mozilla-inbound: changeset 171750:3ccf473bc7a6ea4fa268f39db77a2305b2ebb12a

--- a/dom/browser-element/BrowserElementChildPreload.js
+++ b/dom/browser-element/BrowserElementChildPreload.js
@@ -68,33 +68,31 @@ function NS_ERROR_GET_CODE(err) {
 }
 
 let SEC_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE;
 let SEC_ERROR_UNKNOWN_ISSUER = (SEC_ERROR_BASE + 13);
 let SEC_ERROR_CA_CERT_INVALID =   (SEC_ERROR_BASE + 36);
 let SEC_ERROR_UNTRUSTED_ISSUER = (SEC_ERROR_BASE + 20);
 let SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = (SEC_ERROR_BASE + 30);
 let SEC_ERROR_UNTRUSTED_CERT = (SEC_ERROR_BASE + 21);
-let SEC_ERROR_INADEQUATE_KEY_USAGE = (SEC_ERROR_BASE + 90);
 let SEC_ERROR_EXPIRED_CERTIFICATE = (SEC_ERROR_BASE + 11);
 let SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = (SEC_ERROR_BASE + 176);
 
 let SSL_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SSL_ERROR_BASE;
 let SSL_ERROR_BAD_CERT_DOMAIN = (SSL_ERROR_BASE + 12);
 
 function getErrorClass(errorCode) {
   let NSPRCode = -1 * NS_ERROR_GET_CODE(errorCode);
 
   switch (NSPRCode) {
     case SEC_ERROR_UNKNOWN_ISSUER:
     case SEC_ERROR_CA_CERT_INVALID:
     case SEC_ERROR_UNTRUSTED_ISSUER:
     case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
     case SEC_ERROR_UNTRUSTED_CERT:
-    case SEC_ERROR_INADEQUATE_KEY_USAGE:
     case SSL_ERROR_BAD_CERT_DOMAIN:
     case SEC_ERROR_EXPIRED_CERTIFICATE:
     case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
       return Ci.nsINSSErrorsService.ERROR_CLASS_BAD_CERT;
     default:
       return Ci.nsINSSErrorsService.ERROR_CLASS_SSL_PROTOCOL;
   }

--- a/security/manager/ssl/src/NSSErrorsService.cpp
+++ b/security/manager/ssl/src/NSSErrorsService.cpp
@@ -95,17 +95,16 @@ NSSErrorsService::GetErrorClass(nsresult
 
   switch (aNSPRCode)
   {
     case SEC_ERROR_UNKNOWN_ISSUER:
     case SEC_ERROR_CA_CERT_INVALID:
     case SEC_ERROR_UNTRUSTED_ISSUER:
     case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
     case SEC_ERROR_UNTRUSTED_CERT:
-    case SEC_ERROR_INADEQUATE_KEY_USAGE:
     case SSL_ERROR_BAD_CERT_DOMAIN:
     case SEC_ERROR_EXPIRED_CERTIFICATE:
     case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
       *aErrorClass = ERROR_CLASS_BAD_CERT;
       break;
     default:
       *aErrorClass = ERROR_CLASS_SSL_PROTOCOL;
       break;

--- a/security/manager/ssl/src/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/src/TransportSecurityInfo.cpp
@@ -629,19 +629,16 @@ AppendErrorTextUntrusted(PRErrorCode err
         if (chain && NS_FAILED(chain->GetLength(&length)))
           length = 0;
         if (length == 1)
           errorID = "certErrorTrust_MissingChain";
         else
           errorID = "certErrorTrust_UnknownIssuer";
         break;
       }
-      case SEC_ERROR_INADEQUATE_KEY_USAGE:
-        // Should get an individual string in the future
-        // For now, use the same as CaInvalid
       case SEC_ERROR_CA_CERT_INVALID:
         errorID = "certErrorTrust_CaInvalid";
         break;
       case SEC_ERROR_UNTRUSTED_ISSUER:
         errorID = "certErrorTrust_Issuer";
         break;
       case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
         errorID = "certErrorTrust_SignatureAlgorithmDisabled";

--- a/security/manager/ssl/tests/unit/test_cert_overrides.js
+++ b/security/manager/ssl/tests/unit/test_cert_overrides.js
@@ -108,16 +108,28 @@ function add_simple_tests(useInsanity) {
                                         : SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE));
   add_cert_override_test("md5signature.example.com",
                          Ci.nsICertOverrideService.ERROR_UNTRUSTED,
                          getXPCOMStatusFromNSS(
                             SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED));
   add_cert_override_test("mismatch.example.com",
                          Ci.nsICertOverrideService.ERROR_MISMATCH,
                          getXPCOMStatusFromNSS(SSL_ERROR_BAD_CERT_DOMAIN));
+
+  // Inadequate key usage is no longer overridable.
+  add_connection_test("inadequatekeyusage.example.com",
+                      getXPCOMStatusFromNSS(SEC_ERROR_INADEQUATE_KEY_USAGE),
+                      null,
+                      function (securityInfo) {
+                        // bug 754369 - no SSLStatus probably means this is
+                        // a non-overridable error, which is what we're testing
+                        // (although it would be best to test this directly).
+                        securityInfo.QueryInterface(Ci.nsISSLStatusProvider);
+                        do_check_eq(securityInfo.SSLStatus, null);
+                      });
 }
 
 function add_combo_tests(useInsanity) {
   // Note that "untrusted" here really is "unknown issuer" in the
   // insanity::pkix case.
 
   add_cert_override_test("mismatch-expired.example.com",
                          Ci.nsICertOverrideService.ERROR_MISMATCH |
@@ -166,17 +178,16 @@ function add_distrust_tests(useInsanity)
   // XXX(Bug 975777): Active distrust is an overridable error when NSS-based
   // verification is used.
   add_distrust_override_test("tlsserver/other-test-ca.der",
                              "untrustedissuer.example.com",
                              getXPCOMStatusFromNSS(SEC_ERROR_UNTRUSTED_ISSUER),
                              useInsanity
                                 ? getXPCOMStatusFromNSS(SEC_ERROR_UNTRUSTED_ISSUER)
                                 : Cr.NS_OK);
-
 }
 
 function add_distrust_override_test(certFileName, hostName,
                                     expectedResultBefore, expectedResultAfter) {
   let certToDistrust = constructCertFromFile(certFileName);
 
   add_test(function () {
     // "pu" means the cert is actively distrusted.

