Bug 898431: Update NSS to NSS 3.15.4 beta 4 (NSS_3_15_4_BETA4), r=me
authorBrian Smith <brian@briansmith.org>
Mon, 25 Nov 2013 17:08:17 -0800
changeset 157466 08e1c88ba2be
parent 157465 0283389f171a
child 157467 33f136f3274b
push id25713
push usercbook@mozilla.com
push dateTue, 26 Nov 2013 11:36:06 +0000
treeherdermozilla-central@99479edbee2a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme
bugs898431
milestone28.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 898431: Update NSS to NSS 3.15.4 beta 4 (NSS_3_15_4_BETA4), r=me
security/nss/TAG-INFO
security/nss/automation/buildbot-slave/bbenv-example.sh
security/nss/automation/buildbot-slave/build.sh
security/nss/automation/buildbot-slave/reboot.bat
security/nss/automation/buildbot-slave/startbuild.bat
security/nss/cmd/bltest/blapitest.c
security/nss/cmd/bltest/tests/README
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext0
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext1
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext10
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext11
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext12
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext13
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext14
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext15
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext16
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext17
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext2
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext3
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext4
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext5
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext6
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext7
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext8
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext9
security/nss/cmd/bltest/tests/rsa_oaep/hash0
security/nss/cmd/bltest/tests/rsa_oaep/hash1
security/nss/cmd/bltest/tests/rsa_oaep/hash10
security/nss/cmd/bltest/tests/rsa_oaep/hash11
security/nss/cmd/bltest/tests/rsa_oaep/hash12
security/nss/cmd/bltest/tests/rsa_oaep/hash13
security/nss/cmd/bltest/tests/rsa_oaep/hash14
security/nss/cmd/bltest/tests/rsa_oaep/hash15
security/nss/cmd/bltest/tests/rsa_oaep/hash16
security/nss/cmd/bltest/tests/rsa_oaep/hash17
security/nss/cmd/bltest/tests/rsa_oaep/hash2
security/nss/cmd/bltest/tests/rsa_oaep/hash3
security/nss/cmd/bltest/tests/rsa_oaep/hash4
security/nss/cmd/bltest/tests/rsa_oaep/hash5
security/nss/cmd/bltest/tests/rsa_oaep/hash6
security/nss/cmd/bltest/tests/rsa_oaep/hash7
security/nss/cmd/bltest/tests/rsa_oaep/hash8
security/nss/cmd/bltest/tests/rsa_oaep/hash9
security/nss/cmd/bltest/tests/rsa_oaep/key0
security/nss/cmd/bltest/tests/rsa_oaep/key1
security/nss/cmd/bltest/tests/rsa_oaep/key10
security/nss/cmd/bltest/tests/rsa_oaep/key11
security/nss/cmd/bltest/tests/rsa_oaep/key12
security/nss/cmd/bltest/tests/rsa_oaep/key13
security/nss/cmd/bltest/tests/rsa_oaep/key14
security/nss/cmd/bltest/tests/rsa_oaep/key15
security/nss/cmd/bltest/tests/rsa_oaep/key16
security/nss/cmd/bltest/tests/rsa_oaep/key17
security/nss/cmd/bltest/tests/rsa_oaep/key2
security/nss/cmd/bltest/tests/rsa_oaep/key3
security/nss/cmd/bltest/tests/rsa_oaep/key4
security/nss/cmd/bltest/tests/rsa_oaep/key5
security/nss/cmd/bltest/tests/rsa_oaep/key6
security/nss/cmd/bltest/tests/rsa_oaep/key7
security/nss/cmd/bltest/tests/rsa_oaep/key8
security/nss/cmd/bltest/tests/rsa_oaep/key9
security/nss/cmd/bltest/tests/rsa_oaep/maskhash0
security/nss/cmd/bltest/tests/rsa_oaep/maskhash1
security/nss/cmd/bltest/tests/rsa_oaep/maskhash10
security/nss/cmd/bltest/tests/rsa_oaep/maskhash11
security/nss/cmd/bltest/tests/rsa_oaep/maskhash12
security/nss/cmd/bltest/tests/rsa_oaep/maskhash13
security/nss/cmd/bltest/tests/rsa_oaep/maskhash14
security/nss/cmd/bltest/tests/rsa_oaep/maskhash15
security/nss/cmd/bltest/tests/rsa_oaep/maskhash16
security/nss/cmd/bltest/tests/rsa_oaep/maskhash17
security/nss/cmd/bltest/tests/rsa_oaep/maskhash2
security/nss/cmd/bltest/tests/rsa_oaep/maskhash3
security/nss/cmd/bltest/tests/rsa_oaep/maskhash4
security/nss/cmd/bltest/tests/rsa_oaep/maskhash5
security/nss/cmd/bltest/tests/rsa_oaep/maskhash6
security/nss/cmd/bltest/tests/rsa_oaep/maskhash7
security/nss/cmd/bltest/tests/rsa_oaep/maskhash8
security/nss/cmd/bltest/tests/rsa_oaep/maskhash9
security/nss/cmd/bltest/tests/rsa_oaep/numtests
security/nss/cmd/bltest/tests/rsa_oaep/plaintext0
security/nss/cmd/bltest/tests/rsa_oaep/plaintext1
security/nss/cmd/bltest/tests/rsa_oaep/plaintext10
security/nss/cmd/bltest/tests/rsa_oaep/plaintext11
security/nss/cmd/bltest/tests/rsa_oaep/plaintext12
security/nss/cmd/bltest/tests/rsa_oaep/plaintext13
security/nss/cmd/bltest/tests/rsa_oaep/plaintext14
security/nss/cmd/bltest/tests/rsa_oaep/plaintext15
security/nss/cmd/bltest/tests/rsa_oaep/plaintext16
security/nss/cmd/bltest/tests/rsa_oaep/plaintext17
security/nss/cmd/bltest/tests/rsa_oaep/plaintext2
security/nss/cmd/bltest/tests/rsa_oaep/plaintext3
security/nss/cmd/bltest/tests/rsa_oaep/plaintext4
security/nss/cmd/bltest/tests/rsa_oaep/plaintext5
security/nss/cmd/bltest/tests/rsa_oaep/plaintext6
security/nss/cmd/bltest/tests/rsa_oaep/plaintext7
security/nss/cmd/bltest/tests/rsa_oaep/plaintext8
security/nss/cmd/bltest/tests/rsa_oaep/plaintext9
security/nss/cmd/bltest/tests/rsa_oaep/seed0
security/nss/cmd/bltest/tests/rsa_oaep/seed1
security/nss/cmd/bltest/tests/rsa_oaep/seed10
security/nss/cmd/bltest/tests/rsa_oaep/seed11
security/nss/cmd/bltest/tests/rsa_oaep/seed12
security/nss/cmd/bltest/tests/rsa_oaep/seed13
security/nss/cmd/bltest/tests/rsa_oaep/seed14
security/nss/cmd/bltest/tests/rsa_oaep/seed15
security/nss/cmd/bltest/tests/rsa_oaep/seed16
security/nss/cmd/bltest/tests/rsa_oaep/seed17
security/nss/cmd/bltest/tests/rsa_oaep/seed2
security/nss/cmd/bltest/tests/rsa_oaep/seed3
security/nss/cmd/bltest/tests/rsa_oaep/seed4
security/nss/cmd/bltest/tests/rsa_oaep/seed5
security/nss/cmd/bltest/tests/rsa_oaep/seed6
security/nss/cmd/bltest/tests/rsa_oaep/seed7
security/nss/cmd/bltest/tests/rsa_oaep/seed8
security/nss/cmd/bltest/tests/rsa_oaep/seed9
security/nss/cmd/bltest/tests/rsa_pss/ciphertext0
security/nss/cmd/bltest/tests/rsa_pss/ciphertext1
security/nss/cmd/bltest/tests/rsa_pss/ciphertext10
security/nss/cmd/bltest/tests/rsa_pss/ciphertext11
security/nss/cmd/bltest/tests/rsa_pss/ciphertext12
security/nss/cmd/bltest/tests/rsa_pss/ciphertext13
security/nss/cmd/bltest/tests/rsa_pss/ciphertext14
security/nss/cmd/bltest/tests/rsa_pss/ciphertext15
security/nss/cmd/bltest/tests/rsa_pss/ciphertext16
security/nss/cmd/bltest/tests/rsa_pss/ciphertext17
security/nss/cmd/bltest/tests/rsa_pss/ciphertext2
security/nss/cmd/bltest/tests/rsa_pss/ciphertext3
security/nss/cmd/bltest/tests/rsa_pss/ciphertext4
security/nss/cmd/bltest/tests/rsa_pss/ciphertext5
security/nss/cmd/bltest/tests/rsa_pss/ciphertext6
security/nss/cmd/bltest/tests/rsa_pss/ciphertext7
security/nss/cmd/bltest/tests/rsa_pss/ciphertext8
security/nss/cmd/bltest/tests/rsa_pss/ciphertext9
security/nss/cmd/bltest/tests/rsa_pss/hash0
security/nss/cmd/bltest/tests/rsa_pss/hash1
security/nss/cmd/bltest/tests/rsa_pss/hash10
security/nss/cmd/bltest/tests/rsa_pss/hash11
security/nss/cmd/bltest/tests/rsa_pss/hash12
security/nss/cmd/bltest/tests/rsa_pss/hash13
security/nss/cmd/bltest/tests/rsa_pss/hash14
security/nss/cmd/bltest/tests/rsa_pss/hash15
security/nss/cmd/bltest/tests/rsa_pss/hash16
security/nss/cmd/bltest/tests/rsa_pss/hash17
security/nss/cmd/bltest/tests/rsa_pss/hash2
security/nss/cmd/bltest/tests/rsa_pss/hash3
security/nss/cmd/bltest/tests/rsa_pss/hash4
security/nss/cmd/bltest/tests/rsa_pss/hash5
security/nss/cmd/bltest/tests/rsa_pss/hash6
security/nss/cmd/bltest/tests/rsa_pss/hash7
security/nss/cmd/bltest/tests/rsa_pss/hash8
security/nss/cmd/bltest/tests/rsa_pss/hash9
security/nss/cmd/bltest/tests/rsa_pss/key0
security/nss/cmd/bltest/tests/rsa_pss/key1
security/nss/cmd/bltest/tests/rsa_pss/key10
security/nss/cmd/bltest/tests/rsa_pss/key11
security/nss/cmd/bltest/tests/rsa_pss/key12
security/nss/cmd/bltest/tests/rsa_pss/key13
security/nss/cmd/bltest/tests/rsa_pss/key14
security/nss/cmd/bltest/tests/rsa_pss/key15
security/nss/cmd/bltest/tests/rsa_pss/key16
security/nss/cmd/bltest/tests/rsa_pss/key17
security/nss/cmd/bltest/tests/rsa_pss/key2
security/nss/cmd/bltest/tests/rsa_pss/key3
security/nss/cmd/bltest/tests/rsa_pss/key4
security/nss/cmd/bltest/tests/rsa_pss/key5
security/nss/cmd/bltest/tests/rsa_pss/key6
security/nss/cmd/bltest/tests/rsa_pss/key7
security/nss/cmd/bltest/tests/rsa_pss/key8
security/nss/cmd/bltest/tests/rsa_pss/key9
security/nss/cmd/bltest/tests/rsa_pss/maskhash0
security/nss/cmd/bltest/tests/rsa_pss/maskhash1
security/nss/cmd/bltest/tests/rsa_pss/maskhash10
security/nss/cmd/bltest/tests/rsa_pss/maskhash11
security/nss/cmd/bltest/tests/rsa_pss/maskhash12
security/nss/cmd/bltest/tests/rsa_pss/maskhash13
security/nss/cmd/bltest/tests/rsa_pss/maskhash14
security/nss/cmd/bltest/tests/rsa_pss/maskhash15
security/nss/cmd/bltest/tests/rsa_pss/maskhash16
security/nss/cmd/bltest/tests/rsa_pss/maskhash17
security/nss/cmd/bltest/tests/rsa_pss/maskhash2
security/nss/cmd/bltest/tests/rsa_pss/maskhash3
security/nss/cmd/bltest/tests/rsa_pss/maskhash4
security/nss/cmd/bltest/tests/rsa_pss/maskhash5
security/nss/cmd/bltest/tests/rsa_pss/maskhash6
security/nss/cmd/bltest/tests/rsa_pss/maskhash7
security/nss/cmd/bltest/tests/rsa_pss/maskhash8
security/nss/cmd/bltest/tests/rsa_pss/maskhash9
security/nss/cmd/bltest/tests/rsa_pss/numtests
security/nss/cmd/bltest/tests/rsa_pss/plaintext0
security/nss/cmd/bltest/tests/rsa_pss/plaintext1
security/nss/cmd/bltest/tests/rsa_pss/plaintext10
security/nss/cmd/bltest/tests/rsa_pss/plaintext11
security/nss/cmd/bltest/tests/rsa_pss/plaintext12
security/nss/cmd/bltest/tests/rsa_pss/plaintext13
security/nss/cmd/bltest/tests/rsa_pss/plaintext14
security/nss/cmd/bltest/tests/rsa_pss/plaintext15
security/nss/cmd/bltest/tests/rsa_pss/plaintext16
security/nss/cmd/bltest/tests/rsa_pss/plaintext17
security/nss/cmd/bltest/tests/rsa_pss/plaintext2
security/nss/cmd/bltest/tests/rsa_pss/plaintext3
security/nss/cmd/bltest/tests/rsa_pss/plaintext4
security/nss/cmd/bltest/tests/rsa_pss/plaintext5
security/nss/cmd/bltest/tests/rsa_pss/plaintext6
security/nss/cmd/bltest/tests/rsa_pss/plaintext7
security/nss/cmd/bltest/tests/rsa_pss/plaintext8
security/nss/cmd/bltest/tests/rsa_pss/plaintext9
security/nss/cmd/bltest/tests/rsa_pss/seed0
security/nss/cmd/bltest/tests/rsa_pss/seed1
security/nss/cmd/bltest/tests/rsa_pss/seed10
security/nss/cmd/bltest/tests/rsa_pss/seed11
security/nss/cmd/bltest/tests/rsa_pss/seed12
security/nss/cmd/bltest/tests/rsa_pss/seed13
security/nss/cmd/bltest/tests/rsa_pss/seed14
security/nss/cmd/bltest/tests/rsa_pss/seed15
security/nss/cmd/bltest/tests/rsa_pss/seed16
security/nss/cmd/bltest/tests/rsa_pss/seed17
security/nss/cmd/bltest/tests/rsa_pss/seed2
security/nss/cmd/bltest/tests/rsa_pss/seed3
security/nss/cmd/bltest/tests/rsa_pss/seed4
security/nss/cmd/bltest/tests/rsa_pss/seed5
security/nss/cmd/bltest/tests/rsa_pss/seed6
security/nss/cmd/bltest/tests/rsa_pss/seed7
security/nss/cmd/bltest/tests/rsa_pss/seed8
security/nss/cmd/bltest/tests/rsa_pss/seed9
security/nss/coreconf/coreconf.dep
security/nss/lib/ckfw/builtins/bfind.c
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/freebl/blapi.h
security/nss/lib/freebl/ldvector.c
security/nss/lib/freebl/loader.c
security/nss/lib/freebl/loader.h
security/nss/lib/freebl/manifest.mn
security/nss/lib/freebl/rijndael.c
security/nss/lib/freebl/rsapkcs.c
security/nss/lib/freebl/stubs.c
security/nss/lib/smime/smime.h
security/nss/lib/softoken/manifest.mn
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/rsawrapr.c
security/nss/lib/softoken/softoken.h
security/nss/lib/softoken/softoknt.h
security/nss/lib/util/secdig.c
security/nss/lib/util/secdig.h
security/nss/tests/cipher/cipher.txt
security/nss/tests/run_niscc.sh
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_15_4_BETA3
+NSS_3_15_4_BETA4
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/buildbot-slave/bbenv-example.sh
@@ -0,0 +1,69 @@
+#! /bin/bash
+
+# Each buildbot-slave requires a bbenv.sh file that defines
+# machine specific variables. This is an example file.
+
+
+HOST=$(hostname | cut -d. -f1)
+export HOST
+
+# if your machine's IP isn't registered in DNS,
+# you must set appropriate environment variables
+# that can be resolved locally.
+# For example, if localhost.localdomain works on your system, set:
+#HOST=localhost
+#DOMSUF=localdomain
+#export DOMSUF
+
+ARCH=$(uname -s)
+
+ulimit -c unlimited 2> /dev/null
+
+export NSS_ENABLE_ECC=1
+export NSS_ECC_MORE_THAN_SUITE_B=1
+export NSPR_LOG_MODULES="pkix:1"
+
+#export JAVA_HOME_32=
+#export JAVA_HOME_64=
+
+#enable if you have PKITS data
+#export PKITS_DATA=$HOME/pkits/data/
+
+NSS_BUILD_TARGET="clean nss_build_all"
+JSS_BUILD_TARGET="clean all"
+
+MAKE=gmake
+AWK=awk
+PATCH=patch
+
+if [ "${ARCH}" = "SunOS" ]; then
+    AWK=nawk
+    PATCH=gpatch
+    ARCH=SunOS/$(uname -p)
+fi
+
+if [ "${ARCH}" = "Linux" -a -f /etc/system-release ]; then
+   VERSION=`sed -e 's; release ;;' -e 's; (.*)$;;' -e 's;Red Hat Enterprise Linux Server;RHEL;' -e 's;Red Hat Enterprise Linux Workstation;RHEL;' /etc/system-release`
+   ARCH=Linux/${VERSION}
+   echo ${ARCH}
+fi
+
+PROCESSOR=$(uname -p)
+if [ "${PROCESSOR}" = "ppc64" ]; then
+    ARCH="${ARCH}/ppc64"
+fi
+if [ "${PROCESSOR}" = "powerpc" ]; then
+    ARCH="${ARCH}/ppc"
+fi
+
+PORT_64_DBG=8543
+PORT_64_OPT=8544
+PORT_32_DBG=8545
+PORT_32_OPT=8546
+
+if [ "${NSS_TESTS}" = "memleak" ]; then
+    PORT_64_DBG=8547
+    PORT_64_OPT=8548
+    PORT_32_DBG=8549
+    PORT_32_OPT=8550
+fi
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/buildbot-slave/build.sh
@@ -0,0 +1,378 @@
+#! /bin/bash
+
+# Ensure a failure of the first command inside a pipe
+# won't be hidden by commands later in the pipe.
+# (e.g. as in ./dosomething | grep)
+
+set -o pipefail
+
+proc_args()
+{
+    while [ -n "$1" ]; do
+        OPT=$(echo $1 | cut -d= -f1)
+        VAL=$(echo $1 | cut -d= -f2)
+
+        case $OPT in
+            "--build-nss")
+                BUILD_NSS=1
+                ;;
+            "--test-nss")
+                TEST_NSS=1
+                ;;
+            "--build-jss")
+                BUILD_JSS=1
+                ;;
+            "--test-jss")
+                TEST_JSS=1
+                ;;
+            "--memtest")
+                NSS_TESTS="memleak"
+                export NSS_TESTS
+                ;;
+            "--nojsssign")
+                NO_JSS_SIGN=1
+                ;;
+            *)
+                echo "Usage: $0 ..."
+                echo "    --memtest   - run the memory leak tests"
+                echo "    --nojsssign - try to sign jss"
+                echo "    --build-nss"
+                echo "    --build-jss"
+                echo "    --test-nss"
+                echo "    --test-jss"
+                exit 1
+                ;;
+        esac 
+
+        shift
+    done
+}
+
+set_env()
+{
+    TOPDIR=$(pwd)
+    HGDIR=$(pwd)$(echo "/hg")
+    OUTPUTDIR=$(pwd)$(echo "/output")
+    LOG_ALL="${OUTPUTDIR}/all.log"
+    LOG_TMP="${OUTPUTDIR}/tmp.log"
+
+    echo "hello" |grep --line-buffered hello >/dev/null 2>&1
+    [ $? -eq 0 ] && GREP_BUFFER="--line-buffered"
+}
+
+print_log()
+{
+    DATE=$(date "+TB [%Y-%m-%d %H:%M:%S]")
+    echo "${DATE} $*"
+    echo "${DATE} $*" >> ${LOG_ALL}
+}
+
+print_result()
+{
+    TESTNAME=$1
+    RET=$2
+    EXP=$3
+
+    if [ ${RET} -eq ${EXP} ]; then
+        print_log "${TESTNAME} PASSED"
+    else
+        print_log "${TESTNAME} FAILED"
+    fi
+}
+
+print_env()
+{
+    print_log "######## Environment variables ########"
+
+    uname -a | tee -a ${LOG_ALL}
+    if [ -e "/etc/redhat-release" ]; then
+        cat "/etc/redhat-release" | tee -a ${LOG_ALL}
+    fi
+    # don't print the MAIL command, it might contain a password    
+    env | grep -v "^MAIL=" | tee -a ${LOG_ALL}
+}
+
+set_cycle()
+{
+    BITS=$1
+    OPT=$2
+
+    if [ "${BITS}" = "64" ]; then
+        USE_64=1
+        JAVA_HOME=${JAVA_HOME_64} 
+        PORT_DBG=${PORT_64_DBG}
+        PORT_OPT=${PORT_64_OPT}
+    else
+        USE_64=
+        JAVA_HOME=${JAVA_HOME_32} 
+        PORT_DBG=${PORT_32_DBG}
+        PORT_OPT=${PORT_32_OPT}
+    fi
+    export USE_64
+    export JAVA_HOME
+
+    BUILD_OPT=
+    if [ "${OPT}" = "OPT" ]; then
+        BUILD_OPT=1
+        XPCLASS=xpclass.jar
+        PORT=${PORT_OPT}
+    else
+        BUILD_OPT=
+        XPCLASS=xpclass_dbg.jar
+        PORT=${PORT_DBG}
+    fi
+    export BUILD_OPT
+
+    PORT_JSS_SERVER=$(expr ${PORT} + 20)
+    PORT_JSSE_SERVER=$(expr ${PORT} + 40)
+
+    export PORT
+    export PORT_JSS_SERVER
+    export PORT_JSSE_SERVER
+}
+
+build_nss()
+{
+    print_log "######## NSS - build - ${BITS} bits - ${OPT} ########"
+
+    print_log "$ cd ${HGDIR}/nss"
+    cd ${HGDIR}/nss
+
+    print_log "$ ${MAKE} ${NSS_BUILD_TARGET}"
+    #${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} | grep ${GREP_BUFFER} "^${MAKE}"
+    ${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL}
+    RET=$?
+    print_result "NSS - build - ${BITS} bits - ${OPT}" ${RET} 0
+
+    if [ ${RET} -eq 0 ]; then
+        return 0
+    else
+        tail -100 ${LOG_ALL}
+        return ${RET}
+    fi
+}
+
+build_jss()
+{
+    print_log "######## JSS - build - ${BITS} bits - ${OPT} ########"
+
+    print_log "$ cd ${HGDIR}/jss"
+    cd ${HGDIR}/jss
+
+    print_log "$ ${MAKE} ${JSS_BUILD_TARGET}"
+    #${MAKE} ${JSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} | grep ${GREP_BUFFER} "^${MAKE}"
+    ${MAKE} ${JSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL}
+    RET=$?
+    print_result "JSS build - ${BITS} bits - ${OPT}" ${RET} 0
+    [ ${RET} -eq 0 ] || return ${RET}
+
+    print_log "$ cd ${HGDIR}/dist"
+    cd ${HGDIR}/dist
+
+    if [ -z "${NO_JSS_SIGN}" ]; then
+	print_log "cat ${TOPDIR}/keystore.pw | ${JAVA_HOME}/bin/jarsigner -keystore ${TOPDIR}/keystore -internalsf ${XPCLASS} jssdsa"
+	cat ${TOPDIR}/keystore.pw | ${JAVA_HOME}/bin/jarsigner -keystore ${TOPDIR}/keystore -internalsf ${XPCLASS} jssdsa >> ${LOG_ALL} 2>&1
+	RET=$?
+	print_result "JSS - sign JAR files - ${BITS} bits - ${OPT}" ${RET} 0
+	[ ${RET} -eq 0 ] || return ${RET}
+    fi
+    print_log "${JAVA_HOME}/bin/jarsigner -verify -certs ${XPCLASS}"
+    ${JAVA_HOME}/bin/jarsigner -verify -certs ${XPCLASS} >> ${LOG_ALL} 2>&1
+    RET=$?
+    print_result "JSS - verify JAR files - ${BITS} bits - ${OPT}" ${RET} 0
+    [ ${RET} -eq 0 ] || return ${RET}
+
+    return 0
+}
+
+test_nss()
+{
+    print_log "######## NSS - tests - ${BITS} bits - ${OPT} ########"
+
+    if [ "${OS_TARGET}" = "Android" ]; then
+	print_log "$ cd ${HGDIR}/nss/tests/remote"
+	cd ${HGDIR}/nss/tests/remote
+	print_log "$ make test_android"
+	make test_android 2>&1 | tee ${LOG_TMP} | grep ${GREP_BUFFER} ": #"
+	OUTPUTFILE=${HGDIR}/tests_results/security/*.1/output.log
+    else
+	print_log "$ cd ${HGDIR}/nss/tests"
+	cd ${HGDIR}/nss/tests
+	print_log "$ ./all.sh"
+	./all.sh 2>&1 | tee ${LOG_TMP} | grep ${GREP_BUFFER} ": #"
+	OUTPUTFILE=${LOG_TMP}
+    fi
+
+    cat ${LOG_TMP} >> ${LOG_ALL}
+    tail -n2 ${HGDIR}/tests_results/security/*.1/results.html | grep END_OF_TEST >> ${LOG_ALL}
+    RET=$?
+
+    print_log "######## details of detected failures (if any) ########"
+    grep -B50 FAIL ${OUTPUTFILE}
+    [ $? -eq 1 ] || RET=1
+
+    print_result "NSS - tests - ${BITS} bits - ${OPT}" ${RET} 0
+    return ${RET}
+}
+
+test_jss()
+{
+    print_log "######## JSS - tests - ${BITS} bits - ${OPT} ########"
+
+    print_log "$ cd ${HGDIR}/jss"
+    cd ${HGDIR}/jss
+
+    print_log "$ ${MAKE} platform"
+    PLATFORM=$(${MAKE} platform)
+    print_log "PLATFORM=${PLATFORM}"
+
+    print_log "$ cd ${HGDIR}/jss/org/mozilla/jss/tests"
+    cd ${HGDIR}/jss/org/mozilla/jss/tests
+
+    print_log "$ perl all.pl dist ${HGDIR}/dist/${PLATFORM}"
+    perl all.pl dist ${HGDIR}/dist/${PLATFORM} 2>&1 | tee ${LOG_TMP}
+    cat ${LOG_TMP} >> ${LOG_ALL}
+
+    tail -n2 ${LOG_TMP} | grep JSSTEST_RATE > /dev/null
+    RET=$?
+
+    grep FAIL ${LOG_TMP} 
+    [ $? -eq 1 ] || RET=1
+
+    print_result "JSS - tests - ${BITS} bits - ${OPT}" ${RET} 0
+    return ${RET}
+}
+
+build_and_test()
+{
+    if [ -n "${BUILD_NSS}" ]; then
+        build_nss
+        [ $? -eq 0 ] || return 1
+    fi
+
+    if [ -n "${TEST_NSS}" ]; then
+        test_nss
+        [ $? -eq 0 ] || return 1
+    fi
+
+    if [ -n "${BUILD_JSS}" ]; then
+        build_jss
+        [ $? -eq 0 ] || return 1
+    fi
+
+    if [ -n "${TEST_JSS}" ]; then
+        test_jss
+        [ $? -eq 0 ] || return 1
+    fi
+
+    return 0
+}
+
+run_cycle()
+{
+    print_env
+    build_and_test
+    RET=$?
+
+    grep ^TinderboxPrint ${LOG_ALL}
+
+    return ${RET}
+}
+
+prepare()
+{
+    rm -rf ${OUTPUTDIR}.oldest >/dev/null 2>&1
+    mv ${OUTPUTDIR}.older ${OUTPUTDIR}.oldest >/dev/null 2>&1
+    mv ${OUTPUTDIR}.old ${OUTPUTDIR}.older >/dev/null 2>&1
+    mv ${OUTPUTDIR}.last ${OUTPUTDIR}.old >/dev/null 2>&1
+    mv ${OUTPUTDIR} ${OUTPUTDIR}.last >/dev/null 2>&1
+    mkdir -p ${OUTPUTDIR}
+
+    if [ -n "${NSS_ENABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then
+        cd ${HGDIR}/nss
+        ECF="lib/freebl/ecl/ecl-curve.h"
+	print_log "hg revert -r NSS_3_11_1_RTM ${ECF}"
+        hg revert -r NSS_3_11_1_RTM security/nss/${ECF}
+        cp -f security/nss/${ECF} ${ECF}
+    fi
+
+    return 0
+}
+
+move_results()
+{
+    cd ${HGDIR}
+    if [ -n "${TEST_NSS}" ]; then
+	mv -f tests_results ${OUTPUTDIR}
+    fi
+    tar -c -z --dereference -f ${OUTPUTDIR}/dist.tgz dist
+    rm -rf dist
+}
+
+run_all()
+{
+    set_cycle ${BITS} ${OPT}
+    prepare
+    run_cycle
+    RESULT=$?
+    print_log "### result of run_cycle is ${RESULT}"
+    move_results
+    return ${RESULT}
+}
+
+main()
+{
+    VALID=0
+    RET=1
+
+    for BITS in 32 64; do
+        echo ${RUN_BITS} | grep ${BITS} > /dev/null
+        [ $? -eq 0 ] || continue
+        for OPT in DBG OPT; do
+            echo ${RUN_OPT} | grep ${OPT} > /dev/null
+            [ $? -eq 0 ] || continue
+
+            VALID=1
+            set_env
+            run_all
+            RET=$?
+	    print_log "### result of run_all is ${RET}"
+        done
+    done
+
+    if [ ${VALID} -ne 1 ]; then
+        echo "Need to set valid bits/opt values."
+        return 1
+    fi
+
+    return ${RET}
+}
+
+#function killallsub()
+#{
+#    FINAL_RET=$?
+#    for proc in `jobs -p`
+#    do
+#        kill -9 $proc
+#    done
+#    return ${FINAL_RET}
+#}
+#trap killallsub EXIT
+
+#IS_RUNNING_FILE="./build-is-running"
+
+#if [ -a $IS_RUNNING_FILE ]; then
+#    echo "exiting, because old job is still running"
+#    exit 1
+#fi
+
+#touch $IS_RUNNING_FILE
+
+echo "tinderbox args: $0 $@"
+. ${ENVVARS}
+proc_args "$@"
+main
+
+#RET=$?
+#rm $IS_RUNNING_FILE
+#exit ${RET}
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/buildbot-slave/reboot.bat
@@ -0,0 +1,6 @@
+IF EXIST ..\buildbot-is-building (
+    del ..\buildbot-is-building
+    shutdown /r /t 0
+
+    timeout /t 120
+)
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/buildbot-slave/startbuild.bat
@@ -0,0 +1,14 @@
+echo running > ..\buildbot-is-building
+
+echo running: "%MOZILLABUILD%\msys\bin\bash" -c "hg/tinder/buildbot/build.sh %*"
+"%MOZILLABUILD%\msys\bin\bash" -c "hg/tinder/buildbot/build.sh %*"
+
+if %errorlevel% neq 0 (
+  set EXITCODE=1
+) else (
+  set EXITCODE=0
+)
+
+del ..\buildbot-is-building
+
+exit /b %EXITCODE%
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -24,22 +24,16 @@
 #ifdef NSS_ENABLE_ECC
 #include "ecl-curve.h"
 SECStatus EC_DecodeParams(const SECItem *encodedParams, 
 	ECParams **ecparams);
 SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
 	      const ECParams *srcParams);
 #endif
 
-/* Temporary - add debugging output on windows for RSA to track QA failure */
-#ifdef _WIN32
-#define TRACK_BLTEST_BUG
-    char __bltDBG[] = "BLTEST DEBUG";
-#endif
-
 char *progName;
 char *testdir = NULL;
 
 #define BLTEST_DEFAULT_CHUNKSIZE 4096
 
 #define WORDSIZE sizeof(unsigned long)
 
 #define CHECKERROR(rv, ln) \
@@ -624,16 +618,19 @@ typedef SECStatus (* bltestSymmCipherFn)
 typedef SECStatus (* bltestPubKeyCipherFn)(void *key,
 					   SECItem *output,
 					   const SECItem *input);
 
 typedef SECStatus (* bltestHashCipherFn)(unsigned char *dest,
 					 const unsigned char *src,
 					 PRUint32 src_length);
 
