From mutt-dev-owner-bjacke=lisa.goe.net@mutt.org Tue Feb 5 10:52:52 2002 Return-Path: Received: from ns.gbnet.net (qmailr@ns.gbnet.net [194.70.126.10]) by mueller.Goe.NET (8.11.6/8.11.6) with SMTP id g159qqT29563 for ; Tue, 5 Feb 2002 10:52:52 +0100 Received: (qmail 10633 invoked by uid 610); 5 Feb 2002 09:52:05 -0000 Delivered-To: mutt-dev@ns.gbnet.net Received: (qmail 10623 invoked by uid 100); 5 Feb 2002 09:52:02 -0000 Received: (qmail 23134 invoked from network); 5 Feb 2002 04:11:01 -0000 Received: from n137p001.adsl.highway.telekom.at (HELO stefan.sime.com) (213.33.17.1) by ns.gbnet.net with SMTP; 5 Feb 2002 04:11:01 -0000 Received: from stefan by stefan.sime.com with local (Exim 3.33 #3) id 16Xwv8-0004CW-00; Tue, 05 Feb 2002 05:09:26 +0100 Date: Tue, 5 Feb 2002 05:09:26 +0100 From: Stefan Traby To: Oliver Ehli , Mike Schiraldi Cc: pcg@goof.com, mutt-dev@mutt.org, lukas@dnx.de Subject: s/mime sender verification totally broken [PATCH] Message-ID: <20020205040926.GA15656@stefan.sime.com> Reply-To: Stefan Traby Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="XsQoSWH+UP9D9v3l" Content-Disposition: inline User-Agent: Mutt/1.5.0-current-20020204i Organization: Stefan Traby Services && Consulting X-Operating-System: Linux 2.4.17-fijiji37-aescrypto (i686) X-APM: 98% -1 min X-PGP: Key fingerprint = C090 8941 DAD8 4B09 77B1 E284 7873 9310 3BDB EA79 X-MIL: A-6172171143 X-Lotto: Suggested Lotto numbers (Austrian 6 out of 45): 1 19 26 37 38 45 Sender: owner-mutt-dev@mutt.org Precedence: bulk Status: RO Content-Length: 12178 Lines: 263 --XsQoSWH+UP9D9v3l Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi ! s/mime should check against _every_ valid Email-address that can be found in a given certificate. I get: Alert: Certificate belongs to "oesi@nethype.de". But sender was "stefan@hello-penguin.com". This is clearly a bug in the s/mime-part of mutt because openssl gives all valid adresses: openssl x509 -in 4c730ce8.0 -noout -email oesi@nethype.de oesi@plan9.de st.traby@opengroup.org stefan@hello-penguin.com stefan@kwc.at stefan@sime.com BTW, the "primary" email address on my certificate is "stefan@hello-penguin.com", so "openssl x509 -in foo -noout -email" does not give adresses in a usable order but nobody should care. Most mailer (even those that accept only one email-address) validate at least the the first (primary) address, mutt (up to mutt-unstable-20020204) just checks the first returned by openssl which is somewhat random-ordered, so checks may fail for _any_ certificate with at least two email addresses). Is somebody willing to fix this ugly bug or include my simple