Bug 898431 - Update NSS to NSS 3.15.4 beta 4 (NSS_3_15_4_BETA4), r=me, a=bbajaj
authorBrian Smith <brian@briansmith.org>
Mon, 25 Nov 2013 15:40:58 -0800
changeset 167562 3cbce21d4d69ac2c658a5e1a5fe0cbec3424b5f9
parent 167561 6034648945f3ad6b9f71b1d19188af8e9ca78bc0
child 167563 b1abfdcbb1e7a0ad2030a4d28cec72f418ff056f
push id428
push userbbajaj@mozilla.com
push dateTue, 28 Jan 2014 00:16:25 +0000
treeherdermozilla-release@cd72a7ff3a75 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersme, bbajaj
bugs898431
milestone27.0a2
Bug 898431 - Update NSS to NSS 3.15.4 beta 4 (NSS_3_15_4_BETA4), r=me, a=bbajaj
security/nss/TAG-INFO
security/nss/automation/buildbot-slave/bbenv-example.sh
security/nss/automation/buildbot-slave/build.sh
security/nss/automation/buildbot-slave/reboot.bat
security/nss/automation/buildbot-slave/startbuild.bat
security/nss/cmd/bltest/blapitest.c
security/nss/cmd/bltest/tests/README
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext0
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext1
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext10
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext11
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext12
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext13
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext14
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext15
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext16
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext17
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext2
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext3
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext4
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext5
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext6
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext7
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext8
security/nss/cmd/bltest/tests/rsa_oaep/ciphertext9
security/nss/cmd/bltest/tests/rsa_oaep/hash0
security/nss/cmd/bltest/tests/rsa_oaep/hash1
security/nss/cmd/bltest/tests/rsa_oaep/hash10
security/nss/cmd/bltest/tests/rsa_oaep/hash11
security/nss/cmd/bltest/tests/rsa_oaep/hash12
security/nss/cmd/bltest/tests/rsa_oaep/hash13
security/nss/cmd/bltest/tests/rsa_oaep/hash14
security/nss/cmd/bltest/tests/rsa_oaep/hash15
security/nss/cmd/bltest/tests/rsa_oaep/hash16
security/nss/cmd/bltest/tests/rsa_oaep/hash17
security/nss/cmd/bltest/tests/rsa_oaep/hash2
security/nss/cmd/bltest/tests/rsa_oaep/hash3
security/nss/cmd/bltest/tests/rsa_oaep/hash4
security/nss/cmd/bltest/tests/rsa_oaep/hash5
security/nss/cmd/bltest/tests/rsa_oaep/hash6
security/nss/cmd/bltest/tests/rsa_oaep/hash7
security/nss/cmd/bltest/tests/rsa_oaep/hash8
security/nss/cmd/bltest/tests/rsa_oaep/hash9
security/nss/cmd/bltest/tests/rsa_oaep/key0
security/nss/cmd/bltest/tests/rsa_oaep/key1
security/nss/cmd/bltest/tests/rsa_oaep/key10
security/nss/cmd/bltest/tests/rsa_oaep/key11
security/nss/cmd/bltest/tests/rsa_oaep/key12
security/nss/cmd/bltest/tests/rsa_oaep/key13
security/nss/cmd/bltest/tests/rsa_oaep/key14
security/nss/cmd/bltest/tests/rsa_oaep/key15
security/nss/cmd/bltest/tests/rsa_oaep/key16
security/nss/cmd/bltest/tests/rsa_oaep/key17
security/nss/cmd/bltest/tests/rsa_oaep/key2
security/nss/cmd/bltest/tests/rsa_oaep/key3
security/nss/cmd/bltest/tests/rsa_oaep/key4
security/nss/cmd/bltest/tests/rsa_oaep/key5
security/nss/cmd/bltest/tests/rsa_oaep/key6
security/nss/cmd/bltest/tests/rsa_oaep/key7
security/nss/cmd/bltest/tests/rsa_oaep/key8
security/nss/cmd/bltest/tests/rsa_oaep/key9
security/nss/cmd/bltest/tests/rsa_oaep/maskhash0
security/nss/cmd/bltest/tests/rsa_oaep/maskhash1
security/nss/cmd/bltest/tests/rsa_oaep/maskhash10
security/nss/cmd/bltest/tests/rsa_oaep/maskhash11
security/nss/cmd/bltest/tests/rsa_oaep/maskhash12
security/nss/cmd/bltest/tests/rsa_oaep/maskhash13
security/nss/cmd/bltest/tests/rsa_oaep/maskhash14
security/nss/cmd/bltest/tests/rsa_oaep/maskhash15
security/nss/cmd/bltest/tests/rsa_oaep/maskhash16
security/nss/cmd/bltest/tests/rsa_oaep/maskhash17
security/nss/cmd/bltest/tests/rsa_oaep/maskhash2
security/nss/cmd/bltest/tests/rsa_oaep/maskhash3
security/nss/cmd/bltest/tests/rsa_oaep/maskhash4
security/nss/cmd/bltest/tests/rsa_oaep/maskhash5
security/nss/cmd/bltest/tests/rsa_oaep/maskhash6
security/nss/cmd/bltest/tests/rsa_oaep/maskhash7
security/nss/cmd/bltest/tests/rsa_oaep/maskhash8
security/nss/cmd/bltest/tests/rsa_oaep/maskhash9
security/nss/cmd/bltest/tests/rsa_oaep/numtests
security/nss/cmd/bltest/tests/rsa_oaep/plaintext0
security/nss/cmd/bltest/tests/rsa_oaep/plaintext1
security/nss/cmd/bltest/tests/rsa_oaep/plaintext10
security/nss/cmd/bltest/tests/rsa_oaep/plaintext11
security/nss/cmd/bltest/tests/rsa_oaep/plaintext12
security/nss/cmd/bltest/tests/rsa_oaep/plaintext13