+/* Note: Algorithms are grouped in order to support is_symmkeyCipher /
+ * is_pubkeyCipher / is_hashCipher / is_sigCipher
+ */
 typedef enum {
     bltestINVALID = -1,
     bltestDES_ECB,	  /* Symmetric Key Ciphers */
     bltestDES_CBC,	  /* .			   */
     bltestDES_EDE_ECB,	  /* .			   */
     bltestDES_EDE_CBC,	  /* .			   */
     bltestRC2_ECB,	  /* .			   */
     bltestRC2_CBC,	  /* .			   */
@@ -646,21 +643,23 @@ typedef enum {
     bltestAES_CBC,        /* .                     */
     bltestAES_CTS,        /* .                     */
     bltestAES_CTR,        /* .                     */
     bltestAES_GCM,        /* .                     */
     bltestCAMELLIA_ECB,   /* .                     */
     bltestCAMELLIA_CBC,   /* .                     */
     bltestSEED_ECB,       /* SEED algorithm	   */
     bltestSEED_CBC,       /* SEED algorithm	   */
-    bltestRSA,		  /* Public Key Ciphers	   */
+    bltestRSA,            /* Public Key Ciphers    */
+    bltestRSA_OAEP,       /* . (Public Key Enc.)   */
+    bltestRSA_PSS,        /* . (Public Key Sig.)   */
 #ifdef NSS_ENABLE_ECC
-    bltestECDSA,	  /* . (Public Key Sig.)   */
+    bltestECDSA,          /* . (Public Key Sig.)   */
 #endif
-    bltestDSA,		  /* .                     */
+    bltestDSA,            /* . (Public Key Sig.)   */
     bltestMD2,		  /* Hash algorithms	   */
     bltestMD5,		  /* .			   */
     bltestSHA1,           /* .			   */
     bltestSHA224,         /* .			   */
     bltestSHA256,         /* .			   */
     bltestSHA384,         /* .			   */
     bltestSHA512,         /* .			   */
     NUMMODES
@@ -684,16 +683,18 @@ static char *mode_strings[] =
     "aes_cts",
     "aes_ctr",
     "aes_gcm",
     "camellia_ecb",
     "camellia_cbc",
     "seed_ecb",
     "seed_cbc",
     "rsa",
+    "rsa_oaep",
+    "rsa_pss",
 #ifdef NSS_ENABLE_ECC
     "ecdsa",
 #endif
     /*"pqg",*/
     "dsa",
     "md2",
     "md5",
     "sha1",
@@ -721,60 +722,71 @@ typedef struct
     bltestIO iv;
     int	     rounds;
     int	     wordsize;
 } bltestRC5Params;
 
 typedef struct
 {
     bltestIO key;
-    int	     keysizeInBits;
-    RSAPrivateKey *rsakey;
+    int keysizeInBits;
+
+    /* OAEP & PSS */
+    HASH_HashType hashAlg;
+    HASH_HashType maskHashAlg;
+    bltestIO      seed; /* salt if PSS */
 } bltestRSAParams;
 
 typedef struct
 {
-    bltestIO   key;
     bltestIO   pqgdata;
     unsigned int keysize;
     bltestIO   keyseed;
     bltestIO   sigseed;
-    bltestIO   sig; /* if doing verify, have additional input */
     PQGParams *pqg;
-    DSAPrivateKey *dsakey;
 } bltestDSAParams;
 
 #ifdef NSS_ENABLE_ECC
 typedef struct
 {
-    bltestIO   key;
     char      *curveName;
     bltestIO   sigseed;
-    bltestIO   sig; /* if doing verify, have additional input */
-    ECPrivateKey *eckey;
 } bltestECDSAParams;
 #endif
 
 typedef struct
 {
+    bltestIO key;
+    void *   privKey;
+    void *   pubKey;
+    bltestIO sig; /* if doing verify, the signature (which may come
+                   * from sigfile. */
+
+    union {
+        bltestRSAParams rsa;
+        bltestDSAParams dsa;
+#ifdef NSS_ENABLE_ECC
+        bltestECDSAParams ecdsa;
+#endif
+    } cipherParams;
+} bltestAsymKeyParams;
+
+typedef struct
+{
     bltestIO   key; /* unused */
     PRBool     restart;
 } bltestHashParams;
 
 typedef union
 {
     bltestIO		key;
     bltestSymmKeyParams sk;
     bltestAuthSymmKeyParams ask;
     bltestRC5Params	rc5;
-    bltestRSAParams	rsa;
-    bltestDSAParams	dsa;
-#ifdef NSS_ENABLE_ECC
-    bltestECDSAParams	ecdsa;
-#endif
+    bltestAsymKeyParams	asymk;
     bltestHashParams	hash;
 } bltestParams;
 
 typedef struct bltestCipherInfoStr bltestCipherInfo;
 
 struct  bltestCipherInfoStr {
     PLArenaPool *arena;
     /* link to next in multithreaded test */
@@ -854,22 +866,18 @@ is_hashCipher(bltestCipherMode mode)
 	return PR_TRUE;
     return PR_FALSE;
 }
 
 PRBool
 is_sigCipher(bltestCipherMode mode)
 {
     /* change as needed! */
-#ifdef NSS_ENABLE_ECC
-    if (mode >= bltestECDSA && mode <= bltestDSA)
-#else
-    if (mode >= bltestDSA && mode <= bltestDSA)
-#endif
-	return PR_TRUE;
+    if (mode >= bltestRSA_PSS && mode <= bltestDSA)
+       return PR_TRUE;
     return PR_FALSE;
 }
 
 PRBool
 cipher_requires_IV(bltestCipherMode mode)
 {
     /* change as needed! */
     if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC ||
@@ -1154,50 +1162,135 @@ seed_Decrypt(void *cx, unsigned char *ou
             unsigned int maxOutputLen, const unsigned char *input,
             unsigned int inputLen)
 {
     return SEED_Decrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
                        input, inputLen);
 }
 
 SECStatus
-rsa_PublicKeyOp(void *key, SECItem *output, const SECItem *input)
+rsa_PublicKeyOp(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    RSAPublicKey *pubKey = (RSAPublicKey *)params->pubKey;
+    SECStatus rv = RSA_PublicKeyOp(pubKey, output->data, input->data);
+    if (rv == SECSuccess) {
+        output->len = pubKey->modulus.data[0] ? pubKey->modulus.len :
+                                                pubKey->modulus.len - 1;
+    }
+    return rv;
+}
+
+SECStatus
+rsa_PrivateKeyOp(void *cx, SECItem *output, const SECItem *input)
 {
-    return RSA_PublicKeyOp((RSAPublicKey *)key, output->data, input->data);
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    RSAPrivateKey *privKey = (RSAPrivateKey *)params->privKey;
+    SECStatus rv = RSA_PrivateKeyOp(privKey, output->data, input->data);
+    if (rv == SECSuccess) {
+        output->len = privKey->modulus.data[0] ? privKey->modulus.len :
+                                                 privKey->modulus.len - 1;
+    }
+    return rv;
+}
+
+SECStatus
+rsa_signDigestPSS(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    bltestRSAParams *rsaParams = &params->cipherParams.rsa;
+    return RSA_SignPSS((RSAPrivateKey *)params->privKey,
+                       rsaParams->hashAlg,
+                       rsaParams->maskHashAlg,
+                       rsaParams->seed.buf.data,
+                       rsaParams->seed.buf.len,
+                       output->data, &output->len, output->len,
+                       input->data, input->len);
 }
 
 SECStatus
-rsa_PrivateKeyOp(void *key, SECItem *output, const SECItem *input)
+rsa_verifyDigestPSS(void *cx, SECItem *output, const SECItem *input)
 {
-    return RSA_PrivateKeyOp((RSAPrivateKey *)key, output->data, input->data);
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    bltestRSAParams *rsaParams = &params->cipherParams.rsa;
+    return RSA_CheckSignPSS((RSAPublicKey *)params->pubKey,
+                            rsaParams->hashAlg,
+                            rsaParams->maskHashAlg,
+                            rsaParams->seed.buf.len,
+                            output->data, output->len,
+                            input->data, input->len);
+}
+
+SECStatus
+rsa_encryptOAEP(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    bltestRSAParams *rsaParams = &params->cipherParams.rsa;
+    return RSA_EncryptOAEP((RSAPublicKey *)params->pubKey,
+                           rsaParams->hashAlg,
+                           rsaParams->maskHashAlg,
+                           NULL, 0,
+                           rsaParams->seed.buf.data,
+                           rsaParams->seed.buf.len,
+                           output->data, &output->len, output->len,
+                           input->data, input->len);
 }
 
 SECStatus
-dsa_signDigest(void *key, SECItem *output, const SECItem *input)
+rsa_decryptOAEP(void *cx, SECItem *output, const SECItem *input)
 {
-    return DSA_SignDigest((DSAPrivateKey *)key, output, input);
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    bltestRSAParams *rsaParams = &params->cipherParams.rsa;
+    return RSA_DecryptOAEP((RSAPrivateKey *)params->privKey,
+                           rsaParams->hashAlg,
+                           rsaParams->maskHashAlg,
+                           NULL, 0,
+                           output->data, &output->len, output->len,
+                           input->data, input->len);
 }
 
 SECStatus
-dsa_verifyDigest(void *key, SECItem *output, const SECItem *input)
+dsa_signDigest(void *cx, SECItem *output, const SECItem *input)
 {
-    return DSA_VerifyDigest((DSAPublicKey *)key, output, input);
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    if (params->cipherParams.dsa.sigseed.buf.len > 0) {
+        return DSA_SignDigestWithSeed((DSAPrivateKey *)params->privKey,
+                                      output, input,
+                                      params->cipherParams.dsa.sigseed.buf.data);
+    }
+    return DSA_SignDigest((DSAPrivateKey *)params->privKey, output, input);
+}
+
+SECStatus
+dsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    return DSA_VerifyDigest((DSAPublicKey *)params->pubKey, output, input);
 }
 
 #ifdef NSS_ENABLE_ECC
 SECStatus
-ecdsa_signDigest(void *key, SECItem *output, const SECItem *input)
+ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input)
 {
-    return ECDSA_SignDigest((ECPrivateKey *)key, output, input);
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    if (params->cipherParams.ecdsa.sigseed.buf.len > 0) {
+        return ECDSA_SignDigestWithSeed(
+                        (ECPrivateKey *)params->privKey,
+                        output, input,
+                        params->cipherParams.ecdsa.sigseed.buf.data,
+                        params->cipherParams.ecdsa.sigseed.buf.len);
+    }
+    return ECDSA_SignDigest((ECPrivateKey *)params->privKey, output, input);
 }
 
 SECStatus
-ecdsa_verifyDigest(void *key, SECItem *output, const SECItem *input)
+ecdsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
 {
-    return ECDSA_VerifyDigest((ECPublicKey *)key, output, input);
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    return ECDSA_VerifyDigest((ECPublicKey *)params->pubKey, output, input);
 }
 #endif
 
 SECStatus
 bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     PRIntervalTime time1, time2;
     bltestSymmKeyParams *desp = &cipherInfo->params.sk;
@@ -1484,51 +1577,69 @@ bltest_seed_init(bltestCipherInfo *ciphe
 	return SECSuccess;
 }
 
 SECStatus
 bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     int i;
     RSAPrivateKey **dummyKey;
+    RSAPrivateKey *privKey;
+    RSAPublicKey *pubKey;
     PRIntervalTime time1, time2;
-    bltestRSAParams *rsap = &cipherInfo->params.rsa;
+
+    bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
+    bltestRSAParams *rsap = &asymk->cipherParams.rsa;
+
     /* RSA key gen was done during parameter setup */
-    cipherInfo->cx = cipherInfo->params.rsa.rsakey;
+    cipherInfo->cx = asymk;
+    privKey = (RSAPrivateKey *)asymk->privKey;
+
     /* For performance testing */
     if (cipherInfo->cxreps > 0) {
 	/* Create space for n private key objects */
 	dummyKey = (RSAPrivateKey **)PORT_Alloc(cipherInfo->cxreps *
 						sizeof(RSAPrivateKey *));
 	/* Time n keygens, storing in the array */
 	TIMESTART();
 	for (i=0; i<cipherInfo->cxreps; i++)
 	    dummyKey[i] = RSA_NewKey(rsap->keysizeInBits, 
-	                             &rsap->rsakey->publicExponent);
+	                             &privKey->publicExponent);
 	TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
 	/* Free the n key objects */
 	for (i=0; i<cipherInfo->cxreps; i++)
 	    PORT_FreeArena(dummyKey[i]->arena, PR_TRUE);
 	PORT_Free(dummyKey);
     }
-    if (encrypt) {
+
+    if ((encrypt && !is_sigCipher(cipherInfo->mode)) ||
+        (!encrypt && is_sigCipher(cipherInfo->mode))) {
 	/* Have to convert private key to public key.  Memory
 	 * is freed with private key's arena  */
-	RSAPublicKey *pubkey;
-	RSAPrivateKey *key = (RSAPrivateKey *)cipherInfo->cx;
-	pubkey = (RSAPublicKey *)PORT_ArenaAlloc(key->arena,
+	pubKey = (RSAPublicKey *)PORT_ArenaAlloc(privKey->arena,
 						 sizeof(RSAPublicKey));
-	pubkey->modulus.len = key->modulus.len;
-	pubkey->modulus.data = key->modulus.data;
-	pubkey->publicExponent.len = key->publicExponent.len;
-	pubkey->publicExponent.data = key->publicExponent.data;
-	cipherInfo->cx = (void *)pubkey;
-	cipherInfo->cipher.pubkeyCipher = rsa_PublicKeyOp;
-    } else {
-	cipherInfo->cipher.pubkeyCipher = rsa_PrivateKeyOp;
+	pubKey->modulus.len = privKey->modulus.len;
+	pubKey->modulus.data = privKey->modulus.data;
+	pubKey->publicExponent.len = privKey->publicExponent.len;
+	pubKey->publicExponent.data = privKey->publicExponent.data;
+	asymk->pubKey = (void *)pubKey;
+    }
+    switch (cipherInfo->mode) {
+        case bltestRSA:
+            cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_PublicKeyOp
+                                                      : rsa_PrivateKeyOp;
+            break;
+        case bltestRSA_PSS:
+            cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_signDigestPSS
+                                                      : rsa_verifyDigestPSS;
+            break;
+        case bltestRSA_OAEP:
+            cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_encryptOAEP
+                                                      : rsa_decryptOAEP;
+            break;
     }
     return SECSuccess;
 }
 
 SECStatus
 blapi_pqg_param_gen(unsigned int keysize, PQGParams **pqg, PQGVerify **vfy)
 {
     if (keysize < 1024) {
@@ -1553,20 +1664,20 @@ bltest_pqg_init(bltestDSAParams *dsap)
 
 SECStatus
 bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     int i;
     DSAPrivateKey **dummyKey;
     PQGParams *dummypqg;
     PRIntervalTime time1, time2;
-    bltestDSAParams *dsap = &cipherInfo->params.dsa;
+    bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
+    bltestDSAParams *dsap = &asymk->cipherParams.dsa;
     PQGVerify *ignore = NULL;
-    /* DSA key gen was done during parameter setup */
-    cipherInfo->cx = cipherInfo->params.dsa.dsakey;
+    cipherInfo->cx = asymk;
     /* For performance testing */
     if (cipherInfo->cxreps > 0) {
 	/* Create space for n private key objects */
 	dummyKey = (DSAPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
 	                                         sizeof(DSAPrivateKey *));
 	/* Time n keygens, storing in the array */
 	TIMESTART();
 	for (i=0; i<cipherInfo->cxreps; i++) {
@@ -1578,77 +1689,77 @@ bltest_dsa_init(bltestCipherInfo *cipher
 	/* Free the n key objects */
 	for (i=0; i<cipherInfo->cxreps; i++)
 	    PORT_FreeArena(dummyKey[i]->params.arena, PR_TRUE);
 	PORT_Free(dummyKey);
     }
     if (!dsap->pqg && dsap->pqgdata.buf.len > 0) {
 	dsap->pqg = pqg_from_filedata(&dsap->pqgdata.buf);
     }
-    if (!cipherInfo->cx && dsap->key.buf.len > 0) {
-	cipherInfo->cx = dsakey_from_filedata(&dsap->key.buf);
+    if (!asymk->privKey && asymk->key.buf.len > 0) {
+	asymk->privKey = dsakey_from_filedata(&asymk->key.buf);
     }
     if (encrypt) {
 	cipherInfo->cipher.pubkeyCipher = dsa_signDigest;
     } else {
 	/* Have to convert private key to public key.  Memory
 	 * is freed with private key's arena  */
 	DSAPublicKey *pubkey;
-	DSAPrivateKey *key = (DSAPrivateKey *)cipherInfo->cx;
+	DSAPrivateKey *key = (DSAPrivateKey *)asymk->privKey;
 	pubkey = (DSAPublicKey *)PORT_ArenaZAlloc(key->params.arena,
 						  sizeof(DSAPublicKey));
 	pubkey->params.prime.len = key->params.prime.len;
 	pubkey->params.prime.data = key->params.prime.data;
 	pubkey->params.subPrime.len = key->params.subPrime.len;
 	pubkey->params.subPrime.data = key->params.subPrime.data;
 	pubkey->params.base.len = key->params.base.len;
 	pubkey->params.base.data = key->params.base.data;
 	pubkey->publicValue.len = key->publicValue.len;
 	pubkey->publicValue.data = key->publicValue.data;
+	asymk->pubKey = pubkey;
 	cipherInfo->cipher.pubkeyCipher = dsa_verifyDigest;
     }
     return SECSuccess;
 }
 
 #ifdef NSS_ENABLE_ECC
 SECStatus
 bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     int i;
     ECPrivateKey **dummyKey;
     PRIntervalTime time1, time2;
-    bltestECDSAParams *ecdsap = &cipherInfo->params.ecdsa;
-    /* ECDSA key gen was done during parameter setup */
-    cipherInfo->cx = cipherInfo->params.ecdsa.eckey;
+    bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
+    cipherInfo->cx = asymk;
     /* For performance testing */
     if (cipherInfo->cxreps > 0) {
 	/* Create space for n private key objects */
 	dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
 	                                         sizeof(ECPrivateKey *));
 	/* Time n keygens, storing in the array */
 	TIMESTART();
 	for (i=0; i<cipherInfo->cxreps; i++) {
-	    EC_NewKey(&ecdsap->eckey->ecParams, &dummyKey[i]);
+	    EC_NewKey(&((ECPrivateKey *)asymk->privKey)->ecParams, &dummyKey[i]);
 	}
 	TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
 	/* Free the n key objects */
 	for (i=0; i<cipherInfo->cxreps; i++)
 	    PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE);
 	PORT_Free(dummyKey);
     }
-    if (!cipherInfo->cx && ecdsap->key.buf.len > 0) {
-	cipherInfo->cx = eckey_from_filedata(&ecdsap->key.buf);
+    if (!asymk->privKey && asymk->key.buf.len > 0) {
+        asymk->privKey = eckey_from_filedata(&asymk->key.buf);
     }
     if (encrypt) {
 	cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest;
     } else {
 	/* Have to convert private key to public key.  Memory
 	 * is freed with private key's arena  */
 	ECPublicKey *pubkey;
-	ECPrivateKey *key = (ECPrivateKey *)cipherInfo->cx;
+	ECPrivateKey *key = (ECPrivateKey *)asymk->privKey;
 	pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena,
 						  sizeof(ECPublicKey));
 	pubkey->ecParams.type = key->ecParams.type;
 	pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size;
 	pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type;
 	pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len;
 	pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data;
 	pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1;
@@ -1665,16 +1776,17 @@ bltest_ecdsa_init(bltestCipherInfo *ciph
 	pubkey->ecParams.order.len = key->ecParams.order.len;
 	pubkey->ecParams.order.data = key->ecParams.order.data;
 	pubkey->ecParams.cofactor = key->ecParams.cofactor;
 	pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len;
 	pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data;
 	pubkey->ecParams.name= key->ecParams.name;
 	pubkey->publicValue.len = key->publicValue.len;
 	pubkey->publicValue.data = key->publicValue.data;
+	asymk->pubKey = pubkey;
 	cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest;
     }
     return SECSuccess;
 }
 #endif
 
 /* XXX unfortunately, this is not defined in blapi.h */
 SECStatus
@@ -1968,84 +2080,91 @@ pubkeyInitKey(bltestCipherInfo *cipherIn
 #ifdef NSS_ENABLE_ECC
 	      int keysize, int exponent, char *curveName)
 #else
 	      int keysize, int exponent)
 #endif
 {
     int i;
     SECStatus rv = SECSuccess;
+    bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
     bltestRSAParams *rsap;
+    RSAPrivateKey **rsaKey = NULL;
     bltestDSAParams *dsap;
+    DSAPrivateKey **dsaKey = NULL;
 #ifdef NSS_ENABLE_ECC
-    bltestECDSAParams *ecdsap;
     SECItem *tmpECParamsDER;
     ECParams *tmpECParams = NULL;
     SECItem ecSerialize[3];
+    ECPrivateKey **ecKey = NULL;
 #endif
     switch (cipherInfo->mode) {
     case bltestRSA:
-	rsap = &cipherInfo->params.rsa;
+    case bltestRSA_PSS:
+    case bltestRSA_OAEP:
+	rsap = &asymk->cipherParams.rsa;
+        rsaKey = (RSAPrivateKey **)&asymk->privKey;
 	if (keysize > 0) {
 	    SECItem expitem = { 0, 0, 0 };
 	    SECITEM_AllocItem(cipherInfo->arena, &expitem, sizeof(int));
 	    for (i = 1; i <= sizeof(int); i++)
 		expitem.data[i-1] = exponent >> (8*(sizeof(int) - i));
-	    rsap->rsakey = RSA_NewKey(keysize * 8, &expitem);
-	    serialize_key(&rsap->rsakey->version, 9, file);
+	    *rsaKey = RSA_NewKey(keysize * 8, &expitem);
+	    serialize_key(&(*rsaKey)->version, 9, file);
 	    rsap->keysizeInBits = keysize * 8;
 	} else {
-	    setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0);
-	    rsap->rsakey = rsakey_from_filedata(&cipherInfo->params.key.buf);
-	    rsap->keysizeInBits = rsap->rsakey->modulus.len * 8;
+	    setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+	    *rsaKey = rsakey_from_filedata(&asymk->key.buf);
+	    rsap->keysizeInBits = (*rsaKey)->modulus.len * 8;
 	}
 	break;
     case bltestDSA:
-	dsap = &cipherInfo->params.dsa;
+	dsap = &asymk->cipherParams.dsa;
+	dsaKey = (DSAPrivateKey **)&asymk->privKey;
 	if (keysize > 0) {
 	    dsap->keysize = keysize*8;
 	    if (!dsap->pqg)
 		bltest_pqg_init(dsap);
-	    rv = DSA_NewKey(dsap->pqg, &dsap->dsakey);
+	    rv = DSA_NewKey(dsap->pqg, dsaKey);
 	    CHECKERROR(rv, __LINE__);
-	    serialize_key(&dsap->dsakey->params.prime, 5, file);
+	    serialize_key(&(*dsaKey)->params.prime, 5, file);
 	} else {
-	    setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0);
-	    dsap->dsakey = dsakey_from_filedata(&cipherInfo->params.key.buf);
-	    dsap->keysize = dsap->dsakey->params.prime.len*8;
+	    setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+	    *dsaKey = dsakey_from_filedata(&asymk->key.buf);
+	    dsap->keysize = (*dsaKey)->params.prime.len*8;
 	}
 	break;
 #ifdef NSS_ENABLE_ECC
     case bltestECDSA:
-	ecdsap = &cipherInfo->params.ecdsa;
+	ecKey = (ECPrivateKey **)&asymk->privKey;
 	if (curveName != NULL) {
 	    tmpECParamsDER = getECParams(curveName);
 	    rv = SECOID_Init();
 	    CHECKERROR(rv, __LINE__);
 	    rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure;
 	    CHECKERROR(rv, __LINE__);
-	    rv = EC_NewKey(tmpECParams, &ecdsap->eckey);
+	    rv = EC_NewKey(tmpECParams, ecKey);
 	    CHECKERROR(rv, __LINE__);
 	    ecSerialize[0].type = tmpECParamsDER->type;
 	    ecSerialize[0].data = tmpECParamsDER->data;
 	    ecSerialize[0].len  = tmpECParamsDER->len;
-	    ecSerialize[1].type = ecdsap->eckey->publicValue.type;
-	    ecSerialize[1].data = ecdsap->eckey->publicValue.data;
-	    ecSerialize[1].len  = ecdsap->eckey->publicValue.len;
-	    ecSerialize[2].type = ecdsap->eckey->privateValue.type;
-	    ecSerialize[2].data = ecdsap->eckey->privateValue.data;
-	    ecSerialize[2].len  = ecdsap->eckey->privateValue.len;
+	    ecSerialize[1].type = (*ecKey)->publicValue.type;
+	    ecSerialize[1].data = (*ecKey)->publicValue.data;
+	    ecSerialize[1].len  = (*ecKey)->publicValue.len;
+	    ecSerialize[2].type = (*ecKey)->privateValue.type;
+	    ecSerialize[2].data = (*ecKey)->privateValue.data;
+	    ecSerialize[2].len  = (*ecKey)->privateValue.len;
 	    serialize_key(&(ecSerialize[0]), 3, file);
 	    SECITEM_FreeItem(tmpECParamsDER, PR_TRUE);
 	    PORT_FreeArena(tmpECParams->arena, PR_TRUE);
 	    rv = SECOID_Shutdown();
 	    CHECKERROR(rv, __LINE__);
 	} else {
-	    setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0);
-	    ecdsap->eckey = eckey_from_filedata(&cipherInfo->params.key.buf);
+	    setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+	    *ecKey = eckey_from_filedata(&asymk->key.buf);
 	}
 	break;
 #endif
     default:
 	return SECFailure;
     }
     return SECSuccess;
 }
@@ -2103,29 +2222,39 @@ cipherInit(bltestCipherInfo *cipherInfo,
 	break;
     case bltestSEED_ECB:
     case bltestSEED_CBC:
 	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
 			  cipherInfo->input.pBuf.len);
 	return bltest_seed_init(cipherInfo, encrypt);
 	break;
     case bltestRSA:
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  cipherInfo->input.pBuf.len);
+    case bltestRSA_OAEP:
+    case bltestRSA_PSS:
+	if (encrypt || cipherInfo->mode != bltestRSA_PSS) {
+		/* Don't allocate a buffer for PSS in verify mode, as no actual
+		 * output is produced. */
+		SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+		                  RSA_MAX_MODULUS_BITS / 8);
+	}
 	return bltest_rsa_init(cipherInfo, encrypt);
 	break;
     case bltestDSA:
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  DSA_MAX_SIGNATURE_LEN);
+	if (encrypt) {
+		SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+		                  DSA_MAX_SIGNATURE_LEN);
+	}
 	return bltest_dsa_init(cipherInfo, encrypt);
 	break;
 #ifdef NSS_ENABLE_ECC
     case bltestECDSA:
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  2 * MAX_ECKEY_LEN);
+	if (encrypt) {
+		SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+		                  2 * MAX_ECKEY_LEN);
+	}
 	return bltest_ecdsa_init(cipherInfo, encrypt);
 	break;
 #endif
     case bltestMD2:
 	restart = cipherInfo->params.hash.restart;
 	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
 			  MD2_LENGTH);
 	cipherInfo->cipher.hashCipher = (restart) ? md2_restart : md2_HashBuf;
@@ -2179,272 +2308,24 @@ cipherInit(bltestCipherInfo *cipherInfo,
 	break;
     default:
 	return SECFailure;
     }
     return SECSuccess;
 }
 