patch ? (It uses the first email-address returned by openssl for the funny case that no cert belongs so it should not make any trouble) This patch is against mutt-unstable-20020204. Sorry, I normally don't sign mails that go to a list, but this time it's just for bug demonstration. :) --- mutt/smime.c Thu Jan 31 23:05:43 2002 +++ mutt-new/smime.c Tue Feb 5 04:52:44 2002 @@ -861,7 +861,7 @@ FILE *fpout =3D NULL, *fperr =3D NULL; char tmpfname[_POSIX_PATH_MAX]; char email[STRING]; - int ret =3D 0; + char email_first[STRING]; pid_t thepid; =20 mutt_mktemp (tmpfname); @@ -900,33 +900,37 @@ fflush (fperr); =20 =20 - if (!(fgets (email, sizeof (email), fpout))) + *email_first =3D 0; + for(;;) { - mutt_copy_stream (fperr, stdout); - fclose (fpout); - fclose (fperr); - mutt_endwin(NULL); - mutt_error (_("Alert: No mailbox specified in certificate.\n")); - return 1; - } - *(email+mutt_strlen(email)-1) =3D '\0'; - - - if(mutt_strncasecmp (email, mailbox, mutt_strlen (mailbox))) - { - mutt_endwin(NULL); - mutt_error (_("Alert: Certificate belongs to \"%s\".\n" + if (!(fgets (email, sizeof (email), fpout))) + { + mutt_copy_stream (fperr, stdout); + fclose (fpout); + fclose (fperr); + mutt_endwin(NULL); + if(strlen(email_first)) { + mutt_error (_("Alert: Certificate belongs to \"%s\".\n" " But sender was \"%s\".\n"), email, mailbox); - ret =3D 1; + } else { + mutt_error (_("Alert: No mailbox specified in certificate.\n")); + } + return 1; + } + *(email+mutt_strlen(email)-1) =3D '\0'; + if(!strlen(email_first)) { + strcpy(email_first, email); + } + /* ok case */ + if(!mutt_strncasecmp (email, mailbox, mutt_strlen (mailbox))) + { + mutt_endwin(NULL); + fclose (fpout); + fclose (fperr); + return 0; + } } - - fclose (fpout); - fclose (fperr); - - return ret; } - - =20 static char *smime_extract_certificate (char *infile) { --=20 ciao -=20 Stefan " GNU's Not Unix -- IIS Isn't Secure " Stefan Traby Linux/ia32 fax: +43-3133-6107-9 Mitterlasznitzstr. 13 Linux/alpha phone: +43-699-10157505 8302 Nestelbach Linux/sparc http://www.hello-penguin.com Austria mailto:st.traby@opengroup.org Europe mailto:stefan@hello-penguin.com --XsQoSWH+UP9D9v3l Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIIYEAYJKoZIhvcNAQcCoIIYATCCF/0CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC DmIwggsiMIIKi6ADAgECAgMGq60wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhh d3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwg RnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMjAyMDQwNTA2MTRaFw0wMzAyMDQwNTA2MTRa MIIBBDEOMAwGA1UEBBMFVHJhYnkxDzANBgNVBCoTBlN0ZWZhbjEVMBMGA1UEAxMMU3RlZmFu