security/nss/cmd/bltest/tests/rsa_oaep/plaintext14
security/nss/cmd/bltest/tests/rsa_oaep/plaintext15
security/nss/cmd/bltest/tests/rsa_oaep/plaintext16
security/nss/cmd/bltest/tests/rsa_oaep/plaintext17
security/nss/cmd/bltest/tests/rsa_oaep/plaintext2
security/nss/cmd/bltest/tests/rsa_oaep/plaintext3
security/nss/cmd/bltest/tests/rsa_oaep/plaintext4
security/nss/cmd/bltest/tests/rsa_oaep/plaintext5
security/nss/cmd/bltest/tests/rsa_oaep/plaintext6
security/nss/cmd/bltest/tests/rsa_oaep/plaintext7
security/nss/cmd/bltest/tests/rsa_oaep/plaintext8
security/nss/cmd/bltest/tests/rsa_oaep/plaintext9
security/nss/cmd/bltest/tests/rsa_oaep/seed0
security/nss/cmd/bltest/tests/rsa_oaep/seed1
security/nss/cmd/bltest/tests/rsa_oaep/seed10
security/nss/cmd/bltest/tests/rsa_oaep/seed11
security/nss/cmd/bltest/tests/rsa_oaep/seed12
security/nss/cmd/bltest/tests/rsa_oaep/seed13
security/nss/cmd/bltest/tests/rsa_oaep/seed14
security/nss/cmd/bltest/tests/rsa_oaep/seed15
security/nss/cmd/bltest/tests/rsa_oaep/seed16
security/nss/cmd/bltest/tests/rsa_oaep/seed17
security/nss/cmd/bltest/tests/rsa_oaep/seed2
security/nss/cmd/bltest/tests/rsa_oaep/seed3
security/nss/cmd/bltest/tests/rsa_oaep/seed4
security/nss/cmd/bltest/tests/rsa_oaep/seed5
security/nss/cmd/bltest/tests/rsa_oaep/seed6
security/nss/cmd/bltest/tests/rsa_oaep/seed7
security/nss/cmd/bltest/tests/rsa_oaep/seed8
security/nss/cmd/bltest/tests/rsa_oaep/seed9
security/nss/cmd/bltest/tests/rsa_pss/ciphertext0
security/nss/cmd/bltest/tests/rsa_pss/ciphertext1
security/nss/cmd/bltest/tests/rsa_pss/ciphertext10
security/nss/cmd/bltest/tests/rsa_pss/ciphertext11
security/nss/cmd/bltest/tests/rsa_pss/ciphertext12
security/nss/cmd/bltest/tests/rsa_pss/ciphertext13
security/nss/cmd/bltest/tests/rsa_pss/ciphertext14
security/nss/cmd/bltest/tests/rsa_pss/ciphertext15
security/nss/cmd/bltest/tests/rsa_pss/ciphertext16
security/nss/cmd/bltest/tests/rsa_pss/ciphertext17
security/nss/cmd/bltest/tests/rsa_pss/ciphertext2
security/nss/cmd/bltest/tests/rsa_pss/ciphertext3
security/nss/cmd/bltest/tests/rsa_pss/ciphertext4
security/nss/cmd/bltest/tests/rsa_pss/ciphertext5
security/nss/cmd/bltest/tests/rsa_pss/ciphertext6
security/nss/cmd/bltest/tests/rsa_pss/ciphertext7
security/nss/cmd/bltest/tests/rsa_pss/ciphertext8
security/nss/cmd/bltest/tests/rsa_pss/ciphertext9
security/nss/cmd/bltest/tests/rsa_pss/hash0
security/nss/cmd/bltest/tests/rsa_pss/hash1
security/nss/cmd/bltest/tests/rsa_pss/hash10
security/nss/cmd/bltest/tests/rsa_pss/hash11
security/nss/cmd/bltest/tests/rsa_pss/hash12
security/nss/cmd/bltest/tests/rsa_pss/hash13
security/nss/cmd/bltest/tests/rsa_pss/hash14
security/nss/cmd/bltest/tests/rsa_pss/hash15
security/nss/cmd/bltest/tests/rsa_pss/hash16
security/nss/cmd/bltest/tests/rsa_pss/hash17
security/nss/cmd/bltest/tests/rsa_pss/hash2
security/nss/cmd/bltest/tests/rsa_pss/hash3
security/nss/cmd/bltest/tests/rsa_pss/hash4
security/nss/cmd/bltest/tests/rsa_pss/hash5
security/nss/cmd/bltest/tests/rsa_pss/hash6
security/nss/cmd/bltest/tests/rsa_pss/hash7
security/nss/cmd/bltest/tests/rsa_pss/hash8
security/nss/cmd/bltest/tests/rsa_pss/hash9
security/nss/cmd/bltest/tests/rsa_pss/key0
security/nss/cmd/bltest/tests/rsa_pss/key1
security/nss/cmd/bltest/tests/rsa_pss/key10
security/nss/cmd/bltest/tests/rsa_pss/key11
security/nss/cmd/bltest/tests/rsa_pss/key12
security/nss/cmd/bltest/tests/rsa_pss/key13
security/nss/cmd/bltest/tests/rsa_pss/key14
security/nss/cmd/bltest/tests/rsa_pss/key15
security/nss/cmd/bltest/tests/rsa_pss/key16
security/nss/cmd/bltest/tests/rsa_pss/key17
security/nss/cmd/bltest/tests/rsa_pss/key2
security/nss/cmd/bltest/tests/rsa_pss/key3
security/nss/cmd/bltest/tests/rsa_pss/key4
security/nss/cmd/bltest/tests/rsa_pss/key5
security/nss/cmd/bltest/tests/rsa_pss/key6
security/nss/cmd/bltest/tests/rsa_pss/key7
security/nss/cmd/bltest/tests/rsa_pss/key8
security/nss/cmd/bltest/tests/rsa_pss/key9
security/nss/cmd/bltest/tests/rsa_pss/maskhash0
security/nss/cmd/bltest/tests/rsa_pss/maskhash1
security/nss/cmd/bltest/tests/rsa_pss/maskhash10
security/nss/cmd/bltest/tests/rsa_pss/maskhash11
security/nss/cmd/bltest/tests/rsa_pss/maskhash12
security/nss/cmd/bltest/tests/rsa_pss/maskhash13
security/nss/cmd/bltest/tests/rsa_pss/maskhash14
security/nss/cmd/bltest/tests/rsa_pss/maskhash15
security/nss/cmd/bltest/tests/rsa_pss/maskhash16
security/nss/cmd/bltest/tests/rsa_pss/maskhash17
security/nss/cmd/bltest/tests/rsa_pss/maskhash2
security/nss/cmd/bltest/tests/rsa_pss/maskhash3
security/nss/cmd/bltest/tests/rsa_pss/maskhash4
security/nss/cmd/bltest/tests/rsa_pss/maskhash5
security/nss/cmd/bltest/tests/rsa_pss/maskhash6
security/nss/cmd/bltest/tests/rsa_pss/maskhash7
security/nss/cmd/bltest/tests/rsa_pss/maskhash8
security/nss/cmd/bltest/tests/rsa_pss/maskhash9