 SECStatus
-dsaOp(bltestCipherInfo *cipherInfo)
-{
-    PRIntervalTime time1, time2;
-    SECStatus rv = SECSuccess;
-    int i;
-    int maxLen = cipherInfo->output.pBuf.len;
-    SECItem dummyOut = { 0, 0, 0 };
-    SECITEM_AllocItem(NULL, &dummyOut, maxLen);
-    if (cipherInfo->cipher.pubkeyCipher == dsa_signDigest) {
-	if (cipherInfo->params.dsa.sigseed.buf.len > 0) {
-            bltestDSAParams *dsa = &cipherInfo->params.dsa;
-            DSAPrivateKey *key = (DSAPrivateKey *)cipherInfo->cx;
-
-            TIMESTART();
-            rv = DSA_SignDigestWithSeed(key,
-                                        &cipherInfo->output.pBuf,
-                                        &cipherInfo->input.pBuf,
-                                        dsa->sigseed.buf.data);
-            TIMEFINISH(cipherInfo->optime, 1.0);
-            CHECKERROR(rv, __LINE__);
-            cipherInfo->repetitions = 0;
-            if (cipherInfo->repetitionsToPerfom != 0) {
-                TIMESTART();
-                for (i=0; i<cipherInfo->repetitionsToPerfom;
-                     i++, cipherInfo->repetitions++) {
-                    rv = DSA_SignDigestWithSeed(key, &dummyOut,
-                                                &cipherInfo->input.pBuf,
-                                                dsa->sigseed.buf.data);
-                    CHECKERROR(rv, __LINE__);
-                }
-            } else {
-                int opsBetweenChecks = 0;
-                TIMEMARK(cipherInfo->seconds);
-                while (! (TIMETOFINISH())) {
-                    int j = 0;
-                    for (;j < opsBetweenChecks;j++) {
-                        rv = DSA_SignDigestWithSeed(key, &dummyOut,
-                                                    &cipherInfo->input.pBuf,
-                                                    dsa->sigseed.buf.data);
-                        CHECKERROR(rv, __LINE__);
-                    }
-                    cipherInfo->repetitions += j;
-                }
-            }
-            TIMEFINISH(cipherInfo->optime, 1.0);
-        } else {
-            TIMESTART();
-            rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx,
-                                &cipherInfo->output.pBuf,
-                                &cipherInfo->input.pBuf);
-            TIMEFINISH(cipherInfo->optime, 1.0);
-            CHECKERROR(rv, __LINE__);
-            cipherInfo->repetitions = 0;
-            if (cipherInfo->repetitionsToPerfom != 0) {
-                TIMESTART();
-                for (i=0; i<cipherInfo->repetitionsToPerfom;
-                     i++, cipherInfo->repetitions++) {
-                    rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx,
-                                        &dummyOut,
-                                        &cipherInfo->input.pBuf);
-                    CHECKERROR(rv, __LINE__);
-                }
-            } else {
-                int opsBetweenChecks = 0;
-                TIMEMARK(cipherInfo->seconds);
-                while (! (TIMETOFINISH())) {
-                    int j = 0;
-                    for (;j < opsBetweenChecks;j++) {
-                        rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx,
-                                            &dummyOut,
-                                            &cipherInfo->input.pBuf);
-                        CHECKERROR(rv, __LINE__);
-                    }
-                    cipherInfo->repetitions += j;
-                }
-            }
-            TIMEFINISH(cipherInfo->optime, 1.0);
-        }
-	cipherInfo->output.buf.len = cipherInfo->output.pBuf.len;
-        bltestCopyIO(cipherInfo->arena, &cipherInfo->params.dsa.sig, 
-                     &cipherInfo->output);
-    } else {
-        TIMESTART();
-        rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx,
-                              &cipherInfo->params.dsa.sig.buf,
-                              &cipherInfo->input.pBuf);
-        TIMEFINISH(cipherInfo->optime, 1.0);
-        CHECKERROR(rv, __LINE__);
-        cipherInfo->repetitions = 0;
-        if (cipherInfo->repetitionsToPerfom != 0) {
-            TIMESTART();
-            for (i=0; i<cipherInfo->repetitionsToPerfom;
-                 i++, cipherInfo->repetitions++) {
-                rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx,
-                                      &cipherInfo->params.dsa.sig.buf,
-                                      &cipherInfo->input.pBuf);
-                CHECKERROR(rv, __LINE__);
-            }
-        } else {
-            int opsBetweenChecks = 0;
-            TIMEMARK(cipherInfo->seconds);
-            while (! (TIMETOFINISH())) {
-                int j = 0;
-                for (;j < opsBetweenChecks;j++) {
-                    rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx,
-                                          &cipherInfo->params.dsa.sig.buf,
-                                          &cipherInfo->input.pBuf);
-                    CHECKERROR(rv, __LINE__);
-                }
-                cipherInfo->repetitions += j;
-            }
-        }
-        TIMEFINISH(cipherInfo->optime, 1.0);
-    }
-    SECITEM_FreeItem(&dummyOut, PR_FALSE);
-    return rv;
-}
-
-#ifdef NSS_ENABLE_ECC
-SECStatus
-ecdsaOp(bltestCipherInfo *cipherInfo)
-{
-    PRIntervalTime time1, time2;
-    SECStatus rv = SECSuccess;
-    int i;
-    int maxLen = cipherInfo->output.pBuf.len;
-    SECItem dummyOut = { 0, 0, 0 };
-    SECITEM_AllocItem(NULL, &dummyOut, maxLen);
-    if (cipherInfo->cipher.pubkeyCipher == ecdsa_signDigest) {
-        if (cipherInfo->params.ecdsa.sigseed.buf.len > 0) {
-            ECPrivateKey *key = (ECPrivateKey *)cipherInfo->cx;
-            bltestECDSAParams *ecdsa = &cipherInfo->params.ecdsa;
-
-            TIMESTART();
-            rv = ECDSA_SignDigestWithSeed(key,
-                                          &cipherInfo->output.pBuf,
-                                          &cipherInfo->input.pBuf,
-                                          ecdsa->sigseed.buf.data,
-                                          ecdsa->sigseed.buf.len);
-            TIMEFINISH(cipherInfo->optime, 1.0);
-            CHECKERROR(rv, __LINE__);
-            cipherInfo->repetitions = 0;
-            if (cipherInfo->repetitionsToPerfom != 0) {
-                TIMESTART();
-                for (i=0; i<cipherInfo->repetitionsToPerfom;
-                     i++, cipherInfo->repetitions++) {
-                    rv = ECDSA_SignDigestWithSeed(key, &dummyOut,
-                                                  &cipherInfo->input.pBuf,
-                                                  ecdsa->sigseed.buf.data,
-                                                  ecdsa->sigseed.buf.len);
-                    CHECKERROR(rv, __LINE__);
-                }
-            } else {
-                int opsBetweenChecks = 0;
-                TIMEMARK(cipherInfo->seconds);
-                while (! (TIMETOFINISH())) {
-                    int j = 0;
-                    for (;j < opsBetweenChecks;j++) {
-                        rv = ECDSA_SignDigestWithSeed(key, &dummyOut,
-                                                      &cipherInfo->input.pBuf,
-                                                      ecdsa->sigseed.buf.data,
-                                                      ecdsa->sigseed.buf.len);
-                        CHECKERROR(rv, __LINE__);
-                    }
-                    cipherInfo->repetitions += j;
-                }
-            }
-            TIMEFINISH(cipherInfo->optime, 1.0);
-        } else {
-            TIMESTART();
-            rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx,
-                                  &cipherInfo->output.pBuf,
-                                  &cipherInfo->input.pBuf);
-            TIMEFINISH(cipherInfo->optime, 1.0);
-            CHECKERROR(rv, __LINE__);
-            cipherInfo->repetitions = 0;
-            if (cipherInfo->repetitionsToPerfom != 0) {
-                TIMESTART();
-                for (i=0; i<cipherInfo->repetitionsToPerfom;
-                     i++, cipherInfo->repetitions++) {
-                    rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx,
-                                          &dummyOut,
-                                          &cipherInfo->input.pBuf);
-                    CHECKERROR(rv, __LINE__);
-                }
-            } else {
-                int opsBetweenChecks = 0;
-                TIMEMARK(cipherInfo->seconds);
-                while (! (TIMETOFINISH())) {
-                    int j = 0;
-                    for (;j < opsBetweenChecks;j++) {
-                        rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx,
-                                              &dummyOut,
-                                              &cipherInfo->input.pBuf);
-                        CHECKERROR(rv, __LINE__);
-                    }
-                    cipherInfo->repetitions += j;
-                }
-            }
-            TIMEFINISH(cipherInfo->optime, 1.0);
-        }
-        bltestCopyIO(cipherInfo->arena, &cipherInfo->params.ecdsa.sig, 
-                     &cipherInfo->output);
-    } else {
-        TIMESTART();
-        rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx,
-                                &cipherInfo->params.ecdsa.sig.buf,
-                                &cipherInfo->input.pBuf);
-        TIMEFINISH(cipherInfo->optime, 1.0);
-        CHECKERROR(rv, __LINE__);
-        cipherInfo->repetitions = 0;
-        if (cipherInfo->repetitionsToPerfom != 0) {
-            TIMESTART();
-            for (i=0; i<cipherInfo->repetitionsToPerfom;
-                 i++, cipherInfo->repetitions++) {
-                rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx,
-                                        &cipherInfo->params.ecdsa.sig.buf,
-                                        &cipherInfo->input.pBuf);
-                CHECKERROR(rv, __LINE__);
-            }
-        } else {
-            int opsBetweenChecks = 0;
-            TIMEMARK(cipherInfo->seconds);
-            while (! (TIMETOFINISH())) {
-                int j = 0;
-                for (;j < opsBetweenChecks;j++) {
-                    rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx,
-                                            &cipherInfo->params.ecdsa.sig.buf,
-                                            &cipherInfo->input.pBuf);
-                    CHECKERROR(rv, __LINE__);
-                }
-                cipherInfo->repetitions += j;
-            }
-        }
-        TIMEFINISH(cipherInfo->optime, 1.0);
-    }
-    SECITEM_FreeItem(&dummyOut, PR_FALSE);
-    return rv;
-}
-#endif
-
-SECStatus
 cipherDoOp(bltestCipherInfo *cipherInfo)
 {
     PRIntervalTime time1, time2;
     SECStatus rv = SECSuccess;
     int i;
     unsigned int len;
     unsigned int maxLen = cipherInfo->output.pBuf.len;
     unsigned char *dummyOut;
-    if (cipherInfo->mode == bltestDSA)
-	return dsaOp(cipherInfo);
-#ifdef NSS_ENABLE_ECC
-    else if (cipherInfo->mode == bltestECDSA)
-	return ecdsaOp(cipherInfo);
-#endif
     dummyOut = PORT_Alloc(maxLen);
     if (is_symmkeyCipher(cipherInfo->mode)) {
         const unsigned char *input = cipherInfo->input.pBuf.data;
         unsigned int inputLen = is_singleShotCipher(cipherInfo->mode) ?
                  cipherInfo->input.pBuf.len :
                  PR_MIN(cipherInfo->input.pBuf.len, 16);
         unsigned char *output = cipherInfo->output.pBuf.data;
         unsigned int outputLen = maxLen;
@@ -2604,18 +2485,20 @@ cipherFinish(bltestCipherInfo *cipherInf
 	RC4_DestroyContext((RC4Context *)cipherInfo->cx, PR_TRUE);
 	break;
 #ifdef NSS_SOFTOKEN_DOES_RC5
     case bltestRC5_ECB:
     case bltestRC5_CBC:
 	RC5_DestroyContext((RC5Context *)cipherInfo->cx, PR_TRUE);
 	break;
 #endif
-    case bltestRSA: /* keys are alloc'ed within cipherInfo's arena, */
-    case bltestDSA: /* will be freed with it. */
+    case bltestRSA:      /* keys are alloc'ed within cipherInfo's arena, */
+    case bltestRSA_PSS:  /* will be freed with it. */
+    case bltestRSA_OAEP:
+    case bltestDSA:
 #ifdef NSS_ENABLE_ECC
     case bltestECDSA:
 #endif
     case bltestMD2: /* hash contexts are ephemeral */
     case bltestMD5:
     case bltestSHA1:
     case bltestSHA224:
     case bltestSHA256:
@@ -2767,40 +2650,46 @@ print_td:
               printf("symmetric key(bytes)=%d,", info->params.sk.key.buf.len);
           if (info->rounds > 0)
               printf("rounds=%d,", info->params.rc5.rounds);
           if (info->wordsize > 0)
               printf("wordsize(bytes)=%d,", info->params.rc5.wordsize);
           break;
 #endif
       case bltestRSA:
+      case bltestRSA_PSS:
+      case bltestRSA_OAEP:
           if (td) {
               fprintf(stdout, "%8s", "rsa_mod");
               fprintf(stdout, "%12s", "rsa_pe");
           } else {
-              fprintf(stdout, "%8d", info->params.rsa.keysizeInBits);
-              print_exponent(&info->params.rsa.rsakey->publicExponent);
+              bltestAsymKeyParams *asymk = &info->params.asymk;
+              fprintf(stdout, "%8d", asymk->cipherParams.rsa.keysizeInBits);
+              print_exponent(
+                  &((RSAPrivateKey *)asymk->privKey)->publicExponent);
           }
           break;
       case bltestDSA:
-          if (td)
+          if (td) {
               fprintf(stdout, "%8s", "pqg_mod");
-          else
-              fprintf(stdout, "%8d", info->params.dsa.keysize);
+          } else {
+              fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize);
+          }
           break;
 #ifdef NSS_ENABLE_ECC
       case bltestECDSA:
-          if (td)
+          if (td) {
               fprintf(stdout, "%12s", "ec_curve");
-          else {
-	      ECCurveName curveName = info->params.ecdsa.eckey->ecParams.name;
+          } else {
+              ECPrivateKey *key = (ECPrivateKey*)info->params.asymk.privKey;
+              ECCurveName curveName = key->ecParams.name;
               fprintf(stdout, "%12s",
                       ecCurve_map[curveName]? ecCurve_map[curveName]->text:
-					      "Unsupported curve");
-	  }
+                      "Unsupported curve");
+          }
           break;
 #endif
       case bltestMD2:
       case bltestMD5:
       case bltestSHA1:
       case bltestSHA256:
       case bltestSHA384:
       case bltestSHA512:
@@ -2875,22 +2764,50 @@ load_file_data(PLArenaPool *arena, bltes
     data->pBuf.len = 0;
     file = PR_Open(fn, PR_RDONLY, 00660);
     if (file) {
 	setupIO(arena, data, file, NULL, 0);
 	PR_Close(file);
     }
 }
 
+HASH_HashType
+mode_str_to_hash_alg(const SECItem *modeStr)
+{
+    bltestCipherMode mode;
+    char* tempModeStr = NULL;
+    if (!modeStr || modeStr->len == 0)
+        return HASH_AlgNULL;
+    tempModeStr = PORT_Alloc(modeStr->len + 1);
+    if (!tempModeStr)
+        return HASH_AlgNULL;
+    memcpy(tempModeStr, modeStr->data, modeStr->len);
+    tempModeStr[modeStr->len] = '\0';
+    mode = get_mode(tempModeStr);
+    PORT_Free(tempModeStr);
+    switch (mode) {
+        case bltestMD2:    return HASH_AlgMD2;
+        case bltestMD5:    return HASH_AlgMD5;
+        case bltestSHA1:   return HASH_AlgSHA1;
+        case bltestSHA224: return HASH_AlgSHA224;
+        case bltestSHA256: return HASH_AlgSHA256;
+        case bltestSHA384: return HASH_AlgSHA384;
+        case bltestSHA512: return HASH_AlgSHA512;
+    }
+    return HASH_AlgNULL;
+}
+
 void
 get_params(PLArenaPool *arena, bltestParams *params,
 	   bltestCipherMode mode, int j)
 {
     char filename[256];
     char *modestr = mode_strings[mode];
+    bltestIO tempIO;
+
 #ifdef NSS_SOFTOKEN_DOES_RC5
     FILE *file;
     char *mark, *param, *val;
     int index = 0;
 #endif
     switch (mode) {
     case bltestAES_GCM:
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "aad", j);
@@ -2939,48 +2856,72 @@ get_params(PLArenaPool *arena, bltestPar
 	    } else if (PL_strcmp(param, "wordsize") == 0) {
 		params->rc5.wordsize = atoi(val);
 	    }
 	    index += PL_strlen(param) + PL_strlen(val) + 2;
 	    param = mark + 1;
 	}
 	break;
 #endif
+    case bltestRSA_PSS:
+	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
+	load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
+	/* fall through */
+    case bltestRSA_OAEP:
+	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "seed", j);
+	load_file_data(arena, &params->asymk.cipherParams.rsa.seed,
+	               filename, bltestBase64Encoded);
+
+	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "hash", j);
+	load_file_data(arena, &tempIO, filename, bltestBinary);
+	params->asymk.cipherParams.rsa.hashAlg =
+	    mode_str_to_hash_alg(&tempIO.buf);
+
+	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "maskhash", j);
+	load_file_data(arena, &tempIO, filename, bltestBinary);
+	params->asymk.cipherParams.rsa.maskHashAlg =
+	    mode_str_to_hash_alg(&tempIO.buf);
+	/* fall through */
     case bltestRSA:
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
-	load_file_data(arena, &params->rsa.key, filename, bltestBase64Encoded);
-	params->rsa.rsakey = rsakey_from_filedata(&params->key.buf);
+	load_file_data(arena, &params->asymk.key, filename,
+	               bltestBase64Encoded);
+	params->asymk.privKey =
+	    (void *)rsakey_from_filedata(&params->asymk.key.buf);
 	break;
     case bltestDSA:
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
-	load_file_data(arena, &params->dsa.key, filename, bltestBase64Encoded);
-	params->dsa.dsakey = dsakey_from_filedata(&params->key.buf);
+	load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
+	params->asymk.privKey =
+	     (void *)dsakey_from_filedata(&params->asymk.key.buf);
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "pqg", j);
-	load_file_data(arena, &params->dsa.pqgdata, filename,
-		       bltestBase64Encoded);
-	params->dsa.pqg = pqg_from_filedata(&params->dsa.pqgdata.buf);
+	load_file_data(arena, &params->asymk.cipherParams.dsa.pqgdata, filename,
+	               bltestBase64Encoded);
+	params->asymk.cipherParams.dsa.pqg =
+	      pqg_from_filedata(&params->asymk.cipherParams.dsa.pqgdata.buf);
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j);
-	load_file_data(arena, &params->dsa.keyseed, filename, 
+	load_file_data(arena, &params->asymk.cipherParams.dsa.keyseed, filename,
 	               bltestBase64Encoded);
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
-	load_file_data(arena, &params->dsa.sigseed, filename, 
+	load_file_data(arena, &params->asymk.cipherParams.dsa.sigseed, filename,
 	               bltestBase64Encoded);
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
-	load_file_data(arena, &params->dsa.sig, filename, bltestBase64Encoded);
+	load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
 	break;
 #ifdef NSS_ENABLE_ECC
     case bltestECDSA:
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
-	load_file_data(arena, &params->ecdsa.key, filename, bltestBase64Encoded);
-	params->ecdsa.eckey = eckey_from_filedata(&params->key.buf);
+	load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
+	params->asymk.privKey =
+	      (void *)eckey_from_filedata(&params->asymk.key.buf);
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
-	load_file_data(arena, &params->ecdsa.sigseed, filename, 
-	               bltestBase64Encoded);
+	load_file_data(arena, &params->asymk.cipherParams.ecdsa.sigseed,
+	               filename, bltestBase64Encoded);
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
-	load_file_data(arena, &params->ecdsa.sig, filename, bltestBase64Encoded);
+	load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
 	break;
 #endif
     case bltestMD2:
     case bltestMD5:
     case bltestSHA1:
     case bltestSHA224:
     case bltestSHA256:
     case bltestSHA384:
@@ -3069,173 +3010,114 @@ blapi_selftest(bltestCipherMode *modes, 
 	    mode = i;
 	if (mode == bltestINVALID) {
 	    fprintf(stderr, "%s: Skipping invalid mode.\n",progName);
 	    continue;
 	}
 	modestr = mode_strings[mode];
 	cipherInfo.mode = mode;
 	params = &cipherInfo.params;
-#ifdef TRACK_BLTEST_BUG
-	if (mode == bltestRSA) {
-	    fprintf(stderr, "[%s] Self-Testing RSA\n", __bltDBG);
-	}
-#endif
 	/* get the number of tests in the directory */
 	sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests");
 	file = PR_Open(filename, PR_RDONLY, 00660);
 	if (!file) {
 	    fprintf(stderr, "%s: File %s does not exist.\n", progName,filename);
 	    return SECFailure;
 	}
 	rv = SECU_FileToItem(&item, file);
-#ifdef TRACK_BLTEST_BUG
-	if (mode == bltestRSA) {
-	    fprintf(stderr, "[%s] Loaded data from %s\n", __bltDBG, filename);
-	}
-#endif
 	PR_Close(file);
 	/* loop over the tests in the directory */
 	numtests = 0;
 	for (j=0; j<item.len; j++) {
 	    if (!isdigit(item.data[j])) {
 		break;
 	    }
 	    numtests *= 10;
 	    numtests += (int) (item.data[j] - '0');
 	}
 	for (j=0; j<numtests; j++) {
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Executing self-test #%d\n", __bltDBG, j);
-	    }
-#endif
-	    sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
-			      "plaintext", j);
-	    load_file_data(arena, &pt, filename, 
-#ifdef NSS_ENABLE_ECC
-	                   ((mode == bltestDSA) || (mode == bltestECDSA))
-#else
-	                   (mode == bltestDSA)
-#endif
-	                   ? bltestBase64Encoded : bltestBinary);
 	    sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
-			      "ciphertext", j);
+	            "plaintext", j);
+	    load_file_data(arena, &pt, filename,
+	                   is_sigCipher(mode) ? bltestBase64Encoded
+	                                      : bltestBinary);
+	    sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
+	            "ciphertext", j);
 	    load_file_data(arena, &ct, filename, bltestBase64Encoded);
 
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Loaded data for  self-test #%d\n", __bltDBG, j);
-	    }
-#endif
 	    get_params(arena, params, mode, j);
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Got parameters for #%d\n", __bltDBG, j);
-	    }
-#endif
 	    /* Forward Operation (Encrypt/Sign/Hash)
 	    ** Align the input buffer (plaintext) according to request
 	    ** then perform operation and compare to ciphertext
 	    */
 	    /* XXX for now */
 	    rv = SECSuccess;
 	    if (encrypt) {
 		bltestCopyIO(arena, &cipherInfo.input, &pt);
 		misalignBuffer(arena, &cipherInfo.input, inoff);
 		memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
 		rv |= cipherInit(&cipherInfo, PR_TRUE);
 		misalignBuffer(arena, &cipherInfo.output, outoff);
-#ifdef TRACK_BLTEST_BUG
-		if (mode == bltestRSA) {
-		    fprintf(stderr, "[%s] Inited cipher context and buffers for #%d\n", __bltDBG, j);
-		}
-#endif
 		rv |= cipherDoOp(&cipherInfo);
-#ifdef TRACK_BLTEST_BUG
-		if (mode == bltestRSA) {
-		    fprintf(stderr, "[%s] Performed encrypt for #%d\n", __bltDBG, j);
-		}
-#endif
 		rv |= cipherFinish(&cipherInfo);
-#ifdef TRACK_BLTEST_BUG
-		if (mode == bltestRSA) {
-		    fprintf(stderr, "[%s] Finished encrypt for #%d\n", __bltDBG, j);
-		}
-#endif
 		rv |= verify_self_test(&cipherInfo.output, 
 		                       &ct, mode, PR_TRUE, 0);
-#ifdef TRACK_BLTEST_BUG
-		if (mode == bltestRSA) {
-		    fprintf(stderr, "[%s] Verified self-test for #%d\n", __bltDBG, j);
-		}
-#endif
 		/* If testing hash, only one op to test */
 		if (is_hashCipher(mode))
 		    continue;
 		/*if (rv) return rv;*/
+		if (is_sigCipher(mode)) {
+		    /* Verify operations support detached signature files. For
+		    ** consistency between tests that run Sign/Verify back to
+		    ** back (eg: self-tests) and tests that are only running
+		    ** verify operations, copy the output into the sig buf,
+		    ** and then copy the sig buf back out when verifying. For
+		    ** self-tests, this is unnecessary copying, but for
+		    ** verify-only operations, this ensures that the output
+		    ** buffer is properly configured
+		    */
+		    bltestCopyIO(arena, &params->asymk.sig, &cipherInfo.output);
+		}
 	    }
 	    if (!decrypt)
 		continue;
 	    /* XXX for now */
 	    rv = SECSuccess;
 	    /* Reverse Operation (Decrypt/Verify)
 	    ** Align the input buffer (ciphertext) according to request
 	    ** then perform operation and compare to plaintext
 	    */
-#ifdef NSS_ENABLE_ECC
-	    if ((mode != bltestDSA) && (mode != bltestECDSA))
-#else
-	    if (mode != bltestDSA)
-#endif
+	    if (is_sigCipher(mode)) {
+		bltestCopyIO(arena, &cipherInfo.input, &pt);
+		bltestCopyIO(arena, &cipherInfo.output, &params->asymk.sig);
+	    } else {
 		bltestCopyIO(arena, &cipherInfo.input, &ct);
-	    else
-		bltestCopyIO(arena, &cipherInfo.input, &pt);
+		memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
+	    }
 	    misalignBuffer(arena, &cipherInfo.input, inoff);
-	    memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
 	    rv |= cipherInit(&cipherInfo, PR_FALSE);
 	    misalignBuffer(arena, &cipherInfo.output, outoff);
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Inited cipher context and buffers for #%d\n", __bltDBG, j);
-	    }
-#endif
 	    srv = SECSuccess;
 	    srv |= cipherDoOp(&cipherInfo);
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Performed decrypt for #%d\n", __bltDBG, j);
-	    }
-#endif
 	    rv |= cipherFinish(&cipherInfo);
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Finished decrypt for #%d\n", __bltDBG, j);
-	    }
-#endif
 	    rv |= verify_self_test(&cipherInfo.output, 
 	                           &pt, mode, PR_FALSE, srv);
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Verified self-test for #%d\n", __bltDBG, j);
-	    }
-#endif
 	    /*if (rv) return rv;*/
 	}
     }
     return rv;
 }
 
 SECStatus
 dump_file(bltestCipherMode mode, char *filename)
 {
     bltestIO keydata;
     PLArenaPool *arena = NULL;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
-    if (mode == bltestRSA) {
+    if (mode == bltestRSA || mode == bltestRSA_PSS || mode == bltestRSA_OAEP) {
 	RSAPrivateKey *key;
 	load_file_data(arena, &keydata, filename, bltestBase64Encoded);
 	key = rsakey_from_filedata(&keydata.buf);
 	dump_rsakey(key);
     } else if (mode == bltestDSA) {
 #if 0
 	PQGParams *pqg;
 	get_file_data(filename, &item, PR_TRUE);
@@ -3716,19 +3598,19 @@ int main(int argc, char **argv)
 	}
 	if (bltest.commands[cmd_Decrypt].activated &&
 	    !bltest.commands[cmd_Encrypt].activated)
 	    encrypt = PR_FALSE;
 	if (bltest.commands[cmd_Encrypt].activated &&
 	    !bltest.commands[cmd_Decrypt].activated)
 	    decrypt = PR_FALSE;
 	rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff,
-                            encrypt, decrypt);
-        PORT_Free(cipherInfo);
-        return rv;
+	                    encrypt, decrypt);
+	PORT_Free(cipherInfo);
+	return rv;
     }
 
     /* Do FIPS self-test */
     if (bltest.commands[cmd_FIPS].activated) {
 	CK_RV ckrv = sftk_fipsPowerUpSelfTest();
 	fprintf(stdout, "CK_RV: %ld.\n", ckrv);
         PORT_Free(cipherInfo);
         if (ckrv == CKR_OK)
@@ -3960,38 +3842,31 @@ int main(int argc, char **argv)
             setupIO(cipherInfo->arena, &askp->aad, file, aadstr, 0);
             if (file) {
                 PR_Close(file);
             }
         }
         
         if (bltest.commands[cmd_Verify].activated) {
             file = PR_Open(bltest.options[opt_SigFile].arg, PR_RDONLY, 00660);
-            if (cipherInfo->mode == bltestDSA) {
-                memset(&cipherInfo->params.dsa.sig, 0, sizeof(bltestIO));
-                cipherInfo->params.dsa.sig.mode = ioMode;
-                setupIO(cipherInfo->arena, &cipherInfo->params.dsa.sig,
-                        file, NULL, 0);
-#ifdef NSS_ENABLE_ECC
-            } else if (cipherInfo->mode == bltestECDSA) {
-                memset(&cipherInfo->params.ecdsa.sig, 0, sizeof(bltestIO));
-                cipherInfo->params.ecdsa.sig.mode = ioMode;
-                setupIO(cipherInfo->arena, &cipherInfo->params.ecdsa.sig,
-                        file, NULL, 0);
-#endif
+            if (is_sigCipher(cipherInfo->mode)) {
+                memset(&params->asymk.sig, 0, sizeof(bltestIO));
+                params->asymk.sig.mode = ioMode;
+                setupIO(cipherInfo->arena, &params->asymk.sig, file, NULL, 0);
             }
             if (file) {
                 PR_Close(file);
             }
         }
         
         if (bltest.options[opt_PQGFile].activated) {
             file = PR_Open(bltest.options[opt_PQGFile].arg, PR_RDONLY, 00660);
-            params->dsa.pqgdata.mode = bltestBase64Encoded;
-            setupIO(cipherInfo->arena, &params->dsa.pqgdata, file, NULL, 0);
+            params->asymk.cipherParams.dsa.pqgdata.mode = bltestBase64Encoded;
+            setupIO(cipherInfo->arena, &params->asymk.cipherParams.dsa.pqgdata,
+                    file, NULL, 0);
             if (file) {
                 PR_Close(file);
             }
         }
 
         /* Set up the input buffer */
         if (bltest.options[opt_Input].activated) {
             if (bltest.options[opt_CmdLine].activated) {
--- a/security/nss/cmd/bltest/tests/README
+++ b/security/nss/cmd/bltest/tests/README
@@ -41,9 +41,16 @@ public key modes (RSA and DSA):
 Asymmetric key ciphers use keys with special properties, so creating a
 key file with "Mozilla!" in it will not get you very far!  To create a
 public key, run bltest with the plaintext you want to encrypt, using a
 trusted implementation.  bltest will generate a key and store it in
 "tmp.key", rename that file to keyN.  For example:
     bltest -E -m rsa -i plaintext0 -o ciphertext0 -e 65537 -g 32 -a
     mv tmp.key key0
 