index 82f76a6ed791e47c4078f18a19fdeade3ad97a2e..ab5dffe785a67ba80741b7979178ec92ef5a96c3
GIT binary patch
literal 65536
zc%1E>c|4Te|NpO<u@=gfUG{ys#=ft0m$kBFt3*cjv5Ym8HA*N#AzLbxvQ%V^7Nrnn
zNhM30D9KV<{DzTKlemBP{kgw?oM(@DFlOFo&YA1=I@g(bT;~-;#%KdU5E6n&S|LaS
z|0_fTK?sO&gDB>HLC*a|&HkKy2vVK-{is_|KSTgIcl)11f%q?86#xJL0000000000
z00000000000000000000000000000000000000000000000000004l04mD^}eN25w
zy-mGbeOPrs^}6aARjjIos(>=N@?)i&O0^1S6ucEo70Bd9WN%5=NFSBPO0SbvkX|X>
zE0qSv!x(rg%ngr77D`4+%8Cn$zZa_)OBC}H6Bl6<c_myS93|``%r8hM*duU3z(>GR
z0L3@Vdzm+a*N|6%x0lPBtCwpU0000000000000000000000000000000001BaVQWF
ziN?%7q&!3qha#onP()fL3W-1>5%e%M8Kp?%#>h!(1cH<lg6Yt!VHz@&DG7?6+yvu=
z<I>iIIhm-@GO!dZErpg<lv1!{qLx{B7nVee!=i*5J{>n3JB)|74GzPlhw<k!^|ING
z;hJq|y_=ml#tr9)^M^w+7QQTk6heg@g5Z#7WJm~fKW?wd9s&0K-t5-#NJeqNuBpCL
zuUjms%U0ZflTk6~qd|$pL_TkP$Kkvo?9venSEF|SnkRI@2Y9RcsC9yH8R`)an8L@W
z&lL(>8k4(a_<GMyK?7H`bX@LuO>XS<;w_eJv7V0~3bpP#y(e0spEUQXlF>@{gKUrK
ztFBM!ik)Iaq7V=wClC&Rh4Dk;pe5mfxk5P|=ZEEt@%Nq?lmy1l#?{>gBe4tX3QLhu
zh?3#oKXL?uL;&W4dA{9;5s_;ga5#4*Nl6#%E*lpItQSs60akz|VXB$t=@E!&5+n@4
zD`)PlA|aVMEI%C+6#iXN3)+M1mh;-;_fbT5y5sQXO{Agz0hiC8?h-PoiAq$Za*R40
zht|od^=AzIyiUh(-N_S%^z!6qzOtQ_?ucmDZN1#yaewN7AJ-Mt>M|973kxBxwoFw&
zPhOb-6L|q!opWM|kl34InRq*~!a#1;qvkj$dSK8n<!q+*D97DR9ZA2AAHr*gh*&64
zGygpXBLunH$$B~NcC*2Gdt$^fe(sK*7&~a@0Xkx3s2@Z$`$vOyvc~fbtS2<EKtvQs
z2tqHr3Q4qE-yI?evEdyeig!rjoI_}Tb_g?i4a`7zN$O2F2aG2d?z>MEU^IGxPtXhR
z!m?;-7)_`YF>v&9wZZLj5I1$hd3t-{Fn063U5;C-Vxp%VjwD-?iT1d79tlj-5T$YQ
zY^htr(3=!;zl4uO@hGmJy2yxv{T}_v^mxHt5wy)8SZ-x;ptDNu+L|Xt99h>+>vo^y
z{-?h--@R?KY5MuLqH2$zTEA75j2|C1H*7aPisDk&j18Yo%Y1meyu^}kFcqpQ@ER%M
zH!*H-G=4^Kivw(rm;9_-*kG1WCOa&~%MCX>zJJ&zzdC~^wO=LX+6cF3=&)zio53vU
z9LF8wWIj`nUI)ua<0bdJE*@-_mgU{+(pQ2=v5{e9ZtHf_O_y-Sm7k&#ycKhYaZjJl
z_%I(?GB)`|O!QUWkd|B#Z?Q}3y{P2Gavum9C11(1s`nzT{BYt}ZmCfK_wf!s%!iUs
z_Nczcq5EJrO4n}((tG|uev=hmJHHhR!6$SO^lKT!20^QTUx|Xn&?2x9;UVrn%4fzW
z63Z(={@SPS4iTI^hw$PZ5;NzJRm*b7qGu9uwCL=#i?8JQ)gjAr#yRL2xy+-LUE8CR
z*(UNj6Z|zGt61O50iSouwV@AQJ0Vv2#%ayV!|`Lb&djJD+To_wY<K?#zG|s{LG@%m
zu2BQQ6x*9r*)Jn{<aWJ~tKD%`rnju2HJ~F_UsN~WJR!_D+0)KGPFaFg+^!>FhqY!E
zb>W4x{cT1V#d6={$jyTPy)%+kW183~<H(EHCR9r&o?h#|6xqNn;K9CmjH2$ufny>y
z`8$>OsF2^1qA>Y58ZCFsE|6nG8jW#{SJ)F%grkFv(B7&+XZ<Vp>u>m--MhudXoyFJ
ztvBoKr-$uTD3^RHx*Rq6$@UJW&K*q@8hjWgT(;~Df%vsC!i}EWkKNmNY3r}ffbd%R
zgCl71XO3@m3(p!f#LpU{Xkl28@JFtB!7Sng@nuyYf9cA1A4uRm8j2Lb`ygS?2h{(Z
z4`4LjvV=<hpZdh*>xgsUntw~V9KF1}F`kQBq1t(Pr-NH`9OJ3?5i%q+B6@{SSJ+Le
z_}wfNm60$g-D~Rt;Woy|OvY?b7)kpY+j>so+N+aRRMg~{Dy>6rpPven-jCbG=KqXl
ze_D}FC`>i^L8GbC!r+id=h2WXDsRiM-sG&KLnIqkpUw8>jlY{eMc4l2_F8=rtBJ{J
z`^1>H1S`0}POt#M3Tt7GP`3FY5JvE?+ad1M36<FR5T!JEas6;PBqHopd>tu&81ELP
zt$E!eH@r!XJLQreRkP5w7~(y#*<^je;jFz~YcXxvUut>W@-PSGE2#!q&UO1y_J1Yg
zFukoDgfte1b}5&2u$aGee^xd|olBN}XxH)S(dht0J^d=vP_7Re6rwkd$m@?N`06N`
z{WM+(ua`e~f%?Z))T|Gvi2GpS#7R^z_;nH2d`mM<kX&ZX4=bkyK9Iv(GZZO>_d)8M
z4_5x{13ol<4NZ6<mLHs^<A%d{y5ipv{JQcdPsso133*Fc0xbrM5L)3S+TA&iF2xbW
z&o<kqbFc4vLQkUU#crw*;c>i~mDj~U(IvcGi9OUq$||P_Y3Uv9d>geLGu}4U!uO^G
zG8?>`c-6jUxASoX@<zgy<jl=$zf=pxj&6y1#+xrdjcTGoZhJ9&lQXwI^x6HQOHO95
zDRmTc8LPxu_1UgM(XSbY(`C!tH;;+<N)sI61UtZd1V?bdY@sZ31Na~L!Av=qYjW6x
zZum*7kXD5Yiye8xaKb@{kwyiN#?>u_7Rth94~@skIpVQ}5nh>xR|rR6e1?oL+_Q36
zMnKj?n61h?JH$D)J)gI`jlF}F0^ZO?XS{RI&H<ihH2riYVqdrVU0;{fM@JRDCbGLo
zFk5T0oVa)uPD8Hk#kPZHU+>ueFj@$&nkC7E;0ziF`mr1mgrFt1fLgASX50cVw+Q)T
z|7O|{SX%$SRq7a;EU=k4et4lsVZ6<b%-M|mXPXJ2`DWJ|_}1BsF)sGvGj=7iYWkDW
zmfFr@20NYlN*uBAvuo^4Ircy$!=yNL+{^kK;{k?}A2n7B7`;ikn$_Z`-*fYFROJh6
zeT$ljDLy@a#=nZw54+X+TV3`PVrR+!G9bRnheJ8Bf9KZCv3uiAR?7)axVsK#RP|nL
zz=dqc*YmJC!Suk&y1a&dC1Q)qyGB86Zy9Tq1RoaqEd+z@hA}WV!C<T~bLbi`{AdV+
z`Pbb=t`lIUZ9{MEOke2LEN4tp@5EC=)`ph76G3g=ld$*wYo}O$m$cQAx!gJYk1m?}
z^_Md@b=%a0IC&iJx)d21^FHIXh}By+x@uuV59Mfu(@%s;Y-#irW%Zu4JkY69WFm2X
z<@V&MbDj>4#rLIfo@8eEI7NKSW^Cov=XQ~0c0u2V3gMNq#6voxQlX_j8M)vk2(G03
zzIK~ESCJ7vSMj2`;kAT6GJjiv5$g&6lAbxgMq6MOI*0;q7W{b$;X7v*(j|V+wczu+
z+>f8%<t$+yG#AWCsA2j$AJz+E2A_=ByvBKFt`V&r-tu-uYR?hIp^(#(hb2Uv^in$c
zreCZKckRq9KY!48)X+gWC+I+(`>O%ebsI&>=J3Ah!Qvjb%lt3gF6Z5HOEJh5`wOKn
zz+>*wnY1_2qDg71Pkp7*NL^x$Y#4={n&iImhcWIuKU^Yn@zEN>-b}3ydO$FR9c(*0
z3cM+pV8&4Tx#{NL|2UG8c7M#*wV3gCp2}1gnRdOdPnUSRNo54rXxfH%DRr-Im4!&1
z-TNV`{#D%yUP<O@$HUgs(*4f1((j^UZ8hJY4R=HpM?29BJk6KUML#y}8#u8+o$u>_
zn|p=-Wu}J5#vBEAWpE)ZjTS>gl-8z|T;kjpvOkn>;P)~uWw`I4G5@KYl<4<X^WqVO
znDF8e#EU0>PCO((i-#SJpH2w%w0~O2$o)9K;$^h(vpCT+$q%h9Ca6qLltM$ytrX!$
zj#Z<&4GbKGpH;e6pL>dld)$0Jyi3Pq{T+YhJS0=;^%bADJ}z>WUTLSHL?z!XaB5fr
zAtuL~D6&r5{lF=02bpp~T-n>?{<6?I3BjGrIo<SYUUPL~*H9W!KHdkpjP6iMlQN9c
z^p!OVS=%zKP;%_e1A$@N2!fy-;oUGVK~U^4YbfQsFhZ$C{&iJt95ZBXITI<!r<`tS
ziZ~z?aP;GO<84OiYMGjj)rOmuzc$79>23PJ8L(sDD;`Io{+A}~FI2Xl-j=PN8YOC|
z6eLQ*8z!{H&}0=)!G-8-G1@MplZH<RCa*}zO$nH6JX1&+T-&Y|oT)$;eF|zVvY%98
z;6s$u@JERqC|5gl(3Tgw%gcTJdNcfCTX@tUyk-^^$*<qa{80(W-@MekauK65(;ngt
z{$@6(T-5Tv-v3pvi>rMxeO4Ze*;OQ)Zzg?jg%IsErvb)&rZM$pI(10Jbua2xTg2SD
zeX>X^timm?4qd@qJxS>qb`KMUf><6^`b?U}?V$6|6AnM!*SX!2YCT!&(dUWO1C3^8
zJTyu*>~8j}H%6bo(K0cLt4!cKcEwmzIk;$|>g|AG+;!(yBZU<%Iwglc67;DHZ~R-*
zqnno=1x$wjfkY4!po0LMUbuD~{SbC)+As2YGqvkQtZbMQ9eb0TSZh?(#mldHH%ujT
z^OOi&loK27Ff-ppViFN1cj4)SU_Q6U#iZ9*r71HTXcg3pK1%N&6|g@tL|!UVWE>=?
zW}=#9gqU3O=BYwTOJK`Hja|hgX~g~!>1und*N41}Vg)G&s@Li>pBQJBiuhyw+pps(
zAn4oEX3on*pNaZ|VCUz@RkQOWel?1~&8ZCWPpFI)%?z(0)T~<0Nwrt*ufy0u6PDh?
z<JztfyoW9|z8ACljH$&Wj0Fdf=p6ToemIo_J-oQ#I-RbJp;o+^7+3dJ60be`{f;x~
z2Y3|pOp5L{XN1E7L$11B98G#Gi+VYNQuRC=`7Si`ZjBRrW}IsMR<>*|hLFfe@hr7u
zJqwoWB+n*O23)%+AC^j7|GzK?rU!C%Mx|7#t-_97t=ky+PCAYUZP^EHk3RHjVt|z~
z7#qQt<sO%Jo4K!Mm94q3XZ9OehV9&(X>Y6ts8Mlo`)g~IZT#N5O%}+d?CPi4uc<-e
zp5IW{OKw#`BNW4s|Ng#?s+aS4>sU4U74yt8*^Mxo{M=wq)B!=;D0U{Rl==Q@y4kHK
zj8z-!3gLC}TSYQK&~K_{1WL3JwU|U^=2O<+f1iTH&fL@1oc)i|J7*`$GKd^6;ZppK
zgCJv4=!EaK`~QTLiPbD7;oH<&5tF`e3f{vXg?S}h_M&Ob-;31UD^A&zP4?tT)4=&j
zcFTxcLJbO3`kF0c415}IWw2MbNAEqp_Kxi?m8(Y{^iNmNJ=kR&mJw?=9=Xwl(xm!@
zaM9iEPxq8jw_n)E32_aRt}L*5#n`;Vqsm2hbnL<By67I$zSFx6Kb<@woJx=|{;eZ2
z<^AmK8NKn;7HV7WH*lV2$|S{Hjcm-n>ix{qb}yMh&Z*?jj~X^j$x`u`ne=I$oUkh1
zkKGk&cAzhWBdV^i1L-P)`NBbys>aWo0Tn+M$i=LUslR#AEVx$Ae2BgMcw3as!9%ui
zxoG<NeWv2kmHlB}v~PWa!*6p-iuNX{=oal=9oR$FKXXv=#}Yv}V8k?rR|5mF2at26
z_z4l(it+Sv#JWK$&};Q-^&EAq`X+TB)g7v;s=}(&s^coPD)}n=lzf#;l=zkU6uT5J
zC>~U_QPfl9lpmKXmCKcLms6MfBzsRbSlUclM4CYwi5`M4NMuMjNXSZj5q}|`FPbE3
zD=H;ADbg(xFN70P5Q2oN1WyZE@UQ1z#s8S^44(-8_FtzT00000000000000000000
z000000000000000004mh1%wOd=pl$m7Q@U%b4249P|FVI_%&ByDOE@!o%(*ss2Icu
zha!dGP{iT6OGfDyURFl3r2QDb<|!;U{9)0H@cQd*n?j8AlM-<`cN3$WcwfA@W@yiP
zrI4lWkX#pojD(V*iq7faeWzX;J>Z+(#e+at9jc?e)x5!V^~*|zr1g|_`z)y5M)z${
z6H5-NOuZuD>vuxbB}7!1&uO1qZ{7AWtE7&2^IDBZ*V2UyEXS$(XbL}Q7JZzc+{Dco
zm}eyOiEt5~2aKH^5(g~_AIuZVMJ%r3-@Bfagm8Ty%a;g@n3|uyJ&D0cyclb6mi6v4
z;e{*hCuHqL16ConN`26T1UB#^bKmJ9V?z7xi8=;<l;1*ydC5H5l%;m9VAILn6vv!|
z#CV_TTupVMobbq}NjDAHAV2cNxBZ304LuFf{H9><9&?f`V~%HQ;43b1=S%J|8p0V0
zq<gN3yzeEN(SabE8$vJz+k#Ew#PbvuNn$|#&0LNdqsafwTI3?#U1%G+pKP=Gp9>>d
zRwBfr&Z&rt#?l!GdbAbUiy^~Rk&?YPD~25QCSD}bxa`>*xbwNcuBZCshKLk&h=_+#
zOOqLF8=X&n_WdUj6?gsS_*Vh-R#&Wf-<5v0*1P7y9rjU-`j|0lZ!g7QpEUZjYF;tI
z#MXbXZ3unr<6r$~%TGc(^bChWlTG5cv}at}L-+MH!8vZQ%j|gY&f$jFhI0J!#{TP<
zVIN*Y?U{a-yF!XAEZ#djq$t=)XC=DAx%qt1HO_|#QW}9fxf{<5@L2Z<mRlJ%eD&|-
zi=nLCf6()6M|tZh(QUGAftEh>WSb;QsaJ{IGoajIbW5b<3Mx>yEvdb8bDpT9>oGn>
zT^%;c3zNDh1vo<(cc!W9yjgi{3pMRgR1E1f6_EgvMPfwePbWlT8fF}`NKyl8nK>Q5
zZa4pP4H1VdaK>7^p+k{ucxQyqIfG{T8~lFt#B#DB7PZ9Dcn3Rd!-=eM)vif(xet-H
zyv)0ps}5F#oD<r#MG;=#ViqK~=RwHz1fc?tN>)Lo`^P)hoR<tWvoY56U|_!f{Hx~2
z-0*|y=RcN<-1tj{)Tg(De7M#?Uxwl3#%oMz2Px?rkL7eSkCmV1w0pE8x^jAW-~RrC
z>CYe7UOY(4x2>V)zYiY?+LQZOgi}K0mY{!1PDXPr#p|^a!HwcdaDT@RyGNWSGGeDZ
zHh(R5lzGz_(|;+WG@A`!)N`yLxJ*m=fJl<~s&e`LE~>_2H=2v!_v=O-o<s>UO9j5X
zz)+$*TBf~@o$gTD(?>0X4eI>|Wd0JE<a+mH`fl7?DzmlG=cN2tMLmsvN$x-pO%Nft
zVD*9+o^Kn<@fKJlpaHe~h>jT-NG-n%`E$>{yMPDZ!%!qA-Ua*TTtKzNWz~{Hc>bIV
zv8WHqravZ?agx-NIEFM7xlSI}Q_yHWpT=3sPoq_4$+Yccp?*)6gNVyZ@4ewSG+25|
zaebU?JdU-qtKALgV&Tx_;Cx#*Y13r@Q}tw-^;4@C8f4{Cw^CZi+Ljlv@@|}3n;Lf{
z%PW5Mg^t5I`Bw(l>e$#_OdZ(C?mK-nz><05f*#S$Im`>!7ytTV>SB{}ph&G0{m0^!
z)KiDnVPd~zcZsccNLGV`FQw|R-)T|gAkA)3NPClVbi<+DkyjKN*&=q5CT`q2G9}Rz
zy|(Th>Vk4BB{KGuoq~FxgSW8mli@QNdIJpuSzfjER_4wt+BW+H^kwPyCJ0EKCo92j
z-Lh`VBH+=Uo@3qF%3OSpe~9fs5RDJ{zJqXTCS?FIfxlVLDQd;?=T-S1=T&*jB?f>j
zCZxi&_}GUYbR0b=EF|w(z}-eRn~K~?@8oTNm9q6RX<UrKIR90JpxcrLxtmpdaFHsO
z2HgobbN?O5WI2}_uaOvi_;5%Ke*Ipd`K~~4>#1Vt>a%ViA9k3#ypsIuI+wPrx3>uI
zvzzDcP}-gi3}N&%iF>c8`_y;qMeEM{+O5>nF=79UorD%zGL(kN(W57}_~oiTx~nVS
zoWrKfsJ=z*a9V=@?mNN~wyQ_N?<s6Y>QctJWTgr}qLo-VO}#z$ucl!&*%Q}qzcOyC
zIeX)_<;ypj3_CLXiuA{*E`@hnlQ7?F+i~~ZOOxz-JzCsWgIuyXM$Rd9%*9u00-fjt
z*+n=>X<tkgi?b}qoxmUV-%ge*=d(Ay?I$GqWYiM#JmzOJh1nn(8NBw==d?$;Si;3G
zEpg$nTy_{2%>QSUjJ+q;6+a0(yJ3CZmJ}tEv@&o)yOSRMs5S19&E4FPG(_kHIdQkg
z6M2k@jrAL~Y%Wr}w)vIn(i&^_stE9(kv6*juC;!oylwDcUjcG=Y&$jx5q8%;fk)wy
zP|Z5b%ZhmREl;00IrGbsJFU1vdR!#@!F>~HF*o?C0q)eNljTOHhPu_J`<zsQ+C*fG
ztcgd-%njgw6eSZW$#XQJnhVi<>Wry(wYW)6Wq#b?#!<HZt<XtbMXEa9G=#ais?dsV
zN@lt=pG_azs;NwPY_DfxKiG`4#H;PvQDEBU<-#o`Y+@CVQR8kd85V^jiR$=#^S)H&
zMbFWps{8ME>2d`%DU_^WX<@t9DRw!SJ5g7DPZilZ6Y1tPJwJ>V!s}*<LYWVf`LO{=
z7=o7E#^P}@MAY=>I2j^E$RB$+@5BWe95cOMa?%HC$&n!Q{$#?xC!t7sygviy{7JU_
z&62-*aVZ%eiyAQNq7S8$LGqR3@eee(KRFEb#}1Yy_1t7FMez6S-By2Hw(5q~VYJ4I
zRaBmewC!xo?YD91Uba_V$BcF8Za*%SLCKWbIb5_F^%iy?m`bfP#(qWUXM7p*p0?7W
zys4L0kK9&h@Io*>d*bOWuZUjWa|g$Vx~-+1bgCW4kn&AQ^8fu>n=4CL;F0>P+(%LY
zLsS(<6b%uv)h(M&$&`$6KY6f~hF32+fLBU5YKZfk;mJ=ARqhq2Pu;2X_#hjDtvM-p
z<>@NO<Le#=>2QhLZ2Dm-<<fd-A*tsAcJi+)xUF6Kwf}X^i^|oCYevFf7rfVjs1h?D
zyV+}&iFq8>%j{7V*4TaEz<dG=f@tE){2ug$d45DgI8aN8Sefw;-%_54oc~7U+m_?s
zBq%^@A?Ocz4XEX1HO%ypbMY3D-*)7Gci4*AXiYM_!?1G>`#B2uZ*50rMAO5xgqjtE
z4>8&pPu$}1O%Ii-rtap2Oo&$rsglO`@eHmgW820mtGjB4`?JDlowtO1`x3-QyYj<Q
zHWkIc)a%BkN$DQbQNNV5W-!LS)E@KFVAz(MjJ0Vett6FMTcfUFBU4lkga0${tT9|^
z>$@APD>4ppkD1r8zO4;jA6O97xh_;&v!7vH?;2kM+lBQ11Doo7Elge0c8)0*dpyuv
zbBoJ+)d^@*{aIxC^rvlUw|rB(k}HeCcJ3<`%u~PA=Wls_nx}2M53`bX67J+a+bFw2
zis^J;sYKSgodE&q0evy|?@2`tyN=#f+wDP%b2*otWWBQeSfz!}q4F1qCpXp4a#d^D
zn31o(dESb@{^sTGeOs^1Xm$2z;dQotR%Q@h4!^Y*Jwe?+Rm?bzXc6i+s+bWj({CO_
z5_y4{=d&-iF(3JxZT{ak;$NFhEvd!dgcoeYfADw1G=J6q?<*IxKu%m!V>YXg_VcLD
zFYXDxp3PcRq95}G@3<d#vTHf2YcV>dZJM-gH`XahbbOz<3-f92wf(AHUYXrSvPD{|
zF%`#6xj&9zT_!FD@?UCht5nI>k@P)$G*6D<QPt>Y)Io&}`TJ^4p4cPTIhm#Y&MaTm
zId$Ul>BEgND_cu*jjehkmb)pR!Ov(UFZmM+d*$BA<msCmd6CcCRPu*U7C0TMcw9GO
z*<`qVx1`M2LtJ|Nr|p%|Zpil>)ac^vz7*P%8A5y5GqR=%-;>oN`9*e<mDF}xCK^BM
z9@M1{y8c-xe#HtF(EzkoDw~s!#r5J>k`BG?{TkW~1)+r;fhftSLcz+w@D1M*77&D^
z_lNHt@n?f?1v9hnA8Js4YL1)`a5B>x3!yclxd23iPrm%u`TPI?000000000000000
v000000000000000000000000000000000000000000000000000H*&RU4>)C