security/nss/cmd/bltest/tests/rsa_pss/numtests
security/nss/cmd/bltest/tests/rsa_pss/plaintext0
security/nss/cmd/bltest/tests/rsa_pss/plaintext1
security/nss/cmd/bltest/tests/rsa_pss/plaintext10
security/nss/cmd/bltest/tests/rsa_pss/plaintext11
security/nss/cmd/bltest/tests/rsa_pss/plaintext12
security/nss/cmd/bltest/tests/rsa_pss/plaintext13
security/nss/cmd/bltest/tests/rsa_pss/plaintext14
security/nss/cmd/bltest/tests/rsa_pss/plaintext15
security/nss/cmd/bltest/tests/rsa_pss/plaintext16
security/nss/cmd/bltest/tests/rsa_pss/plaintext17
security/nss/cmd/bltest/tests/rsa_pss/plaintext2
security/nss/cmd/bltest/tests/rsa_pss/plaintext3
security/nss/cmd/bltest/tests/rsa_pss/plaintext4
security/nss/cmd/bltest/tests/rsa_pss/plaintext5
security/nss/cmd/bltest/tests/rsa_pss/plaintext6
security/nss/cmd/bltest/tests/rsa_pss/plaintext7
security/nss/cmd/bltest/tests/rsa_pss/plaintext8
security/nss/cmd/bltest/tests/rsa_pss/plaintext9
security/nss/cmd/bltest/tests/rsa_pss/seed0
security/nss/cmd/bltest/tests/rsa_pss/seed1
security/nss/cmd/bltest/tests/rsa_pss/seed10
security/nss/cmd/bltest/tests/rsa_pss/seed11
security/nss/cmd/bltest/tests/rsa_pss/seed12
security/nss/cmd/bltest/tests/rsa_pss/seed13
security/nss/cmd/bltest/tests/rsa_pss/seed14
security/nss/cmd/bltest/tests/rsa_pss/seed15
security/nss/cmd/bltest/tests/rsa_pss/seed16
security/nss/cmd/bltest/tests/rsa_pss/seed17
security/nss/cmd/bltest/tests/rsa_pss/seed2
security/nss/cmd/bltest/tests/rsa_pss/seed3
security/nss/cmd/bltest/tests/rsa_pss/seed4
security/nss/cmd/bltest/tests/rsa_pss/seed5
security/nss/cmd/bltest/tests/rsa_pss/seed6
security/nss/cmd/bltest/tests/rsa_pss/seed7
security/nss/cmd/bltest/tests/rsa_pss/seed8
security/nss/cmd/bltest/tests/rsa_pss/seed9
security/nss/coreconf/coreconf.dep
security/nss/lib/ckfw/builtins/bfind.c
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/freebl/blapi.h
security/nss/lib/freebl/ldvector.c
security/nss/lib/freebl/loader.c
security/nss/lib/freebl/loader.h
security/nss/lib/freebl/manifest.mn
security/nss/lib/freebl/rijndael.c
security/nss/lib/freebl/rsapkcs.c
security/nss/lib/freebl/stubs.c
security/nss/lib/smime/smime.h
security/nss/lib/softoken/manifest.mn
security/nss/lib/softoken/pkcs11c.c
security/nss/lib/softoken/rsawrapr.c
security/nss/lib/softoken/softoken.h
security/nss/lib/softoken/softoknt.h
security/nss/lib/util/secdig.c
security/nss/lib/util/secdig.h
security/nss/tests/chains/scenarios/method.cfg
security/nss/tests/cipher/cipher.txt
security/nss/tests/run_niscc.sh
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_15_4_BETA3
+NSS_3_15_4_BETA4
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/buildbot-slave/bbenv-example.sh
@@ -0,0 +1,69 @@
+#! /bin/bash
+
+# Each buildbot-slave requires a bbenv.sh file that defines
+# machine specific variables. This is an example file.
+
+
+HOST=$(hostname | cut -d. -f1)
+export HOST
+
+# if your machine's IP isn't registered in DNS,
+# you must set appropriate environment variables
+# that can be resolved locally.
+# For example, if localhost.localdomain works on your system, set:
+#HOST=localhost
+#DOMSUF=localdomain
+#export DOMSUF
+
+ARCH=$(uname -s)
+
+ulimit -c unlimited 2> /dev/null
+
+export NSS_ENABLE_ECC=1
+export NSS_ECC_MORE_THAN_SUITE_B=1
+export NSPR_LOG_MODULES="pkix:1"
+
+#export JAVA_HOME_32=
+#export JAVA_HOME_64=
+
+#enable if you have PKITS data
+#export PKITS_DATA=$HOME/pkits/data/
+
+NSS_BUILD_TARGET="clean nss_build_all"
+JSS_BUILD_TARGET="clean all"
+
+MAKE=gmake
+AWK=awk
+PATCH=patch
+
+if [ "${ARCH}" = "SunOS" ]; then
+    AWK=nawk
+    PATCH=gpatch
+    ARCH=SunOS/$(uname -p)
+fi
+
+if [ "${ARCH}" = "Linux" -a -f /etc/system-release ]; then
+   VERSION=`sed -e 's; release ;;' -e 's; (.*)$;;' -e 's;Red Hat Enterprise Linux Server;RHEL;' -e 's;Red Hat Enterprise Linux Workstation;RHEL;' /etc/system-release`
+   ARCH=Linux/${VERSION}
+   echo ${ARCH}
+fi
+
+PROCESSOR=$(uname -p)
+if [ "${PROCESSOR}" = "ppc64" ]; then
+    ARCH="${ARCH}/ppc64"
+fi
+if [ "${PROCESSOR}" = "powerpc" ]; then
+    ARCH="${ARCH}/ppc"
+fi
+
+PORT_64_DBG=8543
+PORT_64_OPT=8544
+PORT_32_DBG=8545
+PORT_32_OPT=8546
+
+if [ "${NSS_TESTS}" = "memleak" ]; then
+    PORT_64_DBG=8547
+    PORT_64_OPT=8548
+    PORT_32_DBG=8549
+    PORT_32_OPT=8550
+fi
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/buildbot-slave/build.sh
@@ -0,0 +1,378 @@
+#! /bin/bash
+
+# Ensure a failure of the first command inside a pipe
+# won't be hidden by commands later in the pipe.
+# (e.g. as in ./dosomething | grep)
+
+set -o pipefail
+
+proc_args()
+{
+    while [ -n "$1" ]; do
+        OPT=$(echo $1 | cut -d= -f1)
+        VAL=$(echo $1 | cut -d= -f2)
+
+        case $OPT in
+            "--build-nss")
+                BUILD_NSS=1
+                ;;
+            "--test-nss")
+                TEST_NSS=1