+RSA-OAEP/RSA-PSS:
+RSA-OAEP and RSA-PSS have a number of additional parameters to feed in.
+- "seedN": The seed or salt to use when encrypting/signing
+- "hashN" / "maskhashN" - The base digest algorithm and the digest algorithm
+   to use with MGF1, respectively. This should be an ASCII string specifying
+   one of the hash algorithms recognized by bltest (eg: "sha1", "sha256")
+
 [note: specifying a keysize (-g) when using RSA is important!]
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext0
@@ -0,0 +1,3 @@
+NU/me0oSbV01/jbHd3kaP3uhPe9ITi05CK/3IvrUaPshaW3pXQvpEcLTF0+K/MIBA197bY5pQC3l
+RRYYwhpTX6nXv8W43Z/CQ/jPkn2zEyLW6IHqqRqZYXDmV6BaJmQm2YyIAD+Ed8EicJSg2foejEAk
+MJzh7My1IQA11HrHLoo=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext1
@@ -0,0 +1,3 @@
+ZA2xrMWOBWj+VAfl+bcB3/jDyR5xbFNvx/zsbLW3HBFlmI1KJ54Vd9cw/Hopky4/AMgVFSNtjY4x
+AXp6Cd9DUtkEzet5qlg63MMeppikwFKD2rqQib5UkfZ8Gk7kjcdLu+ZkOu+EZnm0yzlaNS1e0RWR
+LfaW/+BwKTKUbXFJK0Q=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext10
@@ -0,0 +1,4 @@
+Iyr7ySf6CML2onuH1KXLCcB9wm+uc9c6kFWIOfT9ZtKBuH7HNLziN7oWZpjtgpEGp95pQs1s3OeP
+7Y0uTYFCjmZJDQNiZM75KvlB0+NQVf45geFNKcu5pPZ0cwY7rseaEXn1oXycGDLyg4/X1eWbuWWd
+VtzooBnt7xuzrMxpfMbMenePYKBkx/b11SnGIQJi4APeWD6B4xZ7iZcfuMDhXUT//vibU9jWTdeX
+0Vm1bSsI6lMH6hLCQb1Y1O4nih8u
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext11
@@ -0,0 +1,4 @@
+Q4zH3AimjaJJ5CUF+Fc7pg4sJ3PVspD0z53/cY6EIIHDg+ZwJKDylZTqmHudJeS3OPKFlw0ZWrs6
+jIBU49eda5yagye6WW8SWeJxJmdHZpB9jVgv86hHYVSSmtsebRI1ssy07I9mO6nMZwqSvr2FPI2/
+acZDbQFvYa3YNulHMkUENCB/n9TEPewqEqlY76Ae/iZpiZteYEwlXFX7cWbeVYnjaVl7sJFowG3V
+2xd+BqF0DrLVyC+uym2S/O6ZMbqf
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext12
@@ -0,0 +1,5 @@
+U+pdwIzSYPs7hYVnKH+pFVLDCy/r+6IT8K6HcC0GjRm6sH/ldFI9+0ITnWjDxa/u4L/ky3lpy/OC
+uATW5hOWFE4tDmB0H4mTwwFLWLmxlXqLq80jr4VPTDVvsWYqpyv8x+WGVZ3EKA0WDBJnhacj6+6+
+/3HxFZRECq74fRB5Ood0ojnUoEyH/hRnudr4UgjsbHJVeUqWzCkUL5qL1Bjjwf1nNEsM0IKd87K+
+xgJTGWKTxrNNP3XTLyE91Fxic9UFrfTM7RBXy3WPwmru+kQSVe1OZMGZ7gdefxZkYYL9tGRzm2ir
+Xa/w5j6VUgFoJPBUv008jJCpe7a2VTKE60KfzA==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext13
@@ -0,0 +1,5 @@
+orGkMKnWV+L6HCu17UP/slwFowj+kJPAEDF5X1h0QAEQgorlj7m1gc6d3dPlSa4EoJhUWb3mxiZZ
+TnsF3EJ4sqFGXBNoQIgjyF6W3GbDowmDxjlmT8RWmjf+IeWhlbV3bu0t+NjTYa9obnUCKbvWY/Fh
+hopQYV4MM3vsDKNf7AuxnDbrLgu8wFgvodk6rNsGEGP1nyzh7kNgXl2J7KGD0qzf6fgQEQIq07Q6
+PdQX2slLThHqgbGSlm6WaxgggucZZGB7T4AC82KZhEoR8q4PrqwurnD49PmAiKzc0KxVbp/MxRFS
+GQj60m8ExkIBRQMFd4dYsFOL+LW7FEqCjmKXlQ==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext14
@@ -0,0 +1,5 @@
+mIbD5nZKi5qE6EFI69jDsaqAUDgaePZocUwW2c/Spu3FaXnFNdne47RLhcGL6JKJkjcXEUciFtld
+2pjS7oNHybFN/9/4SqSNJawG99fmU5islnsc6Qkl9n3OBJt/gS2wdCmXp01E/oHb4Oej/q8uXECv
+iI1VDdu+O8IGV6KVQ/j8KRO5vRphsqsiVuxAm719wNF3F+olxD9C7Sffhzi/SvxnZv96/whZVV7i
+g5IPTIpjxKc0DLr93DOezbSwUVAC+WyTK1t5Fnr2mcCtP8z98PROhacCYr8uGP40uFBYmXXoZ/+W
+nUjqvyEicVRs3AWmnstSblKHDINvMHvXmHgO3g==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext15
@@ -0,0 +1,5 @@
+Yxjp+1wNBeUwfhaDQ26QMpOsRkI1iqoiPXFjATq6h+Lf2o5gxoYOKaHpJoYWPqC5F18ynKOxMaHt
+06d3Wai5e61qT49DlvKM9vOcpYES5IFg1uID2qWFbzrKX/7Vd69JlAjj39Iz4+YE2+NKnEyQgt5l
+UnysYzHSncgOBQig+nEi5/Mp9sylz6NNTR2kF4BUV+AIvsVJ5Hj/nhKnY8R30Vu7ePW2m9V4MPws
+TtaG15vHKpXYX4gTTGsK/laozPvIVYKLszm9F5Cc8dcN4zNa4HA5CT5gbWVTZd5lULhyzW3h1EDu
+AxthlF9imtijU7DUCTnpajxFDSqNXu6fZ4CTyA==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext16
@@ -0,0 +1,5 @@
+dSkIcsz9SkUFZg1lH1babaoJyhMB2JBjL2qZLz1WXO5GSv3tQO07W+k1ZxTqWqdlX0oTZsLxfHKP
+byxaXR+OKEKbxOb48s/42o3A4KmAjkX9CeovpAyyts5v//XA4VnRG2jZCoX3uE4QOwnmgmZkgMZX
+UFwJKSWUaKMUeG106rExVzzyNL9X232eZsxnSBkuAC3A3uqTBYXwgx/c2bwz1R957S/8Frz01ZgS
+/OvKo/kGmw5EVobWRMJcz2O0Vu5fpv/pbxnN91H+2erzWVd1Tb9L/qUhaqGETcUHyy0IDnIuuhUD
+CMK1/xGTYg8XZuz0SBuvuUO9KSh38hNspJSroA==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext17
@@ -0,0 +1,5 @@
+LSB6c0Mqj7TAMFGz9zsophdkCY36NMR6IJlfgRWqaBZnm1V+gtvuWEkIxuaXgtfes029Za8GPVf8
+p2pf0GlJL9YGjZmE0gk1BWWmLlx38jA4wSyxDGY0cJtUfEb2tKcJvYXKEi10Rl75d2LCl2Pgbbx6
+nnOMeL/KAQLcXnnWW5c/KCQMqrLhYaeLV9JiRX7YGV1T48eunaAhiDxtt8JK/dIyLqyXKtPDVMX8
+7x4UbDoCkPtnrfAHBm4AQo0s7BjOWPkyhpje/vSy617HaRj94cGYy7OLevxnYmqa7+xDIr/ZDSVj
+SByaIh94yCcsgtG2KrkU4cafavbvMMpSYNtKRg==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext2
@@ -0,0 +1,3 @@
+Qjc27QNfYCavJ2w1wLN0GzZeX3bKCRtOjCni8L7+5gNZWqgyLWAtLmJeleuBsvHJck6CLsp224YY
+zwnFNDUDpDYINbWQO8Y344efsF4O8yaF1a7FBnzXzJb+SyZwturDBmsfz1aGtoWJqvt9YpsC2Phi
+XKODNiTUgA+wgbHPlOs=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext3
@@ -0,0 +1,3 @@
+RerUylUeZiyYAPGsqCg7BSXmq64wvktKunYvpA/T044iq+/Gl5T267vAXduxEhYkfS9BL9D7qHxu
+Os2IiBNkb9DkjnhSBPnD9z1tgjlWJyLd3Ydx/sSLg6Me5vWSxM/UvIgXTzsToRKq47n3uA4Pxvcl
+W6iA3H2AIeIq1qhfB1U=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext4
@@ -0,0 +1,3 @@
+NvbjTZSo002qy6M6ITnQCthak0WoYFHnMHFiAFa5IOIZAFhVohOg8jiXzc1zG0UlfHd/6QggK+/d
+C1g4axJE6gz1OaBdXRAynaROEwMP12Dc1kTP7yCU0ZENP0M+HHxt0YvB8t9/ZD1mL7ndN+rZBZGQ
+9PpmyjnoacTrRJy9xDk=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext5
@@ -0,0 +1,3 @@
+Qs7iYXsezqTbP0gpOG+9Ydr78DjhgNg3yWNm3yTAl7SrD6xr31kNghyfEGQuaBrQW414s3jA9Gzi
++tY/dOCtPfBrB11+tfVjb41AO5BZynYbXGK7UqpFAC6nC6rOCN7SQ7nYy9YqaK3iZYMrVlZOQ6b6
+Qu0ZmgmXaXQt8VOeglU=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext6
@@ -0,0 +1,4 @@
+JnvNEYrKsfyLqByF1zADy4YQ+lXB2X2o1Ip8fwaJak23UaooQlW502rWXzdlPYKfGzf5e4ABlCVF
+svwsVac3bKehvksXYMjgWjPlqiUmuNmOMXCI54NMdVsqWbEmMaGCwF1dQ6sXeSZPhFb1Fc5X399R
+LVST2re3M43Et9eNucCRrDuvU3pp/H9UnZefDv+alP2kFpvU0dGaacmeM8O1VJDVAbObHtrhGP9n
+k6FTJhWE06Xzn25oLj0XyM0SYfpy
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext7
@@ -0,0 +1,4 @@
+k6yfBnHsKay7RE7/waV0E1HWD9sOOT+/dUrPDeSXYaFIQd93cum8gnc5ZqFYTE1yuuoAEY+D81zK
+blN8vU2BH1WDspeD2KbZTNMb5w1vUmwQ/wnG+nzgaXlaP80FEf1fy1ZLzIDqnHjzi4ABJTnYpN32
+/oHpzdt/UNu7vMfl2GCXzPTsSRifuL8xi+bVoHFdUWtJrxkSWM0y3IM85utGc8A6Gbus6IzFSJX2
+NswMHsiQltEc4jWiZcoXZCMqaJro
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext8
@@ -0,0 +1,4 @@
+gevdlQVLDIIu+a12k/Woet+0tMTOcN8t+E7UnATaWLpfwgoZ4abot6OQCyJ5bcToae5rQnktFajs
+61bAnGmRToE86o9pMeS47W9CGvKY1ZXJf0eJx8qmEsfvNgmEwhuT7cVAEGi1r0x4qHcbmE1TuOqK
+3y9qfUoLp2x14d2fZY8g3tSkYHHUbXeRtWgD2P6n8LD45Brj8JODpvlYX+d1Pqr/0r+UVjEIvuzC
+B7u1NfX8xwXw3en3CMYvSanJA3HT
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext9
@@ -0,0 +1,4 @@
+vMNflM3mbLETZiXWJblEMqNbIvPS+hGmE/8PylvVf4e5AszcHNCuvLBxXuhp0dH+OV9nkwA/XspG
+UFnIhmDURv9fCBhVICJVfjjAimfq2ZEmIlTxBoKXXsVjl3aFN/SXevbV9qrOt/sl3sWTcjAjH9iX
+ivSRGaKfKeQkq4JytHVieS1clPd0uIKdCw2fGoye3fN1dNX6JI7vqcUnH8XsJXnIG91htBD6Yf42
+5CQiHBE63bJ1ZkyAHTTKjGNR5KhY
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash0
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash1
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash10
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash11
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash12
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash13
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash14
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash15
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash16
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash17
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash2
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash3
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash4
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash5
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash6
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash7
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash8
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash9
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key0
@@ -0,0 +1,1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key1
@@ -0,0 +1,1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key10
@@ -0,0 +1,1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key11
@@ -0,0 +1,1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key12
@@ -0,0 +1,1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key13
@@ -0,0 +1,1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key14
@@ -0,0 +1,1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key15
@@ -0,0 +1,1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key16
@@ -0,0 +1,1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key17
@@ -0,0 +1,1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key2
@@ -0,0 +1,1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key3
@@ -0,0 +1,1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key4
@@ -0,0 +1,1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key5
@@ -0,0 +1,1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key6
@@ -0,0 +1,1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key7
@@ -0,0 +1,1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key8
@@ -0,0 +1,1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key9
@@ -0,0 +1,1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash0
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash1
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash10
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash11
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash12
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash13
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash14
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash15
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash16
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash17
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash2
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash3
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash4
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash5
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash6
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash7
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash8
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash9
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/numtests
@@ -0,0 +1,1 @@
+18
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..5961feea3d47407f8b2be5ccc39ba3f7928a99d6
GIT binary patch
literal 28
kc$`bqkn|H`x7}d9(&yH^pTWx0uk!Ay+}Y0H_3xhv0G$2|c>n+a
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext1
@@ -0,0 +1,1 @@
+u@GGe#)ɺEo
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext10
@@ -0,0 +1,1 @@
+S)1~tێL̢_<tnz:c79絕nUO{37
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext11
@@ -0,0 +1,1 @@
+d
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext12
@@ -0,0 +1,1 @@
+k*lunhpSkN
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext13
@@ -0,0 +1,1 @@
+;XEu7>W
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext14
@@ -0,0 +1,2 @@
+Q
+,o4SN%c>EKA$
\ No newline at end of file
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..36812091de63f6bc664e4b80344adb93975c21a5
GIT binary patch
literal 36
uc$@(w0Nek(-5Cv|x6=UMng-%5s^X_#5Xm3*XScy?-iuQPN+wCEKt;({8xghu
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext16
@@ -0,0 +1,1 @@
+l}KF_óߔ~r2
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext17
@@ -0,0 +1,1 @@
+:F	S}"ocN|9i"׸,
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext2
@@ -0,0 +1,1 @@
+J.dEB3mSKtm$EYB>-OFinQ
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext3
@@ -0,0 +1,1 @@
+RPَ*O!S~1o4jz
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext4
@@ -0,0 +1,1 @@
+tF+Il
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext5
@@ -0,0 +1,1 @@
+&RPBq
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext6
@@ -0,0 +1,1 @@
+5UY,;RЕYTFlYbTͼ!.ɶ/9
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext7
@@ -0,0 +1,1 @@
+`P:-ᗉ@Lttm>Ԃ́ FY
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext8
@@ -0,0 +1,1 @@
+2d)ߛ	KO$
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext9
@@ -0,0 +1,3 @@
+E_r:.VbHM
+ )֬;>f(L֞J
+ғZygr
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed0
@@ -0,0 +1,1 @@
+GLd26iEGnWl3ajPpa61I4d2gpe8=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed1
@@ -0,0 +1,1 @@
+DMdCzkqbfzL5UbyyUe/ZJf5P418=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed10
@@ -0,0 +1,1 @@
+/LxCFALp7KvGCCr6QLpfJlIshA4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed11
@@ -0,0 +1,1 @@
+I6reDh4Iu5uaeNIwKlL5whsuG6I=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed12
@@ -0,0 +1,1 @@
+R+GrcRn+5WyV7l6q2G9A0KpjvTM=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed13
@@ -0,0 +1,1 @@
+bRf1tMH/rDUdGVv3sJ0J8JpAec8=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed14
@@ -0,0 +1,1 @@
+OFOHUU3szHx0DdjN+druSaHL/VQ=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed15
@@ -0,0 +1,1 @@
+XKymoPdkFhqWhPhdkrbg7zfKi2U=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed16
@@ -0,0 +1,1 @@
+lbyp44WYlLPdhp+n7NW7xkAb8+Q=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed17
@@ -0,0 +1,1 @@
+n0fd9C6X7qhWqb28cU6zrCL26zI=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed2
@@ -0,0 +1,1 @@
+JRTfRpV1WmeyiOr0kFw27sZv0v0=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed3
@@ -0,0 +1,1 @@
+xENaPhoYpotoIENikKN877hds/s=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed4
@@ -0,0 +1,1 @@
+sxjELfO+D4P+qCP1p7R+1eQlo7U=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed5
@@ -0,0 +1,1 @@
+5OwJgsIzbzpnf2o1YXTrDOiHq8I=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed6
@@ -0,0 +1,1 @@
+jsll8TSj7Jkx6SocoNyBadXqcFw=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed7
@@ -0,0 +1,1 @@
+7LG4sl+lDNqwjlYEKGf0r1gm0Ww=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed8
@@ -0,0 +1,1 @@
+6JuwMsbOYiy9tTvJRmAU6nf3d8A=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed9
@@ -0,0 +1,1 @@
+YG87mcC5zNdx6qKeoOTIhPMYnMw=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext0
@@ -0,0 +1,3 @@
+kHQwj7WY6XAbIpQ4jlL5cfqsK2ClFFrxhd9Sh7XtKIflfOf9RNyGNOQHyODkNgvCJvPsIn+dnlRj
+jo0x9QUSFd9uu5wvlXmqd1mKOPkUtbnBvYPE4vnzgqDQqjVC/+5lmEpgG8aeso3rJ9yhLILC1MP2
+bNUA8f8rmU2KTjDLszw=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext1
@@ -0,0 +1,3 @@
+Pvf0boMb+SsyJ0FCpYX/zvvcp7Mq6Q0Q+w8McpmE8E7ymp3weAd1zkNzm5eDg5DbClUF5j3pJwKN
+nSmyGcosRReDJVilXWlKbSW52rZgA8TMzZB4Ahk75RcNJhR9N7k1kCQb5RwlBV9H72J1LPviFBj6
+/pjCLE1NR3JP21Zp6EM=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext10
@@ -0,0 +1,4 @@
+ghAt+MuR5xeZGaBNJtM11k+8L4csRIM5QyQd6EVIECdM3z219C1CPbFSr3E19wFCDjm0lKZ8v9Gf
+kRnaIzoj2lxkObW6DSvDc+7jUHABN41KQHOFa3/iq6C17pOyf0r+x9TRIJIcg/YGdlsCwZ5Naho7
+lfpMQilRvk9SExB37xcXlynN3721aVDbrO7+eMsWZAoJnqVtJDie7xD4/ssxuj6jsifAqGaYu4nj
+6TY5Bb8id3sqOqUhtltM73bYO95M
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext11
@@ -0,0 +1,4 @@
+p/2w0lkWXKLIjQC78QKKhn0zdpnQYRk7F6lkjhTMu6rerKrN7IFedXEpTruKEXryBfoHi0ewcSwZ
+njrQUTXFBMJLgXBRFXQIAkh5kv/VEdSvxrhUSR6z8N1SMTlUL/FcMQHuhVQ1F8ajx5QXxn4t2ap0
+HpopsG3LWTwjNrNnCuOvusfD524hVHPoZuM4yiRN4AtiYk1rlCaCLOrp+MxGCJX0ElAHP9RcWh57
+QlwgSkI6aZFZ9pA+cQs3p7sryASf
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext12
@@ -0,0 +1,5 @@
+gsKxYAk7iqPA91IrGfhzVAZsd4R6vyqfzlQtDoTpIMWvtJ/9/azhZWDulKE2lgEUjrrXoOFRzxYz
+F5Glcn0F8h505+uBFEAgaTXXRHZaFeefAVy2bFMsh6agWWHIv610GppmVwIolDk+ciNzl5bAKndF
+XQ9VWw7AHd8lm2IH/Q/VdhTO8aVXO6r/TsAAaZUWWbhfJDAKJRYMqFItxuZyflfQGdfmNim4/l6J
+4lzBW+s6ZHV3VZKZKAubKPebBAkAC+JbvZZAi6O0PMSGGE3RyOYlU/oa9AQPYGY95/XknAQ4jiV/
+HOicldq0ijFdm2axt2KCM4dv8jhSMNBw0H4WZg==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext13
@@ -0,0 +1,5 @@
+FK412d0GupL387iXl4rtfNS/X/C1haQL1GzhtCzScDBTu5BE1k6BPY+W2y3XAH0QEY9vj4SWCXrX
+Xh/2kjQbKJKtVaYzocVefwoK1ZoOIDpbgniuxU3YYi4oMdhxdPjK/0PubEZEU0XYSlllm/uS7NTI
+GGaGlfNHBvZoKKiZWWN/K/PjJRwkvbpNS3ZJ2gAiIYsRnITnmmUn7FuKX4YcFZlS4j7AXh5xc0b6
+7+ixaGglvSsmL7JTEGbA3gms3i5CMWkHKLXYXhFaL2uSt5wlq8m9k5n/i8+CWlLqH1bqdt0m9Duq
++hi/qSpQTL01aZ4m0dzFoohzhfPGMjLwbzJEww==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext14
@@ -0,0 +1,5 @@
+bj5Ne2sV0vtGATuJAKpbuzk5zywJVxeYcEICbuYsdMVM/9XX1X77v5UKD1xXT6CdP8HJ9ROwW0/1
+Ddjfft+iAQKFTDXlkhgBGacM5bCFGCqgLZ6iqpDR3wPy2q6IW6L10Fr9rJdHbwa5O1vJShqAqpEW
+xNYV8zOwmIkrJf+s4mb121paO8wQqCTtVarTW3J4NPuMB9oo/PQWpdmyIk8fi0QrNvkeRW/eotfP
+4zZyaN4DB6THTpJBWe0zOT1eBlVTHHcye4mCG97fiAFhx4zUGWtUGfesw/E+Xr8WG258ZyRxbKM7
+hcLiVkAZKsKFllHVC95+uXblHOyCi5i2VjuGuw==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext15
@@ -0,0 +1,5 @@
+NAR/+WxNwNyQstT/WaGjYaR1SyVdLuCvfYv4fJvJ593u3jOTTGPKHA49JiyxRe+TKh8sCpl6pqNP
+jq7nR32CzPCQlaa4rK041O7J+36retAtodEdjlTBgl5Vv1jCojI0uQK+Ek+ekDio9o+kXaty9m4J
+Rb8di6zJBExvBwmMn87FijqrEAyAUXgVXwMKEkxFDlrL2kfQ5PELgKI/gD53TQI7ABXCC5+bvnyR
+KWM41ey0ccr7AyAHtnpgvl9pUEqfAauzy0Z7Jg4rzoYL6Nlb+SwMjhSW7R5ShZOkq7bfRi3eiglo
+3/5GgxFoV6Iy9ev2yFviOHRa0POPdnpf2/SG+w==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext16
@@ -0,0 +1,5 @@
+fgk16hj01sHRfOgusrODbFWzhFic4Z3+dDNjrJlI0fNGt7/d/pLv14rbIfrvyJreQrEPN0AD/hIu
+Z0KaHLjL0fjZAUVkxE0SARb0mQ8abjh3TBlL0bghMoawd7BJnS57P0NKsSKJxVZoTe7XgTGTS7Pd
+ZTcjb3xvPcsJ1Ha+B3IeN+HO7Zsve0Boh71TFXMF4ci0+E1zO8Hhhv4GzFm27bj0vX/+/fT3upz7
+nVcGibWhpBCadGppCJPbN5klWgy5IV0tHNSQWQ6VLoyHhqoAESZSUkcMBB37w+7Hw8v3HCSGnRFc
+DLSpVvVtUwuAq1iaz+/GkHUd3zbo04P4PO3SzA==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext17
@@ -0,0 +1,5 @@
+bTtbh/Z+plevIfdUQZd9IYD5GyxfaS3oKVVpamhnMNm5d42XB1jMsmBxwiCf+9YSW+LpbqgbZ8ub
+kwgjn9oX97K2Ts2glra5NWQKWhy0KpFVscnvemM6AsWfDW7lm4UsQ7NQKec8lA/wQQ6PEU7tRrvQ
++uFl5CviUopAHDso/YGO8yMtyp9NKg9RZuxZxCOW1sEdvBIVpW+hcWnblXU0PvNPneMqSc3DF0ki
+8inCPhjkXfk1MRnsQxnO3OehfGQIjB9vUr4pY0EAs5GdOPPR7ZTmiR5mpzuPuEn1h031lFnimMe7
+zi7ueCoZWqZv4tBzKyXllfV9PgYbH8PkBjv5jw==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext2
@@ -0,0 +1,3 @@
+ZmAm+6cb0+fPExV8wsUajkqmhK+XePkYSfNDNdFBwAFUxBl2IfliSmdbWrwi7n1bqv+q4cm6yizD
+c7PzPnjmFDw5WpGqf6ymZOtzOv0U2IJyWdmadVD6ylAe8rBOM8I6pR9LnoKC79tyjMCrCUBakWB8
+Y2mWG8gnDS1POfzmErE=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext3
@@ -0,0 +1,3 @@
+Rgl5OyPp0JNi3CG7R9oLTzp2ImSaR9RkAZua6v5TNZwXjJHNWLpry3i+A0anvGN/S4c9S6s47mYf
+GZY0xUehrYRC4D2gFbE25UP3qwfAwT5CJbjejM4l1PbrhAD4H34YM7fubjNNNwlkynn9uHK011Ij
+te6wgQFZH7Uy0VWm3oc=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext4
@@ -0,0 +1,3 @@
+HSqtIhyk0x3fE1CSOQGTmOPRSzLcNNxa9K6uo8CVr3NHnPCkXlYpY1pToBg3dhWxbLmxOz4J1nHr
+ceOHuFRcWWDaWmR3bnaOgrLJNYO/EEw/2yNRK3tOifYz3QBjpTDbRSSwHD84TAkxDjFaedzT1oQC
+Kn8xyGWmZOMWl4t1n60=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext5
@@ -0,0 +1,3 @@
+KjT2El4fawv5cehPvUHGMr6PLCrOfei2km4x/5Ppr5h/vAblHpvhT1GY+R8/lTvWfaYKnfWXZMPc
+D+COHL7wt1+GjRCtP7p0n+9Z+22sRqDW5QQ2kzFYb1jkYo85qieJglQ7wO61N9xhlYAZs5T7Jz8h
+WFigoBrE1lC5VcZ/TFg=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext6
@@ -0,0 +1,4 @@
+WGEHImw84BOnyPBNGmopWbtLjiBbpDontQ8SQRG8Ne9YmwOfWTIYfLaW19mjLAw4MApc3aSDS2LS
+6yQK8z950T378JW/WZ4NloaUjBlkdHtn6JyaulzYUBYjb1ZsxYAssT6tUbx8pr7zuU3L27HVcEaX
+cd8OALGooGd3Ry0jFiee2uhkdGaNTh7/+V8d5hxgINoyrpK78WUg/vPPTYj2ESHyS72f6RtZyvEj
+WyqT/4H8QDrd9OveqEk0qc2vjhqe
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext7
@@ -0,0 +1,4 @@
+gLbWQyVSCfCkVnY4l6ye0lnUWbScKIfliC7LRDTP1m3X4WmTdTgeUc1/VU8sJxcEs5nUK0viVAoO
+ymGVH1Umf3woeMEihC2tsosBvV+MAl9+IoQYpnPAPWvAxzbQopVGvWf3htnWkszqd41x2YwgY7en
+EJIYek01rxCBEdg+g+rkbEaqNCd+BgRFiZA3iPHV587iX7SF6SlJEYgU1vLD7jYUiQFvMn+1vFF+
+tQRwv/oa+l9M6aoM5bjuGb9VAblY
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext8
@@ -0,0 +1,4 @@
+SEQI84mM1fU0g/gIGe+/JwjDTSeosqb66LMi+SQCN/mBgXrKGEbxCE2qbXwHlfblvxr1nDjhhYQ3
+zh9+xBm5jIc2rfbdmgCxgG0r060Kc3deBfUt/vOlmrSwgUPw3wXNGtnQS+zsptqkohKYA+IAy8d3
+h8r0wdBmOmxZh7YFlSAZeCyvLsFCbWj7lO0dS+gWp+0IG3fmqzMLP/wHOCD+zeNyf8vile5hoFCj
+Q2WGN8P9ZZz7Y3Nt4y2fkNPC9j7K
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext9
@@ -0,0 +1,4 @@
+hOvrSBvlmEW0ZGi6+0ccARLgKyNdhLXZEcvRkm7lB0rgQkSVyyDoIwi467ZfQZoD+0DnK3iYHYiq
+0UMFNoUXLJeynIt78K5ztbImPEA9oO0vgP90UK94KOuLhvACi9KosXak0ijMzqGDlPI4sJ/3WMwA
+vAQwEVI1V0LygrVOZjqRnnCdjaJK3lUAp7mqUCJuDKUpI+bC2GDsUP9ID6V0d+grBWX0N595x3LV
+wtqAr5+/Ml7Ob8ILAJYWFL7omhg+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash0
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash1
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash10
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash11
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash12
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash13
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash14
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash15
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash16
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash17
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash2
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash3
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash4
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash5
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash6
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash7
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash8
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash9
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key0
@@ -0,0 +1,1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key1
@@ -0,0 +1,1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key10
@@ -0,0 +1,1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key11
@@ -0,0 +1,1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key12
@@ -0,0 +1,1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key13
@@ -0,0 +1,1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key14
@@ -0,0 +1,1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key15
@@ -0,0 +1,1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key16
@@ -0,0 +1,1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key17
@@ -0,0 +1,1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key2
@@ -0,0 +1,1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key3
@@ -0,0 +1,1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key4
@@ -0,0 +1,1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key5
@@ -0,0 +1,1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key6
@@ -0,0 +1,1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key7
@@ -0,0 +1,1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key8
@@ -0,0 +1,1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key9
@@ -0,0 +1,1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash0
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash1
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash10
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash11
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash12
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash13
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash14
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash15
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash16
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash17
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash2
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash3
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash4
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash5
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash6
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash7
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash8
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash9
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/numtests
@@ -0,0 +1,1 @@
+18
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext0
@@ -0,0 +1,1 @@
+zYtlOMuOjeVmtovQZ1advx7icY4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext1
@@ -0,0 +1,1 @@
+41vvwXodFguc41+9jrFufuSR0/0=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext10
@@ -0,0 +1,1 @@
+altL5M02zJff3pmV77+PCXpKmRo=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext11
@@ -0,0 +1,1 @@
+ud/R33akYcUeZXbGyO0Kkj0cUOc=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext12
@@ -0,0 +1,1 @@
+lZa7Ywz2qNTqRgBCK566ixNnXdQ=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext13
@@ -0,0 +1,1 @@
+tQMxk5knf9bByPEDPL8EGZ6iFxY=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext14
@@ -0,0 +1,1 @@
+UKrt6FNrLDByCLJ1pnri3xlsdig=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext15
@@ -0,0 +1,1 @@
+qgtyuLNx3dEMiuR0QlzMz4hCopQ=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext16
@@ -0,0 +1,1 @@
++tOQLJdQYiorxnJiLEgnDMV9Pqg=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext17
@@ -0,0 +1,1 @@
+EiGW3rXRIr2Mb8eB/2kk18aVqt4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext2
@@ -0,0 +1,1 @@
+BlLsZ7zuMPnSaZEiuRwZq9uon5E=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext3
@@ -0,0 +1,1 @@
+OcIcTM7anBrfg5x0ThISpkN1dew=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext4
@@ -0,0 +1,1 @@
+NtrpE7d70XyubnsJRT0kVEzrszw=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext5
@@ -0,0 +1,1 @@
+Re7xkfT3nDH+XS7eflCYmU6SnS0=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext6
@@ -0,0 +1,1 @@
+JxWkm4sAEs167oTBFkRubf4/rsA=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext7
@@ -0,0 +1,1 @@
+LayVbVOWR0isNk0GWVgnxrTxQ80=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext8
@@ -0,0 +1,1 @@
+KNmMRszK+9O8BOcvlnpUvT6hIpg=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext9
@@ -0,0 +1,1 @@
+CGbS/1p58l72aM1vMbQt7kIeTA4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed0
@@ -0,0 +1,1 @@
+3ulZx+BkETYUIP+AGF7Vfz5ndq8=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed1
@@ -0,0 +1,1 @@
+7yhp+kDDRssYPas9e//Jj9Vt9C0=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed10
@@ -0,0 +1,1 @@
+1okleobv+mghLF4MYZ7KKV+5G2c=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed11
@@ -0,0 +1,1 @@
+wl8Tv2fQgWcaBIGh8YINYTu6InY=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed12
@@ -0,0 +1,1 @@
+BOIV7m/5NLnacNdzDIc0q/zs3ok=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed13
@@ -0,0 +1,1 @@
+iyvdS0D69UXHeN35vBpJy1f5txs=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed14
@@ -0,0 +1,1 @@
+Tpb8GzmPkrRGcQEMDcPv1uIMLXM=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed15
@@ -0,0 +1,1 @@
+x81pjYS2USjYg146ix6w4By1Qew=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed16
@@ -0,0 +1,1 @@
+76i/+WISsvSj83GhDVdBUmVfXfs=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed17
@@ -0,0 +1,1 @@
+rYsVI3A2RiJLZgtVCIWRfKLR3yg=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed2
@@ -0,0 +1,1 @@
+cQucR0fYANTeh/Eq/c5t8YEHzHc=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed3
@@ -0,0 +1,1 @@
+BW8AmF3hTY71zqnoL4wnvvcgM14=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed4
@@ -0,0 +1,1 @@
+gOcP+GoI3j7GCXKzm0+/3Opnro4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed5
@@ -0,0 +1,1 @@
+qKtp3YAfAHTCofxgZJg2xhbZloE=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed6
@@ -0,0 +1,1 @@
+wKQlMT3411ZL0kNNMRUj1SV+7YA=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed7
@@ -0,0 +1,1 @@
+swfEO0hQqNrC8V8y43g574xcDpE=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed8
@@ -0,0 +1,1 @@
+misAfoCXi7sZLDVOt9qa7fx02/U=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed9
@@ -0,0 +1,1 @@
+cPOCvd9NXS3YizvHtzCL5jK4QEU=
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/lib/ckfw/builtins/bfind.c
+++ b/security/nss/lib/ckfw/builtins/bfind.c
@@ -110,21 +110,22 @@ builtins_attrmatch
 )
 {
   PRBool prb;
 
   if( a->ulValueLen != b->size ) {
     /* match a decoded serial number */
     if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
 	int len;
-	unsigned char *data;
+	unsigned char *data = NULL;
 
 	len = builtins_derUnwrapInt(b->data,b->size,&data);
-	if ((len == a->ulValueLen) && 
-		nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
+	if (data &&
+	    (len == a->ulValueLen) && 
+	    nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
 	    return CK_TRUE;
 	}
     }
     return CK_FALSE;
   }
 
   prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
 
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -67,16 +67,23 @@ CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTI
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Mozilla Builtin Roots"
 
 #
 # Certificate "GTE CyberTrust Global Root"
 #
+# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Serial Number: 421 (0x1a5)
+# Subject: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Not Valid Before: Thu Aug 13 00:29:00 1998
+# Not Valid After : Mon Aug 13 23:59:00 2018
+# Fingerprint (MD5): CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
+# Fingerprint (SHA1): 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GTE CyberTrust Global Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -139,16 +146,23 @@ CKA_VALUE MULTILINE_OCTAL
 \334\364\166\125\175\233\143\124\030\351\360\352\363\134\261\331
 \213\102\036\271\300\225\116\272\372\325\342\174\365\150\141\277
 \216\354\005\227\137\133\260\327\243\205\064\304\044\247\015\017
 \225\223\357\313\224\330\236\037\235\134\205\155\307\252\256\117
 \037\042\265\315\225\255\272\247\314\371\253\013\172\177
 END
 
 # Trust for Certificate "GTE CyberTrust Global Root"
+# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Serial Number: 421 (0x1a5)
+# Subject: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Not Valid Before: Thu Aug 13 00:29:00 1998
+# Not Valid After : Mon Aug 13 23:59:00 2018
+# Fingerprint (MD5): CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
+# Fingerprint (SHA1): 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GTE CyberTrust Global Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \227\201\171\120\330\034\226\160\314\064\330\011\317\171\104\061
 \066\176\364\164
@@ -172,16 +186,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Thawte Server CA"
 #
+# Issuer: E=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Serial Number: 1 (0x1)
+# Subject: E=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Not Valid Before: Thu Aug 01 00:00:00 1996
+# Not Valid After : Thu Dec 31 23:59:59 2020
+# Fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
+# Fingerprint (SHA1): 23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Thawte Server CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\304\061\013\060\011\006\003\125\004\006\023\002\132\101
@@ -266,16 +287,23 @@ CKA_VALUE MULTILINE_OCTAL
 \100\333\250\314\062\164\271\157\015\306\343\263\104\013\331\212
 \157\232\051\233\231\030\050\073\321\343\100\050\232\132\074\325
 \265\347\040\033\213\312\244\253\215\351\121\331\342\114\054\131
 \251\332\271\262\165\033\366\102\362\357\307\362\030\371\211\274
 \243\377\212\043\056\160\107
 END
 
 # Trust for Certificate "Thawte Server CA"
+# Issuer: E=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Serial Number: 1 (0x1)
+# Subject: E=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Not Valid Before: Thu Aug 01 00:00:00 1996
+# Not Valid After : Thu Dec 31 23:59:59 2020
+# Fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
+# Fingerprint (SHA1): 23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Thawte Server CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \043\345\224\224\121\225\362\101\110\003\264\325\144\322\243\243
 \365\330\213\214
@@ -304,16 +332,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Thawte Premium Server CA"
 #
+# Issuer: E=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Serial Number: 1 (0x1)
+# Subject: E=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Not Valid Before: Thu Aug 01 00:00:00 1996
+# Not Valid After : Thu Dec 31 23:59:59 2020
+# Fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
+# Fingerprint (SHA1): 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Thawte Premium Server CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\316\061\013\060\011\006\003\125\004\006\023\002\132\101
@@ -401,16 +436,23 @@ CKA_VALUE MULTILINE_OCTAL
 \373\301\306\021\037\361\112\260\050\106\311\303\304\102\175\274
 \372\253\131\156\325\267\121\210\021\343\244\205\031\153\202\114
 \244\014\022\255\351\244\256\077\361\303\111\145\232\214\305\310
 \076\045\267\224\231\273\222\062\161\007\360\206\136\355\120\047
 \246\015\246\043\371\273\313\246\007\024\102
 END
 
 # Trust for Certificate "Thawte Premium Server CA"
+# Issuer: E=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Serial Number: 1 (0x1)
+# Subject: E=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Not Valid Before: Thu Aug 01 00:00:00 1996
+# Not Valid After : Thu Dec 31 23:59:59 2020
+# Fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
+# Fingerprint (SHA1): 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Thawte Premium Server CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \142\177\215\170\047\145\143\231\322\175\177\220\104\311\376\263
 \363\076\372\232
@@ -440,16 +482,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Equifax Secure CA"
 #
+# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
+# Serial Number: 903804111 (0x35def4cf)
+# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
+# Not Valid Before: Sat Aug 22 16:41:51 1998
+# Not Valid After : Wed Aug 22 16:41:51 2018
+# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
+# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -519,16 +568,23 @@ CKA_VALUE MULTILINE_OCTAL
 \052\247\043\111\001\004\206\102\173\374\356\177\242\026\122\265
 \147\147\323\100\333\073\046\130\262\050\167\075\256\024\167\141
 \326\372\052\146\047\240\015\372\247\163\134\352\160\361\224\041
 \145\104\137\372\374\357\051\150\251\242\207\171\357\171\357\117
 \254\007\167\070
 END
 
