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
+ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
+b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
+bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
+U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
+A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
+I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
+wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
+AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
+oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
+BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
+dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
+MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
+E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
+MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
+hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
+95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
+2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
+-----END CERTIFICATE-----

data/lib/rubygems/ssl_certs/{GeoTrust_Global_CA.pem → GeoTrustGlobalCA.pem}

@@ -1,20 +1,20 @@
------BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
-MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
-YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
-EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
-R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
-9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
-fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
-iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
-1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
-bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
-MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
-ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
-uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
-Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
-tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
-PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
-hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
-5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
------END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+-----END CERTIFICATE-----

data/test/rubygems/test_bundled_ca.rb

@@ -0,0 +1,60 @@
+require 'rubygems/test_case'
+require 'net/https'
+require 'rubygems/request'
+
+# = Testing Bundled CA
+#
+# The tested hosts are explained in detail here: https://github.com/rubygems/rubygems/commit/5e16a5428f973667cabfa07e94ff939e7a83ebd9
+#
+class TestBundledCA < Gem::TestCase
+
+  THIS_FILE = File.expand_path __FILE__
+
+  def bundled_certificate_store
+    store = OpenSSL::X509::Store.new
+
+    ssl_cert_glob =
+      File.expand_path '../../../lib/rubygems/ssl_certs/*.pem', THIS_FILE
+
+    Dir[ssl_cert_glob].each do |ssl_cert|
+      store.add_file ssl_cert
+    end
+
+    store
+  end
+
+  def assert_https(host)
+    if self.respond_to? :_assertions # minitest <= 4
+      self._assertions += 1
+    else # minitest >= 5
+      self.assertions += 1
+    end
+    http = Net::HTTP.new(host, 443)
+    http.use_ssl = true
+    http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+    http.cert_store = bundled_certificate_store
+    http.get('/')
+  rescue Errno::ENOENT
+    skip "#{host} seems offline, I can't tell whether ssl would work."
+  rescue OpenSSL::SSL::SSLError => e
+    # Only fail for certificate verification errors
+    if e.message =~ /certificate verify failed/
+      flunk "#{host} is not verifiable using the included certificates. Error was: #{e.message}"
+    end
+    raise
+  end
+
+  def test_accessing_rubygems
+    assert_https('rubygems.org')
+  end
+
+  def test_accessing_cloudfront
+    assert_https('d2chzxaqi4y7f8.cloudfront.net')
+  end
+
+  def test_accessing_s3
+    assert_https('s3.amazonaws.com')
+  end
+
+end if ENV['TRAVIS']
+

data/test/rubygems/test_require.rb

@@ -67,6 +67,18 @@ class TestGemRequire < Gem::TestCase
     end
   end
 
+  def test_require_can_use_a_pathname_object
+    a1 = new_spec "a", "1", nil, "lib/test_gem_require_a.rb"
+
+    install_specs a1
+
+    save_loaded_features do
+      assert_require Pathname.new 'test_gem_require_a'
+      assert_equal %w(a-1), loaded_spec_names
+      assert_equal unresolved_names, []
+    end
+  end
+
   def test_activate_via_require_respects_loaded_files
     require 'benchmark' # stdlib
     save_loaded_features do