+                ;;
+            "--build-jss")
+                BUILD_JSS=1
+                ;;
+            "--test-jss")
+                TEST_JSS=1
+                ;;
+            "--memtest")
+                NSS_TESTS="memleak"
+                export NSS_TESTS
+                ;;
+            "--nojsssign")
+                NO_JSS_SIGN=1
+                ;;
+            *)
+                echo "Usage: $0 ..."
+                echo "    --memtest   - run the memory leak tests"
+                echo "    --nojsssign - try to sign jss"
+                echo "    --build-nss"
+                echo "    --build-jss"
+                echo "    --test-nss"
+                echo "    --test-jss"
+                exit 1
+                ;;
+        esac 
+
+        shift
+    done
+}
+
+set_env()
+{
+    TOPDIR=$(pwd)
+    HGDIR=$(pwd)$(echo "/hg")
+    OUTPUTDIR=$(pwd)$(echo "/output")
+    LOG_ALL="${OUTPUTDIR}/all.log"
+    LOG_TMP="${OUTPUTDIR}/tmp.log"
+
+    echo "hello" |grep --line-buffered hello >/dev/null 2>&1
+    [ $? -eq 0 ] && GREP_BUFFER="--line-buffered"
+}
+
+print_log()
+{
+    DATE=$(date "+TB [%Y-%m-%d %H:%M:%S]")
+    echo "${DATE} $*"
+    echo "${DATE} $*" >> ${LOG_ALL}
+}
+
+print_result()
+{
+    TESTNAME=$1
+    RET=$2
+    EXP=$3
+
+    if [ ${RET} -eq ${EXP} ]; then
+        print_log "${TESTNAME} PASSED"
+    else
+        print_log "${TESTNAME} FAILED"
+    fi
+}
+
+print_env()
+{
+    print_log "######## Environment variables ########"
+
+    uname -a | tee -a ${LOG_ALL}
+    if [ -e "/etc/redhat-release" ]; then
+        cat "/etc/redhat-release" | tee -a ${LOG_ALL}
+    fi
+    # don't print the MAIL command, it might contain a password    
+    env | grep -v "^MAIL=" | tee -a ${LOG_ALL}
+}
+
+set_cycle()
+{
+    BITS=$1
+    OPT=$2
+
+    if [ "${BITS}" = "64" ]; then
+        USE_64=1
+        JAVA_HOME=${JAVA_HOME_64} 
+        PORT_DBG=${PORT_64_DBG}
+        PORT_OPT=${PORT_64_OPT}
+    else
+        USE_64=
+        JAVA_HOME=${JAVA_HOME_32} 
+        PORT_DBG=${PORT_32_DBG}
+        PORT_OPT=${PORT_32_OPT}
+    fi
+    export USE_64
+    export JAVA_HOME
+
+    BUILD_OPT=
+    if [ "${OPT}" = "OPT" ]; then
+        BUILD_OPT=1
+        XPCLASS=xpclass.jar
+        PORT=${PORT_OPT}
+    else
+        BUILD_OPT=
+        XPCLASS=xpclass_dbg.jar
+        PORT=${PORT_DBG}
+    fi
+    export BUILD_OPT
+
+    PORT_JSS_SERVER=$(expr ${PORT} + 20)
+    PORT_JSSE_SERVER=$(expr ${PORT} + 40)
+
+    export PORT
+    export PORT_JSS_SERVER
+    export PORT_JSSE_SERVER
+}
+
+build_nss()
+{
+    print_log "######## NSS - build - ${BITS} bits - ${OPT} ########"
+
+    print_log "$ cd ${HGDIR}/nss"
+    cd ${HGDIR}/nss
+
+    print_log "$ ${MAKE} ${NSS_BUILD_TARGET}"
+    #${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} | grep ${GREP_BUFFER} "^${MAKE}"
+    ${MAKE} ${NSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL}
+    RET=$?
+    print_result "NSS - build - ${BITS} bits - ${OPT}" ${RET} 0
+
+    if [ ${RET} -eq 0 ]; then
+        return 0
+    else
+        tail -100 ${LOG_ALL}
+        return ${RET}
+    fi
+}
+
+build_jss()
+{
+    print_log "######## JSS - build - ${BITS} bits - ${OPT} ########"
+
+    print_log "$ cd ${HGDIR}/jss"
+    cd ${HGDIR}/jss
+
+    print_log "$ ${MAKE} ${JSS_BUILD_TARGET}"
+    #${MAKE} ${JSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL} | grep ${GREP_BUFFER} "^${MAKE}"
+    ${MAKE} ${JSS_BUILD_TARGET} 2>&1 | tee -a ${LOG_ALL}
+    RET=$?
+    print_result "JSS build - ${BITS} bits - ${OPT}" ${RET} 0
+    [ ${RET} -eq 0 ] || return ${RET}
+
+    print_log "$ cd ${HGDIR}/dist"
+    cd ${HGDIR}/dist
+
+    if [ -z "${NO_JSS_SIGN}" ]; then
+	print_log "cat ${TOPDIR}/keystore.pw | ${JAVA_HOME}/bin/jarsigner -keystore ${TOPDIR}/keystore -internalsf ${XPCLASS} jssdsa"
+	cat ${TOPDIR}/keystore.pw | ${JAVA_HOME}/bin/jarsigner -keystore ${TOPDIR}/keystore -internalsf ${XPCLASS} jssdsa >> ${LOG_ALL} 2>&1
+	RET=$?
+	print_result "JSS - sign JAR files - ${BITS} bits - ${OPT}" ${RET} 0
+	[ ${RET} -eq 0 ] || return ${RET}
+    fi
+    print_log "${JAVA_HOME}/bin/jarsigner -verify -certs ${XPCLASS}"
+    ${JAVA_HOME}/bin/jarsigner -verify -certs ${XPCLASS} >> ${LOG_ALL} 2>&1
+    RET=$?
+    print_result "JSS - verify JAR files - ${BITS} bits - ${OPT}" ${RET} 0
+    [ ${RET} -eq 0 ] || return ${RET}
+
+    return 0
+}
+
+test_nss()
+{
+    print_log "######## NSS - tests - ${BITS} bits - ${OPT} ########"
+
+    if [ "${OS_TARGET}" = "Android" ]; then
+	print_log "$ cd ${HGDIR}/nss/tests/remote"
+	cd ${HGDIR}/nss/tests/remote
+	print_log "$ make test_android"
+	make test_android 2>&1 | tee ${LOG_TMP} | grep ${GREP_BUFFER} ": #"
+	OUTPUTFILE=${HGDIR}/tests_results/security/*.1/output.log
+    else
+	print_log "$ cd ${HGDIR}/nss/tests"
+	cd ${HGDIR}/nss/tests