 # Trust for Certificate "Equifax Secure CA"
+# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
+# Serial Number: 903804111 (0x35def4cf)
+# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
+# Not Valid Before: Sat Aug 22 16:41:51 1998
+# Not Valid After : Wed Aug 22 16:41:51 2018
+# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
+# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \322\062\011\255\043\323\024\043\041\164\344\015\177\235\142\023
 \227\206\143\072
@@ -549,16 +605,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Digital Signature Trust Co. Global CA 1"
 #
+# Issuer: OU=DSTCA E1,O=Digital Signature Trust Co.,C=US
+# Serial Number: 913315222 (0x36701596)
+# Subject: OU=DSTCA E1,O=Digital Signature Trust Co.,C=US
+# Not Valid Before: Thu Dec 10 18:10:23 1998
+# Not Valid After : Mon Dec 10 18:40:23 2018
+# Fingerprint (MD5): 25:7A:BA:83:2E:B6:A2:0B:DA:FE:F5:02:0F:08:D7:AD
+# Fingerprint (SHA1): 81:96:8B:3A:EF:1C:DC:70:F5:FA:32:69:C2:92:A3:63:5B:D1:23:D3
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Digital Signature Trust Co. Global CA 1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\106\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -628,16 +691,23 @@ CKA_VALUE MULTILINE_OCTAL
 \356\202\213\061\052\223\066\205\043\210\212\074\003\150\323\311
 \011\017\115\374\154\244\332\050\162\223\016\211\200\260\175\376
 \200\157\145\155\030\063\227\213\302\153\211\356\140\075\310\233
 \357\177\053\062\142\163\223\313\074\343\173\342\166\170\105\274
 \241\223\004\273\206\237\072\133\103\172\303\212\145
 END
 
 # Trust for Certificate "Digital Signature Trust Co. Global CA 1"
+# Issuer: OU=DSTCA E1,O=Digital Signature Trust Co.,C=US
+# Serial Number: 913315222 (0x36701596)
+# Subject: OU=DSTCA E1,O=Digital Signature Trust Co.,C=US
+# Not Valid Before: Thu Dec 10 18:10:23 1998
+# Not Valid After : Mon Dec 10 18:40:23 2018
+# Fingerprint (MD5): 25:7A:BA:83:2E:B6:A2:0B:DA:FE:F5:02:0F:08:D7:AD
+# Fingerprint (SHA1): 81:96:8B:3A:EF:1C:DC:70:F5:FA:32:69:C2:92:A3:63:5B:D1:23:D3
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Digital Signature Trust Co. Global CA 1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \201\226\213\072\357\034\334\160\365\372\062\151\302\222\243\143
 \133\321\043\323
@@ -658,16 +728,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Digital Signature Trust Co. Global CA 3"
 #
+# Issuer: OU=DSTCA E2,O=Digital Signature Trust Co.,C=US
+# Serial Number: 913232846 (0x366ed3ce)
+# Subject: OU=DSTCA E2,O=Digital Signature Trust Co.,C=US
+# Not Valid Before: Wed Dec 09 19:17:26 1998
+# Not Valid After : Sun Dec 09 19:47:26 2018
+# Fingerprint (MD5): 93:C2:8E:11:7B:D4:F3:03:19:BD:28:75:13:4A:45:4A
+# Fingerprint (SHA1): AB:48:F3:33:DB:04:AB:B9:C0:72:DA:5B:0C:C1:D0:57:F0:36:9B:46
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Digital Signature Trust Co. Global CA 3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\106\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -737,16 +814,23 @@ CKA_VALUE MULTILINE_OCTAL
 \143\335\136\247\342\272\237\365\367\115\245\061\173\234\051\055
 \114\376\144\076\354\266\123\376\352\233\355\202\333\164\165\113
 \007\171\156\036\330\031\203\163\336\365\076\320\265\336\347\113
 \150\175\103\056\052\040\341\176\240\170\104\236\010\365\230\371
 \307\177\033\033\326\006\040\002\130\241\303\242\003
 END
 
 # Trust for Certificate "Digital Signature Trust Co. Global CA 3"
+# Issuer: OU=DSTCA E2,O=Digital Signature Trust Co.,C=US
+# Serial Number: 913232846 (0x366ed3ce)
+# Subject: OU=DSTCA E2,O=Digital Signature Trust Co.,C=US
+# Not Valid Before: Wed Dec 09 19:17:26 1998
+# Not Valid After : Sun Dec 09 19:47:26 2018
+# Fingerprint (MD5): 93:C2:8E:11:7B:D4:F3:03:19:BD:28:75:13:4A:45:4A
+# Fingerprint (SHA1): AB:48:F3:33:DB:04:AB:B9:C0:72:DA:5B:0C:C1:D0:57:F0:36:9B:46
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Digital Signature Trust Co. Global CA 3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \253\110\363\063\333\004\253\271\300\162\332\133\014\301\320\127
 \360\066\233\106
@@ -767,16 +851,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 3 Public Primary Certification Authority"
 #
+# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
+# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
+# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon Jan 29 00:00:00 1996
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
+# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -836,16 +927,23 @@ CKA_VALUE MULTILINE_OCTAL
 \326\046\300\166\001\127\201\222\136\041\361\321\261\377\347\320
 \041\130\315\151\027\343\104\034\234\031\104\071\211\134\334\234
 \000\017\126\215\002\231\355\242\220\105\114\344\273\020\244\075
 \360\062\003\016\361\316\370\350\311\121\214\346\142\237\346\237
 \300\175\267\162\234\311\066\072\153\237\116\250\377\144\015\144
 END
 
 # Trust for Certificate "Verisign Class 3 Public Primary Certification Authority"
+# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
+# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
+# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon Jan 29 00:00:00 1996
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
+# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \164\054\061\222\346\007\344\044\353\105\111\124\053\341\273\305
 \076\141\164\342
@@ -869,16 +967,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 1 Public Primary Certification Authority - G2"
 #
+# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 1 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Serial Number:4c:c7:ea:aa:98:3e:71:d3:93:10:f8:3d:3a:89:91:92
+# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 1 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon May 18 00:00:00 1998
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): DB:23:3D:F9:69:FA:4B:B9:95:80:44:73:5E:7D:41:83
+# Fingerprint (SHA1): 27:3E:E1:24:57:FD:C4:F9:0C:55:E8:2B:56:16:7F:62:F5:32:E5:47
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -963,16 +1068,23 @@ CKA_VALUE MULTILINE_OCTAL
 \212\265\335\117\303\233\023\165\270\001\300\346\311\133\153\245
 \270\211\334\254\244\335\162\355\116\241\367\117\274\006\323\352
 \310\144\164\173\302\225\101\234\145\163\130\361\220\232\074\152
 \261\230\311\304\207\274\317\105\155\105\342\156\042\077\376\274
 \017\061\134\350\362\331
 END
 
 # Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G2"
+# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 1 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Serial Number:4c:c7:ea:aa:98:3e:71:d3:93:10:f8:3d:3a:89:91:92
+# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 1 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon May 18 00:00:00 1998
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): DB:23:3D:F9:69:FA:4B:B9:95:80:44:73:5E:7D:41:83
+# Fingerprint (SHA1): 27:3E:E1:24:57:FD:C4:F9:0C:55:E8:2B:56:16:7F:62:F5:32:E5:47
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \047\076\341\044\127\375\304\371\014\125\350\053\126\026\177\142
 \365\062\345\107
@@ -1002,16 +1114,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 2 Public Primary Certification Authority - G2"
 #
+# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
+# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon May 18 00:00:00 1998
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
+# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -1096,16 +1215,23 @@ CKA_VALUE MULTILINE_OCTAL
 \151\157\162\332\154\256\010\360\143\222\067\346\273\304\060\027
 \255\167\314\111\065\252\317\330\217\321\276\267\030\226\107\163
 \152\124\042\064\144\055\266\026\233\131\133\264\121\131\072\263
 \013\024\364\022\337\147\240\364\255\062\144\136\261\106\162\047
 \214\022\173\305\104\264\256
 END
 
 # Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G2"
+# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
+# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon May 18 00:00:00 1998
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
+# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \263\352\304\107\166\311\310\034\352\362\235\225\266\314\240\010
 \033\147\354\235
@@ -1135,16 +1261,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 3 Public Primary Certification Authority - G2"
 #
+# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 3 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Serial Number:7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
+# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 3 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon May 18 00:00:00 1998
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9
+# Fingerprint (SHA1): 85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -1229,16 +1362,23 @@ CKA_VALUE MULTILINE_OCTAL
 \271\021\144\164\314\265\163\237\034\110\251\274\141\001\356\342
 \027\246\014\343\100\010\073\016\347\353\104\163\052\232\361\151
 \222\357\161\024\303\071\254\161\247\221\011\157\344\161\006\263
 \272\131\127\046\171\000\366\370\015\242\063\060\050\324\252\130
 \240\235\235\151\221\375
 END
 
 # Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G2"
+# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 3 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Serial Number:7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
+# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 3 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon May 18 00:00:00 1998
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9
+# Fingerprint (SHA1): 85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \205\067\034\246\345\120\024\075\316\050\003\107\033\336\072\011
 \350\370\167\017
@@ -1268,16 +1408,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GlobalSign Root CA"
 #
+# Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
+# Serial Number:04:00:00:00:00:01:15:4b:5a:c3:94
+# Subject: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
+# Not Valid Before: Tue Sep 01 12:00:00 1998
+# Not Valid After : Fri Jan 28 12:00:00 2028
+# Fingerprint (MD5): 3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A
+# Fingerprint (SHA1): B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GlobalSign Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\127\061\013\060\011\006\003\125\004\006\023\002\102\105\061
@@ -1354,16 +1501,23 @@ CKA_VALUE MULTILINE_OCTAL
 \014\252\202\344\231\121\335\160\267\333\126\075\141\344\152\341
 \134\326\366\376\075\336\101\314\007\256\143\122\277\123\123\364
 \053\351\307\375\266\367\202\137\205\322\101\030\333\201\263\004
 \034\305\037\244\200\157\025\040\311\336\014\210\012\035\326\146
 \125\342\374\110\311\051\046\151\340
 END
 
 # Trust for Certificate "GlobalSign Root CA"
+# Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
+# Serial Number:04:00:00:00:00:01:15:4b:5a:c3:94
+# Subject: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
+# Not Valid Before: Tue Sep 01 12:00:00 1998
+# Not Valid After : Fri Jan 28 12:00:00 2028
+# Fingerprint (MD5): 3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A
+# Fingerprint (SHA1): B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GlobalSign Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \261\274\226\213\324\364\235\142\052\250\232\201\362\025\001\122
 \244\035\202\234
@@ -1385,16 +1539,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GlobalSign Root CA - R2"
 #
+# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+# Serial Number:04:00:00:00:00:01:0f:86:26:e6:0d
+# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+# Not Valid Before: Fri Dec 15 08:00:00 2006
+# Not Valid After : Wed Dec 15 08:00:00 2021
+# Fingerprint (MD5): 94:14:77:7E:3E:5E:FD:8F:30:BD:41:B0:CF:E7:D0:30
+# Fingerprint (SHA1): 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GlobalSign Root CA - R2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157
@@ -1473,16 +1634,23 @@ CKA_VALUE MULTILINE_OCTAL
 \301\377\357\253\156\040\304\120\311\137\235\115\233\027\214\014
 \345\001\311\240\101\152\163\123\372\245\120\264\156\045\017\373
 \114\030\364\375\122\331\216\151\261\350\021\017\336\210\330\373
 \035\111\367\252\336\225\317\040\170\302\140\022\333\045\100\214
 \152\374\176\102\070\100\144\022\367\236\201\341\223\056
 END
 
 # Trust for Certificate "GlobalSign Root CA - R2"
+# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+# Serial Number:04:00:00:00:00:01:0f:86:26:e6:0d
+# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+# Not Valid Before: Fri Dec 15 08:00:00 2006
+# Not Valid After : Wed Dec 15 08:00:00 2021
+# Fingerprint (MD5): 94:14:77:7E:3E:5E:FD:8F:30:BD:41:B0:CF:E7:D0:30
+# Fingerprint (SHA1): 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GlobalSign Root CA - R2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \165\340\253\266\023\205\022\047\034\004\370\137\335\336\070\344
 \267\044\056\376
@@ -1503,16 +1671,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "ValiCert Class 1 VA"
 #
+# Issuer: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 1 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Serial Number: 1 (0x1)
+# Subject: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 1 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Not Valid Before: Fri Jun 25 22:23:48 1999
+# Not Valid After : Tue Jun 25 22:23:48 2019
+# Fingerprint (MD5): 65:58:AB:15:AD:57:6C:1E:A8:A7:B5:69:AC:BF:FF:EB
+# Fingerprint (SHA1): E5:DF:74:3C:B6:01:C4:9B:98:43:DC:AB:8C:E8:6A:81:10:9F:E4:8E
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "ValiCert Class 1 VA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\273\061\044\060\042\006\003\125\004\007\023\033\126\141
@@ -1592,16 +1767,23 @@ CKA_VALUE MULTILINE_OCTAL
 \043\313\050\201\062\303\000\171\030\354\131\027\211\311\306\152
 \036\161\311\375\267\164\245\045\105\151\305\110\253\031\341\105
 \212\045\153\031\356\345\273\022\365\177\367\246\215\121\303\360
 \235\164\267\251\076\240\245\377\266\111\003\023\332\042\314\355
 \161\202\053\231\317\072\267\365\055\162\310
 END
 
 # Trust for Certificate "ValiCert Class 1 VA"
+# Issuer: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 1 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Serial Number: 1 (0x1)
+# Subject: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 1 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Not Valid Before: Fri Jun 25 22:23:48 1999
+# Not Valid After : Tue Jun 25 22:23:48 2019
+# Fingerprint (MD5): 65:58:AB:15:AD:57:6C:1E:A8:A7:B5:69:AC:BF:FF:EB
+# Fingerprint (SHA1): E5:DF:74:3C:B6:01:C4:9B:98:43:DC:AB:8C:E8:6A:81:10:9F:E4:8E
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "ValiCert Class 1 VA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \345\337\164\074\266\001\304\233\230\103\334\253\214\350\152\201
 \020\237\344\216
@@ -1629,16 +1811,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "ValiCert Class 2 VA"
 #
+# Issuer: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Serial Number: 1 (0x1)
+# Subject: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Not Valid Before: Sat Jun 26 00:19:54 1999
+# Not Valid After : Wed Jun 26 00:19:54 2019
+# Fingerprint (MD5): A9:23:75:9B:BA:49:36:6E:31:C2:DB:F2:E7:66:BA:87
+# Fingerprint (SHA1): 31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "ValiCert Class 2 VA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\273\061\044\060\042\006\003\125\004\007\023\033\126\141
@@ -1718,16 +1907,23 @@ CKA_VALUE MULTILINE_OCTAL
 \041\201\031\240\062\111\050\364\304\216\126\325\122\063\375\120
 \325\176\231\154\003\344\311\114\374\313\154\253\146\263\112\041
 \214\345\265\014\062\076\020\262\314\154\241\334\232\230\114\002
 \133\363\316\271\236\245\162\016\112\267\077\074\346\026\150\370
 \276\355\164\114\274\133\325\142\037\103\335
 END
 
 # Trust for Certificate "ValiCert Class 2 VA"
+# Issuer: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Serial Number: 1 (0x1)
+# Subject: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Not Valid Before: Sat Jun 26 00:19:54 1999
+# Not Valid After : Wed Jun 26 00:19:54 2019
+# Fingerprint (MD5): A9:23:75:9B:BA:49:36:6E:31:C2:DB:F2:E7:66:BA:87
+# Fingerprint (SHA1): 31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "ValiCert Class 2 VA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \061\172\052\320\177\053\063\136\365\241\303\116\113\127\350\267
 \330\361\374\246
@@ -1755,16 +1951,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "RSA Root Certificate 1"
 #
+# Issuer: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 3 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Serial Number: 1 (0x1)
+# Subject: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 3 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Not Valid Before: Sat Jun 26 00:22:33 1999
+# Not Valid After : Wed Jun 26 00:22:33 2019
+# Fingerprint (MD5): A2:6F:53:B7:EE:40:DB:4A:68:E7:FA:18:D9:10:4B:72
+# Fingerprint (SHA1): 69:BD:8C:F4:9C:D3:00:FB:59:2E:17:93:CA:55:6A:F3:EC:AA:35:FB
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "RSA Root Certificate 1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\273\061\044\060\042\006\003\125\004\007\023\033\126\141
@@ -1844,16 +2047,23 @@ CKA_VALUE MULTILINE_OCTAL
 \237\105\256\074\212\251\260\161\063\135\310\305\127\337\257\250
 \065\263\177\211\207\351\350\045\222\270\177\205\172\256\326\274
 \036\067\130\052\147\311\221\317\052\201\076\355\306\071\337\300
 \076\031\234\031\314\023\115\202\101\265\214\336\340\075\140\010
 \040\017\105\176\153\242\177\243\214\025\356
 END
 
 # Trust for Certificate "RSA Root Certificate 1"
+# Issuer: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 3 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Serial Number: 1 (0x1)
+# Subject: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 3 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Not Valid Before: Sat Jun 26 00:22:33 1999
+# Not Valid After : Wed Jun 26 00:22:33 2019
+# Fingerprint (MD5): A2:6F:53:B7:EE:40:DB:4A:68:E7:FA:18:D9:10:4B:72
+# Fingerprint (SHA1): 69:BD:8C:F4:9C:D3:00:FB:59:2E:17:93:CA:55:6A:F3:EC:AA:35:FB
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "RSA Root Certificate 1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \151\275\214\364\234\323\000\373\131\056\027\223\312\125\152\363
 \354\252\065\373
@@ -1881,16 +2091,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
 #
+# Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
+# Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73
+# Fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -1992,16 +2209,23 @@ CKA_VALUE MULTILINE_OCTAL
 \274\070\335\260\056\021\261\153\262\102\314\232\274\371\110\042
 \171\112\031\017\262\034\076\040\164\331\152\303\276\362\050\170
 \023\126\171\117\155\120\352\033\260\265\127\261\067\146\130\043
 \363\334\017\337\012\207\304\357\206\005\325\070\024\140\231\243
 \113\336\006\226\161\054\362\333\266\037\244\357\077\356
 END
 
 # Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
+# Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
+# Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73
+# Fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \040\102\205\334\367\353\166\101\225\127\216\023\153\324\267\321
 \351\216\106\245
@@ -2031,16 +2255,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
 #
+# Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
+# Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6
+# Fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -2142,16 +2373,23 @@ CKA_VALUE MULTILINE_OCTAL
 \106\043\071\124\365\216\142\011\004\035\224\220\246\233\346\045
 \342\102\105\252\270\220\255\276\010\217\251\013\102\030\224\317
 \162\071\341\261\103\340\050\317\267\347\132\154\023\153\111\263
 \377\343\030\174\211\213\063\135\254\063\327\247\371\332\072\125
 \311\130\020\371\252\357\132\266\317\113\113\337\052
 END
 
 # Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
+# Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
+# Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6
+# Fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \141\357\103\327\177\312\324\141\121\274\230\340\303\131\022\257
 \237\353\143\021
@@ -2181,16 +2419,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
 #
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
+# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -2292,16 +2537,23 @@ CKA_VALUE MULTILINE_OCTAL
 \124\000\317\360\361\301\307\230\060\032\073\066\026\333\243\156
 \352\375\255\262\302\332\357\002\107\023\212\300\361\263\061\255
 \117\034\341\117\234\257\017\014\235\367\170\015\330\364\065\126
 \200\332\267\155\027\217\235\036\201\144\341\376\305\105\272\255
 \153\271\012\172\116\117\113\204\356\113\361\175\335\021
 END
 
 # Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
+# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \023\055\015\105\123\113\151\227\315\262\325\303\071\342\125\166
 \140\233\134\306
@@ -2331,16 +2583,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 4 Public Primary Certification Authority - G3"
 #
+# Issuer: CN=VeriSign Class 4 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
+# Subject: CN=VeriSign Class 4 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): DB:C8:F2:27:2E:B1:EA:6A:29:23:5D:FE:56:3E:33:DF
+# Fingerprint (SHA1): C8:EC:8C:87:92:69:CB:4B:AB:39:E9:8D:7E:57:67:F3:14:95:73:9D
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 4 Public Primary Certification Authority - G3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -2442,16 +2701,23 @@ CKA_VALUE MULTILINE_OCTAL
 \056\203\106\110\262\327\040\137\222\066\217\347\171\017\230\136
 \231\350\360\320\244\273\365\123\275\052\316\131\260\257\156\177
 \154\273\322\036\000\260\041\355\370\101\142\202\271\330\262\304
 \273\106\120\363\061\305\217\001\250\164\353\365\170\047\332\347
 \367\146\103\363\236\203\076\040\252\303\065\140\221\316
 END
 
 # Trust for Certificate "Verisign Class 4 Public Primary Certification Authority - G3"
+# Issuer: CN=VeriSign Class 4 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
+# Subject: CN=VeriSign Class 4 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): DB:C8:F2:27:2E:B1:EA:6A:29:23:5D:FE:56:3E:33:DF
+# Fingerprint (SHA1): C8:EC:8C:87:92:69:CB:4B:AB:39:E9:8D:7E:57:67:F3:14:95:73:9D
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 4 Public Primary Certification Authority - G3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \310\354\214\207\222\151\313\113\253\071\351\215\176\127\147\363
 \024\225\163\235
@@ -2481,16 +2747,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Entrust.net Secure Server CA"
 #
+# Issuer: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US
+# Serial Number: 927650371 (0x374ad243)
+# Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US
+# Not Valid Before: Tue May 25 16:09:40 1999
+# Not Valid After : Sat May 25 16:39:40 2019
+# Fingerprint (MD5): DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
+# Fingerprint (SHA1): 99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Entrust.net Secure Server CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\303\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -2603,16 +2876,23 @@ CKA_VALUE MULTILINE_OCTAL
 \310\061\306\347\356\077\343\127\165\204\172\021\357\106\117\030
 \364\323\230\273\250\207\062\272\162\366\074\342\075\237\327\035
 \331\303\140\103\214\130\016\042\226\057\142\243\054\037\272\255
 \005\357\253\062\170\207\240\124\163\031\265\134\005\371\122\076
 \155\055\105\013\367\012\223\352\355\006\371\262
 END
 
 # Trust for Certificate "Entrust.net Secure Server CA"
+# Issuer: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US
+# Serial Number: 927650371 (0x374ad243)
+# Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US
+# Not Valid Before: Tue May 25 16:09:40 1999
+# Not Valid After : Sat May 25 16:39:40 2019
+# Fingerprint (MD5): DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
+# Fingerprint (SHA1): 99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Entrust.net Secure Server CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \231\246\233\346\032\376\210\153\115\053\202\000\174\270\124\374
 \061\176\025\071
@@ -2801,16 +3081,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Baltimore CyberTrust Root"
 #
+# Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
+# Serial Number: 33554617 (0x20000b9)
+# Subject: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
+# Not Valid Before: Fri May 12 18:46:00 2000
+# Not Valid After : Mon May 12 23:59:00 2025
+# Fingerprint (MD5): AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
+# Fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Baltimore CyberTrust Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061
@@ -2887,16 +3174,23 @@ CKA_VALUE MULTILINE_OCTAL
 \222\302\342\343\026\215\232\062\002\253\216\030\335\351\020\021
 \356\176\065\253\220\257\076\060\224\172\320\063\075\247\145\017
 \365\374\216\236\142\317\107\104\054\001\135\273\035\265\062\322
 \107\322\070\056\320\376\201\334\062\152\036\265\356\074\325\374
 \347\201\035\031\303\044\102\352\143\071\251
 END
 
 # Trust for Certificate "Baltimore CyberTrust Root"
+# Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
+# Serial Number: 33554617 (0x20000b9)
+# Subject: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
+# Not Valid Before: Fri May 12 18:46:00 2000
+# Not Valid After : Mon May 12 23:59:00 2025
+# Fingerprint (MD5): AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
+# Fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Baltimore CyberTrust Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \324\336\040\320\136\146\374\123\376\032\120\210\054\170\333\050
 \122\312\344\164
@@ -2918,16 +3212,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Equifax Secure Global eBusiness CA"
 #
+# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Not Valid Before: Mon Jun 21 04:00:00 1999
+# Not Valid After : Sun Jun 21 04:00:00 2020
+# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
+# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure Global eBusiness CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -2990,16 +3291,23 @@ CKA_VALUE MULTILINE_OCTAL
 \243\100\342\001\212\357\047\007\361\145\001\212\104\055\006\145
 \165\122\300\206\020\040\041\137\154\153\017\154\256\011\034\257
 \362\242\030\064\304\165\244\163\034\361\215\334\357\255\371\263
 \166\264\222\277\334\225\020\036\276\313\310\073\132\204\140\031
 \126\224\251\125
 END
 
 # Trust for Certificate "Equifax Secure Global eBusiness CA"
+# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Not Valid Before: Mon Jun 21 04:00:00 1999
+# Not Valid After : Sun Jun 21 04:00:00 2020
+# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
+# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure Global eBusiness CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \176\170\112\020\034\202\145\314\055\341\361\155\107\264\100\312
 \331\012\031\105
@@ -3021,16 +3329,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Equifax Secure eBusiness CA 1"
 #
+# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 4 (0x4)
+# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Not Valid Before: Mon Jun 21 04:00:00 1999
+# Not Valid After : Sun Jun 21 04:00:00 2020
+# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
+# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure eBusiness CA 1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\123\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -3092,16 +3407,23 @@ CKA_VALUE MULTILINE_OCTAL
 \130\036\107\207\124\076\130\241\265\265\370\052\357\161\347\274
 \303\366\261\111\106\342\327\240\153\345\126\172\232\047\230\174
 \106\142\024\347\311\374\156\003\022\171\200\070\035\110\202\215
 \374\027\376\052\226\053\265\142\246\246\075\275\177\222\131\315
 \132\052\202\262\067\171
 END
 
 # Trust for Certificate "Equifax Secure eBusiness CA 1"
+# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 4 (0x4)
+# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Not Valid Before: Mon Jun 21 04:00:00 1999
+# Not Valid After : Sun Jun 21 04:00:00 2020
+# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
+# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure eBusiness CA 1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \332\100\030\213\221\211\243\355\356\256\332\227\376\057\235\365
 \267\321\212\101
@@ -3123,16 +3445,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "AddTrust Low-Value Services Root"
 #
+# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:38:31 2000
+# Not Valid After : Sat May 30 10:38:31 2020
+# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
+# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust Low-Value Services Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061
@@ -3221,16 +3550,23 @@ CKA_VALUE MULTILINE_OCTAL
 \062\312\173\306\343\253\144\106\225\370\046\151\331\125\203\173
 \054\226\007\377\131\054\104\243\306\345\351\251\334\241\143\200
 \132\041\136\041\317\123\124\360\272\157\211\333\250\252\225\317
 \213\343\161\314\036\033\040\104\010\300\172\266\100\375\304\344
 \065\341\035\026\034\320\274\053\216\326\161\331
 END
 
 # Trust for Certificate "AddTrust Low-Value Services Root"
+# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:38:31 2000
+# Not Valid After : Sat May 30 10:38:31 2020
+# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
+# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust Low-Value Services Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \314\253\016\240\114\043\001\326\151\173\335\067\237\315\022\353
 \044\343\224\235
@@ -3253,16 +3589,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "AddTrust External Root"
 #
+# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:48:38 2000
+# Not Valid After : Sat May 30 10:48:38 2020
+# Fingerprint (MD5): 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F
+# Fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust External Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
@@ -3355,16 +3698,23 @@ CKA_VALUE MULTILINE_OCTAL
 \163\210\077\126\033\061\070\030\264\161\017\232\315\310\016\236
 \216\056\033\341\214\230\203\313\037\061\361\104\114\306\004\163
 \111\166\140\017\307\370\275\027\200\153\056\351\314\114\016\132
 \232\171\017\040\012\056\325\236\143\046\036\125\222\224\330\202
 \027\132\173\320\274\307\217\116\206\004
 END
 
 # Trust for Certificate "AddTrust External Root"
+# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:48:38 2000
+# Not Valid After : Sat May 30 10:48:38 2020
+# Fingerprint (MD5): 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F
+# Fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust External Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \002\372\363\342\221\103\124\150\140\170\127\151\115\365\344\133
 \150\205\030\150
@@ -3388,16 +3738,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "AddTrust Public Services Root"
 #
+# Issuer: CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:41:50 2000
+# Not Valid After : Sat May 30 10:41:50 2020
+# Fingerprint (MD5): C1:62:3E:23:C5:82:73:9C:03:59:4B:2B:E9:77:49:7F
+# Fingerprint (SHA1): 2A:B6:28:48:5E:78:FB:F3:AD:9E:79:10:DD:6B:DF:99:72:2C:96:E5
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust Public Services Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\144\061\013\060\011\006\003\125\004\006\023\002\123\105\061
@@ -3486,16 +3843,23 @@ CKA_VALUE MULTILINE_OCTAL
 \200\045\022\141\001\250\044\023\160\000\021\046\137\372\065\120
 \305\110\314\006\107\350\047\330\160\215\137\144\346\241\104\046
 \136\042\354\222\315\377\102\232\104\041\155\134\305\343\042\035
 \137\107\022\347\316\137\135\372\330\252\261\063\055\331\166\362
 \116\072\063\014\053\263\055\220\006
 END
 
 # Trust for Certificate "AddTrust Public Services Root"
+# Issuer: CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:41:50 2000
+# Not Valid After : Sat May 30 10:41:50 2020
+# Fingerprint (MD5): C1:62:3E:23:C5:82:73:9C:03:59:4B:2B:E9:77:49:7F
+# Fingerprint (SHA1): 2A:B6:28:48:5E:78:FB:F3:AD:9E:79:10:DD:6B:DF:99:72:2C:96:E5
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust Public Services Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \052\266\050\110\136\170\373\363\255\236\171\020\335\153\337\231
 \162\054\226\345
@@ -3518,16 +3882,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "AddTrust Qualified Certificates Root"
 #
+# Issuer: CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:44:50 2000
+# Not Valid After : Sat May 30 10:44:50 2020
+# Fingerprint (MD5): 27:EC:39:47:CD:DA:5A:AF:E2:9A:01:65:21:A9:4C:BB
+# Fingerprint (SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust Qualified Certificates Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\147\061\013\060\011\006\003\125\004\006\023\002\123\105\061
@@ -3617,16 +3988,23 @@ CKA_VALUE MULTILINE_OCTAL
 \365\160\105\260\334\135\372\366\162\132\167\322\143\315\317\130
 \211\000\102\143\077\171\071\320\104\260\202\156\101\031\350\335
 \340\301\210\132\321\036\161\223\037\044\060\164\345\036\250\336
 \074\047\067\177\203\256\236\167\317\360\060\261\377\113\231\350
 \306\241
 END
 
 # Trust for Certificate "AddTrust Qualified Certificates Root"
+# Issuer: CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:44:50 2000
+# Not Valid After : Sat May 30 10:44:50 2020
+# Fingerprint (MD5): 27:EC:39:47:CD:DA:5A:AF:E2:9A:01:65:21:A9:4C:BB
+# Fingerprint (SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust Qualified Certificates Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \115\043\170\354\221\225\071\265\000\177\165\217\003\073\041\036
 \305\115\213\317
@@ -3649,16 +4027,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Entrust Root Certification Authority"
 #
+# Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
+# Serial Number: 1164660820 (0x456b5054)
+# Subject: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
+# Not Valid Before: Mon Nov 27 20:23:42 2006
+# Not Valid After : Fri Nov 27 20:53:42 2026
+# Fingerprint (MD5): D6:A5:C3:ED:5D:DD:3E:00:C1:3D:87:92:1F:1D:3F:E4
+# Fingerprint (SHA1): B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Entrust Root Certification Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\260\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -3765,16 +4150,23 @@ CKA_VALUE MULTILINE_OCTAL
 \172\356\205\112\247\120\200\360\247\134\112\224\056\137\005\231
 \074\122\101\340\315\264\143\317\001\103\272\234\203\334\217\140
 \073\363\132\264\264\173\256\332\013\220\070\165\357\201\035\146
 \322\367\127\160\066\263\277\374\050\257\161\045\205\133\023\376
 \036\177\132\264\074
 END
 
 # Trust for Certificate "Entrust Root Certification Authority"
+# Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
+# Serial Number: 1164660820 (0x456b5054)
+# Subject: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
+# Not Valid Before: Mon Nov 27 20:23:42 2006
+# Not Valid After : Fri Nov 27 20:53:42 2026
+# Fingerprint (MD5): D6:A5:C3:ED:5D:DD:3E:00:C1:3D:87:92:1F:1D:3F:E4
+# Fingerprint (SHA1): B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Entrust Root Certification Authority"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \263\036\261\267\100\343\154\204\002\332\334\067\324\115\365\324
 \147\111\122\371
@@ -3802,16 +4194,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "RSA Security 2048 v3"
 #
+# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc
+# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02
+# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc
+# Not Valid Before: Thu Feb 22 20:39:23 2001
+# Not Valid After : Sun Feb 22 20:39:23 2026
+# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E
+# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "RSA Security 2048 v3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101
@@ -3884,16 +4283,23 @@ CKA_VALUE MULTILINE_OCTAL
 \045\102\164\005\200\050\277\275\301\044\226\130\025\261\027\041
 \351\211\113\333\007\210\147\364\025\255\160\076\057\115\205\073
 \302\267\333\376\230\150\043\211\341\164\017\336\364\305\204\143
 \051\033\314\313\007\311\000\244\251\327\302\042\117\147\327\167
 \354\040\005\141\336
 END
 