--- a/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp
@@ -34,16 +34,17 @@ const BadCertHost sBadCertHosts[] =
   { "md5signature.example.com", "md5signature" },
   { "untrusted.example.com", "localhostAndExampleCom" },
   { "untrustedissuer.example.com", "untrustedissuer" },
   { "mismatch-expired.example.com", "mismatch-expired" },
   { "mismatch-untrusted.example.com", "mismatch-untrusted" },
   { "untrusted-expired.example.com", "untrusted-expired" },
   { "md5signature-expired.example.com", "md5signature-expired" },
   { "mismatch-untrusted-expired.example.com", "mismatch-untrusted-expired" },
+  { "inadequatekeyusage.example.com", "inadequatekeyusage" },
   { nullptr, nullptr }
 };
 
 int32_t
 DoSNISocketConfig(PRFileDesc *aFd, const SECItem *aSrvNameArr,
                   uint32_t aSrvNameArrSize, void *aArg)
 {
   const BadCertHost *host = GetHostForSNI(aSrvNameArr, aSrvNameArrSize,

index 9100328605be1f4db33e0528bfbfa979052af957..7e6f9654dabd2a6220f7cecccda64a707059f9cc
GIT binary patch
literal 527
zc$_n6V&XPvVk}v}%*4pV#K>sC%f_kI=F#?@mywZ`mBB#BP{4qXjX9KsS(rT}wYWsV
z+0j5woY&CAz{tSZ$k5c%$Sg{n*94hsAY~|FAO_LH57y(Fm!g}RSCUy$Y0x+y*#<^d
z2Ij_I27|^<rp88whh}aQ^IwHXKAiZ~Ik#20ciZXDI?;bp52Q~1Qdh;|Ijgwy*0043
zx3;<;74kCibD9vYqi{QnrMSAiVwSj1RpILU-?h^tL=Bp28V}}f{WR^aDf5dD%(g{q
z+CDZdIJ-YfW<kI0;V|h%3L=edZMqBXrh7+99%Xs@ea4gAo1C|{=pAKZW@KPooN175
zpbT`qtRRbwfm9P`PJVJ?PDXxlNfWP@UTQ^RZb43}UUGh}fe{;rHXAUI*clmF)C^P%
zlwf=V#x}8xl9B=|eSNrQD+>b)1APM?kio)?jQ?4f3>eVDni&`b9&>BtZgkApYsa7e
z<=`QYwvWdBN`_I77-BnnUw(TcC0du?s<N=4f8{BONBjAcA~cH@y)zYwRg|0aF8&EG
zbANyPf&JEr6`%9IuQr>J{FtxZ(SfC4)rmt7*`s&!Y4nJ!`h3OHwmAFir7!!~cSS7N
WVd`OE$iDW~{f;j6qz)PJ=otVHe6~#h

--- a/security/manager/ssl/tests/unit/tlsserver/generate_certs.sh
+++ b/security/manager/ssl/tests/unit/tlsserver/generate_certs.sh
@@ -139,9 +139,11 @@ NSS_ALLOW_WEAK_SIGNATURE_ALG=1 make_EE m
 make_EE untrustedissuer 'CN=Test End-entity with untrusted issuer' otherCA "untrustedissuer.example.com"
 
 make_EE mismatch-expired 'CN=Mismatch-Expired Test End-entity' testCA "doesntmatch.example.com" "-w -400"
 make_EE mismatch-untrusted 'CN=Mismatch-Untrusted Test End-entity' otherCA "doesntmatch.example.com"
 make_EE untrusted-expired 'CN=Untrusted-Expired Test End-entity' otherCA "untrusted-expired.example.com" "-w -400"
 make_EE mismatch-untrusted-expired 'CN=Mismatch-Untrusted-Expired Test End-entity' otherCA "doesntmatch.example.com" "-w -400"
 NSS_ALLOW_WEAK_SIGNATURE_ALG=1 make_EE md5signature-expired 'CN=Test MD5Signature-Expired End-entity' testCA "md5signature-expired.example.com" "-Z MD5" "-w -400"
 