+	print_log "$ ./all.sh"
+	./all.sh 2>&1 | tee ${LOG_TMP} | grep ${GREP_BUFFER} ": #"
+	OUTPUTFILE=${LOG_TMP}
+    fi
+
+    cat ${LOG_TMP} >> ${LOG_ALL}
+    tail -n2 ${HGDIR}/tests_results/security/*.1/results.html | grep END_OF_TEST >> ${LOG_ALL}
+    RET=$?
+
+    print_log "######## details of detected failures (if any) ########"
+    grep -B50 FAIL ${OUTPUTFILE}
+    [ $? -eq 1 ] || RET=1
+
+    print_result "NSS - tests - ${BITS} bits - ${OPT}" ${RET} 0
+    return ${RET}
+}
+
+test_jss()
+{
+    print_log "######## JSS - tests - ${BITS} bits - ${OPT} ########"
+
+    print_log "$ cd ${HGDIR}/jss"
+    cd ${HGDIR}/jss
+
+    print_log "$ ${MAKE} platform"
+    PLATFORM=$(${MAKE} platform)
+    print_log "PLATFORM=${PLATFORM}"
+
+    print_log "$ cd ${HGDIR}/jss/org/mozilla/jss/tests"
+    cd ${HGDIR}/jss/org/mozilla/jss/tests
+
+    print_log "$ perl all.pl dist ${HGDIR}/dist/${PLATFORM}"
+    perl all.pl dist ${HGDIR}/dist/${PLATFORM} 2>&1 | tee ${LOG_TMP}
+    cat ${LOG_TMP} >> ${LOG_ALL}
+
+    tail -n2 ${LOG_TMP} | grep JSSTEST_RATE > /dev/null
+    RET=$?
+
+    grep FAIL ${LOG_TMP} 
+    [ $? -eq 1 ] || RET=1
+
+    print_result "JSS - tests - ${BITS} bits - ${OPT}" ${RET} 0
+    return ${RET}
+}
+
+build_and_test()
+{
+    if [ -n "${BUILD_NSS}" ]; then
+        build_nss
+        [ $? -eq 0 ] || return 1
+    fi
+
+    if [ -n "${TEST_NSS}" ]; then
+        test_nss
+        [ $? -eq 0 ] || return 1
+    fi
+
+    if [ -n "${BUILD_JSS}" ]; then
+        build_jss
+        [ $? -eq 0 ] || return 1
+    fi
+
+    if [ -n "${TEST_JSS}" ]; then
+        test_jss
+        [ $? -eq 0 ] || return 1
+    fi
+
+    return 0
+}
+
+run_cycle()
+{
+    print_env
+    build_and_test
+    RET=$?
+
+    grep ^TinderboxPrint ${LOG_ALL}
+
+    return ${RET}
+}
+
+prepare()
+{
+    rm -rf ${OUTPUTDIR}.oldest >/dev/null 2>&1
+    mv ${OUTPUTDIR}.older ${OUTPUTDIR}.oldest >/dev/null 2>&1
+    mv ${OUTPUTDIR}.old ${OUTPUTDIR}.older >/dev/null 2>&1
+    mv ${OUTPUTDIR}.last ${OUTPUTDIR}.old >/dev/null 2>&1
+    mv ${OUTPUTDIR} ${OUTPUTDIR}.last >/dev/null 2>&1
+    mkdir -p ${OUTPUTDIR}
+
+    if [ -n "${NSS_ENABLE_ECC}" -a -n "${NSS_ECC_MORE_THAN_SUITE_B}" ]; then
+        cd ${HGDIR}/nss
+        ECF="lib/freebl/ecl/ecl-curve.h"
+	print_log "hg revert -r NSS_3_11_1_RTM ${ECF}"
+        hg revert -r NSS_3_11_1_RTM security/nss/${ECF}
+        cp -f security/nss/${ECF} ${ECF}
+    fi
+
+    return 0
+}
+
+move_results()
+{
+    cd ${HGDIR}
+    if [ -n "${TEST_NSS}" ]; then
+	mv -f tests_results ${OUTPUTDIR}
+    fi
+    tar -c -z --dereference -f ${OUTPUTDIR}/dist.tgz dist
+    rm -rf dist
+}
+
+run_all()
+{
+    set_cycle ${BITS} ${OPT}
+    prepare
+    run_cycle
+    RESULT=$?
+    print_log "### result of run_cycle is ${RESULT}"
+    move_results
+    return ${RESULT}
+}
+
+main()
+{
+    VALID=0
+    RET=1
+
+    for BITS in 32 64; do
+        echo ${RUN_BITS} | grep ${BITS} > /dev/null
+        [ $? -eq 0 ] || continue
+        for OPT in DBG OPT; do
+            echo ${RUN_OPT} | grep ${OPT} > /dev/null
+            [ $? -eq 0 ] || continue
+
+            VALID=1
+            set_env
+            run_all
+            RET=$?
+	    print_log "### result of run_all is ${RET}"
+        done
+    done
+
+    if [ ${VALID} -ne 1 ]; then
+        echo "Need to set valid bits/opt values."
+        return 1
+    fi
+
+    return ${RET}
+}
+
+#function killallsub()
+#{
+#    FINAL_RET=$?
+#    for proc in `jobs -p`
+#    do
+#        kill -9 $proc
+#    done
+#    return ${FINAL_RET}
+#}
+#trap killallsub EXIT
+
+#IS_RUNNING_FILE="./build-is-running"
+
+#if [ -a $IS_RUNNING_FILE ]; then
+#    echo "exiting, because old job is still running"
+#    exit 1
+#fi
+
+#touch $IS_RUNNING_FILE
+
+echo "tinderbox args: $0 $@"
+. ${ENVVARS}
+proc_args "$@"
+main
+
+#RET=$?
+#rm $IS_RUNNING_FILE
+#exit ${RET}
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/buildbot-slave/reboot.bat
@@ -0,0 +1,6 @@
+IF EXIST ..\buildbot-is-building (
+    del ..\buildbot-is-building
+    shutdown /r /t 0
+
+    timeout /t 120
+)
new file mode 100644
--- /dev/null
+++ b/security/nss/automation/buildbot-slave/startbuild.bat
@@ -0,0 +1,14 @@
+echo running > ..\buildbot-is-building
+
+echo running: "%MOZILLABUILD%\msys\bin\bash" -c "hg/tinder/buildbot/build.sh %*"
+"%MOZILLABUILD%\msys\bin\bash" -c "hg/tinder/buildbot/build.sh %*"
+
+if %errorlevel% neq 0 (
+  set EXITCODE=1
+) else (
+  set EXITCODE=0
+)
+
+del ..\buildbot-is-building
+
+exit /b %EXITCODE%
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -24,22 +24,16 @@
 #ifdef NSS_ENABLE_ECC
 #include "ecl-curve.h"
 SECStatus EC_DecodeParams(const SECItem *encodedParams, 
 	ECParams **ecparams);
 SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
 	      const ECParams *srcParams);
 #endif
 