 # Trust for Certificate "RSA Security 2048 v3"
+# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc
+# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02
+# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc
+# Not Valid Before: Thu Feb 22 20:39:23 2001
+# Not Valid After : Sun Feb 22 20:39:23 2026
+# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E
+# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "RSA Security 2048 v3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \045\001\220\031\317\373\331\231\034\267\150\045\164\215\224\137
 \060\223\225\102
@@ -3914,16 +4320,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GeoTrust Global CA"
 #
+# Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
+# Serial Number: 144470 (0x23456)
+# Subject: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
+# Not Valid Before: Tue May 21 04:00:00 2002
+# Not Valid After : Sat May 21 04:00:00 2022
+# Fingerprint (MD5): F7:75:AB:29:FB:51:4E:B7:77:5E:FF:05:3C:99:8E:F5
+# Fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Global CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -3996,16 +4409,23 @@ CKA_VALUE MULTILINE_OCTAL
 \256\071\246\152\164\351\332\304\347\274\115\064\036\251\134\115
 \063\137\222\011\057\210\146\135\167\227\307\035\166\023\251\325
 \345\361\026\011\021\065\325\254\333\044\161\160\054\230\126\013
 \331\027\264\321\343\121\053\136\165\350\325\320\334\117\064\355
 \302\005\146\200\241\313\346\063
 END
 
 # Trust for Certificate "GeoTrust Global CA"
+# Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
+# Serial Number: 144470 (0x23456)
+# Subject: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
+# Not Valid Before: Tue May 21 04:00:00 2002
+# Not Valid After : Sat May 21 04:00:00 2022
+# Fingerprint (MD5): F7:75:AB:29:FB:51:4E:B7:77:5E:FF:05:3C:99:8E:F5
+# Fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Global CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \336\050\364\244\377\345\271\057\243\305\003\321\243\111\247\371
 \226\052\202\022
@@ -4026,16 +4446,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GeoTrust Global CA 2"
 #
+# Issuer: CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Mon Mar 04 05:00:00 2019
+# Fingerprint (MD5): 0E:40:A7:6C:DE:03:5D:8F:D1:0F:E4:D1:8D:F9:6C:A9
+# Fingerprint (SHA1): A9:E9:78:08:14:37:58:88:F2:05:19:B0:6D:2B:0D:2B:60:16:90:7D
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Global CA 2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -4109,16 +4536,23 @@ CKA_VALUE MULTILINE_OCTAL
 \000\315\111\271\263\154\173\123\004\032\342\250\311\252\022\005
 \043\302\316\347\273\004\002\314\300\107\242\344\304\051\057\133
 \105\127\211\121\356\074\353\122\010\377\007\065\036\237\065\152
 \107\112\126\230\321\132\205\037\214\365\042\277\253\316\203\363
 \342\042\051\256\175\203\100\250\272\154
 END
 
 # Trust for Certificate "GeoTrust Global CA 2"
+# Issuer: CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Mon Mar 04 05:00:00 2019
+# Fingerprint (MD5): 0E:40:A7:6C:DE:03:5D:8F:D1:0F:E4:D1:8D:F9:6C:A9
+# Fingerprint (SHA1): A9:E9:78:08:14:37:58:88:F2:05:19:B0:6D:2B:0D:2B:60:16:90:7D
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Global CA 2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \251\351\170\010\024\067\130\210\362\005\031\260\155\053\015\053
 \140\026\220\175
@@ -4139,16 +4573,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GeoTrust Universal CA"
 #
+# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Sun Mar 04 05:00:00 2029
+# Fingerprint (MD5): 92:65:58:8B:A2:1A:31:72:73:68:5C:B4:A5:7A:07:48
+# Fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Universal CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -4254,16 +4695,23 @@ CKA_VALUE MULTILINE_OCTAL
 \317\265\135\353\333\333\034\304\166\337\210\271\275\105\005\225
 \033\256\374\106\152\114\257\110\343\316\256\017\322\176\353\346
 \154\234\117\201\152\172\144\254\273\076\325\347\313\166\056\305
 \247\110\301\134\220\017\313\310\077\372\346\062\341\215\033\157
 \244\346\216\330\371\051\110\212\316\163\376\054
 END
 
 # Trust for Certificate "GeoTrust Universal CA"
+# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Sun Mar 04 05:00:00 2029
+# Fingerprint (MD5): 92:65:58:8B:A2:1A:31:72:73:68:5C:B4:A5:7A:07:48
+# Fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Universal CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \346\041\363\065\103\171\005\232\113\150\060\235\212\057\164\042
 \025\207\354\171
@@ -4284,16 +4732,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GeoTrust Universal CA 2"
 #
+# Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Sun Mar 04 05:00:00 2029
+# Fingerprint (MD5): 34:FC:B8:D0:36:DB:9E:14:B3:C2:F2:DB:8F:E4:94:C7
+# Fingerprint (SHA1): 37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Universal CA 2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -4399,16 +4854,23 @@ CKA_VALUE MULTILINE_OCTAL
 \175\231\364\061\366\161\251\317\054\001\047\245\005\271\252\262
 \110\116\052\357\237\223\122\121\225\074\122\163\216\126\114\027
 \100\300\011\050\344\213\152\110\123\333\354\315\125\125\361\306
 \370\351\242\054\114\246\321\046\137\176\257\132\114\332\037\246
 \362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222
 END
 
 # Trust for Certificate "GeoTrust Universal CA 2"
+# Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Sun Mar 04 05:00:00 2029
+# Fingerprint (MD5): 34:FC:B8:D0:36:DB:9E:14:B3:C2:F2:DB:8F:E4:94:C7
+# Fingerprint (SHA1): 37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Universal CA 2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \067\232\031\173\101\205\105\065\014\246\003\151\363\074\056\257
 \107\117\040\171
@@ -4429,16 +4891,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "UTN-USER First-Network Applications"
 #
+# Issuer: CN=UTN-USERFirst-Network Applications,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:30:4b:c0:33:77
+# Subject: CN=UTN-USERFirst-Network Applications,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:48:39 1999
+# Not Valid After : Tue Jul 09 18:57:49 2019
+# Fingerprint (MD5): BF:60:59:A3:5B:BA:F6:A7:76:42:DA:6F:1A:7B:50:CF
+# Fingerprint (SHA1): 5D:98:9C:DB:15:96:11:36:51:65:64:1B:56:0F:DB:EA:2A:C2:3E:F1
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN-USER First-Network Applications"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\243\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -4541,16 +5010,23 @@ CKA_VALUE MULTILINE_OCTAL
 \140\105\235\361\043\232\260\000\234\150\265\230\120\323\357\216
 \056\222\145\261\110\076\041\276\025\060\052\015\265\014\243\153
 \077\256\177\127\365\037\226\174\337\157\335\202\060\054\145\033
 \100\112\315\150\271\162\354\161\166\354\124\216\037\205\014\001
 \152\372\246\070\254\037\304\204
 END
 
 # Trust for Certificate "UTN-USER First-Network Applications"
+# Issuer: CN=UTN-USERFirst-Network Applications,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:30:4b:c0:33:77
+# Subject: CN=UTN-USERFirst-Network Applications,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:48:39 1999
+# Not Valid After : Tue Jul 09 18:57:49 2019
+# Fingerprint (MD5): BF:60:59:A3:5B:BA:F6:A7:76:42:DA:6F:1A:7B:50:CF
+# Fingerprint (SHA1): 5D:98:9C:DB:15:96:11:36:51:65:64:1B:56:0F:DB:EA:2A:C2:3E:F1
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN-USER First-Network Applications"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \135\230\234\333\025\226\021\066\121\145\144\033\126\017\333\352
 \052\302\076\361
@@ -4578,16 +5054,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "America Online Root Certification Authority 1"
 #
+# Issuer: CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US
+# Not Valid Before: Tue May 28 06:00:00 2002
+# Not Valid After : Thu Nov 19 20:43:00 2037
+# Fingerprint (MD5): 14:F1:08:AD:9D:FA:64:E2:89:E7:1C:CF:A8:AD:7D:5E
+# Fingerprint (SHA1): 39:21:C1:15:C1:5D:0E:CA:5C:CB:5B:C4:F0:7D:21:D8:05:0B:56:6A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "America Online Root Certification Authority 1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -4669,16 +5152,23 @@ CKA_VALUE MULTILINE_OCTAL
 \060\306\307\065\206\263\371\226\137\106\333\014\105\375\363\120
 \303\157\306\303\110\255\106\246\341\047\107\012\035\016\233\266
 \302\167\177\143\362\340\175\032\276\374\340\337\327\307\247\154
 \260\371\256\272\074\375\164\264\021\350\130\015\200\274\323\250
 \200\072\231\355\165\314\106\173
 END
 
 # Trust for Certificate "America Online Root Certification Authority 1"
+# Issuer: CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US
+# Not Valid Before: Tue May 28 06:00:00 2002
+# Not Valid After : Thu Nov 19 20:43:00 2037
+# Fingerprint (MD5): 14:F1:08:AD:9D:FA:64:E2:89:E7:1C:CF:A8:AD:7D:5E
+# Fingerprint (SHA1): 39:21:C1:15:C1:5D:0E:CA:5C:CB:5B:C4:F0:7D:21:D8:05:0B:56:6A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "America Online Root Certification Authority 1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \071\041\301\025\301\135\016\312\134\313\133\304\360\175\041\330
 \005\013\126\152
@@ -4701,16 +5191,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "America Online Root Certification Authority 2"
 #
+# Issuer: CN=America Online Root Certification Authority 2,O=America Online Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=America Online Root Certification Authority 2,O=America Online Inc.,C=US
+# Not Valid Before: Tue May 28 06:00:00 2002
+# Not Valid After : Tue Sep 29 14:08:00 2037
+# Fingerprint (MD5): D6:ED:3C:CA:E2:66:0F:AF:10:43:0D:77:9B:04:09:BF
+# Fingerprint (SHA1): 85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "America Online Root Certification Authority 2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -4824,16 +5321,23 @@ CKA_VALUE MULTILINE_OCTAL
 \377\023\312\057\135\203\274\207\223\154\334\044\121\026\004\045
 \146\372\263\331\302\272\051\276\232\110\070\202\231\364\277\073
 \112\061\031\371\277\216\041\063\024\312\117\124\137\373\316\373
 \217\161\177\375\136\031\240\017\113\221\270\304\124\274\006\260
 \105\217\046\221\242\216\376\251
 END
 
 # Trust for Certificate "America Online Root Certification Authority 2"
+# Issuer: CN=America Online Root Certification Authority 2,O=America Online Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=America Online Root Certification Authority 2,O=America Online Inc.,C=US
+# Not Valid Before: Tue May 28 06:00:00 2002
+# Not Valid After : Tue Sep 29 14:08:00 2037
+# Fingerprint (MD5): D6:ED:3C:CA:E2:66:0F:AF:10:43:0D:77:9B:04:09:BF
+# Fingerprint (SHA1): 85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "America Online Root Certification Authority 2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \205\265\377\147\233\014\171\226\037\310\156\104\042\000\106\023
 \333\027\222\204
@@ -4856,16 +5360,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Visa eCommerce Root"
 #
+# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
+# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62
+# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
+# Not Valid Before: Wed Jun 26 02:18:36 2002
+# Not Valid After : Fri Jun 24 00:16:12 2022
+# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02
+# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Visa eCommerce Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -4948,16 +5459,23 @@ CKA_VALUE MULTILINE_OCTAL
 \373\340\333\146\243\000\001\275\346\054\332\221\137\240\106\213
 \115\152\234\075\075\335\005\106\376\166\277\240\012\074\344\000
 \346\047\267\377\204\055\336\272\042\047\226\020\161\353\042\355
 \337\337\063\234\317\343\255\256\216\324\216\346\117\121\257\026
 \222\340\134\366\007\017
 END
 
 # Trust for Certificate "Visa eCommerce Root"
+# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
+# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62
+# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
+# Not Valid Before: Wed Jun 26 02:18:36 2002
+# Not Valid After : Fri Jun 24 00:16:12 2022
+# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02
+# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Visa eCommerce Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \160\027\233\206\214\000\244\372\140\221\122\042\077\237\076\062
 \275\340\005\142
@@ -4981,16 +5499,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Certum Root CA"
 #
+# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Serial Number: 65568 (0x10020)
+# Subject: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Not Valid Before: Tue Jun 11 10:46:39 2002
+# Not Valid After : Fri Jun 11 10:46:39 2027
+# Fingerprint (MD5): 2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9
+# Fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Certum Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061
@@ -5056,16 +5581,23 @@ CKA_VALUE MULTILINE_OCTAL
 \362\274\156\144\365\132\126\220\250\307\016\114\164\017\056\161
 \073\367\310\107\364\151\157\025\362\021\136\203\036\234\174\122
 \256\375\002\332\022\250\131\147\030\333\274\160\335\233\261\151
 \355\200\316\211\100\110\152\016\065\312\051\146\025\041\224\054
 \350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163
 END
 
 # Trust for Certificate "Certum Root CA"
+# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Serial Number: 65568 (0x10020)
+# Subject: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Not Valid Before: Tue Jun 11 10:46:39 2002
+# Not Valid After : Fri Jun 11 10:46:39 2027
+# Fingerprint (MD5): 2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9
+# Fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Certum Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \142\122\334\100\367\021\103\242\057\336\236\367\064\216\006\102
 \121\261\201\030
@@ -5085,16 +5617,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Comodo AAA Services root"
 #
+# Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): 49:79:04:B0:EB:87:19:AC:47:B0:BC:11:51:9B:74:D0
+# Fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Comodo AAA Services root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\173\061\013\060\011\006\003\125\004\006\023\002\107\102\061
@@ -5187,16 +5726,23 @@ CKA_VALUE MULTILINE_OCTAL
 \227\140\370\220\136\164\324\242\232\123\275\362\251\150\340\242
 \156\302\327\154\261\243\017\236\277\353\150\347\126\362\256\362
 \343\053\070\072\011\201\265\153\205\327\276\055\355\077\032\267
 \262\143\342\365\142\054\202\324\152\000\101\120\361\071\203\237
 \225\351\066\226\230\156
 END
 
 # Trust for Certificate "Comodo AAA Services root"
+# Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): 49:79:04:B0:EB:87:19:AC:47:B0:BC:11:51:9B:74:D0
+# Fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Comodo AAA Services root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \321\353\043\244\155\027\326\217\331\045\144\302\361\361\140\027
 \144\330\343\111
@@ -5220,16 +5766,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Comodo Secure Services root"
 #
+# Issuer: CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): D3:D9:BD:AE:9F:AC:67:24:B3:C8:1B:52:E1:B9:A9:BD
+# Fingerprint (SHA1): 4A:65:D5:F4:1D:EF:39:B8:B8:90:4A:4A:D3:64:81:33:CF:C7:A1:D1
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Comodo Secure Services root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\176\061\013\060\011\006\003\125\004\006\023\002\107\102\061
@@ -5323,16 +5876,23 @@ CKA_VALUE MULTILINE_OCTAL
 \243\360\244\050\244\025\304\205\364\047\324\153\277\345\134\344
 \145\002\166\124\264\343\067\146\044\323\031\141\310\122\020\345
 \213\067\232\271\251\371\035\277\352\231\222\141\226\377\001\315
 \241\137\015\274\161\274\016\254\013\035\107\105\035\301\354\174
 \354\375\051
 END
 
 # Trust for Certificate "Comodo Secure Services root"
+# Issuer: CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): D3:D9:BD:AE:9F:AC:67:24:B3:C8:1B:52:E1:B9:A9:BD
+# Fingerprint (SHA1): 4A:65:D5:F4:1D:EF:39:B8:B8:90:4A:4A:D3:64:81:33:CF:C7:A1:D1
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Comodo Secure Services root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \112\145\325\364\035\357\071\270\270\220\112\112\323\144\201\063
 \317\307\241\321
@@ -5356,16 +5916,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Comodo Trusted Services root"
 #
+# Issuer: CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): 91:1B:3F:6E:CD:9E:AB:EE:07:FE:1F:71:D2:B3:61:27
+# Fingerprint (SHA1): E1:9F:E3:0E:8B:84:60:9E:80:9B:17:0D:72:A8:C5:BA:6E:14:09:BD
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Comodo Trusted Services root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\177\061\013\060\011\006\003\125\004\006\023\002\107\102\061
@@ -5461,16 +6028,23 @@ CKA_VALUE MULTILINE_OCTAL
 \115\045\107\356\057\210\310\265\341\005\105\300\276\024\161\336
 \172\375\216\173\175\115\010\226\245\022\163\360\055\312\067\047
 \164\022\047\114\313\266\227\351\331\256\010\155\132\071\100\335
 \005\107\165\152\132\041\263\243\030\317\116\367\056\127\267\230
 \160\136\310\304\170\260\142
 END
 
 # Trust for Certificate "Comodo Trusted Services root"
+# Issuer: CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): 91:1B:3F:6E:CD:9E:AB:EE:07:FE:1F:71:D2:B3:61:27
+# Fingerprint (SHA1): E1:9F:E3:0E:8B:84:60:9E:80:9B:17:0D:72:A8:C5:BA:6E:14:09:BD
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Comodo Trusted Services root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \341\237\343\016\213\204\140\236\200\233\027\015\162\250\305\272
 \156\024\011\275
@@ -5495,16 +6069,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "QuoVadis Root CA"
 #
+# Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
+# Serial Number: 985026699 (0x3ab6508b)
+# Subject: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
+# Not Valid Before: Mon Mar 19 18:33:33 2001
+# Not Valid After : Wed Mar 17 18:33:33 2021
+# Fingerprint (MD5): 27:DE:36:FE:72:B7:00:03:00:9D:F4:F0:1E:6C:04:24
+# Fingerprint (SHA1): DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "QuoVadis Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\177\061\013\060\011\006\003\125\004\006\023\002\102\115\061
@@ -5625,16 +6206,23 @@ CKA_VALUE MULTILINE_OCTAL
 \242\346\352\131\042\207\370\227\365\016\375\352\314\222\244\026
 \304\122\030\352\041\316\261\361\346\204\201\345\272\251\206\050
 \362\103\132\135\022\235\254\036\331\250\345\012\152\247\177\240
 \207\051\317\362\211\115\324\354\305\342\346\172\320\066\043\212
 \112\164\066\371
 END
 
 # Trust for Certificate "QuoVadis Root CA"
+# Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
+# Serial Number: 985026699 (0x3ab6508b)
+# Subject: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
+# Not Valid Before: Mon Mar 19 18:33:33 2001
+# Not Valid After : Wed Mar 17 18:33:33 2021
+# Fingerprint (MD5): 27:DE:36:FE:72:B7:00:03:00:9D:F4:F0:1E:6C:04:24
+# Fingerprint (SHA1): DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "QuoVadis Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \336\077\100\275\120\223\323\233\154\140\366\332\274\007\142\001
 \000\211\166\311
@@ -5659,16 +6247,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "QuoVadis Root CA 2"
 #
+# Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
+# Serial Number: 1289 (0x509)
+# Subject: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
+# Not Valid Before: Fri Nov 24 18:27:00 2006
+# Not Valid After : Mon Nov 24 18:23:33 2031
+# Fingerprint (MD5): 5E:39:7B:DD:F8:BA:EC:82:E9:AC:62:BA:0C:54:00:2B
+# Fingerprint (SHA1): CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "QuoVadis Root CA 2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061
@@ -5779,16 +6374,23 @@ CKA_VALUE MULTILINE_OCTAL
 \341\243\223\035\314\212\046\132\011\070\320\316\327\015\200\026
 \264\170\245\072\207\114\215\212\245\325\106\227\362\054\020\271
 \274\124\042\300\001\120\151\103\236\364\262\357\155\370\354\332
 \361\343\261\357\337\221\217\124\052\013\045\301\046\031\304\122
 \020\005\145\325\202\020\352\302\061\315\056
 END
 
 # Trust for Certificate "QuoVadis Root CA 2"
+# Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
+# Serial Number: 1289 (0x509)
+# Subject: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
+# Not Valid Before: Fri Nov 24 18:27:00 2006
+# Not Valid After : Mon Nov 24 18:23:33 2031
+# Fingerprint (MD5): 5E:39:7B:DD:F8:BA:EC:82:E9:AC:62:BA:0C:54:00:2B
+# Fingerprint (SHA1): CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "QuoVadis Root CA 2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \312\072\373\317\022\100\066\113\104\262\026\040\210\200\110\071
 \031\223\174\367
@@ -5809,16 +6411,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "QuoVadis Root CA 3"
 #
+# Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
+# Serial Number: 1478 (0x5c6)
+# Subject: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
+# Not Valid Before: Fri Nov 24 19:11:23 2006
+# Not Valid After : Mon Nov 24 19:06:44 2031
+# Fingerprint (MD5): 31:85:3C:62:94:97:63:B9:AA:FD:89:4E:AF:6F:E0:CF
+# Fingerprint (SHA1): 1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "QuoVadis Root CA 3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061
@@ -5944,16 +6553,23 @@ CKA_VALUE MULTILINE_OCTAL
 \230\231\140\224\134\043\317\132\047\227\136\013\005\006\223\067
 \036\073\151\066\353\251\236\141\035\217\062\332\216\014\326\164
 \076\173\011\044\332\001\167\107\304\073\315\064\214\231\365\312
 \341\045\141\063\262\131\033\342\156\327\067\127\266\015\251\022
 \332
 END
 
 # Trust for Certificate "QuoVadis Root CA 3"
+# Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
+# Serial Number: 1478 (0x5c6)
+# Subject: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
+# Not Valid Before: Fri Nov 24 19:11:23 2006
+# Not Valid After : Mon Nov 24 19:06:44 2031
+# Fingerprint (MD5): 31:85:3C:62:94:97:63:B9:AA:FD:89:4E:AF:6F:E0:CF
+# Fingerprint (SHA1): 1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "QuoVadis Root CA 3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \037\111\024\367\330\164\225\035\335\256\002\300\276\375\072\055
 \202\165\121\205
@@ -5974,16 +6590,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Security Communication Root CA"
 #
+# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
+# Not Valid Before: Tue Sep 30 04:20:49 2003
+# Not Valid After : Sat Sep 30 04:20:49 2023
+# Fingerprint (MD5): F1:BC:63:6A:54:E0:B5:27:F5:CD:E7:1A:E3:4D:6E:4A
+# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Security Communication Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061
@@ -6058,16 +6681,23 @@ CKA_VALUE MULTILINE_OCTAL
 \065\303\340\210\141\311\210\307\337\066\020\042\230\131\352\260
 \112\373\126\026\163\156\254\115\367\042\241\117\255\035\172\055
 \105\047\345\060\301\136\362\332\023\313\045\102\121\225\107\003
 \214\154\041\314\164\102\355\123\377\063\213\217\017\127\001\026
 \057\317\246\356\311\160\042\024\275\375\276\154\013\003
 END
 
 # Trust for Certificate "Security Communication Root CA"
+# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
+# Not Valid Before: Tue Sep 30 04:20:49 2003
+# Not Valid After : Sat Sep 30 04:20:49 2023
+# Fingerprint (MD5): F1:BC:63:6A:54:E0:B5:27:F5:CD:E7:1A:E3:4D:6E:4A
+# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Security Communication Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \066\261\053\111\371\201\236\327\114\236\274\070\017\306\126\217
 \135\254\262\367
@@ -6089,16 +6719,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Sonera Class 1 Root CA"
 #
+# Issuer: CN=Sonera Class1 CA,O=Sonera,C=FI
+# Serial Number: 36 (0x24)
+# Subject: CN=Sonera Class1 CA,O=Sonera,C=FI
+# Not Valid Before: Fri Apr 06 10:49:13 2001
+# Not Valid After : Tue Apr 06 10:49:13 2021
+# Fingerprint (MD5): 33:B7:84:F5:5F:27:D7:68:27:DE:14:DE:12:2A:ED:6F
+# Fingerprint (SHA1): 07:47:22:01:99:CE:74:B9:7C:B0:3D:79:B2:64:A2:C8:55:E9:33:FF
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Sonera Class 1 Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061
@@ -6166,16 +6803,23 @@ CKA_VALUE MULTILINE_OCTAL
 \032\270\273\075\217\251\212\070\025\367\163\320\132\140\321\200
 \260\360\334\325\120\315\116\356\222\110\151\355\262\043\036\060
 \314\310\224\310\266\365\073\206\177\077\246\056\237\366\076\054
 \265\222\226\076\337\054\223\212\377\201\214\017\017\131\041\031
 \127\275\125\232
 END
 
 # Trust for Certificate "Sonera Class 1 Root CA"
+# Issuer: CN=Sonera Class1 CA,O=Sonera,C=FI
+# Serial Number: 36 (0x24)
+# Subject: CN=Sonera Class1 CA,O=Sonera,C=FI
+# Not Valid Before: Fri Apr 06 10:49:13 2001
+# Not Valid After : Tue Apr 06 10:49:13 2021
+# Fingerprint (MD5): 33:B7:84:F5:5F:27:D7:68:27:DE:14:DE:12:2A:ED:6F
+# Fingerprint (SHA1): 07:47:22:01:99:CE:74:B9:7C:B0:3D:79:B2:64:A2:C8:55:E9:33:FF
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Sonera Class 1 Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \007\107\042\001\231\316\164\271\174\260\075\171\262\144\242\310
 \125\351\063\377
@@ -6195,16 +6839,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Sonera Class 2 Root CA"
 #
+# Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Serial Number: 29 (0x1d)
+# Subject: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Not Valid Before: Fri Apr 06 07:29:40 2001
+# Not Valid After : Tue Apr 06 07:29:40 2021
+# Fingerprint (MD5): A3:EC:75:0F:2E:88:DF:FA:48:01:4E:0B:5C:48:6F:FB
+# Fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Sonera Class 2 Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061
@@ -6272,16 +6923,23 @@ CKA_VALUE MULTILINE_OCTAL
 \256\364\135\304\261\022\334\312\073\250\056\235\024\132\005\165
 \267\354\327\143\342\272\065\266\004\010\221\350\332\235\234\366
 \146\265\030\254\012\246\124\046\064\063\322\033\301\324\177\032
 \072\216\013\252\062\156\333\374\117\045\237\331\062\307\226\132
 \160\254\337\114
 END
 
 # Trust for Certificate "Sonera Class 2 Root CA"
+# Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Serial Number: 29 (0x1d)
+# Subject: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Not Valid Before: Fri Apr 06 07:29:40 2001
+# Not Valid After : Tue Apr 06 07:29:40 2021
+# Fingerprint (MD5): A3:EC:75:0F:2E:88:DF:FA:48:01:4E:0B:5C:48:6F:FB
+# Fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Sonera Class 2 Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \067\367\155\346\007\174\220\305\261\076\223\032\267\101\020\264
 \362\344\232\047
@@ -6301,16 +6959,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Staat der Nederlanden Root CA"
 #
+# Issuer: CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL
+# Serial Number: 10000010 (0x98968a)
+# Subject: CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL
+# Not Valid Before: Tue Dec 17 09:23:49 2002
+# Not Valid After : Wed Dec 16 09:15:38 2015
+# Fingerprint (MD5): 60:84:7C:5A:CE:DB:0C:D4:CB:A7:E9:FE:02:C6:A9:C0
+# Fingerprint (SHA1): 10:1D:FA:3F:D5:0B:CB:BB:9B:B5:60:0C:19:55:A4:1A:F4:73:3A:04
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Staat der Nederlanden Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\125\061\013\060\011\006\003\125\004\006\023\002\116\114\061
@@ -6391,16 +7056,23 @@ CKA_VALUE MULTILINE_OCTAL
 \135\026\027\054\021\151\347\176\376\305\203\010\337\274\334\042
 \072\056\040\151\043\071\126\140\147\220\213\056\166\071\373\021
 \210\227\366\174\275\113\270\040\026\147\005\215\342\073\301\162
 \077\224\225\067\307\135\271\236\330\223\241\027\217\377\014\146
 \025\301\044\174\062\174\003\035\073\241\130\105\062\223
 END
 
 # Trust for Certificate "Staat der Nederlanden Root CA"
+# Issuer: CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL
+# Serial Number: 10000010 (0x98968a)
+# Subject: CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL
+# Not Valid Before: Tue Dec 17 09:23:49 2002
+# Not Valid After : Wed Dec 16 09:15:38 2015
+# Fingerprint (MD5): 60:84:7C:5A:CE:DB:0C:D4:CB:A7:E9:FE:02:C6:A9:C0
+# Fingerprint (SHA1): 10:1D:FA:3F:D5:0B:CB:BB:9B:B5:60:0C:19:55:A4:1A:F4:73:3A:04
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Staat der Nederlanden Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \020\035\372\077\325\013\313\273\233\265\140\014\031\125\244\032
 \364\163\072\004
@@ -6422,16 +7094,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "TDC Internet Root CA"
 #
+# Issuer: OU=TDC Internet Root CA,O=TDC Internet,C=DK
+# Serial Number: 986490188 (0x3acca54c)
+# Subject: OU=TDC Internet Root CA,O=TDC Internet,C=DK
+# Not Valid Before: Thu Apr 05 16:33:17 2001
+# Not Valid After : Mon Apr 05 17:03:17 2021
+# Fingerprint (MD5): 91:F4:03:55:20:A1:F8:63:2C:62:DE:AC:FB:61:1C:8E
+# Fingerprint (SHA1): 21:FC:BD:8E:7F:6C:AF:05:1B:D1:B3:43:EC:A8:E7:61:47:F2:0F:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TDC Internet Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\103\061\013\060\011\006\003\125\004\006\023\002\104\113\061
@@ -6517,16 +7196,23 @@ CKA_VALUE MULTILINE_OCTAL
 \304\011\137\164\213\331\021\373\302\126\261\074\370\160\312\064
 \215\103\100\023\214\375\231\003\124\171\306\056\352\206\241\366
 \072\324\011\274\364\274\146\314\075\130\320\127\111\012\356\045
 \342\101\356\023\371\233\070\064\321\000\365\176\347\224\035\374
 \151\003\142\270\231\005\005\075\153\170\022\275\260\157\145
 END
 
 # Trust for Certificate "TDC Internet Root CA"
+# Issuer: OU=TDC Internet Root CA,O=TDC Internet,C=DK
+# Serial Number: 986490188 (0x3acca54c)
+# Subject: OU=TDC Internet Root CA,O=TDC Internet,C=DK
+# Not Valid Before: Thu Apr 05 16:33:17 2001
+# Not Valid After : Mon Apr 05 17:03:17 2021
+# Fingerprint (MD5): 91:F4:03:55:20:A1:F8:63:2C:62:DE:AC:FB:61:1C:8E
+# Fingerprint (SHA1): 21:FC:BD:8E:7F:6C:AF:05:1B:D1:B3:43:EC:A8:E7:61:47:F2:0F:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TDC Internet Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \041\374\275\216\177\154\257\005\033\321\263\103\354\250\347\141
 \107\362\017\212
@@ -6547,16 +7233,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "TDC OCES Root CA"
 #
+# Issuer: CN=TDC OCES CA,O=TDC,C=DK
+# Serial Number: 1044954564 (0x3e48bdc4)
+# Subject: CN=TDC OCES CA,O=TDC,C=DK
+# Not Valid Before: Tue Feb 11 08:39:30 2003
+# Not Valid After : Wed Feb 11 09:09:30 2037
+# Fingerprint (MD5): 93:7F:90:1C:ED:84:67:17:A4:65:5F:9B:CB:30:02:97
+# Fingerprint (SHA1): 87:81:C2:5A:96:BD:C2:FB:4C:65:06:4F:F9:39:0B:26:04:8A:0E:01
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TDC OCES Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\061\061\013\060\011\006\003\125\004\006\023\002\104\113\061
@@ -6655,16 +7348,23 @@ CKA_VALUE MULTILINE_OCTAL
 \071\334\342\074\306\330\125\365\025\116\310\005\016\333\306\320
 \142\246\354\025\264\265\002\202\333\254\214\242\201\360\233\231
 \061\365\040\040\250\210\141\012\007\237\224\374\320\327\033\314
 \056\027\363\004\047\166\147\353\124\203\375\244\220\176\006\075
 \004\243\103\055\332\374\013\142\352\057\137\142\123
 END
 
 # Trust for Certificate "TDC OCES Root CA"
+# Issuer: CN=TDC OCES CA,O=TDC,C=DK
+# Serial Number: 1044954564 (0x3e48bdc4)
+# Subject: CN=TDC OCES CA,O=TDC,C=DK
+# Not Valid Before: Tue Feb 11 08:39:30 2003
+# Not Valid After : Wed Feb 11 09:09:30 2037
+# Fingerprint (MD5): 93:7F:90:1C:ED:84:67:17:A4:65:5F:9B:CB:30:02:97
+# Fingerprint (SHA1): 87:81:C2:5A:96:BD:C2:FB:4C:65:06:4F:F9:39:0B:26:04:8A:0E:01
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TDC OCES Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \207\201\302\132\226\275\302\373\114\145\006\117\371\071\013\046
 \004\212\016\001
@@ -6684,16 +7384,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "UTN DATACorp SGC Root CA"
 #
+# Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:21:b4:11:d3:2a:68:06:a9:ad:69
+# Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Thu Jun 24 18:57:21 1999
+# Not Valid After : Mon Jun 24 19:06:30 2019
+# Fingerprint (MD5): B3:A5:3E:77:21:6D:AC:4A:C0:C9:FB:D5:41:3D:CA:06
+# Fingerprint (SHA1): 58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN DATACorp SGC Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\223\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -6794,16 +7501,23 @@ CKA_VALUE MULTILINE_OCTAL
 \330\300\215\355\221\172\114\000\217\162\177\135\332\335\033\213
 \105\153\347\335\151\227\250\305\126\114\017\014\366\237\172\221
 \067\366\227\202\340\335\161\151\377\166\077\140\115\074\317\367
 \231\371\306\127\364\311\125\071\170\272\054\171\311\246\210\053
 \364\010
 END
 