IFRyYWJ5MScwJQYJKoZIhvcNAQkBFhhzdGVmYW5AaGVsbG8tcGVuZ3Vpbi5jb20xHDAaBgkq hkiG9w0BCQEWDW9lc2lAcGxhbjkuZGUxHjAcBgkqhkiG9w0BCQEWD3N0ZWZhbkBzaW1lLmNv bTEeMBwGCSqGSIb3DQEJARYPb2VzaUBuZXRoeXBlLmRlMSUwIwYJKoZIhvcNAQkBFhZzdC50 cmFieUBvcGVuZ3JvdXAub3JnMRwwGgYJKoZIhvcNAQkBFg1zdGVmYW5Aa3djLmF0MIIIIDAN BgkqhkiG9w0BAQEFAAOCCA0AMIIICAKCCAEAu+nU4YAdj7OAGEoPSzZJ2HG3yxLmV0Z6pZ5m 6hL0seVdk93UN193Zli1KUTijcH6AnnTpPc9DP8avnsfqrj8pAOJbgVwagZUWocwM5Xmy5dt ABs7haSvTLi637m2ytu1NXblYPDI8ySC8NMYynzgzhutliV+7ntWgvrvbY2c7hkpv3aPXcN0 JmVtz+K6rBOPcBf+yNjfklOrOILj4GbQI38xE48pKYD2QvDUqXSRFnuJrm7NwXEnrczKPUu0 qntAgWB0wgH4LZAfXJRPtiy4vta8L6AQZPEJiMOl7om0cuxeEYRZI+cKRjJpdHQ+Szgdr4OY y3r5KKNu2a04lNSxxXz9fZ4W+/uBPQn9QGBWo8Dc5dQsq1gtKcY+QnVti1VWaE3kXc/Zt+mR +UyEYddyElJmn732ltmxR6n6Eo6qHMzBJ738f9Agf7Xq+GuwVHZK65mr3I1GtX9t8zge/Cjv SCFBdj9527dj63EuGQQIC2zVi3POZzy6EtQpTB9KWT+pA7bHroa2KXpC65XmtsD46ozdvfN4 YYydxS3yDvQOucCps1WrpP9zmuIaSrMn6mpU+mT3HeBsK3DKeEJmIfs2rB3gbiJqtW5Li6vl lfRcRNhgg6LYOk7Y6iiWbpvFDa++/zlbseysLVP6Jd+9AT+2fjZmTRlvjkD7L/yPCGAHD/gj 47rTFSFoZL8/+O/AToE8AYdGbsR1B2AE3RRSBAjr0wTfekoiUvdg/JrkuNp1phNa9yjEf4ls AuwVx7a2xGlcFdK5EoQ2VC8PUsxF47p7ZZbyW/HaJb+Pv7Ih30Bg/Wz1f73N+/0UlXWLueqa BNNV1fmLqA0lSHiiybbgUFV5f5n0+RFM677szCknwBXYMvzYaIatC2IWIJZCElOPKZaxcLfG 0iY4STIqIcVE8NQ4QIJzACojhNQ20V2BO028ztz0aP1b2reK0urQGm50g/A5ZNN1K80JcTgg heI2X/6PS2ZyJlUTGmni8lD6Lh1Vvfa3XwG8G1VnwE1BFQ/F0xvSO3EnDBSYbmnzCwr69US+ GWpO++lTmPYLEBQVjNsYX9fIVT+M13J8ugpUbA6kLL9blx2NRS4V8qyceoDZwocr8jdq8gUv asrLp7YtOBTH/oxv30/uCDGii27xpGpo9F2ecGG5SACqgaIf7T8hjmpTjgbayd0AfGBmCwrb 81sOngm/xmLUYRfTWsPAXz1+S0AgOsIs02uyVA5zOVb8zIN2FGLIXeTcGGh/57Hb3GFMj3UO vzHLLU7h+WU7XSG97Mahy40Oz+wd4rqWz90OiuRGVpN/aA32ihDbaN7kN+rNSogpF+q3lQSe 9UexvPrjnv4CY4fM9YxB54dJr/QJis+3uqSvC7Ti7INpt0G5s0Do50KzTnZcf2cOPG9/D8zP qd4BwH0bZByK2k/uogFvjoENUcPrbcqTeMesxPoVkjTx3I/6C1guYnaI9bDlU916G4rY2o1l L5OJC7LpngOW17mivpkacTMixfglOdO17Bq1gH9LNhF7T70WU3WxYsjfKCaIeI8KhyWKn3QW F9JbiUV2wDAY77r0W2MSFKklJSSVDXlfS+tQ29fWcnWaLwZwno3rqIiBSYIbuTENQeDqDpPI 3h7ptteVUxGljlouhBLp6gac1u7s0cfz+nvm7rzMq7dzF4zfOXiAwhHsBKhw01pXM+vzht9R EV8/64cclYpF/DafEscPaCVEeEjt3hqKDJLVSUHP2QHYJSxoPAH1RIc21VSJgCeXkQHXuqQY 5uViXwru/YKtNc8IrCqV44GLYvv71iX7Sw2Ly0+Ab7I2FZaLYihxqGvaZ9f42YqGeupheNTw IVUSEBChFPNqLXC+imzIqPemEKVmCepqjMEWyUQ54qWT9B3SHItgX3ttvFsmxAfBQGxa3cJU Aq2tO8G7pe6Za19yXbccT7YfKQn+qNyHfvrvvRY+7ahj8JdXiml9ijJSx9Yhh5iXxbmosC7x dYMFaYOmayS865aOtJ8/GdP0zGPT4f9XAaKrNT6Arf1KaSixbZ6SGCvEPgNZXsyUblwEYKhj eXC79K3AH3KgoHwRrSPo5Z24Ek8yZxpLxCRyM8rM02giVTGfsB4inuJ4/ifcdWImmYthFiFO BkOSlL6c8USioy0BbHKGqnGn/hSnyrQ10V8U+5eXePmSlNaMFuPhBxmbIqIxb5WwoVdZQuCr DZfYcJyrecTabOLa0oe5mEgeLE9LDMD6h0eOOSPkunGBh370NMniBz4yaY4Ef1A03+7ddi/3 