+make_EE inadequatekeyusage 'CN=Inadequate Key Usage Test End-entity' testCA "inadequatekeyusage.example.com" "--keyUsage crlSigning"
+
 cleanup

index c5ae5df7a2045460217167d36a047ddc75e0a376..6793d58fa6a354fe7a401c4fa9dd6f85d82975fb
GIT binary patch
literal 53248
zc%1CrWo%^Kq9$fDwVB(@cAKfqOl@XnX2v!%Gcz+YGcz-@+suqPH@7E>W|U8fGBanQ
z)FW+GNmWwSk9xIg@3r2&fFRKHfPjENfPlc}fPfJH^%Mve2nZPHKMx?Ne;uHI5Ac5-
zkbj^5$0O!{yeZMzb06qGf&6_94CsF{DB%Cup9lZ|00000000000002+|23}&K!~RZ
zO$g-($p{z-da%3SsG!TC9>ATzyFozyb^f0U(hc$j0Pw#eP#|C+dOwgVdJ2edltH3F
zPjJAn;J~2t-@#A=gxW6YtBT0oOlw)F#*ulnOC1bAfPumMKzt}}Oicu&p;$Eft&o1i
z!<{OUMx2%X{78LOGGl~S5eW7+`EcL5*ma60o;kOuZiHqwmGIm^x-y>~C8vHetgr(r
zmyaXz<TmQ;kS*a`A6`DH3{uonJlI1&+EANw`}F(HHnISTs1@q+tilemb;ky3gGPMv
zor}DL6^WM?cwg7>)b4mU-lqRUX!L9ZYA7Ray+fZpQ!FYQx}iF~hok_d-`+y()_3CS
zrLDP>U;t&}71O$sFPlAA>M%?1PiSb5Cc+&Tl{c4ra{)hAJ{{|#PYj-^dH7Z1P1>IW
zS)d4D1LcCHUFAH`uYydw!kW5Y9-z@B;^C{WVKPqa*-ZJUg1jm@ADE<d8GR)$&}b|~
zBDJ%yb?eUVm=XGCSNuv5KLnc~1wOq&J>sKW8%xk`F?3c*XGC!rnEc^HQNlaO^;JE>
z!;Yha3oCqq)wtdw)PwUPqYU+^<=Y{AoR^m<7|9*EYV+2mhsa0PLxFF;w0nGkT}R*>
z5=;w@YZIurUoBdj)4VUCWmZWCma354>@R&8;`fVEy)TYU{ezQ@^OAQ%hO4ahg<_MH
zfdWsL@^N=mY){l1@^N|2V2uh2TDHU&VyeGua9W|}J@22)Q5q=tJPe=X9gHrIWDE+0
zB?d}(X%#epn*!r$`@O8dM2ew@+#XY^i1=|(jA<V2HSh!vRoJn9eW0gi;evm4OXjwa
zPOD&4mSz4FuUw+UiN3?cHgMU(iDbd<$wDOWB&#GDohoAWjv*fhxfBdLInNby&ITTz
z_Ul$CF7vTaBuQY;1wtM7s!*yS6^)L=JHz)~9E9P!eG5LBHr`7w7>B;g!Y;oM@PlVl
zb3Xi&+vp5!E|uJt7PH7l_-1;(A9dQ2v^|W~08F~)t=T{LvvWuwmVplj0oI-!X$gCJ
zY0NRxLBH4PUO^0bY_owGl)1ssv{B>M>4)vXYkHr8%_p#A_Q$!?mxciJutaG;h-Q`4
zAM(t+$DL7!z+K|X@Q3qt9VT<JF0*?O)~O`ce@G2W%2E|ZHS>lQmw^FvX-x>TsjSD}
z)R?d=X4u=k{UKvQZuJv3Fm^M5ga_uAF<FN6FXAnjA~Q=qSf5f>A1+e%Gs%X%JkD}x
zPzcQxmpdK!>PKUuVtKXIAJ6F_zd4;-@6gDIp4w*n;4g{c*HbIY;q8LT4d&&*QL<Dz
z<6*i+z|**YakpkXD(!z}#9JZ&EgARck-9D3I+y-+iI6Jr%eO$dp~M7c@aLEbOCD%Y
z1V%kHuB;U}HGcs6m}SS*yDwv@RE}q$)Uso7bjeDu|4zMBI8Uc4&4kAX#%sPSuSj{-
zNX2`r+IJA5y6~c2J`|Yli7`o139lVBB3{Bl1{WItd{9jU($e+;HmmMJE6*>Z$SjoB
z91T}m_6L^mkj8P%G<<G|tb|HO7xFIs5?N2DO6m_tPkW4nd@hf`osPt<=spIoT=%={
zS<3x@VjPD>!jk~IPXBOrP$2L5IZc=IavJhPb0cvaCy$kZOC)Xjt$?a{SrB@ghZS>}
z2k#P%DaZK6&!aBg3|_MCiS-XiX-{RjmJyIA-;#mhrRJJDO?$h+B4Ps9+?XY|TZJEY
zzk*aN-<F8wMIwh3aY1`o<{3EYG(xd{Tq*gtydYcV9Y5BAMFw&WI~=b@v_vDduAO>^
zWv^CuEBBr!8`g%}@(sue&v#lQ$Ugg!Bm!v#IkfIm3dE6`m!;0_SB7n8?~~$)v#n(;
zSR7FGkNY6;QT%c+XEbH1c-POea#2WwUpMn+HFVHyZB9<@b{u#;TYNPARsfrHRgS_F
z7}fCA<Q6@U@04ck(uHI<PcBJHE#F_huvV=0J%0q>!|__>wY)x^eMbhOj7<x-z>J3K
z68yL%R90vpf$uKa{(9@gd?UL&;&kg;@66FD2c4?tLhcGCeLD{A+_#u6mX^v~B4vf-
z>(93UtCgJA>TrcyX;aR8&#*q*lLOE}J$C5nfW5ENx^3%b(m&SCrK8p<Qiaqapps-n
zs&*?$-U(_`9Lmo99URwv3Ee;ap;&n6d>+;!Y;~WTAS|5)&TWR%yF3^FAvH0u#yi+F
zMx@t-=qGN}yiUKLE(HFjCX9{ni>U5Q$f5m*@9m7Irk=Fe?WO-}`AoilPrf(!NYG+>
zGs!JH9=m1s9duQ5SFaDkpbL0Y&Q&9{S44|2C&{n2KNwJATU8<V0w9DV=XqB;Wqrc}
zXTh8jf}$sue6P1Yt{zYo*v-U$1ZWkozE!*hZ-6mr>Wn&aHU#IUoPTu)p?<Q7ro)eD
z5p74BsxXE}^k(JMbB5(GQFUWtzF^mKi=b(~*Lzy`WKA(#yYsa+ZRlobL~KjAI0lwn
zgkQO6QY#Z<ylBK?o!tb<ghPNhwO=dN2VN1>sc=56xmVba^b9W~zSegJoURDB?@6}S
zd`7ddal~DJIJ`me)Fb4w|K1K}Lo0BZLvpJIinu}!-feH+)ue@Ay??d$U;OkTRc862
zr!hc4OzU(4=UlnsA3~;e4mYc#hID9kPoO5SFeaV1?HWZZMs8)NPS;R~HDZcSiR;`6
z6(wZ6!zwqY@D`K7YaEGlxkuh))@jx5KX{GihM_qr2qqU%#_h@9b0A1{;mMN24O_8z
zWJ1AU88&<sJ4{uhCF@>he7WeJl-DaZJjjd;Mj^{XCGux@HUVmVd+;+E1HI{kA*wi%
z<)XPdYoBXo-ywVU502OzjdEN%W}C8$YIjfauu4*H9BD^;>;|4lJv)B2uYr0bA@w5j
zDV#<ZO2Uu=@4lReX1ZcEK1C6&@IVi#3$zMR&GlT%SqqJIwv`9?=lcUn_OTnolJ^`m
zPw_Dg<3_~M==3GA9gy*o7%`a_Pi$mi?s8Fo>1lO{FySPM;l7IBS?{1rv*eohdR<y#
zX|{YH)p-MkB+&;=C`O6PZnyGETU={A&8Opael@DxNkWc2DBDQHXv&Wbv(8)b5mel&
zcdk{$${nNV&FSiZRWU{330KZi5R8UFn0MvPS_`IchI|~btm|Y&7qr0CELaJYLV~to
zMS`Zxt>lg^SIPS=etop$x|sRvDClPdD>mrR^3a<;K$f@K92tz#(flqy<$dvIF4*c*
zFBi!!^aKAPHHHuw!^l!T(fxg_xOnC&LC(11qJLBKomJ`urK?cfcbsOnJFb&}m@i_Q
zD-<hT>VA{%Ez;?O^k~vVNENNQs-u;O`zGtR+PdAb+G>(aA78fiJ00|n14Fm?vA%d~
z5t}!ZkYGe&muD@RvTzJ=D{4NP&kW>^l%}{#B0bsrNO9!SHAEp5t^kivGR%z+ETnCG
z2R{wS5Guk-CGYskNV~Y;W@Xd?YdwcWbk{FCG>xDxY*ZpVYD0V7$&2vwU1?h;!NW@4
z9v^(-d2z{&LJlk#II1QYoP2uds%!WH3Li1w?)ofxw}xwG5co&8j#6IxF}%<SS|r7D
zeKDd2qL>A^msb!*Muc!rFGI6>C|)m+4Vi`AE>s;Li4sos3E~4hn)V5NyEdFh4hS8p
zIUS$c(898t{QNnxi_F&=o{X6sxYJdx6U643ICmP{oq&;jCi&IZ8cy@EC6OPL^ZeGH
z`2A9~0;6R=VtyAncxtvjJ%H?|KXa&bdM#7rSnFdE`jZ(brHEPDjiY~qd`lcxr-)N&
z#G|)I7Fzk$KK7t!TaxWg10^|iwxy6k$1;zq^MLgIc$aN5Lu>V`^?=TEfL3$E#?|I+
z6TK-V4PS6Ta%F@J?ua+6XW@9a!k*ApQoh_fr(C9{fH#1<IV}x{5DY%&grIEQy4$vg
z%5oKKMkt+9a>q~zt_Ee-wAv{(wMp*dc2aqnZ{pj8Vx~$5h=mxdXPn!N8)Mie$OqAv
zJe{e>qS#INBH7S%8@(BW6FjQq#Wj(xp<G>Dg|KwYfU(HR&QDa5KOv>YWU9}u3%k-e
zlc9)A<yq475KoqxGu1rieyQ6|o69X-z>1t)u5Smt5UJ9atvuNps6Gd**4Hl1J^9g7
z<9S%lf=3}MAGYx>_R|8eR4--Z6SisQhBJxcYPYX~N=cd~Hs(oG4?Z-On8k$n``oJz
zIqUL2YX!I?+S8N>U#@K|9~(VLo2KVGxbnp4Tw)VTSx`4RZ{I<~*?yJzbQff~v#dPj
z^4_SFaa*K6HW$Z^M|_)WC{)nc4SWo40NEfF#rr~<2Y){?{rLlU*4D(*Mqkg8#zD{0
z5fl}ecVrenUDoXWYTp<^5ZSpBLOG@a=>MFsz>~GE?I3+YnTuFd?LkZxTRjH{7aMy+
z8Us@!0}D`PBYOuk8*30CAA~X39@sHhRA_AoNeFF-|2XG|2c-c0cVCwP0Qg_WKMZ4D
z<l^EdVCwDhz!D^&DQX-hK&v)?hcQ%p>bADT89$G-grp|#j26cbt6H6(l|r;qlHag^
zv@Ujq$=UZV=IdnGT(N)n7)G9N&?icrBazJ?D}<Heyov`E=45%!Bwd()v^7)y3aCk0
zQ5{10+TL38>%J0qgzcdfVL`60Jj4QbO<91PT|p5YAJ@!LL9;+ejkZb^LtQ*#3B3to
zi}XBCNi|3w{&KG@gbqld7wH&6+Jzas0`um;Yzc+WlJm@d+P6lNIiKauv#_b6jNOI#
z)8r6aTMx?o+uHg3#fb9MDq&xR$n~Yra1bOmv_@DPoz~i<qe*Bf`^PQ&B5@ih(<2gC
zJD-#O>KFA(j=DPKatPI9$eSXz4=}MRONOxY9^$la-g{NfTy(?_HW1at;ONA@HsDcq
zTz$c6Iz|zQBG-|y^&KMFC0DBeUUnAp>o^eAH5AEU5+#o?$qi<a-APVz5x&;qiqZmx
z?CY?dHz+CjC2KDsf(y^2x(^W4F-@SRv#3kTsp1be_1j*>HtlcF+@75<N-Ht0U$N2^
z&=&PQIp)Vx<a`ur`Sa6H<C0bD>05+TJaJRO1$V($>l4vY6Pb^7;8mzhMHF3n3t1V_
zJUjkDho(qjW55uLuY-2$%?6ebO|h=LlMVKb;2R_EbwUQah-3d6shG@f5}8i_#KDRE
zjJ)KE!CIh*JbR=+z7%kPYFXQ@fj|pYkfdwz$ZnzZ?9V8k{F86n$aHAoRMr<yxS_?Q
z22?8qENZ--y!${oYOL=yX^Vn4z@^z+Yqo<{DI_^9!i?K(jv0*L<@+UJHGv&Sj|`ei
zTtDv=5AG?=@QAdd)4#aXLyiiYJ~Mbz@>4>uwFo>ndWB|+gtStpBQ?UH_Gg(2(<}@H
z(t!B^nvYUMe~VZj2)odqK18*M(XoPB0snUE(msZE%&sSBd;eLZ5Ky4+8y(J1O3~WL
zuBAT$iuYEu)M14o<`Rz*;10%BREXd?x^b+H5k*6*hh`pc9XsMlQri^xIlXEhJFgC;
zqX#WcuB+ND#p+{U{wX!@hyj{r-B%nu`}o`2J&Y$8$5Ve(LsasJ^5fu8UMkHmnfA2=
z$3SS`KwOwJF(qkDm=uSPKe#|eA?fA}RA~SnJY93h{Muup1>;Q9t60L)jnJGH`&{)8
zssJ1C?84CcvioN7Q%e26{#?%NJ8nu42+mL(L_PEe#so0qk?0T#82C+6)@Ko*w1{=4
zMq;~NdQLatMFm!~(GMa`TXYk5tIOk(4$sGte@-@f>91~0`oVl6B!dPm-U$<-;DdiW
z;uL3Ei@^n+RF7K;S33HVC&A!gh}~cIX|NlvLQ^)+;-0g_AL?y2)kS_Qsrc7VIVpv1
z0=q52uw0@K>|(a>KtGt_igS<F<)g<-%(JzRpZdZX${uNOZUg<)``UyQzIc~!{A}P=
z#Z=?@4^RM2>y;slQq-J*)7o2Ou=o^(37&T`2I%g)+FVBflS#Gt<FUb&2Yyp94@B>Q
z_~Z?uPBYEs8C4HWW5~MT<??Erg?N_y;?0uUerKOZTEEorn+12`-o23-N62buzeL+%
z&)P`$AN4-Y@J-J^*c~b*J~4SggLhIBp<Uh9o*>d%<IL27kei$pc1xqsKb6zGy^4-U
z?&C_`j@nSO1;0HS--C}KZrr>$Y_)$z<O#y_bY5+_0?7uqA?Hq3uajOSJqPxVH72jy
z7I46XlM7jkrwE36k$D=JU{`!l<>1<HDC{+iJ5KhGJ190j8f3UxxjD*`44xGFtU!sp
z!|W`p*wvOZVI!WxHQd@-vu$j7Ait>Bcbg)5`o}$s_X?qY`LD=*tBb^Ox!!hOmclJG
z7(4c^4RRn?V}S%Mx8t)nmrmhrIJkHc88jNP(kAzqNVEBgF4pysm}7@@7gh#pO@DBU
zyoXW=bO_13@oiNrG#UG`bS2)E4@e`*rP=LWmt~$Id?1Uu<I)`cI5y^9-vSeK8|h+d
zF3;9=grtjcpPV=OH^HqGd5ZopY~FF;HjBX@mLBb1=G~T&Ik)8~Nh<L&)p&n}WP3y7
zXii!z8pCBbZ5{qjxT>0p{dsvK_EwiP5LxnnNDcg~U}})2lsQl8v{@_RGYS)d)ydz~
zsE2KxSTS0~W$Jl8zGCvr32Jf%*A6WUonQUpOnaa>;&$^@7E|`5kwyhp@2fWR9NY>v
zSD~ettc^qmX)1U=am*VrGu1G7D4TiyUU_A|^j#GlGim9GZEf$>xhquBD2!-ES4PTm
z^pJMT$dQ13Ld{TOTpw}}_q}D|-D&RlhhG?`;uY;jDcTrksojr5%?PWX2ETr#ie1bq
zSm+?mjXPF(pB;|tWfMbS>8?|GGFrU$UkYpr>s;@8D$UFI+$o#gV9d309gYFl|NP|e
zkIxWm=E*pD=@*BiI3%$-aA6;thY`|cq)0@q<q&vx$}J6EUzk1NXEAF({vaKzQxhny
zG^~+7sWbWIF2r&Dz|+<l%jqN6o-0T55h}ii%4o)mUu;#>^@#U1IexLOb7~G5^e{FQ
zP~Mu2*B#HQ+CYpZni#iP&a!D7FOcIIO(IykK@S7BxBWBI`GB%JuhYxXF|3vmCTIS6
zr|Q-~!&HY+?md7Kf&~H|=sNq-I(I3*oXrer9sRd<;&uB5cDk%RzH&+&o<;6KJ16zV
zYc-m1gQX%?8PY9y%=QCTJ)|dbsPj))iW*H7aP?e4G^p-4B1&)pFz+mO--PgE!^nd6
z__bV_HHsra2+wqlN+j#V(lhw0nmQGp`_*>|EC)T2xB(+tCw>2mOV8eXXc)iQq;Tz&
z)-f3f-W5CxhA8j>{MB|l2Vl_Jq+{p+3m=HNq|Lw>IkKnxkl`QGKGk-pXf1*C2`FKz
zR*j!Pz>Y(8v9-(VymRxrVP%$ogi{TjJQY<n;aFTA^vg4?{JXN79X}4tvyXHnjE)yP
z=Q|>yCEv*MH*L?nmCyO<rP1n=zIi+fuAne%%tdeLO&0oQ0Q=Rj&{%IimZBw$_lpYX
zHNsiV|85XRQsCd^A|owfl3%!)>%VTDKMmh22Qi6Svhf7=pEQmqV%wnT7BV_+kHL}K
zIW)H*{RwFf(*~YK8L+sZ$V6>T-z()<^j6R+uOuzrrQ~DI<vCBuEUyDd4Inju)cik9
z&A)pB7XSbN00000000000002se>|A~eg0n@HUauS=Kr_ADL{cS|8xHT-~G)10RGqU
z4_B9C;aV1rmzY2z7Sk`0q_11dGPBJ8UR{1UV5JLqllQ!ow(hgo1pkzad@~&+gy2!?
zLJ{>K=9ly3^kWO7e*R5%&rTjncXr+bHBLk@C9!OTDWMUrbii;csmc-#3)VF+h+iOz
z0@Ljs_XOT6T+&oB9QRt|9f)egXoc<gt=>GT&s88ta6%XU1T;^Q1ES@9t`SoDz<NbO
z!R&&zN=t*vJKt8a!7a5`4$UL4Xqjs%OdVaJSE%G<Qk`fdejK$aZ2nsqcu`V)%(^Ya
zP#y*s7F?FsAz~{|C-2rw-8eVtr2JNfdN8*=uTd&bclwKA>e%fQ0XIKFm|)rYJyIH-
z`cT2!6D0Ky@@N*^_j>*G8sk78(+A<fj8r9-kv@!RYGg_A08l^Jd!?XMa2lJ-UQbp%
zU@;jpyaM`ZExnG+bVWKb0Ucc0y8g=e_g){k4|muQ(DgrPOUW0wAQsj%TT@JyCqHx7
zAWc#UZrs%p2+zV+v25)8%*^%<1IdVYRwhu9@#>okmEwK|DB5RO)Y$6i&UlW|6v<W>
zUv%>3{jMlWmHu?Y4VCbpwGN!vUSd#gtnHbN0k>cRwI5SaUzn64pdh^=XNB7x>}w5Q
zySBgo)9oY1Lx@KY#e?s`J%C&z=y+l>Ju21>6J|9~7J+M_f%k=1w;>S<d%byX2wMry
z=v2Y2yni4$`hKDmR-77m8947reOcj7cB-#6c5bsb?pFjtN9$4Brh~PJE)f(GLfGF5
zMsr~kUSF8S>P$EFL{E}mtAj<GVkj$LKFW6@n%u!1ppnkuH2cZqPch6g!Du4nyUUGM
zy4Z~)=^9eYUY>Y>EOXaQ6c`?@JGku7K5xVNWNwu2P%O8Ld@;8v4_mq384>zr8kejC
zLA7mZALo(5M+I+gKhuYfx|`&?P)`EJp6Iv_S1S*NGmBD?8AEOmh&28DeKZ%BA-8@~
zUo|N(PG||qdI4<VO+<EbOi$+PNVB%f&a>w?LI>K*+VqH)LLw*uFMm|PS4PfST5G*J
z$!R)JXSu_5J*lF?h?&CSKcwc*2+}gA;3`&#Lx9pXFKKo)Zsqjf)bQ_HI4SWebcxcF
z$jyy3vdGP@G(uUWO`ReEQDIBF1%dc;icV9fujniCh_w2}xohx_r35sn+e<*!dJyJ{
z-Q7z&OOUOSa-kCxRfjq`H}|uDS;y*B<sT3Is#;liDXOxbJ{JuUwyhHRwh5+2hVN9%
z`WZywS?<jf7jXXG%eVh3y}I<(h}SSg8TMH!%>8b*FxPQG^}>p5OmLt`VBo-eYbBiy
zmx#qP7I|AgTI=|TTij%FIA`{7B5HZ!CD4+Q(@b-69lCWfg@SHoe@yYl&`Z$c4f{CW
zcoO>3l@YC#W4mJeb5T8OfqU^A3Ej~!<Xefw@aVNKsntOS#D_Zgf?$&fjMJ(tE2(1z
zrbue&Y-3g<aW#26HBF8}WahK+512Ga;CVsm`4Q9UY(#Kg?=#Mdo@tq!`D;sprBMl>
z<k##&x8{CZckT~^qV^31XrRH>n6=X)y6F27TGG=eA7qHZ+MF$d1%bIad(}mYG^;X#
z4kl89%N*t6D(k3~X&ThD5dkyDINtBm<r?x<KDx%gx40ysKDot%8BK}A<u24=eqfkG
z5N-DdEmEE3?x1WLhi=kMTPRuDvJJgUGlMSMK5k-)99p*FO)*jqtQN;kjVQZ7L2zM1
z-qbYL)C;U=Ve_O3g?Ev&D;|?d3I!ysQ)#}1=Mqu7=nP42*YS|&R8z1r=0(c^87xO@
zXcv|^Mn55o{~9oV2J`W|!5Y0UKG+7`DdnW}3n&}htV61xIr70(j-Q(ZqUrPgIpE*H
zC}EGJi>jOWL>t<F`CHB*6qwEpW)7a_E)YA0`7}#cMs;0@tp{1+r(av6a6cTu)`2X1
zMZ51(0Q7ufjH#i`NLKCx_v#Zb%X5%EF{S}#XL!4BC54O}JH7CXiYJTvqVHflMY&xE
z7CFa4+A?}Iou7)H0>2$9=HSsM|4U&&IB)e!E9H;~7r688GUP>%lq56ivFHFsMmRLe
zcxwI%=6!21p5caeXvf!uPw;+t=Fy^lV>l9t=E(Lxq=xnPU58i$`%hv{c)jzJr-U6s
z&bz;<dFQaxDTr;%bZcRY>3J{C8c#N4|DfNPCXoyaUh2SK!c4k}^$s5kZ7d?yGv>Dc
zF8Lnta@9nz6>_>lMWDt<SeE96r7B_Z#5BH4V4nX7{hfj@fcFDo%V=sEU49_~T=8;A
zDS>4yISqOtS8T?mJett^3p55Eeh>2rb4`nAntVTvd2&a$jrBYucm|!kLWXM(_!u?`
zD&LF<{*EdA+l&Ro^=>LK42A4oB?bXz@(oI6R$IE}7i>7clN@SRTO=H^RoYQMe<QFF
zf+a5=!{7pZ3`83v|DcT__*FGVmOV^I?&sP;$Dv$k=*#R|1V&ykj^z?1TLU7W<?9c9
zpUsf>lUVDpNhoezB+qTo&Pa>CQB)idi&wv^Lm8rk2TW3^bSSKJep9<&t?kD$2@DDE
zXSW~da%MX&yVdCCn}I<HI>z=Rg*O*-8`YJV>~vt&)#BS^VjTYN2f?n8A^}CK*EEnu
zUzqd82b(JAKn$)k_mmQ;v3nzk4uXjyv^HKmxHrb^;tFCL*gR1lj#36$Lc|b*qM=Bj
z9B1(*x9epD7^l}z0bddxlf{EHq8lH_;tyO#F5@N!av(1b&SPs3&_Z)6cY{Ke8{2qJ
zu%Knb9+}qV?v47iF)myZBbS4elwaYnJ|VC)3J_EylQ&>-+2oQph4B?Z<$1x2UFutp
z--5JDMjK{IB=I^?S`XU`_U>pg{A+)VjrCIIoX#A3ESaqpBv9?A8G^zi94^fj)<dg#
zvPMx0N?j;v)E>XITQe&xh~~JIv&2oo6{vp5mlu1b?57+#x0mI`Rv+DNLHm+ec>~LZ
ztXZZLp3OJhdiv1aajx?zYF2HeRCZZh=$cxGMxzzo1u}!dQ%Y3rz!*Mp{T{BOVy2a9
z@Yc5kaukhVev0_TcAfDVHCIVHa8jTF3kPY`DG+&eROHDN>}Y`PdI%q!Q7h(05Bv1Y
zH`Spg6-l|0=$i}cr0&0)oSS$K_6xBh&xtr@vg{Rk>0=CEl2YUG>B~4F;_4q#Ly$3m
zk;9IS&bY!ixg^ykQZNj^`ZqPfgQ&WDqueUJGGr4Lm~2Jo6A9f);h*HBu^ZMD-4v{0
zBp1czwM5WSpMPEq!ugWh#VM1y-r}X?{p8BvI60ecXsf>3zK=I(tvu*h@?SjUUTQu;
zdV5rXCx(B=_Vl&@er%ca+j4)FTjhrzWu4j2er4L&UX#5dIacUo$!_!}0I75u+%PU+
zix}y;I^5}LP??ndQpolbpu-^90vV=I-ziUMJ>0<_T9`8${`y(pEsgHxBCraX{w`zw