-/* Temporary - add debugging output on windows for RSA to track QA failure */
-#ifdef _WIN32
-#define TRACK_BLTEST_BUG
-    char __bltDBG[] = "BLTEST DEBUG";
-#endif
-
 char *progName;
 char *testdir = NULL;
 
 #define BLTEST_DEFAULT_CHUNKSIZE 4096
 
 #define WORDSIZE sizeof(unsigned long)
 
 #define CHECKERROR(rv, ln) \
@@ -624,16 +618,19 @@ typedef SECStatus (* bltestSymmCipherFn)
 typedef SECStatus (* bltestPubKeyCipherFn)(void *key,
 					   SECItem *output,
 					   const SECItem *input);
 
 typedef SECStatus (* bltestHashCipherFn)(unsigned char *dest,
 					 const unsigned char *src,
 					 PRUint32 src_length);
 
+/* Note: Algorithms are grouped in order to support is_symmkeyCipher /
+ * is_pubkeyCipher / is_hashCipher / is_sigCipher
+ */
 typedef enum {
     bltestINVALID = -1,
     bltestDES_ECB,	  /* Symmetric Key Ciphers */
     bltestDES_CBC,	  /* .			   */
     bltestDES_EDE_ECB,	  /* .			   */
     bltestDES_EDE_CBC,	  /* .			   */
     bltestRC2_ECB,	  /* .			   */
     bltestRC2_CBC,	  /* .			   */
@@ -646,21 +643,23 @@ typedef enum {
     bltestAES_CBC,        /* .                     */
     bltestAES_CTS,        /* .                     */
     bltestAES_CTR,        /* .                     */
     bltestAES_GCM,        /* .                     */
     bltestCAMELLIA_ECB,   /* .                     */
     bltestCAMELLIA_CBC,   /* .                     */
     bltestSEED_ECB,       /* SEED algorithm	   */
     bltestSEED_CBC,       /* SEED algorithm	   */
-    bltestRSA,		  /* Public Key Ciphers	   */
+    bltestRSA,            /* Public Key Ciphers    */
+    bltestRSA_OAEP,       /* . (Public Key Enc.)   */
+    bltestRSA_PSS,        /* . (Public Key Sig.)   */
 #ifdef NSS_ENABLE_ECC
-    bltestECDSA,	  /* . (Public Key Sig.)   */
+    bltestECDSA,          /* . (Public Key Sig.)   */
 #endif
-    bltestDSA,		  /* .                     */
+    bltestDSA,            /* . (Public Key Sig.)   */
     bltestMD2,		  /* Hash algorithms	   */
     bltestMD5,		  /* .			   */
     bltestSHA1,           /* .			   */
     bltestSHA224,         /* .			   */
     bltestSHA256,         /* .			   */
     bltestSHA384,         /* .			   */
     bltestSHA512,         /* .			   */
     NUMMODES
@@ -684,16 +683,18 @@ static char *mode_strings[] =
     "aes_cts",
     "aes_ctr",
     "aes_gcm",
     "camellia_ecb",
     "camellia_cbc",
     "seed_ecb",
     "seed_cbc",
     "rsa",
+    "rsa_oaep",
+    "rsa_pss",
 #ifdef NSS_ENABLE_ECC
     "ecdsa",
 #endif
     /*"pqg",*/
     "dsa",
     "md2",
     "md5",
     "sha1",
@@ -721,60 +722,71 @@ typedef struct
     bltestIO iv;
     int	     rounds;
     int	     wordsize;
 } bltestRC5Params;
 