Fqhd5ma83UYf/14tE0dkUHUCiKqGvKv08M6y353ikWcrcUGxGpZtGMs09nNFKzp4829NO+4I rpQgFH64sn++RbMUoqa9FKeB+i3YnSOKuMCam9Gf7O605wtqTDF1LGzPE+QpsX/tZhTtMgKY 6XeZATq5MUmGPD82k757sulUWdcoIZY1zUAJu0grXW4DX9kAokWF1VObg9OsA69GguOOmp+q VcFENM/Dyc/N/C7vzLXvgLz7tXISUt3zoHneudnwA2jmL3oECxLgHgXzTbcn1SY1cPEbqC+E 1GWGaaJnHqIdBXr45Icc+mua+cEEGK3XIl0hBRGdu45dFxAOwZbwg8fDmV51B2NC2aQQLiTC uQGalFPkZoNjkhgFR4ZXIvdBYjLa20qNVAwhXxOSrfWpQUjCLtlMH3EBwUzsE7Qb5f3KQJ44 lBIMunpmtOPMbCXTw+FMMcJJLNsDx88CASOjgY4wgYswewYDVR0RBHQwcoEYc3RlZmFuQGhl bGxvLXBlbmd1aW4uY29tgQ1vZXNpQHBsYW45LmRlgQ9zdGVmYW5Ac2ltZS5jb22BD29lc2lA bmV0aHlwZS5kZYEWc3QudHJhYnlAb3Blbmdyb3VwLm9yZ4ENc3RlZmFuQGt3Yy5hdDAMBgNV HRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAFHJydpEQAxdY1fzsJTy5ZZDMTEDkt7O58fY 3tmy8Bn0wIpHQ7Soovd87/rgbAftSWsfHya9XGYINvpnJPAP0LaRt7+nXRCNTsFkv5WkDmPs axV8S7yfKBaQ767Q7xDu8pg1r6HgIiLIau4OF+nbUAD1On44+1mezfhTIuFk0jncMIIDODCC AqGgAwIBAgIQZkVyt8x09c9jdkWE0C6RATANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMC WkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQK ExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBE aXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZI hvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAwMDgzMDAwMDAwMFoX DTA0MDgyNzIzNTk1OVowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUx EjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZp Y2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4z MDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3jMypmPHCSVFPtJueCdngcXaiBmClw7j RCmKYzUqbXA8+tyu9+50bzC8M5B/+TRxoKNtmPHDT6Jl2w36S/HW3WGl+YXNVZo1Gp2Sdagn rthy+boC9tewkd4c6avgGAOofENCUFGHgzzwObSbVIoTh/+zm51JZgAtCYnslGvpoWkCAwEA AaNOMEwwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMjk3MBIGA1Ud EwEB/wQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBADGxS0dd+QFx 5fVTbF151j2YwCYTYoEipxL4IpXoG0m3J3sEObr85vIk65H6vewNKjj3UFWobPcNrUwbvAP0 teuiR59sogxYjTFCCRFssBpp0SsSskBdavl50OouJd2K5PzbDR+dAvNa28o89kTqJmmHf0ie zqWf54TYyWJirQXGMYIJdjCCCXICAQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxX ZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYD VQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwg UlNBIDIwMDAuOC4zMAIDBqutMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3 DQEHATAcBgkqhkiG9w0BCQUxDxcNMDIwMjA1MDQwOTA5WjAjBgkqhkiG9w0BCQQxFgQUuD3E 4eE4dsR134FoIx9zYd/mQRMwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG 9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZI hvcNAQEBBQAEgggAYQoJ8n2FfI7BuJREhbOIUpK1SY/mLym7/jaf2ql+KzIe/gD1ZNl8iS7+ ic/xAIq5WzHGuAMXXQMH/7zgiy6iLZkng7Awo981269olOwbPiGuP1F/uRb7ikAwljWHX/g2 rh91zoD2hmTglKCcCSxRsyF6YHvckzVwM4F7rPtIOaGGoHM+YVQKtOqkwwN7EaIwBzrYU3+u