zJ#J}KnOjUtsbn>bE9^Le!*uigBt3oHOa-lHV4noesArkrqyTF7s)G-S*>wKo0`^&v
zBSRU{JLCXUx5$sPL!nmwu}{Q`W;GuxTzfbSttylF)GdH^N3DzKdMGMWY{H{@wy5b>
zQYjV*6G==fFnGb}Mig>>BrNHkK7ypGmUd%&D!)P2Bv@jx8Y8{1I`WiJFgd7$xRCHe
zlKZu@=}SgYNSNBkcB1z;TR5^NB#-K-^lO4m60=AC`v>4Bc5M9MY$U6K3G0+Pr4OR9
zMrB>RBx>eJ+=!T1UpcaY{_GVXT`JTB&>j`$6QoA^Y9~+D5Hc#@lLUW+Utt3Ze6>k4
z4`U7`wlCd9b0oEi>_u5ikcME`Z29VmD0QsGw^t}QF$0q4)_M1(oLjuVb{nUkzCKKH
zu#HCTv`!=W$;FyH+?G_S^kCEj3k|M0J!pU1gWxqLwn^Xmw2X1C4=N=JA!@d42@rQ^
z*0U15+HC~*iInfK+zX<$vW~BsgOIuynC-R13x$I2+^w2Ag)YQ`g_Zv-pgNZV6P;K@
z<QM!p=00pl?#UWws8<sj<**SqKsR`RIzyW)|Ah&Q%CrY*S$8OFoJlCWw}k@6?|`Gk
z7igC@jYVuJ#cmnU%7No&$EcBC3!?56YB2_?W%MxrIzw_<52SKBnb2$8ZDNrI3^Eko
zmYgGt|ItMrbt@NgNL)q+2Ra1{qWR}y7_YG3?{J~E$z0_OT8zCAt&;{z61x{D^bGAH
z^Jj~#>^-Fm6C%(H!ZX7ERsSCt5zzk!_+J>H{}1T@1N#4f{y(7q59t2``u~9bKcN2)
z=>G%y|A78Kp#T4Wv;Y6!&i@1Y{{R60wSO4KCNXSgkM07BpSZ>c<xSw;4|4C7{tjcs
zdNYS1ZrnY|{z=a_XmZ`NCD~+Sa5etDsuU$b{&$vI4Xtdx^P9Y$M*CVE)S=cQZGn$&
zD#<b?<RV1)h4=Nu4-c({rAIyiCxNj_YU~QE!er0HSA?K;4&8krV9gERL#aC%VyDuV
z#QQ?kvRQYoHfO}`s3VNJ^JF#Fzbn5IT5Xw2FQ?j~onrH3FVuI#kc&<T*W$7}?a)zq
zFZZnRQ;KLge|&AF7e_(IF(cCY-+PK&tqCHkzpRoh>%4l>hp_0@g536)f+Im1Tm>pl
z^NaDneRs1B{k4#Jt{N9{t`=4_7-wFSxBld}674rLO&q_DaIb?IdV%VgHpX`P>k8WS
z9*aQ%S?wny(-<Yi?eB*^4cc3nSa2(cPveZC87ExBa4T&d)+TUJcj&qd42qUg{9CJ{
zE;M@7y5g5du|F)^=@#neRWl(+$G@ET;{w?=kR85D1|iZ^=j?;77)gT+rihCYP_sW(
zUl0>3mxQ49GqiYFXC|E0D1e04;Rs?$iT1EtV;Q0D#&wZR&J>myxnj=E+g@2-)i&C*
zOM8{nJ_sPO_PBkue^%oo7_X3JO=xKItl>cr%k=FJLi;c6xs!445Q<L_pi3v(?K`IB
zkmoL3R(2i`Y#rZoa>I6XDV_G>ECrQX8vQAQ81I+Gc>zC3%!Y&xX$peu_!PBt@4X&u
ztKQf~QG0WFfI8@0i*}bLN7^PGZssf0{f?Z}>r|ziGyQSXQ~z)@ckS9{xC!DuFvw%j
ztv($kQdJJGSmXoYmbtV`bLQBs7zGlloZeW$nTrrG6OxYqMlO`~0Se)A8B-neZTqy%
zT|MqS8eFc1NyJ9;F>r}2ZrL@Y7@T11nRA6zT*ji4n;aaC!z*{#RSV>2p_b@izH{`=
zxIK3_HuUiVq-%~>sjA~Ifp;p@bCPp?fprt--Luir@V#&NknORDpcY#GDtV4F^mSC=
z2|xBX9S&Kj{U<Cef`a#2YMOua0x4KYWtF$-7)eO$;y7%!74-K4?E~(b0k~@h;I0|}
z9q*bUB$)24<VTmR0t=CR<7;0w$I89+H#O}u?IKO~j@Ah~r--7Wm2CzctGbh(D~;<d
z0^qcj#RF1)_o+o>6G4p<78IM-xbz+*G$@A(B8-TgGj~n!66;H%ozIR;C`T11>P=aQ
zDO8rBO%<xn*Q%inWu(Ey$-ucu+k5X{1{xI+Hut)dYiTv*tq|WIrsVIklFHiRS}w~k
zgRO6b_ch&)ugUY|1@9pPtGL0hQm45dk|y+b#lCo;o9^^HCw$AXPIp5qVUlSM+xY{j
z&Iw-!;|X_GRY<gK#mIDH!1vJx*l_58!q_#dDZH@y$1l?QeFZ=G>!wdjvyVXK4J==n
z+AE+NmRCS)d6}VEqE|~HGglW!tr_U}&?^(gakJ-l7{Ib7?OEc%b7kN87i>5X*wIwc
zdE7MS6=7`<5@3?7KqYNU$rqiy?jZTh&p!fjxj=(VQB9v3(nv+Li)MXSffO-9YQ25E
ze2qTEd#|e${*?cIzc>d|UF_C3cof2BOuHSq{-|^1=3jrq=!#9x(vR$jIl9f%!=OQq
zmEqNEd=yP}z+QIYUP#9I7yz;^nx|nU^Xaa8U)jl`joU;pk^Vu1!P`07T1)OZ=8f?U
zd<nSFG(!@TjW8u7Ws6)L*~z4!QGFu!i?<qvG@sfdZW<+5{Vs_*q?zQR8lP`r`b}zO
zu1LR4#Yp3n8aJ%#DgZRILqy60x@IrGe>w@VtN13~%Z($L5!cGTi8Xo`DW$C@NO!B%
zgXGp@D8%Epk&$P1s)wr3YfxGdTc7~vP<R#FpHVbT=Mhg-Jo)WQ;Cy&i?_KAm{@=qb
z%w7ii9?C7&Bj(aK70>!8>sIZA1okizq0hX!n7b#fiIBe;H!R6muJTBW*El*~Crf=F
zX*wym!DIG_PGMTGHL-q*BWT+mRvoU4Qn>8J)7-9>`KQR##vDtm+hj0`r;715C83{2
z7&jOj9ZOy46GC83=_1j=s?3jzOOIoO<fFPCI_2IwHq6}&A+~3S6W*)#VO{lj344@#
zt_b-F^6#TQNDPp~W7lN<Luw9owWgeqh#F3B36!;NaqltA82`&f?a=i0&f{jSl@a_(
z$HF(UGo${;ZeQH2)xZV1n=O0Nb2kDI{ImKlp}i9~NK#ZBmoyi9*cqbKPr2L#%ga-$
zkxV<D+YMcJVFL*rU?HsWPoP8yD^J0lD2YPdt#1wt#P1zR9r%>5P=ns*-))-r>>W}M
zt6{;soeRU4i%~<-lqIu7O*IgGoE~cUekXiuubzMTf?7D<tfK?!$lwJxJryV0##rAM
z{>rjg<zcvOZy;(x!w<(J8240zK=>U_BV)jGLM)t9Tr!spV?hp8^#Xhy)%1{SFf|J^
z@e0Q5HepP(KHHM@WCG7G!EIaAJS~s2%&P|{>G(U)_4n-%4F<wOI=bef;LLPgrgkLy
z99Q%r%P%!Tk98)ULoY8!Hcz?NF?2-61Vt&MmUTyQo$p3BB_I3wbq=pJtF!Yp{mi1o
zwD|S3(1WjtOcTq7xY)GZp<+rAx~LBMrXUfk+*{vV5Nl+ixQ#l%_l4o{r*o1H^mWfk
zRev#Eo-KxiaaZKa_fXB4oV{=+VfnNp=+jw5Ye<&>MdL!5D&QryjAI#puuw-aus~Q%
zWZxM4iC+sxgT|Ib3#Zn@43;R<Y_dT-=W`jd$Yz2LMN3n;{|+ozthPK?dRweQs^;?`
zb`Zxzts8a%w|Zy>gHjM(p;(--G#zmwC4Y!!b*}4CznqE)!;fxfgu`KjP?`6&Kzr{m
zvT{q97j`ofC0y4?8T@5IgwkKoS@0X<QU*G8wi^qR9g?G)*VtR(6fqypwuT8@V@f)5
zrQpGLx)1-I>&{F!tI5!BV2F7{7B_#*O{UGVyJDYP{J85#fw^)vhZTGpyoXY%g?}BH
zTl5>XDW=gbi%6`^sp9wD*atzYK;p=z@jGgbccUJo_<JumFtId;(6!fmptZ(dgUI5{
z(gHCm)CB9wU=HrVztb=z-R#P@pQub!(dhj>e0!}LZ<98Ef*xOka@$t~-T389cAMkm
zM058mW9Jc|`UVBj<nkm-sC^#<JA6txuv&#)YoHy3`ftwvkpXM}0Ra9h|1i3^90^Uo
z#FXA+H{MN5+s!aF{g4a$FRRN^lFE{95@tD67rL+@e~e>$&x@#&rcie+8ecGpRWv%k
zRsD%2z86L5JKfbZoF^@oWpeIEjWIoA&<AcHWrMnYOfos};Nq4op>wcc5;k|kTQzO#
zrwSgH{_It~lB|*NZOwkG=lOmA+js{Dj?%<%-<GEkmusshC1oC>>o8&I<WOEFje>Ky
zdn7bd?Q}|#R|9!{p^ZH)ypT-a(B6i#Rf0NPfk)SI7Rfl62hND>2joWx8G{ZE83-AK
z!QSb2qV9|i#e~bgu;27u_=|Vfkr{_|klWW}YPtaf)tG0-X)J=O5h5&t(>*|0#DfAR
zSSg%bEX%Q>OQmxkC|^Hk`*IeD)s?q^AWM&3$rkuYz_*m`+^|p|g7y=`&LIM=hGUt?
zeHoDux0^Tvw3?<%7(J7on4a4*ArcA?%c9oCZ@(8Q`TKb`i5UpOr%<gZe2+x@g?|n)
zt4b-zJ^V@b7+pblgD~GHlu#iSiHS0X5S~t}S2aCY$uf-3EwN~ZGtU6VKil&ZCI_Ay
zrosB2dLlIKKu^t>X@U1JM$i4w3A$bxim2cWE%~-^lo+vDNUmZdncbkG6@l%s9-lGv
z4XZz3qQdFU_u!}HLNd}XO}}`uKaE7<F$H6q`tW#GPOquHc+(B!sHoQT5|1c}W5|S0
zS|5Ct8bf1KKEgqxQNSe0($4juQk8L<kV6P-PZLjFsqDSm#b{~m*CkMy-;9+KlN_U|
z+7JpIFO*DKH9d|#8$r37fx`lv(Kp3PDQ?<n5KWKIidDUThsvWWx_puhBuwL)SQU*S
ziXG&98=c({ex@5_VbHLaHg*uRM;A2O$3h7=S!n*@W$boJ(H<RYgDgdEH(zT^4HCc&
zLbp5Ies1cW&<MuYY`^QFd*mu^&-?T%FonUF(oTM6N`+oOv<$N1?v0YmR&qM##I0YW
zO^5iV;ax{!z>?7ag&HnZ0n~dJ>U58Z;hnp*4p>p&^>qH6A@xOMpF#bNLR&)m+%H)%
zMs6v)$sPIg>>pBNMfqyv#l+N|j4I0W6Y0Yy6M`i7Z)(&?hrw<Ga-xN8i#4O}u|MOh
z>wfrAPx%@TfCiB8K#TqEyS4(QjCqwZ`5bf206WW0EmWzimyL5F7KN%F^##*%NN?>i
z?kqltAo~_+CHKnN8FGUDj%P}HNlWt>4EzU7mD+&u;EwT3yHJ<zimt7r_E0R(Ew%}w
z_q${dKk3f^{IK5^&hbl-ClOF=n3QL;PqI&~vcIn7Ron-4LXH?WywH0)MO2fS6N=u-
zq0g`DLhL<V3{b8hbOP#@k&m@*l)purCRwq7HNz$!bIE&uX-ygD0DZYRey^}TsOuOD
zS!Ar&;Cwh`s#O-q0UE6Aj|@LYeBRLmL#UWa;sc(tjNtkB(p*4So8!S`&<9TzJ##4@
z;MZR=TrK41rvk|;6t(|_10Upd%46?JQ`#nAc1r^5H6Tj?#BVV`AAheo_^fr*#>Q(t
zjW_&(sVzOdEY=^V482@Hr5~<rT3R{?AKQ5m54;igU`A2T*(p@7A@uVR^2KxZ=!i=j
zu5dlwS)KN|Quof;ILAaD*raqlc#$E$HjP4>Nf|h&KxJ)tpMKOT0S`NeO?()6BXZPW
zUIFd=*-kaycAQT0W#z=A#8H{B$&aZ=R*;7^Na?%H%g5K3@hh-P2+@0!pN+Pa_zA2U
zRw;28@3OJRiyu03gJ20394UqdpZCHHb!UgzXr~v<LC=V{85Cb~V)zceziMLl`K^Hp
z%V=%s9y#xUq(`#n?>HB2l#Rg3;<wSAm7Brl0c5T`5+cL8HN&Br>q(U3>DI9i5EVQU
zMD^`<plAMExO`cC?r3QY@wROzXE2(E0}j7c)Y~XTyDhq5tD4xKa(iok7;bd<RS+3z
zTE1SATJXU7!OVO|YOS8qB-r?-t26L=NZ|!q)G;&*swB5_O(`vpoxB5v_`dHpIPT%0
z+odky@Jza`e#hm<#k=Zz(p#0HhuzLq*@xq;lFBWFn}gPg(r+!tA{KqcPmhkvb%;T%
zS&kJeYdggk(=%*LKhVW-`AT$C$9$}j_@^mTRN<HD_c&#NBvwl(L?qN<Uj^yEsX1Q4
z>Mceo@G8b`fjAFgx73Do$mV&~94nTVkq;O$$l3ntG_Ns?yxaM)V?jS@EaF5Av0y@~
z24A5ZFVr<3w5tJ^q|o*2w~FqM+>%}xIJl#o1n9ZWpa&aQcyU5Y9ihsCFqB~P%Tl$8
z#R>y>)!^W?uyY6G<}$`$j~mJoy)4avgJK|FALR;lI}-w5Rfe`=RpVb@p$Tvi*-7+_
z*76(QEK|Oh<71QlDp46Azipa|Z;rTt9V1zj=G><NBQQ_!+Vw?#BL18{sIrKH3Ud4g
zr<mG{`Gv+GvxPKcT%8tM;a9A81)*E;+=_0MCZO?vj%1LD)7D_<m*a(IFlWQf$@0*r
z9N@qAQO(ZoR=j^Y5$dI<EH0*;^a(EUT<Y}2<8RrH)rr>H;huXWV7e86FYA4@mG70l
zhXW*ZLqjZcGAYlk^F7pzB;YuuC4;;MLTCH*)p(SvKH*c^+tmKZtS1=AgacBI{Tznp
zcd@L=9P(~F`VkeC1g)#_V9sM}^t3ir4hmwvay{O}pCA#5bi^a+PRkjTvq+D~hG&>9
z-sTLMa*Hb<Ka5hC5%Iw%&mS}HKr+HVQ6fB^YUNIwsOPQM{4_h*E;@6PYY^#G4_{$G
zCUN(1s8m#lS;}a(FW~+(*gJ!2UFCrEUG1qaT3Cq{t1DSftrQA+{UY763W+rDAri6*
z_&9~pUR3a@PDRA~$%<2Qi2UHmb)8=K_BcA<uw7i$yXWa7@gn|%8^t?%4XIX=*WrDC
zzQ*l0|LShM*g|xgV*6h7?c*i4RtbUfHZaE@GtAP`Kc{A7%mgfMwdVaph(LBQQCtt9
zRj=BG^sOvb+ywWnk<!%QRT(i+Yj()E+gWOK6KeG9@_I70w%`+`S|=&W&EU}yQV*oP
zY@TCuQiZZy&W=G`>Qd|Rj;gNO$q@NX;{#yw&(D!O^k;W$)01Rgb47JbT@}_ZYs;#Z
zCv+l%1cE=EoG6J8hbt$b^(#Dl(d-qY@7Tq6T$CGiRu%;3;JzaK{~<LK9nfJ~eHca*
zmf-3d&<Jwc;`h;iQ}Z_56@Jo(o?RRy5-BCq;5RDZjNdKcpX*yin}~Xwcguwh8-Y{U
z_xt0E)30&aCizIpm$SNaOV&A820lqxKWq(0Twd_X$VU#LFLMs2UIId?`dXz5VsadQ
zKopxdUDAG6jJOFGm?Y=dP{0XqD(uyHk~DUm9)9ktm<^4SV;73(mHB8Tk>IPIx;g6t
zt5st~i^8ouSwR>{F4cAJ0Ua3R=3_dzlzXWc-7a`dNBjN|H&}K*f@`co*ayw-4zk6V
zHrsO@yN6YVXi?)Em3ugCGsc3XzxNjizq?eTzyr2q7O~ylTCIwmrJCnM2291<Gu)K0
z$>PH2?=)J11_fV@(nXd&wf)TbX^s?U@~_%dRl2$l5*x!gCokrv)s#-6qslQF8Hz?8
zyH)u_Rf<h1X|UQ1Y9RuTg~#AVJeuVAaZCgGM6z5B&BtYUCF<r&CjAi>755>!9jE<Q
zMe+_k&W4lFdzopzxpkAFI?J*@i`!Bk9|UTqtg?J3eq~`&Cnw94>z-7G6_RzLjv9_|
z9V*@KH8>8#Ib$%SDi`b>=HfY7mPS?bPozqvMt52u7wWP~jurD7ST6Tt!$+NU%iz@J
zvB-Z+c#-o1{bRQ}>&2ED<hT;~Nq?i37W@8k;o!P89af3J;N!q*VpQg&#lkZRbKqI_
zP_a2e8z$hy*Qgh85|W5-7i71x`n*Kx;9bVVA~n;g;mSr0ZV;Q<*9JKv91Yq4uLm-n
z5+ujw-XY5Q#Vj2YEt{QBe(|{ke|YwVYj%UEk~7dd(oOip0dtngWCzjtpm}#odn(l;
zG4El^{D`lzxv^-WZP2t__+oXERJwnaWt7rx-D_Q(enJB*`fe39%!1>=A)OS>5PjS~
z^x!5<_rixrCV!dIn>+Jca(lQrq~ni{q+0jmD~W_Fnn+z{taXp8MzcKy&iAs90~!Qp
zT+W1jU1ixQ@92Uq7V<}1tBdT;-Nq3|-(O`Cb{bh2iyAtu-6-FH<t%T;$pxL5b-3c4
zzoW?g=l*~H?z1ZZ0000000000000000D%9I!2XZ<{~+iD=zsUO0RR9100000`2Q!s
zu9<*cGXcA1{&(CpQ*{hYvpu7%WF`!s)KtYc9$SvZ>ThZiY3~d(gVDzek*cVGv6`_v
z5%P!?_&G+M%>|*_Nw+l*`Z>K7$|wU<CiBw^<K<GE&e`T%{X%}out}kF`Qk!5V`_~5
zFc`}}?5z;|Hcf+evVS0A0(T!G^;+DHPSJ(ay62C$nx|^53x-Nagxn&i8sCk~!t!_^
z>_Bex(Gq=0k8v<Txkb?AgoQ@!!M;c=g6;DA6lyn?%WI^K);!1G?Dx0nxG5zno|M!O
z*reU4TN%T}z#t#n)Ht_YRkY3?y3Opek9!%7Z(ap^1!-Qe$H#lyo-BB|+5>sv3S45B
zLAmcs{XlZF?dkAuo~J`gZT05u@U{Wn4Vs!hQdoGVPsybP*a7+1HV2)Ntpp*0rihE%
zdx4*3R9`{^fwJm6{NJLN3n7p}6n5vOFKL=0wZ>)|Kv+Q1{Dw$nz%%@3=3S^IuF}wT
zlOj7=8i7>l7(&to(##lGJB$+pjdN7$32sTcg1F7ltr__zMn|2&BeApN&i$3w4fka%
zfe(#|-d_8eUzCN!ux6?j*kO3(#l$r%W!+gwWN8e$qn`Pd+&FJx-~~y=M?2RjdkO8u
z$KJ%n@A6Hsulu6cT)qqu_6e&wcQ#j1sY_Yj)==Z`f8z|;{s00m#I5mFlS(zBS#Ykb
zkhHRqbv<>wwkUCxdx(AJ)S;*<1s5c>F-Fy&{qiM#f@^RM`sF_m^K`(gn%lP-HhVl;
zUFd=U4jF0O27!l|eS?Nostr-nZJtg@E0go{TmH*utsIrJ?CO1{l3qTf0ctIrM?K6p
z=q2g&ht6|Mlitmx&6hxsTcK#?UuB0=&YOjLhDn$`@MN(sOo~Z4%PaFsOpuLjH7#&)
zzsKMN0-szi%kSu4eh|}IdNaVQ-ck0=)}_egL2PYJ9aKNzs0WTxjIhB<^3U9(lJH$I
z+w^LMdZ*z}=o@hL#x3rDwIeSYDEMbb89oGwT0$#!{rOQlskP(Y0=HBniU&k+0sgIA
z?*wgH+pg16{PuqFy)SfIX|LEs`mG@ANBY0JR}BCF0000000000000000000000000
z0000000000@c$lQ{XYNz000000KmWBKdfYa28r&GAcWsOq7dZB){rqSsOpdVyOMe4
zqOiL@H>+RYf~Waby`>h7m^$Jz3I86^d`w-GM(KzB+n1z%4)b!3ZJ1dD{GoRw>Q*(;
z$5C0z;|i^95RXzq(R7!p9n!^NRC5`jnuAgGctVc>*%WYbz@Le_haFIo!5`MdGo{jE
zcOp+r^wIHe@>yj&N^!2wz7+o7J!{mA#}KU)1>42#tXzl>#u4HrmIvhd?wQQRKy!OE
zhCcm%+*njd*B>lZps&XbwA&(!Y}=#@h(=x*T~|K;X_weK@8A#>9#aYMy>~G2OzOEU
zqA(d<kUvX{+5+QeD3aNh-%@q2lz29c>t<$H9m8wPh{^Oj<$%&m<UBN`L_uhX=UT*?
z7O-dD=DBi2ApNp!?-IOr-y;kwQ9I1niOC_D*lu)w7D_4jViK6k``$t?OIi+%ORDmH
zMLyvdPW+5~;c%%-G-#?kk%tH|Ugka)TDP2Vy|FE~?@!1YdiYN{p&3h8kZ_u1=7S`*
zo~TnX4ygQD+nPf$Fr@bfNu>pxdRoxVo94~9G3#r$nFjV$aY-MpwwJ!%h?Zb}m#Wj1
z4Pj+|{^ypdeD3(A%p^QKpYjMid8BH3PYj>%DUO}+X@sU*kZ7y*YsNtJtb2@%`Cg-;
zm>5UgBHs35D2-3pWHU@Gi>)8u20`y*dbe*_Nl@y|NvxPa*z>F`r>(vAwJ1{{^BCa?
z^6=zl<rLqxY9kFq?I{<iPW<7Rk}#!qo!jSc{eH&Mh1zWAoLEgriXD&_!oX6`A|-=5
znpG`X9+be>h7*y9dYU-7=4s!QS$`$Jf2W_j!7FyRN`AhcI-|}YUF=V`T=uMhzX>Z7
zeVe-^geNjSb8fE$COmY^S%~&lbSJ|JcEZt#0YRf7Uwz#xI-604Yk^s~%x*t*=7R<?
z3OX9U!L|71-xQ~2CBNj_y@l)*M%=jvC+6vx%^SFg5%BO;Sw+@#&oU}~=B`UFWyQc0
zUHH&l7&TZYr;Z(Ezqv*+=Tqz+%C-+)*vldR%{Cl+6Qy(TRh+sA?H^LJ1V1<fVH?R9
z-Y(S8c9!Tn2k)ryH#Ob@3?!BVz=gym7USxf1}v6+2hPATkLJc+VzC9s>Pa)xPY#iA
z62uUj0U1{+xeDuhe{_KA$<+rqYzG-))Hm+MkdLHw){iewBWU{;3?6zcBrATCLT^xi
zJ$ty6vcS1h2~$Qb;2&7X3c<qN<`*JD2#m+1nLd0=FKxp~v-fGIIZANj%XqI_u5l;^
zVbh>Nzq8E99<U#)avA>L0%QW4{fG;KOteGePhwPKDRh5&Eny@+YOsE{NmMtyBSc;R
zS4NpK0&5cDK95doxt=OVMkERvOOBGTm2EffddCy0<Tq=+ROT0OIv_F!oOm%wSCqaI
z16upeKVpQ@Y;4aN9N2T1xQuiSjCSs7#hF}BY2Y($`H)~qD1cynK~juIaCP!OMvFE4
z4FHJujPviLo@t0l?m{Et7(0I+x}dutxon^cEtIV&M<!afk-)6ea@*CM@Q1Fi`9^Rv
zAWI95ootp9eJcRk%N2#1By<R23IEeP$lf_<6aIH0!)~Xv2`BDKy9580)3MO!IN^t;
z9{;Qg`qj1BNs;Z9_S1$%Y~|7H@CGyq%|+cp_Xj-fCXCFlAN*0FwdbZ9u+qSM8)eQy
z`2yDoDr<Sjb8wYYjBVZ5kxp0bZp}RZKmZfift*ID<3pnL<2Ds<gnKfu#eHO4Qn+^~
zVbOrW=KZUJNT`ek`ivnGy6BjVC|0^x?l2*kTGFJFG1DWVlJ|T_*E?F-(OG3XI4<?r
zUdX2A>Kf#Sby_+_*a@RqFB}&#Nf7U#;6(L-M-O1?wWMrDNQZ7ymo;45*Os?3`h@rH
zD<ZsA_}tSsbZxGhj@oIW8}m)g#beJ>0KTfvSe=s`-+l?7<>SL*&Vf=)mXvg(&6J30
zBj@MDPG%aqt{K9OHrW(3E;>#;NvD2*rsz`DB>!U~0RdZ$!U@UGM{N-3ycCv23BrI`
z4DX5JM?Nf<eY~5xCU<zAD{O%)DI{uuZsEdR^jntKkXXP#+{B$IO<MH~;tsC(L9zMv
M2~Qyve5q12`*r7$*8l(j