 # Trust for Certificate "UTN DATACorp SGC Root CA"
+# Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:21:b4:11:d3:2a:68:06:a9:ad:69
+# Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Thu Jun 24 18:57:21 1999
+# Not Valid After : Mon Jun 24 19:06:30 2019
+# Fingerprint (MD5): B3:A5:3E:77:21:6D:AC:4A:C0:C9:FB:D5:41:3D:CA:06
+# Fingerprint (SHA1): 58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN DATACorp SGC Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \130\021\237\016\022\202\207\352\120\375\331\207\105\157\117\170
 \334\372\326\324
@@ -6830,16 +7544,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "UTN USERFirst Email Root CA"
 #
+# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
+# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 17:28:50 1999
+# Not Valid After : Tue Jul 09 17:36:58 2019
+# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
+# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN USERFirst Email Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -6948,16 +7669,23 @@ CKA_VALUE MULTILINE_OCTAL
 \176\161\315\274\237\351\003\033\314\373\351\254\061\301\257\174
 \025\164\002\231\303\262\107\246\302\062\141\327\307\157\110\044
 \121\047\241\325\207\125\362\173\217\230\075\026\236\356\165\266
 \370\320\216\362\363\306\256\050\133\247\360\363\066\027\374\303
 \005\323\312\003\112\124
 END
 
 # Trust for Certificate "UTN USERFirst Email Root CA"
+# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
+# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 17:28:50 1999
+# Not Valid After : Tue Jul 09 17:36:58 2019
+# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
+# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN USERFirst Email Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \261\162\261\245\155\225\371\037\345\002\207\341\115\067\352\152
 \104\143\166\212
@@ -6986,16 +7714,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "UTN USERFirst Hardware Root CA"
 #
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
+# Subject: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:10:42 1999
+# Not Valid After : Tue Jul 09 18:19:22 2019
+# Fingerprint (MD5): 4C:56:41:E5:0D:BB:2B:E8:CA:A3:ED:18:08:AD:43:39
+# Fingerprint (SHA1): 04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN USERFirst Hardware Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -7097,16 +7832,23 @@ CKA_VALUE MULTILINE_OCTAL
 \176\307\150\345\202\201\310\152\047\371\047\210\052\325\130\120
 \225\037\360\073\034\127\273\175\024\071\142\053\232\311\224\222
 \052\243\042\014\377\211\046\175\137\043\053\107\327\025\035\251
 \152\236\121\015\052\121\236\201\371\324\073\136\160\022\177\020
 \062\234\036\273\235\370\146\250
 END
 
 # Trust for Certificate "UTN USERFirst Hardware Root CA"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
+# Subject: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:10:42 1999
+# Not Valid After : Tue Jul 09 18:19:22 2019
+# Fingerprint (MD5): 4C:56:41:E5:0D:BB:2B:E8:CA:A3:ED:18:08:AD:43:39
+# Fingerprint (SHA1): 04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN USERFirst Hardware Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \004\203\355\063\231\254\066\010\005\207\042\355\274\136\106\000
 \343\276\371\327
@@ -7133,16 +7875,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "UTN USERFirst Object Root CA"
 #
+# Issuer: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
+# Subject: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:31:20 1999
+# Not Valid After : Tue Jul 09 18:40:36 2019
+# Fingerprint (MD5): A7:F2:E4:16:06:41:11:50:30:6B:9C:E3:B4:9C:B0:C9
+# Fingerprint (SHA1): E1:2D:FB:4B:41:D7:D9:C3:2B:30:51:4B:AC:1D:81:D8:38:5E:2D:46
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN USERFirst Object Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\225\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -7243,16 +7992,23 @@ CKA_VALUE MULTILINE_OCTAL
 \363\123\255\154\265\053\242\022\252\031\117\011\332\136\347\223
 \306\216\024\010\376\360\060\200\030\240\206\205\115\310\175\327
 \213\003\376\156\325\367\235\026\254\222\054\240\043\345\234\221
 \122\037\224\337\027\224\163\303\263\301\301\161\005\040\000\170
 \275\023\122\035\250\076\315\000\037\310
 END
 
 # Trust for Certificate "UTN USERFirst Object Root CA"
+# Issuer: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
+# Subject: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:31:20 1999
+# Not Valid After : Tue Jul 09 18:40:36 2019
+# Fingerprint (MD5): A7:F2:E4:16:06:41:11:50:30:6B:9C:E3:B4:9C:B0:C9
+# Fingerprint (SHA1): E1:2D:FB:4B:41:D7:D9:C3:2B:30:51:4B:AC:1D:81:D8:38:5E:2D:46
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN USERFirst Object Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \341\055\373\113\101\327\331\303\053\060\121\113\254\035\201\330
 \070\136\055\106
@@ -7279,16 +8035,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Camerfirma Chambers of Commerce Root"
 #
+# Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Serial Number: 0 (0x0)
+# Subject: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Not Valid Before: Tue Sep 30 16:13:43 2003
+# Not Valid After : Wed Sep 30 16:13:44 2037
+# Fingerprint (MD5): B0:01:EE:14:D9:AF:29:18:94:76:8E:F1:69:33:2A:84
+# Fingerprint (SHA1): 6E:3A:55:A4:19:0C:19:5C:93:84:3C:C0:DB:72:2E:31:30:61:F0:B1
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Camerfirma Chambers of Commerce Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\177\061\013\060\011\006\003\125\004\006\023\002\105\125\061
@@ -7392,16 +8155,23 @@ CKA_VALUE MULTILINE_OCTAL
 \170\064\074\224\233\046\355\117\161\306\031\172\275\040\042\110
 \132\376\113\175\003\267\347\130\276\306\062\116\164\036\150\335
 \250\150\133\263\076\356\142\175\331\200\350\012\165\172\267\356
 \264\145\232\041\220\340\252\320\230\274\070\265\163\074\213\370
 \334
 END
 
 # Trust for Certificate "Camerfirma Chambers of Commerce Root"
+# Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Serial Number: 0 (0x0)
+# Subject: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Not Valid Before: Tue Sep 30 16:13:43 2003
+# Not Valid After : Wed Sep 30 16:13:44 2037
+# Fingerprint (MD5): B0:01:EE:14:D9:AF:29:18:94:76:8E:F1:69:33:2A:84
+# Fingerprint (SHA1): 6E:3A:55:A4:19:0C:19:5C:93:84:3C:C0:DB:72:2E:31:30:61:F0:B1
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Camerfirma Chambers of Commerce Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \156\072\125\244\031\014\031\134\223\204\074\300\333\162\056\061
 \060\141\360\261
@@ -7426,16 +8196,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Camerfirma Global Chambersign Root"
 #
+# Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Serial Number: 0 (0x0)
+# Subject: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Not Valid Before: Tue Sep 30 16:14:18 2003
+# Not Valid After : Wed Sep 30 16:14:18 2037
+# Fingerprint (MD5): C5:E6:7B:BF:06:D0:4F:43:ED:C4:7A:65:8A:FB:6B:19
+# Fingerprint (SHA1): 33:9B:6B:14:50:24:9B:55:7A:01:87:72:84:D9:E0:2F:C3:D2:D8:E9
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Camerfirma Global Chambersign Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\175\061\013\060\011\006\003\125\004\006\023\002\105\125\061
@@ -7537,16 +8314,23 @@ CKA_VALUE MULTILINE_OCTAL
 \171\304\060\237\353\216\270\125\265\327\210\134\305\152\044\075
 \262\323\005\003\121\306\007\357\314\024\162\164\075\156\162\316
 \030\050\214\112\240\167\345\011\053\105\104\107\254\267\147\177
 \001\212\005\132\223\276\241\301\377\370\347\016\147\244\107\111
 \166\135\165\220\032\365\046\217\360
 END
 
 # Trust for Certificate "Camerfirma Global Chambersign Root"
+# Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Serial Number: 0 (0x0)
+# Subject: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Not Valid Before: Tue Sep 30 16:14:18 2003
+# Not Valid After : Wed Sep 30 16:14:18 2037
+# Fingerprint (MD5): C5:E6:7B:BF:06:D0:4F:43:ED:C4:7A:65:8A:FB:6B:19
+# Fingerprint (SHA1): 33:9B:6B:14:50:24:9B:55:7A:01:87:72:84:D9:E0:2F:C3:D2:D8:E9
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Camerfirma Global Chambersign Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \063\233\153\024\120\044\233\125\172\001\207\162\204\331\340\057
 \303\322\330\351
@@ -7570,16 +8354,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "NetLock Qualified (Class QA) Root"
 #
+# Issuer: E=info@netlock.hu,CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Serial Number: 123 (0x7b)
+# Subject: E=info@netlock.hu,CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Not Valid Before: Sun Mar 30 01:47:11 2003
+# Not Valid After : Thu Dec 15 01:47:11 2022
+# Fingerprint (MD5): D4:80:65:68:24:F9:89:22:28:DB:F5:A4:9A:17:8F:14
+# Fingerprint (SHA1): 01:68:97:E1:A0:B8:F2:C3:B1:34:66:5C:20:A7:27:B7:A1:58:E2:8F
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Qualified (Class QA) Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\311\061\013\060\011\006\003\125\004\006\023\002\110\125
@@ -7724,16 +8515,23 @@ CKA_VALUE MULTILINE_OCTAL
 \363\166\146\211\124\244\246\076\304\120\134\272\211\030\202\165
 \110\041\322\117\023\350\140\176\007\166\333\020\265\121\346\252
 \271\150\252\315\366\235\220\165\022\352\070\032\312\104\350\267
 \231\247\052\150\225\146\225\253\255\357\211\313\140\251\006\022
 \306\224\107\351\050
 END
 
 # Trust for Certificate "NetLock Qualified (Class QA) Root"
+# Issuer: E=info@netlock.hu,CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Serial Number: 123 (0x7b)
+# Subject: E=info@netlock.hu,CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Not Valid Before: Sun Mar 30 01:47:11 2003
+# Not Valid After : Thu Dec 15 01:47:11 2022
+# Fingerprint (MD5): D4:80:65:68:24:F9:89:22:28:DB:F5:A4:9A:17:8F:14
+# Fingerprint (SHA1): 01:68:97:E1:A0:B8:F2:C3:B1:34:66:5C:20:A7:27:B7:A1:58:E2:8F
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Qualified (Class QA) Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \001\150\227\341\240\270\362\303\261\064\146\134\040\247\047\267
 \241\130\342\217
@@ -7762,16 +8560,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "NetLock Notary (Class A) Root"
 #
+# Issuer: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU
+# Serial Number: 259 (0x103)
+# Subject: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU
+# Not Valid Before: Wed Feb 24 23:14:47 1999
+# Not Valid After : Tue Feb 19 23:14:47 2019
+# Fingerprint (MD5): 86:38:6D:5E:49:63:6C:85:5C:DB:6D:DC:94:B7:D0:F7
+# Fingerprint (SHA1): AC:ED:5F:65:53:FD:25:CE:01:5F:1F:7A:48:3B:6A:74:9F:61:78:C6
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Notary (Class A) Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\257\061\013\060\011\006\003\125\004\006\023\002\110\125
@@ -7909,16 +8714,23 @@ CKA_VALUE MULTILINE_OCTAL
 \277\134\240\012\033\341\016\172\351\342\200\303\351\351\366\375
 \154\021\236\320\345\050\047\053\124\062\102\024\202\165\346\112
 \360\053\146\165\143\214\242\373\004\076\203\016\233\066\360\030
 \344\046\040\303\214\360\050\007\255\074\027\146\210\265\375\266
 \210
 END
 
 # Trust for Certificate "NetLock Notary (Class A) Root"
+# Issuer: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU
+# Serial Number: 259 (0x103)
+# Subject: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU
+# Not Valid Before: Wed Feb 24 23:14:47 1999
+# Not Valid After : Tue Feb 19 23:14:47 2019
+# Fingerprint (MD5): 86:38:6D:5E:49:63:6C:85:5C:DB:6D:DC:94:B7:D0:F7
+# Fingerprint (SHA1): AC:ED:5F:65:53:FD:25:CE:01:5F:1F:7A:48:3B:6A:74:9F:61:78:C6
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Notary (Class A) Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \254\355\137\145\123\375\045\316\001\137\037\172\110\073\152\164
 \237\141\170\306
@@ -7946,16 +8758,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "NetLock Business (Class B) Root"
 #
+# Issuer: CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Serial Number: 105 (0x69)
+# Subject: CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Not Valid Before: Thu Feb 25 14:10:22 1999
+# Not Valid After : Wed Feb 20 14:10:22 2019
+# Fingerprint (MD5): 39:16:AA:B9:6A:41:E1:14:69:DF:9E:6C:3B:72:DC:B6
+# Fingerprint (SHA1): 87:9F:4B:EE:05:DF:98:58:3B:E3:60:D6:33:E7:0D:3F:FE:98:71:AF
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Business (Class B) Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\231\061\013\060\011\006\003\125\004\006\023\002\110\125
@@ -8069,16 +8888,23 @@ CKA_VALUE MULTILINE_OCTAL
 \145\343\102\160\273\042\220\343\175\333\065\166\341\240\265\332
 \237\160\156\223\032\060\071\035\060\333\056\343\174\262\221\262
 \321\067\051\372\271\326\027\134\107\117\343\035\070\353\237\325
 \173\225\250\050\236\025\112\321\321\320\053\000\227\240\342\222
 \066\053\143\254\130\001\153\063\051\120\206\203\361\001\110
 END
 
 # Trust for Certificate "NetLock Business (Class B) Root"
+# Issuer: CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Serial Number: 105 (0x69)
+# Subject: CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Not Valid Before: Thu Feb 25 14:10:22 1999
+# Not Valid After : Wed Feb 20 14:10:22 2019
+# Fingerprint (MD5): 39:16:AA:B9:6A:41:E1:14:69:DF:9E:6C:3B:72:DC:B6
+# Fingerprint (SHA1): 87:9F:4B:EE:05:DF:98:58:3B:E3:60:D6:33:E7:0D:3F:FE:98:71:AF
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Business (Class B) Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \207\237\113\356\005\337\230\130\073\343\140\326\063\347\015\077
 \376\230\161\257
@@ -8104,16 +8930,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "NetLock Express (Class C) Root"
 #
+# Issuer: CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Serial Number: 104 (0x68)
+# Subject: CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Not Valid Before: Thu Feb 25 14:08:11 1999
+# Not Valid After : Wed Feb 20 14:08:11 2019
+# Fingerprint (MD5): 4F:EB:F1:F0:70:C2:80:63:5D:58:9F:DA:12:3C:A9:C4
+# Fingerprint (SHA1): E3:92:51:2F:0A:CF:F5:05:DF:F6:DE:06:7F:75:37:E1:65:EA:57:4B
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Express (Class C) Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\233\061\013\060\011\006\003\125\004\006\023\002\110\125
@@ -8228,16 +9061,23 @@ CKA_VALUE MULTILINE_OCTAL
 \244\355\056\365\375\374\275\376\115\067\010\014\274\343\226\203
 \042\365\111\033\177\113\053\264\124\301\200\174\231\116\035\320
 \214\356\320\254\345\222\372\165\126\376\144\240\023\217\270\270
 \026\235\141\005\147\200\310\320\330\245\007\002\064\230\004\215
 \063\004\324
 END
 
 # Trust for Certificate "NetLock Express (Class C) Root"
+# Issuer: CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Serial Number: 104 (0x68)
+# Subject: CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Not Valid Before: Thu Feb 25 14:08:11 1999
+# Not Valid After : Wed Feb 20 14:08:11 2019
+# Fingerprint (MD5): 4F:EB:F1:F0:70:C2:80:63:5D:58:9F:DA:12:3C:A9:C4
+# Fingerprint (SHA1): E3:92:51:2F:0A:CF:F5:05:DF:F6:DE:06:7F:75:37:E1:65:EA:57:4B
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Express (Class C) Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \343\222\121\057\012\317\365\005\337\366\336\006\177\165\067\341
 \145\352\127\113
@@ -8263,16 +9103,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "XRamp Global CA Root"
 #
+# Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
+# Serial Number:50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad
+# Subject: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
+# Not Valid Before: Mon Nov 01 17:14:04 2004
+# Not Valid After : Mon Jan 01 05:37:19 2035
+# Fingerprint (MD5): A1:0B:44:B3:CA:10:D8:00:6E:9D:0F:D8:0F:92:0A:D1
+# Fingerprint (SHA1): B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "XRamp Global CA Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -8368,16 +9215,23 @@ CKA_VALUE MULTILINE_OCTAL
 \213\251\261\344\357\232\032\320\075\151\231\356\250\050\243\341
 \074\263\360\262\021\234\317\174\100\346\335\347\103\175\242\330
 \072\265\251\215\362\064\231\304\324\020\341\006\375\011\204\020
 \073\356\304\114\364\354\047\174\102\302\164\174\202\212\011\311
 \264\003\045\274
 END
 
 # Trust for Certificate "XRamp Global CA Root"
+# Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
+# Serial Number:50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad
+# Subject: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
+# Not Valid Before: Mon Nov 01 17:14:04 2004
+# Not Valid After : Mon Jan 01 05:37:19 2035
+# Fingerprint (MD5): A1:0B:44:B3:CA:10:D8:00:6E:9D:0F:D8:0F:92:0A:D1
+# Fingerprint (SHA1): B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "XRamp Global CA Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \270\001\206\321\353\234\206\245\101\004\317\060\124\363\114\122
 \267\345\130\306
@@ -8403,16 +9257,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Go Daddy Class 2 CA"
 #
+# Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
+# Serial Number: 0 (0x0)
+# Subject: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
+# Not Valid Before: Tue Jun 29 17:06:20 2004
+# Not Valid After : Thu Jun 29 17:06:20 2034
+# Fingerprint (MD5): 91:DE:06:25:AB:DA:FD:32:17:0C:BB:25:17:2A:84:67
+# Fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Go Daddy Class 2 CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -8500,16 +9361,23 @@ CKA_VALUE MULTILINE_OCTAL
 \164\112\377\127\032\207\017\165\110\056\317\121\151\027\240\002
 \022\141\225\325\321\100\262\020\114\356\304\254\020\103\246\245
 \236\012\325\225\142\232\015\317\210\202\305\062\014\344\053\237
 \105\346\015\237\050\234\261\271\052\132\127\255\067\017\257\035
 \177\333\275\237
 END
 
 # Trust for Certificate "Go Daddy Class 2 CA"
+# Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
+# Serial Number: 0 (0x0)
+# Subject: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
+# Not Valid Before: Tue Jun 29 17:06:20 2004
+# Not Valid After : Thu Jun 29 17:06:20 2034
+# Fingerprint (MD5): 91:DE:06:25:AB:DA:FD:32:17:0C:BB:25:17:2A:84:67
+# Fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Go Daddy Class 2 CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \047\226\272\346\077\030\001\342\167\046\033\240\327\167\160\002
 \217\040\356\344
@@ -8532,16 +9400,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Starfield Class 2 CA"
 #
+# Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
+# Serial Number: 0 (0x0)
+# Subject: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
+# Not Valid Before: Tue Jun 29 17:39:16 2004
+# Not Valid After : Thu Jun 29 17:39:16 2034
+# Fingerprint (MD5): 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24
+# Fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Starfield Class 2 CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\150\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -8630,16 +9505,23 @@ CKA_VALUE MULTILINE_OCTAL
 \152\145\006\250\345\041\252\101\264\225\041\225\271\175\321\064
 \253\023\326\255\274\334\342\075\071\315\275\076\165\160\241\030
 \131\003\311\042\264\217\234\325\136\052\327\245\266\324\012\155
 \370\267\100\021\106\232\037\171\016\142\277\017\227\354\340\057
 \037\027\224
 END
 
 # Trust for Certificate "Starfield Class 2 CA"
+# Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
+# Serial Number: 0 (0x0)
+# Subject: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
+# Not Valid Before: Tue Jun 29 17:39:16 2004
+# Not Valid After : Thu Jun 29 17:39:16 2034
+# Fingerprint (MD5): 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24
+# Fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Starfield Class 2 CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \255\176\034\050\260\144\357\217\140\003\100\040\024\303\320\343
 \067\016\265\212
@@ -8662,16 +9544,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "StartCom Certification Authority"
 #
+# Issuer: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Serial Number: 1 (0x1)
+# Subject: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Not Valid Before: Sun Sep 17 19:46:36 2006
+# Not Valid After : Wed Sep 17 19:46:36 2036
+# Fingerprint (MD5): 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16
+# Fingerprint (SHA1): 3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "StartCom Certification Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
@@ -8821,16 +9710,23 @@ CKA_VALUE MULTILINE_OCTAL
 \272\155\000\006\076\262\352\112\020\071\330\320\053\365\277\354
 \165\277\227\002\305\011\033\010\334\125\067\342\201\373\067\204
 \103\142\040\312\347\126\113\145\352\376\154\301\044\223\044\241
 \064\353\005\377\232\042\256\233\175\077\361\145\121\012\246\060
 \152\263\364\210\034\200\015\374\162\212\350\203\136
 END
 
 # Trust for Certificate "StartCom Certification Authority"
+# Issuer: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Serial Number: 1 (0x1)
+# Subject: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Not Valid Before: Sun Sep 17 19:46:36 2006
+# Not Valid After : Wed Sep 17 19:46:36 2036
+# Fingerprint (MD5): 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16
+# Fingerprint (SHA1): 3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "StartCom Certification Authority"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \076\053\367\362\003\033\226\363\214\346\304\330\250\135\076\055
 \130\107\152\017
@@ -8854,16 +9750,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Taiwan GRCA"
 #
+# Issuer: O=Government Root Certification Authority,C=TW
+# Serial Number:1f:9d:59:5a:d7:2f:c2:06:44:a5:80:08:69:e3:5e:f6
+# Subject: O=Government Root Certification Authority,C=TW
+# Not Valid Before: Thu Dec 05 13:23:33 2002
+# Not Valid After : Sun Dec 05 13:23:33 2032
+# Fingerprint (MD5): 37:85:44:53:32:45:1F:20:F0:F3:95:E1:25:C4:43:4E
+# Fingerprint (SHA1): F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Taiwan GRCA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061
@@ -8971,16 +9874,23 @@ CKA_VALUE MULTILINE_OCTAL
 \323\263\013\076\255\236\320\164\000\016\353\275\121\255\300\336
 \054\300\303\152\376\357\334\013\247\372\106\337\140\333\234\246
 \131\120\165\043\151\163\223\262\371\374\002\323\107\346\161\316
 \020\002\356\047\214\204\377\254\105\015\023\134\203\062\340\045
 \245\206\054\174\364\022
 END
 
 # Trust for Certificate "Taiwan GRCA"
+# Issuer: O=Government Root Certification Authority,C=TW
+# Serial Number:1f:9d:59:5a:d7:2f:c2:06:44:a5:80:08:69:e3:5e:f6
+# Subject: O=Government Root Certification Authority,C=TW
+# Not Valid Before: Thu Dec 05 13:23:33 2002
+# Not Valid After : Sun Dec 05 13:23:33 2032
+# Fingerprint (MD5): 37:85:44:53:32:45:1F:20:F0:F3:95:E1:25:C4:43:4E
+# Fingerprint (SHA1): F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Taiwan GRCA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \364\213\021\277\336\253\276\224\124\040\161\346\101\336\153\276
 \210\053\100\271
@@ -9002,16 +9912,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Firmaprofesional Root CA"
 #
+# Issuer: E=ca@firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES
+# Serial Number: 1 (0x1)
+# Subject: E=ca@firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES
+# Not Valid Before: Wed Oct 24 22:00:00 2001
+# Not Valid After : Thu Oct 24 22:00:00 2013
+# Fingerprint (MD5): 11:92:79:40:3C:B1:83:40:E5:AB:66:4A:67:92:80:DF
+# Fingerprint (SHA1): A9:62:8F:4B:98:A9:1B:48:35:BA:D2:C1:46:32:86:BB:66:64:6A:8C
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Firmaprofesional Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\235\061\013\060\011\006\003\125\004\006\023\002\105\123
@@ -9110,16 +10027,23 @@ CKA_VALUE MULTILINE_OCTAL
 \071\361\047\313\310\100\326\343\206\020\251\043\022\222\340\151
 \101\143\247\257\045\013\300\305\222\313\036\230\243\132\272\305
 \063\017\240\227\001\335\177\340\173\326\006\124\317\241\342\115
 \070\353\113\120\265\313\046\364\312\332\160\112\152\241\342\171
 \252\341\247\063\366\375\112\037\366\331\140
 END
 
 # Trust for Certificate "Firmaprofesional Root CA"
+# Issuer: E=ca@firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES
+# Serial Number: 1 (0x1)
+# Subject: E=ca@firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES
+# Not Valid Before: Wed Oct 24 22:00:00 2001
+# Not Valid After : Thu Oct 24 22:00:00 2013
+# Fingerprint (MD5): 11:92:79:40:3C:B1:83:40:E5:AB:66:4A:67:92:80:DF
+# Fingerprint (SHA1): A9:62:8F:4B:98:A9:1B:48:35:BA:D2:C1:46:32:86:BB:66:64:6A:8C
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Firmaprofesional Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \251\142\217\113\230\251\033\110\065\272\322\301\106\062\206\273
 \146\144\152\214
@@ -9145,16 +10069,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Swisscom Root CA 1"
 #
+# Issuer: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Serial Number:5c:0b:85:5c:0b:e7:59:41:df:57:cc:3f:7f:9d:a8:36
+# Subject: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Not Valid Before: Thu Aug 18 12:06:20 2005
+# Not Valid After : Mon Aug 18 22:06:20 2025
+# Fingerprint (MD5): F8:38:7C:77:88:DF:2C:16:68:2E:C2:E2:52:4B:B8:F9
+# Fingerprint (SHA1): 5F:3A:FC:0A:8B:64:F6:86:67:34:74:DF:7E:A9:A2:FE:F9:FA:7A:51
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Swisscom Root CA 1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
@@ -9272,16 +10203,23 @@ CKA_VALUE MULTILINE_OCTAL
 \262\307\374\217\330\124\265\223\142\235\316\317\131\373\075\030
 \316\052\313\065\025\202\135\377\124\042\133\161\122\373\267\311
 \376\140\233\000\101\144\360\252\052\354\266\102\103\316\211\146
 \201\310\213\237\071\124\003\045\323\026\065\216\204\320\137\372
 \060\032\365\232\154\364\016\123\371\072\133\321\034
 END
 
 # Trust for Certificate "Swisscom Root CA 1"
+# Issuer: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Serial Number:5c:0b:85:5c:0b:e7:59:41:df:57:cc:3f:7f:9d:a8:36
+# Subject: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Not Valid Before: Thu Aug 18 12:06:20 2005
+# Not Valid After : Mon Aug 18 22:06:20 2025
+# Fingerprint (MD5): F8:38:7C:77:88:DF:2C:16:68:2E:C2:E2:52:4B:B8:F9
+# Fingerprint (SHA1): 5F:3A:FC:0A:8B:64:F6:86:67:34:74:DF:7E:A9:A2:FE:F9:FA:7A:51
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Swisscom Root CA 1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \137\072\374\012\213\144\366\206\147\064\164\337\176\251\242\376
 \371\372\172\121
@@ -9305,16 +10243,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "DigiCert Assured ID Root CA"
 #
+# Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
+# Subject: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
+# Fingerprint (SHA1): 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DigiCert Assured ID Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -9398,16 +10343,23 @@ CKA_VALUE MULTILINE_OCTAL
 \140\203\327\047\004\276\113\316\227\276\303\147\052\150\021\337
 \200\347\014\063\146\277\023\015\024\156\363\177\037\143\020\036
 \372\215\033\045\155\154\217\245\267\141\001\261\322\243\046\241
 \020\161\235\255\342\303\371\303\231\121\267\053\007\010\316\056
 \346\120\262\247\372\012\105\057\242\360\362
 END
 
 # Trust for Certificate "DigiCert Assured ID Root CA"
+# Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
+# Subject: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
+# Fingerprint (SHA1): 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DigiCert Assured ID Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \005\143\270\143\015\142\327\132\273\310\253\036\113\337\265\250
 \231\262\115\103
@@ -9431,16 +10383,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "DigiCert Global Root CA"
 #
+# Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
+# Subject: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): 79:E4:A9:84:0D:7D:3A:96:D7:C0:4F:E2:43:4C:89:2E
+# Fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DigiCert Global Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -9524,16 +10483,23 @@ CKA_VALUE MULTILINE_OCTAL
 \024\351\330\211\301\271\070\154\342\221\154\212\377\144\271\167
 \045\127\060\300\033\044\243\341\334\351\337\107\174\265\264\044
 \010\005\060\354\055\275\013\277\105\277\120\271\251\363\353\230
 \001\022\255\310\210\306\230\064\137\215\012\074\306\351\325\225
 \225\155\336
 END
 
 # Trust for Certificate "DigiCert Global Root CA"
+# Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
+# Subject: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): 79:E4:A9:84:0D:7D:3A:96:D7:C0:4F:E2:43:4C:89:2E
+# Fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DigiCert Global Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \250\230\135\072\145\345\345\304\262\327\326\155\100\306\335\057
 \261\234\124\066
@@ -9557,16 +10523,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "DigiCert High Assurance EV Root CA"
 #
+# Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
+# Subject: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): D4:74:DE:57:5C:39:B2:D3:9C:85:83:C5:C0:65:49:8A
+# Fingerprint (SHA1): 5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DigiCert High Assurance EV Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\154\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -9651,16 +10624,23 @@ CKA_VALUE MULTILINE_OCTAL
 \002\133\017\104\324\040\061\333\364\272\160\046\135\220\140\236
 \274\113\027\011\057\264\313\036\103\150\311\007\047\301\322\134
 \367\352\041\271\150\022\234\074\234\277\236\374\200\134\233\143
 \315\354\107\252\045\047\147\240\067\363\000\202\175\124\327\251
 \370\351\056\023\243\167\350\037\112
 END
 
 # Trust for Certificate "DigiCert High Assurance EV Root CA"
+# Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
+# Subject: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): D4:74:DE:57:5C:39:B2:D3:9C:85:83:C5:C0:65:49:8A
+# Fingerprint (SHA1): 5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DigiCert High Assurance EV Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \137\267\356\006\063\342\131\333\255\014\114\232\346\323\217\032
 \141\307\334\045
@@ -9684,16 +10664,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Certplus Class 2 Primary CA"
 #
+# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR
+# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
+# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR
+# Not Valid Before: Wed Jul 07 17:05:00 1999
+# Not Valid After : Sat Jul 06 23:59:59 2019
+# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B
+# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Certplus Class 2 Primary CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
@@ -9769,16 +10756,23 @@ CKA_VALUE MULTILINE_OCTAL
 \272\005\003\160\007\244\226\377\375\110\063\012\341\334\245\201
 \220\233\115\335\175\347\347\262\315\134\310\152\225\370\245\366
 \215\304\135\170\010\276\173\006\326\111\317\031\066\120\043\056
 \010\346\236\005\115\107\030\325\026\351\261\326\266\020\325\273
 \227\277\242\216\264\124
 END
 
 # Trust for Certificate "Certplus Class 2 Primary CA"
+# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR
+# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
+# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR
+# Not Valid Before: Wed Jul 07 17:05:00 1999
+# Not Valid After : Sat Jul 06 23:59:59 2019
+# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B
+# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Certplus Class 2 Primary CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \164\040\164\101\162\234\335\222\354\171\061\330\043\020\215\302
 \201\222\342\273
@@ -9799,16 +10793,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "DST Root CA X3"
 #
+# Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
+# Serial Number:44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
+# Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.
+# Not Valid Before: Sat Sep 30 21:12:19 2000
+# Not Valid After : Thu Sep 30 14:01:15 2021
+# Fingerprint (MD5): 41:03:52:DC:0F:F7:50:1B:16:F0:02:8E:BA:6F:45:C5
+# Fingerprint (SHA1): DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DST Root CA X3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147
@@ -9881,16 +10882,23 @@ CKA_VALUE MULTILINE_OCTAL
 \044\061\205\242\250\002\132\060\107\341\335\120\007\274\002\011
 \220\000\353\144\143\140\233\026\274\210\311\022\346\322\175\221
 \213\371\075\062\215\145\264\351\174\261\127\166\352\305\266\050
 \071\277\025\145\034\310\366\167\226\152\012\215\167\013\330\221
 \013\004\216\007\333\051\266\012\356\235\202\065\065\020
 END
 