data/util/update_bundled_ca_certificates.rb

@@ -0,0 +1,103 @@
+require 'net/http'
+require 'openssl'
+
+URIS = [
+  URI('https://rubygems.org'),
+  URI('https://s3.amazonaws.com'),
+  URI('https://d2chzxaqi4y7f8.cloudfront.net'),
+  URI('https://rubygems.global.ssl.fastly.net'),
+]
+
+def connect_to uri, store
+  http = Net::HTTP.new uri.hostname, uri.port
+
+  http.use_ssl = uri.scheme.downcase == 'https'
+  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+  http.cert_store = store
+
+  http.get '/'
+
+  true
+rescue OpenSSL::SSL::SSLError
+  false
+end
+
+def load_certificates io
+  cert_texts =
+    io.read.scan(/^-{5}BEGIN CERTIFICATE-{5}.*?^-{5}END CERTIFICATE-{5}/m)
+
+  cert_texts.map do |cert_text|
+    OpenSSL::X509::Certificate.new cert_text
+  end
+end
+
+def show_certificates certificates
+  certificates.each do |certificate|
+    p certificate.subject.to_a
+  end
+end
+
+def store_for certificates
+  store = OpenSSL::X509::Store.new
+  certificates.each do |certificate|
+    store.add_cert certificate
+  end
+
+  store
+end
+
+def test_certificates certificates, uri
+  1.upto certificates.length do |n|
+    puts "combinations of #{n} certificates"
+    certificates.combination(n).each do |combination|
+      match = test_uri uri, combination
+
+      if match then
+        $needed_combinations << match
+        puts
+        return
+      else
+        print '.'
+      end
+    end
+    puts
+  end
+end
+
+def test_uri uri, certificates
+  store = store_for certificates
+
+  verified = connect_to uri, store
+
+  return certificates if verified
+
+  nil
+end
+
+def write_certificates certificates
+  certificates.each do |certificate|
+    subject = certificate.subject.to_a
+    name = (subject.assoc('CN') || subject.assoc('OU'))[1]
+    name = name.delete ' .-'
+
+    open "lib/rubygems/ssl_certs/#{name}.pem", 'w' do |io|
+      io.write certificate.to_pem
+    end
+  end
+end
+
+certificates = load_certificates ARGF
+puts "loaded #{certificates.length} certificates"
+
+$needed_combinations = []
+
+URIS.each do |uri|
+  puts uri
+
+  test_certificates certificates, uri
+end
+
+needed = $needed_combinations.flatten.uniq
+
+write_certificates needed
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 2.1.5
+  version: 2.1.6
 platform: ruby
 authors:
 - Jim Weirich
@@ -32,7 +32,7 @@ cert_chain:
   KDyY1VIazVgoC8XvR4h/95/iScPiuglzA+DBG1hip1xScAtw05BrXyUNrc9CEMYU
   wgF94UVoHRp6ywo8I7NP3HcwFQDFNEZPNGXsng==
   -----END CERTIFICATE-----
-date: 2013-09-24 00:00:00.000000000 Z
+date: 2013-10-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -300,10 +300,9 @@ files:
 - lib/rubygems/spec_fetcher.rb
 - lib/rubygems/specification.rb
 - lib/rubygems/ssl_certs/.document
-- lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem
-- lib/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem
-- lib/rubygems/ssl_certs/GeoTrust_Global_CA.pem
-- lib/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem
+- lib/rubygems/ssl_certs/Class3PublicPrimaryCertificationAuthority.pem
+- lib/rubygems/ssl_certs/EntrustnetSecureServerCertificationAuthority.pem
+- lib/rubygems/ssl_certs/GeoTrustGlobalCA.pem
 - lib/rubygems/stub_specification.rb
 - lib/rubygems/syck_hack.rb
 - lib/rubygems/test_case.rb
@@ -366,6 +365,7 @@ files:
 - test/rubygems/specifications/foo-0.0.1.gemspec
 - test/rubygems/ssl_cert.pem
 - test/rubygems/ssl_key.pem
+- test/rubygems/test_bundled_ca.rb
 - test/rubygems/test_config.rb
 - test/rubygems/test_deprecate.rb
 - test/rubygems/test_gem.rb
@@ -469,6 +469,7 @@ files:
 - util/CL2notes
 - util/create_certs.rb
 - util/create_encrypted_key.rb
+- util/update_bundled_ca_certificates.rb
 - .gemtest
 homepage: http://rubygems.org
 licenses:
@@ -494,11 +495,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: rubygems-update
-rubygems_version: 2.1.4
+rubygems_version: 2.1.5
 signing_key: 
 specification_version: 4
 summary: RubyGems is a package management framework for Ruby
 test_files:
+- test/rubygems/test_bundled_ca.rb
 - test/rubygems/test_config.rb
 - test/rubygems/test_deprecate.rb
 - test/rubygems/test_gem.rb