index e3d76676da15d3bde5ac053f8ce43fb8a0c0ae0e..357c00a748f8ba04d5aeaac0242179b20e8d2ff4
GIT binary patch
literal 452
zc$_n6Vmx5b#HhJ|nTe5!iIrhqdCXM<UN%mxHjlRNyo`*jtPBPchGGUHY|No7%)-3>
zB^jwj3MHw<B?``t26E!Oh9(9^2F6B)rj|x#QR2KN$Xq-+8|Ne2!pO?N+}O)t(Ade;
z*vPQB|J><CQf1E1I&S<em|R|T-ib&1=PLCx1+%hJE==``{PfE?bXrV$e%3VYuMN66
z63Z3kAKTt6UT{0ebfc4P&+b{Fia$T(=X~2*qq^<<<vliwJoU>bPF-mxa%b<SKg``0
z?yDO1FPT?ucH{d(`;XzPY_n&7+rE6_=^pM&Tb2e#KWt@UW@KPo40O4H5YX+i!i<dn
zSvU;XfD{uWBU<1v1Klf95%gi@^xw?+yDl!7{{Og#GSjomHmlw)S)J9p`|hD{QRn<(
z)Adch+$xzn;dktw&OD~ivb=_yV#_(4zt7jGmYKis*SgPahnZBh(%Cj2xDhoa`04Fe
yUc9wO|7c9$;*!*^GIW|PomCcjbkj@yjEC1AJ2;E1ZdxZ>!>r%2PJK^Ji#q_tgRN2k