 typedef struct
 {
     bltestIO key;
-    int	     keysizeInBits;
-    RSAPrivateKey *rsakey;
+    int keysizeInBits;
+
+    /* OAEP & PSS */
+    HASH_HashType hashAlg;
+    HASH_HashType maskHashAlg;
+    bltestIO      seed; /* salt if PSS */
 } bltestRSAParams;
 
 typedef struct
 {
-    bltestIO   key;
     bltestIO   pqgdata;
     unsigned int keysize;
     bltestIO   keyseed;
     bltestIO   sigseed;
-    bltestIO   sig; /* if doing verify, have additional input */
     PQGParams *pqg;
-    DSAPrivateKey *dsakey;
 } bltestDSAParams;
 
 #ifdef NSS_ENABLE_ECC
 typedef struct
 {
-    bltestIO   key;
     char      *curveName;
     bltestIO   sigseed;
-    bltestIO   sig; /* if doing verify, have additional input */
-    ECPrivateKey *eckey;
 } bltestECDSAParams;
 #endif
 
 typedef struct
 {
+    bltestIO key;
+    void *   privKey;
+    void *   pubKey;
+    bltestIO sig; /* if doing verify, the signature (which may come
+                   * from sigfile. */
+
+    union {
+        bltestRSAParams rsa;
+        bltestDSAParams dsa;
+#ifdef NSS_ENABLE_ECC
+        bltestECDSAParams ecdsa;
+#endif
+    } cipherParams;
+} bltestAsymKeyParams;
+
+typedef struct
+{
     bltestIO   key; /* unused */
     PRBool     restart;
 } bltestHashParams;
 
 typedef union
 {
     bltestIO		key;
     bltestSymmKeyParams sk;
     bltestAuthSymmKeyParams ask;
     bltestRC5Params	rc5;
-    bltestRSAParams	rsa;
-    bltestDSAParams	dsa;
-#ifdef NSS_ENABLE_ECC
-    bltestECDSAParams	ecdsa;
-#endif
+    bltestAsymKeyParams	asymk;
     bltestHashParams	hash;
 } bltestParams;
 
 typedef struct bltestCipherInfoStr bltestCipherInfo;
 
 struct  bltestCipherInfoStr {
     PLArenaPool *arena;
     /* link to next in multithreaded test */
@@ -854,22 +866,18 @@ is_hashCipher(bltestCipherMode mode)
 	return PR_TRUE;
     return PR_FALSE;
 }
 
 PRBool
 is_sigCipher(bltestCipherMode mode)
 {
     /* change as needed! */
-#ifdef NSS_ENABLE_ECC
-    if (mode >= bltestECDSA && mode <= bltestDSA)
-#else
-    if (mode >= bltestDSA && mode <= bltestDSA)
-#endif
-	return PR_TRUE;
+    if (mode >= bltestRSA_PSS && mode <= bltestDSA)
+       return PR_TRUE;
     return PR_FALSE;
 }
 
 PRBool
 cipher_requires_IV(bltestCipherMode mode)
 {
     /* change as needed! */
     if (mode == bltestDES_CBC || mode == bltestDES_EDE_CBC ||
@@ -1154,50 +1162,135 @@ seed_Decrypt(void *cx, unsigned char *ou
             unsigned int maxOutputLen, const unsigned char *input,
             unsigned int inputLen)
 {
     return SEED_Decrypt((SEEDContext *)cx, output, outputLen, maxOutputLen,
                        input, inputLen);
 }
 
 SECStatus
-rsa_PublicKeyOp(void *key, SECItem *output, const SECItem *input)
+rsa_PublicKeyOp(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    RSAPublicKey *pubKey = (RSAPublicKey *)params->pubKey;
+    SECStatus rv = RSA_PublicKeyOp(pubKey, output->data, input->data);
+    if (rv == SECSuccess) {
+        output->len = pubKey->modulus.data[0] ? pubKey->modulus.len :
+                                                pubKey->modulus.len - 1;
+    }
+    return rv;
+}
+
+SECStatus
+rsa_PrivateKeyOp(void *cx, SECItem *output, const SECItem *input)
 {
-    return RSA_PublicKeyOp((RSAPublicKey *)key, output->data, input->data);
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    RSAPrivateKey *privKey = (RSAPrivateKey *)params->privKey;
+    SECStatus rv = RSA_PrivateKeyOp(privKey, output->data, input->data);
+    if (rv == SECSuccess) {
+        output->len = privKey->modulus.data[0] ? privKey->modulus.len :
+                                                 privKey->modulus.len - 1;
+    }
+    return rv;
+}
+
+SECStatus
+rsa_signDigestPSS(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    bltestRSAParams *rsaParams = &params->cipherParams.rsa;
+    return RSA_SignPSS((RSAPrivateKey *)params->privKey,
+                       rsaParams->hashAlg,
+                       rsaParams->maskHashAlg,
+                       rsaParams->seed.buf.data,
+                       rsaParams->seed.buf.len,
+                       output->data, &output->len, output->len,
+                       input->data, input->len);
 }
 
 SECStatus
-rsa_PrivateKeyOp(void *key, SECItem *output, const SECItem *input)
+rsa_verifyDigestPSS(void *cx, SECItem *output, const SECItem *input)
 {
-    return RSA_PrivateKeyOp((RSAPrivateKey *)key, output->data, input->data);
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    bltestRSAParams *rsaParams = &params->cipherParams.rsa;
+    return RSA_CheckSignPSS((RSAPublicKey *)params->pubKey,
+                            rsaParams->hashAlg,
+                            rsaParams->maskHashAlg,
+                            rsaParams->seed.buf.len,
+                            output->data, output->len,
+                            input->data, input->len);
+}
+
+SECStatus
+rsa_encryptOAEP(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    bltestRSAParams *rsaParams = &params->cipherParams.rsa;
+    return RSA_EncryptOAEP((RSAPublicKey *)params->pubKey,
+                           rsaParams->hashAlg,
+                           rsaParams->maskHashAlg,
+                           NULL, 0,
+                           rsaParams->seed.buf.data,
+                           rsaParams->seed.buf.len,
+                           output->data, &output->len, output->len,
+                           input->data, input->len);
 }
 