FdAMzWsbQt7oioO+3KefvzaHo7P8y+Was1AGTixyMFnAFJ9yrSEkT6KM0B9ogA+iLED+KoA6 yXLVZDblhliHozn+UCi50HeWgVi78rR/ZPIcaHOhx6BPBatBdud9Fq/JVf4iDGF/sE1PMy17 mVo5D3dZV1Rk38rCzINW/xq3N0fi8MP3YEDhGBGoKl8xJjjTK3B6JqithjvmmLzxpPwqFdeD kohjCm42Fok/JP4+iGt3LOZezPDDsVRdE+kNDB/h3XdwR6EiqDEvDZloMXUeH5MSpn5tjBzq 7NqA0bBhpNZwd/JgRE/KWp0FfA6TrdfC3NW7TQ4bLNo+NiwS6I5F1JWzj6tl/90ZnkMoq/a1 X5WH2o9tDAqMJJPPfr+070Nz0JQKUWpf7taaZ+m16AHGdsIf9zqya6ccjuTYH2GcBGg5Q6Rb lEEC27FMvaiKysYnAbC4g08WGcBAPjewuLnFVjnk1rhWdnO1Ijpywr7lRiPHNMHrH2A861Bv akd794hRourHx9ucT+Ir1d+ium9C8gJnM6YafQRYvovoZnCx9nfhYMECWlSDSVFJaS7EEFd4 PNKQMm9VEETOpxVmyY75yD37KoKFTQ39/ahb/ygVzwp12zwfqrM5HLnk0GBrf463fBxUs6I/ Ksbb/vXIvlw/Z91rwfwccc2zrEBJU9PZOQQA2T4oiJc/OInGhCBaX0xWAAUaHgGQYRwARhrq 8jh0PKtW63pjC8i3VfdKZCPxVW+jMLO4XysC/GsPB+5UgoO2bM0ySl0IXJIP5lQFtypZB0VI /Rh2SvsjWDov7vUJmtxfix4gpJLSx2jW5MMVYFI/p/sqMF3IQ5Lr8RMKE9O+XAjY2/00XulD ABDbA//IfYfPw2Xk7Kxo77gHR3kb8wIGvEfMU8DHI4cOcONGniPKxB4ZKCZssGMaDHnHZTjl Qyk43s9A62sBgvD5qNs2pp9wpAIqC7QAnBEgnoKQVtcY10Y7dkhfr4y68DL+uMl3TJzIIGUV mXbL/pBrp4wby7av783nZGFTwmpA393gfJ6aMWTPVQn8V4Qbj/ikjePc64lAPbATQ+0/Y0Qh /nPJ4tSmQJvRJTVxT05/idSyKKPJ6smAVOrvvM4snU6FMI/S17w3DU4STuOHLIgjHpoQBU9C HN4dxSz3Ce+zoCJYzkHmEONW8c/hOpTK/lcCaNDcnPCQr5RrlXq7ROGeUCAPiPMZHzCZgASq OyjnScHeBmUlurbaCMOGaG4CslVl0TqJ38q0a3kfsH8WNC2ACFpMgadvXHZTsEkiauuQeVnR gWUp0VcdrQhMwuNYFSTlnnV9jJZHeOw5oJPjS+vRb7sD3GPSo4TCA00RZKuNWHFD1P1M5vID BdkZJ4DQGFWUH34FKCJgwDZG+AtGK9zH6g1O9j2oR9ASX5ej7VnZXqas7bnFjLShlsTeQoX/ xZIkBs8mNLHAFRx5fItBv+HyuGF2qLRx2exoHA9kY1o/IlKpYDMzLbGuLgSs/RNZsGwaFDKu JoPzdWSr8CPnB2eNC7g3ObeiEm52NEY2Z3trpS0BfKrxwrgi6wwYhyTrBBRPC+FypvEyP6Tu Op9RhMk4EkFpZV9GxPGi/fC4qzPPZawDA7aEnnk6rWEM1fClmjKu+ZN/+opGt3DOJcSE/Bo1 ghypIyHIuwRWUMFgY6RQYIQFYQSA/g44/B1adpS3CDnf0PKq6DV8eEI63JdNODzpm1uHz3n9 Vtj96v0j9nQU75Jui8mgsNFur2Bca5RPZbygcXouCNenQEbHKoefsu9a9mMgHVMF2w/rUKwa JImO8Dm3FelWvUrbAyuh7mtDPGUGMjyTtOEIzy9RhhmNwy5iHBTFsTZ2TzCSuBBQvXHMhUxt IK68BxjPyFGRs+KwR8tKRfehQsWctrBvDv4lQdUmgZPK5ITy+QMR3RrbFATXqr2YeUm7tPfL dwLNMcF7yopfF/+mU9LNVU3XyJ5lN8L5U2b2rRn23+CcHEYHchd9g7Vc6txbOno9nkWNco3i B9A2j9rTOGh/cCTzuMOfdpA0vs4UWC3rS95zdovno3jtieXJlXCPKuj3IQ8mweVj4d4/AJRe qrhg8jYyrbbXRa1WK0NSqTCbcyUcdBiYrWjeiZR/c1pqy5etDLWgyi9X/rf+S6/HZcquHdK0 my5Y+zcungPS2hmLWfqpFTsFneNHCaI4JaAIYijfgGD9ghIjrLY8W1UCPFo09UCVPgvpq4KT t87lECrKIicxkIYCvHyn/vlOhANpazJuuwk9eYHRr5Ww7OOutS22h4DhTaAoLGVPjQ7K+Vtg rCm5SEoAoRFcd4RfuYZETtWjBe6N2CCUlf0Rn5PeOrylyeo+IPZqIygmJuqcXUqSG3M1Cd2i G6IZ5RCwgNu0uKx5+U0mUM5p94gN0pnR9LsUH2fNwVqcJhLDB86JPnQBdzU21Ld7d0kRgHr0 DJqPL0o9MGF6w3Ya6Jslky7B9GPqQcjr1WqFwUAMqihGxv4jkrBQlPA5bs8yNLsKYBENYXL5 /d/cJ/0u7/I= --XsQoSWH+UP9D9v3l--