data/lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem

@@ -1,90 +0,0 @@
-This CA certificate is for verifying HTTPS connection to;
-  - https://rubygems.org/ (obtained by RubyGems team)
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 1 (0x1)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
-        Validity
-            Not Before: May 30 10:48:38 2000 GMT
-            Not After : May 30 10:48:38 2020 GMT
-        Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (2048 bit)
-                Modulus:
-                    00:b7:f7:1a:33:e6:f2:00:04:2d:39:e0:4e:5b:ed:
-                    1f:bc:6c:0f:cd:b5:fa:23:b6:ce:de:9b:11:33:97:
-                    a4:29:4c:7d:93:9f:bd:4a:bc:93:ed:03:1a:e3:8f:
-                    cf:e5:6d:50:5a:d6:97:29:94:5a:80:b0:49:7a:db:
-                    2e:95:fd:b8:ca:bf:37:38:2d:1e:3e:91:41:ad:70:
-                    56:c7:f0:4f:3f:e8:32:9e:74:ca:c8:90:54:e9:c6:
-                    5f:0f:78:9d:9a:40:3c:0e:ac:61:aa:5e:14:8f:9e:
-                    87:a1:6a:50:dc:d7:9a:4e:af:05:b3:a6:71:94:9c:
-                    71:b3:50:60:0a:c7:13:9d:38:07:86:02:a8:e9:a8:
-                    69:26:18:90:ab:4c:b0:4f:23:ab:3a:4f:84:d8:df:
-                    ce:9f:e1:69:6f:bb:d7:42:d7:6b:44:e4:c7:ad:ee:
-                    6d:41:5f:72:5a:71:08:37:b3:79:65:a4:59:a0:94:
-                    37:f7:00:2f:0d:c2:92:72:da:d0:38:72:db:14:a8:
-                    45:c4:5d:2a:7d:b7:b4:d6:c4:ee:ac:cd:13:44:b7:
-                    c9:2b:dd:43:00:25:fa:61:b9:69:6a:58:23:11:b7:
-                    a7:33:8f:56:75:59:f5:cd:29:d7:46:b7:0a:2b:65:
-                    b6:d3:42:6f:15:b2:b8:7b:fb:ef:e9:5d:53:d5:34:
-                    5a:27
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Authority Key Identifier: 
-                keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
-                DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
-                serial:01
-
-    Signature Algorithm: sha1WithRSAEncryption
-         b0:9b:e0:85:25:c2:d6:23:e2:0f:96:06:92:9d:41:98:9c:d9:
-         84:79:81:d9:1e:5b:14:07:23:36:65:8f:b0:d8:77:bb:ac:41:
-         6c:47:60:83:51:b0:f9:32:3d:e7:fc:f6:26:13:c7:80:16:a5:
-         bf:5a:fc:87:cf:78:79:89:21:9a:e2:4c:07:0a:86:35:bc:f2:
-         de:51:c4:d2:96:b7:dc:7e:4e:ee:70:fd:1c:39:eb:0c:02:51:
-         14:2d:8e:bd:16:e0:c1:df:46:75:e7:24:ad:ec:f4:42:b4:85:
-         93:70:10:67:ba:9d:06:35:4a:18:d3:2b:7a:cc:51:42:a1:7a:
-         63:d1:e6:bb:a1:c5:2b:c2:36:be:13:0d:e6:bd:63:7e:79:7b:
-         a7:09:0d:40:ab:6a:dd:8f:8a:c3:f6:f6:8c:1a:42:05:51:d4:
-         45:f5:9f:a7:62:21:68:15:20:43:3c:99:e7:7c:bd:24:d8:a9:
-         91:17:73:88:3f:56:1b:31:38:18:b4:71:0f:9a:cd:c8:0e:9e:
-         8e:2e:1b:e1:8c:98:83:cb:1f:31:f1:44:4c:c6:04:73:49:76:
-         60:0f:c7:f8:bd:17:80:6b:2e:e9:cc:4c:0e:5a:9a:79:0f:20:
-         0a:2e:d5:9e:63:26:1e:55:92:94:d8:82:17:5a:7b:d0:bc:c7:
-         8f:4e:86:04
-
------BEGIN CERTIFICATE-----
-MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
-MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
-IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
-MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
-FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
-bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
-dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
-H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
-uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
-mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
-a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
-E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
-WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
-VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
-Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
-cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
-IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
-AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
-YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
-6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
-Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
-c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
-mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
------END CERTIFICATE-----