 # Trust for Certificate "DST Root CA X3"
+# Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
+# Serial Number:44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
+# Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.
+# Not Valid Before: Sat Sep 30 21:12:19 2000
+# Not Valid After : Thu Sep 30 14:01:15 2021
+# Fingerprint (MD5): 41:03:52:DC:0F:F7:50:1B:16:F0:02:8E:BA:6F:45:C5
+# Fingerprint (SHA1): DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DST Root CA X3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \332\311\002\117\124\330\366\337\224\223\137\261\163\046\070\312
 \152\327\174\023
@@ -9912,16 +10920,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "DST ACES CA X6"
 #
+# Issuer: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Serial Number:0d:5e:99:0a:d6:9d:b7:78:ec:d8:07:56:3b:86:15:d9
+# Subject: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Not Valid Before: Thu Nov 20 21:19:58 2003
+# Not Valid After : Mon Nov 20 21:19:58 2017
+# Fingerprint (MD5): 21:D8:4C:82:2B:99:09:33:A2:EB:14:24:8D:8E:5F:E8
+# Fingerprint (SHA1): 40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DST ACES CA X6"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\133\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -10008,16 +11023,23 @@ CKA_VALUE MULTILINE_OCTAL
 \256\307\013\367\053\260\067\005\354\274\127\043\342\070\322\233
 \150\363\126\022\210\117\102\174\270\061\304\265\333\344\310\041
 \064\351\110\021\065\356\372\307\222\127\305\237\064\344\307\366
 \367\016\013\114\234\150\170\173\161\061\307\353\036\340\147\101
 \363\267\240\247\315\345\172\063\066\152\372\232\053
 END
 
 # Trust for Certificate "DST ACES CA X6"
+# Issuer: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Serial Number:0d:5e:99:0a:d6:9d:b7:78:ec:d8:07:56:3b:86:15:d9
+# Subject: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Not Valid Before: Thu Nov 20 21:19:58 2003
+# Not Valid After : Mon Nov 20 21:19:58 2017
+# Fingerprint (MD5): 21:D8:4C:82:2B:99:09:33:A2:EB:14:24:8D:8E:5F:E8
+# Fingerprint (SHA1): 40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DST ACES CA X6"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \100\124\332\157\034\077\100\164\254\355\017\354\315\333\171\321
 \123\373\220\035
@@ -10040,16 +11062,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "TURKTRUST Certificate Services Provider Root 1"
 #
+# Issuer: O=(c) 2005 T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hiz...,L=ANKARA,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=(c) 2005 T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hiz...,L=ANKARA,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Fri May 13 10:27:17 2005
+# Not Valid After : Sun Mar 22 10:27:17 2015
+# Fingerprint (MD5): F1:6A:22:18:C9:CD:DF:CE:82:1D:1D:B7:78:5C:A9:A5
+# Fingerprint (SHA1): 79:98:A3:08:E1:4D:65:85:E6:C2:1E:15:3A:71:9F:BA:5A:D3:4A:D9
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TURKTRUST Certificate Services Provider Root 1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\267\061\077\060\075\006\003\125\004\003\014\066\124\303
@@ -10146,16 +11175,23 @@ CKA_VALUE MULTILINE_OCTAL
 \174\052\301\174\220\350\251\050\300\323\221\306\255\050\207\100
 \150\265\377\354\247\322\323\070\030\234\323\175\151\135\360\306
 \245\036\044\033\243\107\374\151\007\150\347\344\232\264\355\017
 \241\207\207\002\316\207\322\110\116\341\274\377\313\361\162\222
 \104\144\003\045\352\336\133\156\237\311\362\116\254\335\307
 END
 
 # Trust for Certificate "TURKTRUST Certificate Services Provider Root 1"
+# Issuer: O=(c) 2005 T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hiz...,L=ANKARA,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=(c) 2005 T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hiz...,L=ANKARA,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Fri May 13 10:27:17 2005
+# Not Valid After : Sun Mar 22 10:27:17 2015
+# Fingerprint (MD5): F1:6A:22:18:C9:CD:DF:CE:82:1D:1D:B7:78:5C:A9:A5
+# Fingerprint (SHA1): 79:98:A3:08:E1:4D:65:85:E6:C2:1E:15:3A:71:9F:BA:5A:D3:4A:D9
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TURKTRUST Certificate Services Provider Root 1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \171\230\243\010\341\115\145\205\346\302\036\025\072\161\237\272
 \132\323\112\331
@@ -10183,16 +11219,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "TURKTRUST Certificate Services Provider Root 2"
 #
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Mon Nov 07 10:07:57 2005
+# Not Valid After : Wed Sep 16 10:07:57 2015
+# Fingerprint (MD5): 37:A5:6E:D4:B1:25:84:97:B7:FD:56:15:7A:F9:A2:00
+# Fingerprint (SHA1): B4:35:D4:E1:11:9D:1C:66:90:A7:49:EB:B3:94:BD:63:7B:A7:82:B7
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TURKTRUST Certificate Services Provider Root 2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\276\061\077\060\075\006\003\125\004\003\014\066\124\303
@@ -10295,16 +11338,23 @@ CKA_VALUE MULTILINE_OCTAL
 \270\121\011\214\352\175\315\210\162\263\140\063\261\360\012\104
 \357\017\365\011\067\210\044\016\054\153\040\072\242\372\021\362
 \100\065\234\104\150\143\073\254\063\157\143\274\054\273\362\322
 \313\166\175\175\210\330\035\310\005\035\156\274\224\251\146\214
 \167\161\307\372\221\372\057\121\236\351\071\122\266\347\004\102
 END
 
 # Trust for Certificate "TURKTRUST Certificate Services Provider Root 2"
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Mon Nov 07 10:07:57 2005
+# Not Valid After : Wed Sep 16 10:07:57 2015
+# Fingerprint (MD5): 37:A5:6E:D4:B1:25:84:97:B7:FD:56:15:7A:F9:A2:00
+# Fingerprint (SHA1): B4:35:D4:E1:11:9D:1C:66:90:A7:49:EB:B3:94:BD:63:7B:A7:82:B7
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TURKTRUST Certificate Services Provider Root 2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \264\065\324\341\021\235\034\146\220\247\111\353\263\224\275\143
 \173\247\202\267
@@ -10333,16 +11383,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "SwissSign Platinum CA - G2"
 #
+# Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
+# Serial Number:4e:b2:00:67:0c:03:5d:4f
+# Subject: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:36:00 2006
+# Not Valid After : Sat Oct 25 08:36:00 2036
+# Fingerprint (MD5): C9:98:27:77:28:1E:3D:0E:15:3C:84:00:B8:85:03:E6
+# Fingerprint (SHA1): 56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SwissSign Platinum CA - G2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\111\061\013\060\011\006\003\125\004\006\023\002\103\110\061
@@ -10454,16 +11511,23 @@ CKA_VALUE MULTILINE_OCTAL
 \030\302\174\307\352\257\166\005\026\335\147\047\302\176\034\007
 \042\041\363\100\012\033\064\007\104\023\302\204\152\216\337\031
 \132\277\177\353\035\342\032\070\321\134\257\107\222\153\200\265
 \060\245\311\215\330\253\061\201\037\337\302\146\067\323\223\251
 \205\206\171\145\322
 END
 
 # Trust for Certificate "SwissSign Platinum CA - G2"
+# Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
+# Serial Number:4e:b2:00:67:0c:03:5d:4f
+# Subject: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:36:00 2006
+# Not Valid After : Sat Oct 25 08:36:00 2036
+# Fingerprint (MD5): C9:98:27:77:28:1E:3D:0E:15:3C:84:00:B8:85:03:E6
+# Fingerprint (SHA1): 56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SwissSign Platinum CA - G2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \126\340\372\300\073\217\030\043\125\030\345\323\021\312\350\302
 \103\061\253\146
@@ -10484,16 +11548,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "SwissSign Gold CA - G2"
 #
+# Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
+# Serial Number:00:bb:40:1c:43:f5:5e:4f:b0
+# Subject: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:30:35 2006
+# Not Valid After : Sat Oct 25 08:30:35 2036
+# Fingerprint (MD5): 24:77:D9:A8:91:D1:3B:FA:88:2D:C2:FF:F8:CD:33:93
+# Fingerprint (SHA1): D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SwissSign Gold CA - G2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\105\061\013\060\011\006\003\125\004\006\023\002\103\110\061
@@ -10604,16 +11675,23 @@ CKA_VALUE MULTILINE_OCTAL
 \144\301\001\236\351\312\240\152\230\016\317\330\140\362\057\111
 \270\344\102\341\070\065\026\364\310\156\117\367\201\126\350\272
 \243\276\043\257\256\375\157\003\340\002\073\060\166\372\033\155
 \101\317\001\261\351\270\311\146\364\333\046\363\072\244\164\362
 \111\044\133\311\260\320\127\301\372\076\172\341\227\311
 END
 
 # Trust for Certificate "SwissSign Gold CA - G2"
+# Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
+# Serial Number:00:bb:40:1c:43:f5:5e:4f:b0
+# Subject: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:30:35 2006
+# Not Valid After : Sat Oct 25 08:30:35 2036
+# Fingerprint (MD5): 24:77:D9:A8:91:D1:3B:FA:88:2D:C2:FF:F8:CD:33:93
+# Fingerprint (SHA1): D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SwissSign Gold CA - G2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \330\305\070\212\267\060\033\033\156\324\172\346\105\045\072\157
 \237\032\047\141
@@ -10634,16 +11712,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "SwissSign Silver CA - G2"
 #
+# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
+# Serial Number:4f:1b:d4:2f:54:bb:2f:4b
+# Subject: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:32:46 2006
+# Not Valid After : Sat Oct 25 08:32:46 2036
+# Fingerprint (MD5): E0:06:A1:C9:7D:CF:C9:FC:0D:C0:56:75:96:D8:62:13
+# Fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SwissSign Silver CA - G2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061
@@ -10755,16 +11840,23 @@ CKA_VALUE MULTILINE_OCTAL
 \000\275\252\363\116\006\243\172\152\371\142\162\343\011\117\353
 \233\016\001\043\361\237\273\174\334\334\154\021\227\045\262\362
 \264\143\024\322\006\052\147\214\203\365\316\352\007\330\232\152
 \036\354\344\012\273\052\114\353\011\140\071\316\312\142\330\056
 \156
 END
 
 # Trust for Certificate "SwissSign Silver CA - G2"
+# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
+# Serial Number:4f:1b:d4:2f:54:bb:2f:4b
+# Subject: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:32:46 2006
+# Not Valid After : Sat Oct 25 08:32:46 2036
+# Fingerprint (MD5): E0:06:A1:C9:7D:CF:C9:FC:0D:C0:56:75:96:D8:62:13
+# Fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SwissSign Silver CA - G2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \233\252\345\237\126\356\041\313\103\132\276\045\223\337\247\360
 \100\321\035\313
@@ -10785,16 +11877,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GeoTrust Primary Certification Authority"
 #
+# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
+# Serial Number:18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1
+# Subject: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
+# Not Valid Before: Mon Nov 27 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): 02:26:C3:01:5E:08:30:37:43:A9:D0:7D:CF:37:E6:BF
+# Fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Primary Certification Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -10872,16 +11971,23 @@ CKA_VALUE MULTILINE_OCTAL
 \122\063\355\247\311\322\071\002\160\372\340\261\102\146\051\252
 \233\121\355\060\124\042\024\137\331\253\035\301\344\224\360\370
 \365\053\367\352\312\170\106\326\270\221\375\246\015\053\032\024
 \001\076\200\360\102\240\225\007\136\155\315\314\113\244\105\215
 \253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131
 END
 
 # Trust for Certificate "GeoTrust Primary Certification Authority"
+# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
+# Serial Number:18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1
+# Subject: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
+# Not Valid Before: Mon Nov 27 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): 02:26:C3:01:5E:08:30:37:43:A9:D0:7D:CF:37:E6:BF
+# Fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Primary Certification Authority"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \062\074\021\216\033\367\270\266\122\124\342\342\020\015\326\002
 \220\067\360\226
@@ -10904,16 +12010,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "thawte Primary Root CA"
 #
+# Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Serial Number:34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
+# Subject: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Not Valid Before: Fri Nov 17 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): 8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12
+# Fingerprint (SHA1): 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "thawte Primary Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\251\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -11012,16 +12125,23 @@ CKA_VALUE MULTILINE_OCTAL
 \273\101\310\301\002\371\104\143\040\236\201\316\102\323\326\077
 \054\166\323\143\234\131\335\217\246\341\016\240\056\101\367\056
 \225\107\317\274\375\063\363\366\013\141\176\176\221\053\201\107
 \302\047\060\356\247\020\135\067\217\134\071\053\344\004\360\173
 \215\126\214\150
 END
 
 # Trust for Certificate "thawte Primary Root CA"
+# Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Serial Number:34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
+# Subject: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Not Valid Before: Fri Nov 17 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): 8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12
+# Fingerprint (SHA1): 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "thawte Primary Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \221\306\326\356\076\212\310\143\204\345\110\302\231\051\134\165
 \154\201\173\201
@@ -11049,16 +12169,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
 #
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Wed Nov 08 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): CB:17:E4:31:67:3E:E2:09:FE:45:57:93:F3:0A:FA:1C
+# Fingerprint (SHA1): 4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G5"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -11172,16 +12299,23 @@ CKA_VALUE MULTILINE_OCTAL
 \136\050\266\236\205\323\133\357\245\175\105\100\162\216\267\016
 \153\016\006\373\063\065\110\161\270\235\047\213\304\145\137\015
 \206\166\234\104\172\366\225\134\366\135\062\010\063\244\124\266
 \030\077\150\134\362\102\112\205\070\124\203\137\321\350\054\362
 \254\021\326\250\355\143\152
 END
 
 # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Wed Nov 08 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): CB:17:E4:31:67:3E:E2:09:FE:45:57:93:F3:0A:FA:1C
+# Fingerprint (SHA1): 4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G5"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \116\266\325\170\111\233\034\317\137\130\036\255\126\276\075\233
 \147\104\245\345
@@ -11211,16 +12345,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "SecureTrust CA"
 #
+# Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
+# Serial Number:0c:f0:8e:5c:08:16:a5:ad:42:7f:f0:eb:27:18:59:d0
+# Subject: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
+# Not Valid Before: Tue Nov 07 19:31:18 2006
+# Not Valid After : Mon Dec 31 19:40:55 2029
+# Fingerprint (MD5): DC:32:C3:A7:6D:25:57:C7:68:09:9D:EA:2D:A9:A2:D1
+# Fingerprint (SHA1): 87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SecureTrust CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\110\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -11300,16 +12441,23 @@ CKA_VALUE MULTILINE_OCTAL
 \055\236\104\060\060\154\356\007\336\322\064\374\322\377\100\366
 \113\364\146\106\006\124\246\362\062\012\143\046\060\153\233\321
 \334\213\107\272\341\271\325\142\320\242\240\364\147\005\170\051
 \143\032\157\004\326\370\306\114\243\232\261\067\264\215\345\050
 \113\035\236\054\302\270\150\274\355\002\356\061
 END
 
 # Trust for Certificate "SecureTrust CA"
+# Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
+# Serial Number:0c:f0:8e:5c:08:16:a5:ad:42:7f:f0:eb:27:18:59:d0
+# Subject: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
+# Not Valid Before: Tue Nov 07 19:31:18 2006
+# Not Valid After : Mon Dec 31 19:40:55 2029
+# Fingerprint (MD5): DC:32:C3:A7:6D:25:57:C7:68:09:9D:EA:2D:A9:A2:D1
+# Fingerprint (SHA1): 87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SecureTrust CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \207\202\306\303\004\065\073\317\322\226\222\322\131\076\175\104
 \331\064\377\021
@@ -11331,16 +12479,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Secure Global CA"
 #
+# Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US
+# Serial Number:07:56:22:a4:e8:d4:8a:89:4d:f4:13:c8:f0:f8:ea:a5
+# Subject: CN=Secure Global CA,O=SecureTrust Corporation,C=US
+# Not Valid Before: Tue Nov 07 19:42:28 2006
+# Not Valid After : Mon Dec 31 19:52:06 2029
+# Fingerprint (MD5): CF:F4:27:0D:D4:ED:DC:65:16:49:6D:3D:DA:BF:6E:DE
+# Fingerprint (SHA1): 3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Secure Global CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\112\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -11420,16 +12575,23 @@ CKA_VALUE MULTILINE_OCTAL
 \274\152\125\121\147\025\112\276\065\007\344\325\165\230\067\171
 \060\024\333\051\235\154\305\151\314\107\125\242\060\367\314\134
 \177\302\303\230\034\153\116\026\200\353\172\170\145\105\242\000
 \032\257\014\015\125\144\064\110\270\222\271\361\264\120\051\362
 \117\043\037\332\154\254\037\104\341\335\043\170\121\133\307\026
 END
 
 # Trust for Certificate "Secure Global CA"
+# Issuer: CN=Secure Global CA,O=SecureTrust Corporation,C=US
+# Serial Number:07:56:22:a4:e8:d4:8a:89:4d:f4:13:c8:f0:f8:ea:a5
+# Subject: CN=Secure Global CA,O=SecureTrust Corporation,C=US
+# Not Valid Before: Tue Nov 07 19:42:28 2006
+# Not Valid After : Mon Dec 31 19:52:06 2029
+# Fingerprint (MD5): CF:F4:27:0D:D4:ED:DC:65:16:49:6D:3D:DA:BF:6E:DE
+# Fingerprint (SHA1): 3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Secure Global CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \072\104\163\132\345\201\220\037\044\206\141\106\036\073\234\304
 \137\365\072\033
@@ -11451,16 +12613,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "COMODO Certification Authority"
 #
+# Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number:4e:81:2d:8a:82:65:e0:0b:02:ee:3e:35:02:46:e5:3d
+# Subject: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Fri Dec 01 00:00:00 2006
+# Not Valid After : Mon Dec 31 23:59:59 2029
+# Fingerprint (MD5): 5C:48:DC:F7:42:72:EC:56:94:6D:1C:CC:71:35:80:75
+# Fingerprint (SHA1): 66:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "COMODO Certification Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\201\061\013\060\011\006\003\125\004\006\023\002\107\102
@@ -11555,16 +12724,23 @@ CKA_VALUE MULTILINE_OCTAL
 \031\126\246\132\373\220\034\257\223\353\345\034\324\147\227\135
 \004\016\276\013\203\246\027\203\271\060\022\240\305\063\025\005
 \271\015\373\307\005\166\343\330\112\215\374\064\027\243\306\041
 \050\276\060\105\061\036\307\170\276\130\141\070\254\073\342\001
 \145
 END
 
 # Trust for Certificate "COMODO Certification Authority"
+# Issuer: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number:4e:81:2d:8a:82:65:e0:0b:02:ee:3e:35:02:46:e5:3d
+# Subject: CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Fri Dec 01 00:00:00 2006
+# Not Valid After : Mon Dec 31 23:59:59 2029
+# Fingerprint (MD5): 5C:48:DC:F7:42:72:EC:56:94:6D:1C:CC:71:35:80:75
+# Fingerprint (SHA1): 66:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "COMODO Certification Authority"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \146\061\277\236\367\117\236\266\311\325\246\014\272\152\276\321
 \367\275\357\173
@@ -11590,16 +12766,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Network Solutions Certificate Authority"
 #
+# Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
+# Serial Number:57:cb:33:6f:c2:5c:16:e6:47:16:17:e3:90:31:68:e0
+# Subject: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
+# Not Valid Before: Fri Dec 01 00:00:00 2006
+# Not Valid After : Mon Dec 31 23:59:59 2029
+# Fingerprint (MD5): D3:F3:A6:16:C0:FA:6B:1D:59:B1:2D:96:4D:0E:11:2E
+# Fingerprint (SHA1): 74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Network Solutions Certificate Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\142\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -11686,16 +12869,23 @@ CKA_VALUE MULTILINE_OCTAL
 \064\105\323\046\341\336\354\133\117\047\153\026\174\275\104\004
 \030\202\263\211\171\027\020\161\075\172\242\026\116\365\001\315
 \244\154\145\150\241\111\166\134\103\311\330\274\066\147\154\245
 \224\265\324\314\271\275\152\065\126\041\336\330\303\353\373\313
 \244\140\114\260\125\240\240\173\127\262
 END
 
 # Trust for Certificate "Network Solutions Certificate Authority"
+# Issuer: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
+# Serial Number:57:cb:33:6f:c2:5c:16:e6:47:16:17:e3:90:31:68:e0
+# Subject: CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
+# Not Valid Before: Fri Dec 01 00:00:00 2006
+# Not Valid After : Mon Dec 31 23:59:59 2029
+# Fingerprint (MD5): D3:F3:A6:16:C0:FA:6B:1D:59:B1:2D:96:4D:0E:11:2E
+# Fingerprint (SHA1): 74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Network Solutions Certificate Authority"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \164\370\243\303\357\347\263\220\006\113\203\220\074\041\144\140
 \040\345\337\316
@@ -11719,16 +12909,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "WellsSecure Public Root Certificate Authority"
 #
+# Issuer: CN=WellsSecure Public Root Certificate Authority,OU=Wells Fargo Bank NA,O=Wells Fargo WellsSecure,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=WellsSecure Public Root Certificate Authority,OU=Wells Fargo Bank NA,O=Wells Fargo WellsSecure,C=US
+# Not Valid Before: Thu Dec 13 17:07:54 2007
+# Not Valid After : Wed Dec 14 00:07:54 2022
+# Fingerprint (MD5): 15:AC:A5:C2:92:2D:79:BC:E8:7F:CB:67:ED:02:CF:36
+# Fingerprint (SHA1): E7:B4:F6:9D:61:EC:90:69:DB:7E:90:A7:40:1A:3C:F4:7D:4F:E8:EE
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "WellsSecure Public Root Certificate Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\205\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -11832,16 +13029,23 @@ CKA_VALUE MULTILINE_OCTAL
 \211\157\135\250\241\353\215\012\332\303\035\063\154\243\352\147
 \031\232\231\177\113\075\203\121\052\035\312\057\206\014\242\176
 \020\055\053\324\026\225\013\007\252\056\024\222\111\267\051\157
 \330\155\061\175\365\374\241\020\007\207\316\057\131\334\076\130
 \333
 END
 
 # Trust for Certificate "WellsSecure Public Root Certificate Authority"
+# Issuer: CN=WellsSecure Public Root Certificate Authority,OU=Wells Fargo Bank NA,O=Wells Fargo WellsSecure,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=WellsSecure Public Root Certificate Authority,OU=Wells Fargo Bank NA,O=Wells Fargo WellsSecure,C=US
+# Not Valid Before: Thu Dec 13 17:07:54 2007
+# Not Valid After : Wed Dec 14 00:07:54 2022
+# Fingerprint (MD5): 15:AC:A5:C2:92:2D:79:BC:E8:7F:CB:67:ED:02:CF:36
+# Fingerprint (SHA1): E7:B4:F6:9D:61:EC:90:69:DB:7E:90:A7:40:1A:3C:F4:7D:4F:E8:EE
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "WellsSecure Public Root Certificate Authority"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \347\264\366\235\141\354\220\151\333\176\220\247\100\032\074\364
 \175\117\350\356
@@ -11866,16 +13070,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "COMODO ECC Certification Authority"
 #
+# Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number:1f:47:af:aa:62:00:70:50:54:4c:01:9e:9b:63:99:2a
+# Subject: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Mar 06 00:00:00 2008
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (MD5): 7C:62:FF:74:9D:31:53:5E:68:4A:D5:78:AA:1E:BF:23
+# Fingerprint (SHA1): 9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "COMODO ECC Certification Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\205\061\013\060\011\006\003\125\004\006\023\002\107\102
@@ -11944,16 +13155,23 @@ CKA_VALUE MULTILINE_OCTAL
 \175\010\306\032\207\275\030\250\163\275\046\312\140\014\235\316
 \231\237\317\134\017\060\341\276\024\061\352\002\060\024\364\223
 \074\111\247\063\172\220\106\107\263\143\175\023\233\116\267\157
 \030\067\200\123\376\335\040\340\065\232\066\321\307\001\271\346
 \334\335\363\377\035\054\072\026\127\331\222\071\326
 END
 
 # Trust for Certificate "COMODO ECC Certification Authority"
+# Issuer: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number:1f:47:af:aa:62:00:70:50:54:4c:01:9e:9b:63:99:2a
+# Subject: CN=COMODO ECC Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Mar 06 00:00:00 2008
+# Not Valid After : Mon Jan 18 23:59:59 2038
+# Fingerprint (MD5): 7C:62:FF:74:9D:31:53:5E:68:4A:D5:78:AA:1E:BF:23
+# Fingerprint (SHA1): 9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "COMODO ECC Certification Authority"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \237\164\116\237\053\115\272\354\017\061\054\120\266\126\073\216
 \055\223\303\021
@@ -11979,16 +13197,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "MD5 Collisions Forged Rogue CA 25c3"
 #
+# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 66 (0x42)
+# Subject: CN=MD5 Collisions Inc. (http://www.phreedom.org/md5)
+# Not Valid Before: Sat Jul 31 00:00:01 2004
+# Not Valid After : Thu Sep 02 00:00:01 2004
+# Fingerprint (MD5): 16:7A:13:15:B9:17:39:A3:F1:05:6A:E6:3E:D9:3A:38
+# Fingerprint (SHA1): 64:23:13:7E:5C:53:D6:4A:A6:64:85:ED:36:54:F5:AB:05:5A:8B:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\074\061\072\060\070\006\003\125\004\003\023\061\115\104\065
@@ -12075,16 +13300,23 @@ CKA_VALUE MULTILINE_OCTAL
 \254\146\127\336\034\306\166\073\365\000\016\216\105\316\177\114
 \220\354\053\306\315\263\264\217\142\320\376\267\305\046\162\104
 \355\366\230\133\256\313\321\225\365\332\010\276\150\106\261\165
 \310\354\035\217\036\172\224\361\252\123\170\242\105\256\124\352
 \321\236\164\310\166\147
 END
 
 # Trust for Certificate "MD5 Collisions Forged Rogue CA 25c3"
+# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 66 (0x42)
+# Subject: CN=MD5 Collisions Inc. (http://www.phreedom.org/md5)
+# Not Valid Before: Sat Jul 31 00:00:01 2004
+# Not Valid After : Thu Sep 02 00:00:01 2004
+# Fingerprint (MD5): 16:7A:13:15:B9:17:39:A3:F1:05:6A:E6:3E:D9:3A:38
+# Fingerprint (SHA1): 64:23:13:7E:5C:53:D6:4A:A6:64:85:ED:36:54:F5:AB:05:5A:8B:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "MD5 Collisions Forged Rogue CA 25c3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \144\043\023\176\134\123\326\112\246\144\205\355\066\124\365\253
 \005\132\213\212
@@ -12106,16 +13338,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_NOT_TRUSTED
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "IGC/A"
 #
+# Issuer: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
+# Serial Number:39:11:45:10:94
+# Subject: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
+# Not Valid Before: Fri Dec 13 14:29:23 2002
+# Not Valid After : Sat Oct 17 14:29:22 2020
+# Fingerprint (MD5): 0C:7F:DD:6A:F4:2A:B9:C8:9B:BD:20:7E:A9:DB:5C:37
+# Fingerprint (SHA1): 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "IGC/A"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\205\061\013\060\011\006\003\125\004\006\023\002\106\122
@@ -12207,16 +13446,23 @@ CKA_VALUE MULTILINE_OCTAL
 \066\064\232\114\124\176\027\003\110\225\010\021\034\007\157\205
 \010\176\135\115\304\235\333\373\256\316\262\321\263\270\203\154
 \035\262\263\171\361\330\160\231\176\360\023\002\316\136\335\121
 \323\337\066\201\241\033\170\057\161\263\361\131\114\106\030\050
 \253\205\322\140\126\132
 END
 
 # Trust for Certificate "IGC/A"
+# Issuer: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
+# Serial Number:39:11:45:10:94
+# Subject: E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
+# Not Valid Before: Fri Dec 13 14:29:23 2002
+# Not Valid After : Sat Oct 17 14:29:22 2020
+# Fingerprint (MD5): 0C:7F:DD:6A:F4:2A:B9:C8:9B:BD:20:7E:A9:DB:5C:37
+# Fingerprint (SHA1): 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "IGC/A"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \140\326\211\164\265\302\145\236\212\017\301\210\174\210\322\106
 \151\033\030\054
@@ -12241,16 +13487,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Security Communication EV RootCA1"
 #
+# Issuer: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Not Valid Before: Wed Jun 06 02:12:32 2007
+# Not Valid After : Sat Jun 06 02:12:32 2037
+# Fingerprint (MD5): 22:2D:A6:01:EA:7C:0A:F7:F0:6C:56:43:3F:77:76:D3
+# Fingerprint (SHA1): FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Security Communication EV RootCA1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\140\061\013\060\011\006\003\125\004\006\023\002\112\120\061
@@ -12330,16 +13583,23 @@ CKA_VALUE MULTILINE_OCTAL
 \067\305\124\253\126\073\030\055\101\244\014\370\102\333\231\240
 \340\162\157\273\135\341\026\117\123\012\144\371\116\364\277\116
 \124\275\170\154\210\352\277\234\023\044\302\160\151\242\177\017
 \310\074\255\010\311\260\230\100\243\052\347\210\203\355\167\217
 \164
 END
 
 # Trust for Certificate "Security Communication EV RootCA1"
+# Issuer: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication EV RootCA1,O="SECOM Trust Systems CO.,LTD.",C=JP
+# Not Valid Before: Wed Jun 06 02:12:32 2007
+# Not Valid After : Sat Jun 06 02:12:32 2037
+# Fingerprint (MD5): 22:2D:A6:01:EA:7C:0A:F7:F0:6C:56:43:3F:77:76:D3
+# Fingerprint (SHA1): FE:B8:C4:32:DC:F9:76:9A:CE:AE:3D:D8:90:8F:FD:28:86:65:64:7D
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Security Communication EV RootCA1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \376\270\304\062\334\371\166\232\316\256\075\330\220\217\375\050
 \206\145\144\175
@@ -12362,16 +13622,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "OISTE WISeKey Global Root GA CA"
 #
+# Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH
+# Serial Number:41:3d:72:c7:f4:6b:1f:81:43:7d:f1:d2:28:54:df:9a
+# Subject: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH
+# Not Valid Before: Sun Dec 11 16:03:44 2005
+# Not Valid After : Fri Dec 11 16:09:51 2037
+# Fingerprint (MD5): BC:6C:51:33:A7:E9:D3:66:63:54:15:72:1B:21:92:93
+# Fingerprint (SHA1): 59:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "OISTE WISeKey Global Root GA CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\212\061\013\060\011\006\003\125\004\006\023\002\103\110
@@ -12463,16 +13730,23 @@ CKA_VALUE MULTILINE_OCTAL
 \267\200\054\266\341\343\020\342\333\242\347\050\217\001\226\142
 \026\076\000\343\034\245\066\201\030\242\114\122\166\300\021\243
 \156\346\035\272\343\132\276\066\123\305\076\165\217\206\151\051
 \130\123\265\234\273\157\237\134\305\030\354\335\057\341\230\311
 \374\276\337\012\015
 END
 
 # Trust for Certificate "OISTE WISeKey Global Root GA CA"
+# Issuer: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH
+# Serial Number:41:3d:72:c7:f4:6b:1f:81:43:7d:f1:d2:28:54:df:9a
+# Subject: CN=OISTE WISeKey Global Root GA CA,OU=OISTE Foundation Endorsed,OU=Copyright (c) 2005,O=WISeKey,C=CH
+# Not Valid Before: Sun Dec 11 16:03:44 2005
+# Not Valid After : Fri Dec 11 16:09:51 2037
+# Fingerprint (MD5): BC:6C:51:33:A7:E9:D3:66:63:54:15:72:1B:21:92:93
+# Fingerprint (SHA1): 59:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "OISTE WISeKey Global Root GA CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \131\042\241\341\132\352\026\065\041\370\230\071\152\106\106\260
 \104\033\017\251
@@ -12498,16 +13772,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "S-TRUST Authentication and Encryption Root CA 2005 PN"
 #
+# Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
+# Serial Number:37:19:18:e6:53:54:7c:1a:b5:b8:cb:59:5a:db:35:b7
+# Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
+# Not Valid Before: Wed Jun 22 00:00:00 2005
+# Not Valid After : Fri Jun 21 23:59:59 2030
+# Fingerprint (MD5): 04:4B:FD:C9:6C:DA:2A:32:85:7C:59:84:61:46:8A:64
+# Fingerprint (SHA1): BE:B5:A9:95:74:6B:9E:DF:73:8B:56:E6:DF:43:7A:77:BE:10:6B:81
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "S-TRUST Authentication and Encryption Root CA 2005 PN"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\256\061\013\060\011\006\003\125\004\006\023\002\104\105
@@ -12613,16 +13894,23 @@ CKA_VALUE MULTILINE_OCTAL
 \252\217\332\364\116\044\000\071\125\350\255\027\271\323\064\053
 \112\251\100\314\027\052\125\145\101\164\102\176\365\300\257\310
 \223\255\362\030\133\075\211\014\333\107\071\044\370\340\114\362
 \037\260\075\012\312\005\116\211\041\032\343\052\231\254\374\177
 \241\361\017\033\037\075\236\004\203\335\226\331\035\072\224
 END
 
 # Trust for Certificate "S-TRUST Authentication and Encryption Root CA 2005 PN"
+# Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
+# Serial Number:37:19:18:e6:53:54:7c:1a:b5:b8:cb:59:5a:db:35:b7
+# Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN,O=Deutscher Sparkassen Verlag GmbH,L=Stuttgart,ST=Baden-Wuerttemberg (BW),C=DE
+# Not Valid Before: Wed Jun 22 00:00:00 2005