index d499ddd477252fee875c6d3f702e3dfe30959a74..080be8ed53e6bf1cd3f248c9d67e083275088c01
GIT binary patch
literal 440
zc$_n6V%%cT#3;LfnTe5!iIrhqdCV09UN%mxHjlRNyo`*jtPBQ1h5`nBY|No7%);y;
zsl_D<&W;9h;=G0?21W+PMuw)AMrKjsye7z8ta=*fBb&^~%D~*%%V5yh$<)}$aEjNd
z^?Uid)t?Q1YAWmH)En|eeAYU2anlU{MQr!(oqMwWyG&H;NsSX0JU)&WzKEzeyf?`|
z7~5GtOa4q!vdzIsS0Df1Ep#<GxOskG%GWlJ9L|t^&owumjeStPgZJ774><;fx2)W&
z6JLs+k1O1p<Mrvw)jx+i?}t8Gp6>U1$vn;3Ow5c7jElt#L=1$0u9g*MWc<&<VZa8Y
zm>3z+0)!dpUZn%;oTJ)(v;T`PU`;*Pc6!yp(x*j9^=!V2mreh3=Y;<+Qy$eFA&;Dv
ze2d=Ho}b(l-u0+aw&T#F>rA;?sefhpX4|PM&u7?lS8Zvke9z(ITf^%Pm_@vixi;%^
sM`CwxlEF^xx$7H3bvySwZY~ylUsl(0N>N|?;WQhsjr9UG_jw)z00U#EC;$Ke