data/lib/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem

@@ -1,90 +0,0 @@
-This CA certificate is for verifying HTTPS connection to;
-  - https://d2chzxaqi4y7f8.cloudfront.net/ (prepared by AWS)
-
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 927650371 (0x374ad243)
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
-        Validity
-            Not Before: May 25 16:09:40 1999 GMT
-            Not After : May 25 16:39:40 2019 GMT
-        Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:cd:28:83:34:54:1b:89:f3:0f:af:37:91:31:ff:
-                    af:31:60:c9:a8:e8:b2:10:68:ed:9f:e7:93:36:f1:
-                    0a:64:bb:47:f5:04:17:3f:23:47:4d:c5:27:19:81:
-                    26:0c:54:72:0d:88:2d:d9:1f:9a:12:9f:bc:b3:71:
-                    d3:80:19:3f:47:66:7b:8c:35:28:d2:b9:0a:df:24:
-                    da:9c:d6:50:79:81:7a:5a:d3:37:f7:c2:4a:d8:29:
-                    92:26:64:d1:e4:98:6c:3a:00:8a:f5:34:9b:65:f8:
-                    ed:e3:10:ff:fd:b8:49:58:dc:a0:de:82:39:6b:81:
-                    b1:16:19:61:b9:54:b6:e6:43
-                Exponent: 3 (0x3)
-        X509v3 extensions:
-            Netscape Cert Type: 
-                SSL CA, S/MIME CA, Object Signing CA
-            X509v3 CRL Distribution Points: 
-
-                Full Name:
-                  DirName: C = US, O = Entrust.net, OU = www.entrust.net/CPS incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Secure Server Certification Authority, CN = CRL1
-
-                Full Name:
-                  URI:http://www.entrust.net/CRL/net1.crl
-
-            X509v3 Private Key Usage Period: 
-                Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 2019 GMT
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Authority Key Identifier: 
-                keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
-
-            X509v3 Subject Key Identifier: 
-                F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            1.2.840.113533.7.65.0: 
-                0
-..V4.0....
-    Signature Algorithm: sha1WithRSAEncryption
-         90:dc:30:02:fa:64:74:c2:a7:0a:a5:7c:21:8d:34:17:a8:fb:
-         47:0e:ff:25:7c:8d:13:0a:fb:e4:98:b5:ef:8c:f8:c5:10:0d:
-         f7:92:be:f1:c3:d5:d5:95:6a:04:bb:2c:ce:26:36:65:c8:31:
-         c6:e7:ee:3f:e3:57:75:84:7a:11:ef:46:4f:18:f4:d3:98:bb:
-         a8:87:32:ba:72:f6:3c:e2:3d:9f:d7:1d:d9:c3:60:43:8c:58:
-         0e:22:96:2f:62:a3:2c:1f:ba:ad:05:ef:ab:32:78:87:a0:54:
-         73:19:b5:5c:05:f9:52:3e:6d:2d:45:0b:f7:0a:93:ea:ed:06:
-         f9:b2
-
------BEGIN CERTIFICATE-----
-MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
-VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
-ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
-KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
-ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
-MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
-ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
-b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
-bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
-U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
-A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
-I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
-wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
-AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
-oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
-BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
-dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
-MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
-b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
-dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
-MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
-E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
-MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
-hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
-95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
-2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
------END CERTIFICATE-----

data/lib/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem

@@ -1,57 +0,0 @@
-This CA certificate is for verifying HTTPS connection to;
-  - https://s3.amazon.com/ (prepared by AWS)
-
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
-    Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Validity
-            Not Before: May 18 00:00:00 1998 GMT
-            Not After : Aug  1 23:59:59 2028 GMT
-        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                Public-Key: (1024 bit)
-                Modulus:
-                    00:cc:5e:d1:11:5d:5c:69:d0:ab:d3:b9:6a:4c:99:
-                    1f:59:98:30:8e:16:85:20:46:6d:47:3f:d4:85:20:
-                    84:e1:6d:b3:f8:a4:ed:0c:f1:17:0f:3b:f9:a7:f9:
-                    25:d7:c1:cf:84:63:f2:7c:63:cf:a2:47:f2:c6:5b:
-                    33:8e:64:40:04:68:c1:80:b9:64:1c:45:77:c7:d8:
-                    6e:f5:95:29:3c:50:e8:34:d7:78:1f:a8:ba:6d:43:
-                    91:95:8f:45:57:5e:7e:c5:fb:ca:a4:04:eb:ea:97:
-                    37:54:30:6f:bb:01:47:32:33:cd:dc:57:9b:64:69:
-                    61:f8:9b:1d:1c:89:4f:5c:67
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: sha1WithRSAEncryption
-         51:4d:cd:be:5c:cb:98:19:9c:15:b2:01:39:78:2e:4d:0f:67:
-         70:70:99:c6:10:5a:94:a4:53:4d:54:6d:2b:af:0d:5d:40:8b:
-         64:d3:d7:ee:de:56:61:92:5f:a6:c4:1d:10:61:36:d3:2c:27:
-         3c:e8:29:09:b9:11:64:74:cc:b5:73:9f:1c:48:a9:bc:61:01:
-         ee:e2:17:a6:0c:e3:40:08:3b:0e:e7:eb:44:73:2a:9a:f1:69:
-         92:ef:71:14:c3:39:ac:71:a7:91:09:6f:e4:71:06:b3:ba:59:
-         57:26:79:00:f6:f8:0d:a2:33:30:28:d4:aa:58:a0:9d:9d:69:
-         91:fd
-
------BEGIN CERTIFICATE-----
-MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
-MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
-emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
-DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
-YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
-MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
-AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
-pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
-13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
-AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
-U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
-F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
-oJ2daZH9
------END CERTIFICATE-----