author	David Keeler <dkeeler@mozilla.com>
	Mon, 03 Mar 2014 15:39:07 -0800 (2014-03-03)
changeset 171750	3ccf473bc7a6ea4fa268f39db77a2305b2ebb12a
parent 171749	efdce4998518ac803d271a6d05ec59ddfa679dff
child 171751	9d3b0ec3c6aff9698bfefeb1ef80466f83a248ad
push id	40552
push user	dkeeler@mozilla.com
push date	Tue, 04 Mar 2014 17:22:29 +0000 (2014-03-04)
treeherder	mozilla-inbound@3ccf473bc7a6 [default view] [failures only]
perfherder	[talos] [build metrics] [platform microbench] (compared to previous push)
reviewers	briansmith
bugs	978797
milestone	30.0a1
first release with	nightly linux32 e5b09585215f / 30.0a1 / 20140305030201 / files nightly linux64 e5b09585215f / 30.0a1 / 20140305030201 / files nightly mac e5b09585215f / 30.0a1 / 20140305030201 / files nightly win32 e5b09585215f / 30.0a1 / 20140305030201 / files nightly win64 e5b09585215f / 30.0a1 / 20140305030201 / files
last release without	nightly linux32 529b86b92b1d / 30.0a1 / 20140304030204 / files nightly linux64 529b86b92b1d / 30.0a1 / 20140304030204 / files nightly mac 529b86b92b1d / 30.0a1 / 20140304030204 / files nightly win32 529b86b92b1d / 30.0a1 / 20140304030204 / files nightly win64 529b86b92b1d / 30.0a1 / 20140304030204 / files

dom/browser-element/BrowserElementChildPreload.js		file \| annotate \| diff \| comparison \| revisions
security/manager/ssl/src/NSSErrorsService.cpp		file \| annotate \| diff \| comparison \| revisions
security/manager/ssl/src/TransportSecurityInfo.cpp		file \| annotate \| diff \| comparison \| revisions
security/manager/ssl/tests/unit/test_cert_overrides.js		file \| annotate \| diff \| comparison \| revisions
security/manager/ssl/tests/unit/tlsserver/cert8.db		file \| annotate \| diff \| comparison \| revisions
security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp		file \| annotate \| diff \| comparison \| revisions
security/manager/ssl/tests/unit/tlsserver/default-ee.der		file \| annotate \| diff \| comparison \| revisions
security/manager/ssl/tests/unit/tlsserver/generate_certs.sh		file \| annotate \| diff \| comparison \| revisions
security/manager/ssl/tests/unit/tlsserver/key3.db		file \| annotate \| diff \| comparison \| revisions
security/manager/ssl/tests/unit/tlsserver/other-test-ca.der		file \| annotate \| diff \| comparison \| revisions
security/manager/ssl/tests/unit/tlsserver/test-ca.der		file \| annotate \| diff \| comparison \| revisions