 SECStatus
-dsa_signDigest(void *key, SECItem *output, const SECItem *input)
+rsa_decryptOAEP(void *cx, SECItem *output, const SECItem *input)
 {
-    return DSA_SignDigest((DSAPrivateKey *)key, output, input);
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    bltestRSAParams *rsaParams = &params->cipherParams.rsa;
+    return RSA_DecryptOAEP((RSAPrivateKey *)params->privKey,
+                           rsaParams->hashAlg,
+                           rsaParams->maskHashAlg,
+                           NULL, 0,
+                           output->data, &output->len, output->len,
+                           input->data, input->len);
 }
 
 SECStatus
-dsa_verifyDigest(void *key, SECItem *output, const SECItem *input)
+dsa_signDigest(void *cx, SECItem *output, const SECItem *input)
 {
-    return DSA_VerifyDigest((DSAPublicKey *)key, output, input);
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    if (params->cipherParams.dsa.sigseed.buf.len > 0) {
+        return DSA_SignDigestWithSeed((DSAPrivateKey *)params->privKey,
+                                      output, input,
+                                      params->cipherParams.dsa.sigseed.buf.data);
+    }
+    return DSA_SignDigest((DSAPrivateKey *)params->privKey, output, input);
+}
+
+SECStatus
+dsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
+{
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    return DSA_VerifyDigest((DSAPublicKey *)params->pubKey, output, input);
 }
 
 #ifdef NSS_ENABLE_ECC
 SECStatus
-ecdsa_signDigest(void *key, SECItem *output, const SECItem *input)
+ecdsa_signDigest(void *cx, SECItem *output, const SECItem *input)
 {
-    return ECDSA_SignDigest((ECPrivateKey *)key, output, input);
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    if (params->cipherParams.ecdsa.sigseed.buf.len > 0) {
+        return ECDSA_SignDigestWithSeed(
+                        (ECPrivateKey *)params->privKey,
+                        output, input,
+                        params->cipherParams.ecdsa.sigseed.buf.data,
+                        params->cipherParams.ecdsa.sigseed.buf.len);
+    }
+    return ECDSA_SignDigest((ECPrivateKey *)params->privKey, output, input);
 }
 
 SECStatus
-ecdsa_verifyDigest(void *key, SECItem *output, const SECItem *input)
+ecdsa_verifyDigest(void *cx, SECItem *output, const SECItem *input)
 {
-    return ECDSA_VerifyDigest((ECPublicKey *)key, output, input);
+    bltestAsymKeyParams *params = (bltestAsymKeyParams *)cx;
+    return ECDSA_VerifyDigest((ECPublicKey *)params->pubKey, output, input);
 }
 #endif
 
 SECStatus
 bltest_des_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     PRIntervalTime time1, time2;
     bltestSymmKeyParams *desp = &cipherInfo->params.sk;
@@ -1484,51 +1577,69 @@ bltest_seed_init(bltestCipherInfo *ciphe
 	return SECSuccess;
 }
 
 SECStatus
 bltest_rsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     int i;
     RSAPrivateKey **dummyKey;
+    RSAPrivateKey *privKey;
+    RSAPublicKey *pubKey;
     PRIntervalTime time1, time2;
-    bltestRSAParams *rsap = &cipherInfo->params.rsa;
+
+    bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
+    bltestRSAParams *rsap = &asymk->cipherParams.rsa;
+
     /* RSA key gen was done during parameter setup */
-    cipherInfo->cx = cipherInfo->params.rsa.rsakey;
+    cipherInfo->cx = asymk;
+    privKey = (RSAPrivateKey *)asymk->privKey;
+
     /* For performance testing */
     if (cipherInfo->cxreps > 0) {
 	/* Create space for n private key objects */
 	dummyKey = (RSAPrivateKey **)PORT_Alloc(cipherInfo->cxreps *
 						sizeof(RSAPrivateKey *));
 	/* Time n keygens, storing in the array */
 	TIMESTART();
 	for (i=0; i<cipherInfo->cxreps; i++)
 	    dummyKey[i] = RSA_NewKey(rsap->keysizeInBits, 
-	                             &rsap->rsakey->publicExponent);
+	                             &privKey->publicExponent);
 	TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
 	/* Free the n key objects */
 	for (i=0; i<cipherInfo->cxreps; i++)
 	    PORT_FreeArena(dummyKey[i]->arena, PR_TRUE);
 	PORT_Free(dummyKey);
     }
-    if (encrypt) {
+
+    if ((encrypt && !is_sigCipher(cipherInfo->mode)) ||
+        (!encrypt && is_sigCipher(cipherInfo->mode))) {
 	/* Have to convert private key to public key.  Memory
 	 * is freed with private key's arena  */
-	RSAPublicKey *pubkey;
-	RSAPrivateKey *key = (RSAPrivateKey *)cipherInfo->cx;
-	pubkey = (RSAPublicKey *)PORT_ArenaAlloc(key->arena,
+	pubKey = (RSAPublicKey *)PORT_ArenaAlloc(privKey->arena,
 						 sizeof(RSAPublicKey));
-	pubkey->modulus.len = key->modulus.len;
-	pubkey->modulus.data = key->modulus.data;
-	pubkey->publicExponent.len = key->publicExponent.len;
-	pubkey->publicExponent.data = key->publicExponent.data;
-	cipherInfo->cx = (void *)pubkey;
-	cipherInfo->cipher.pubkeyCipher = rsa_PublicKeyOp;
-    } else {
-	cipherInfo->cipher.pubkeyCipher = rsa_PrivateKeyOp;
+	pubKey->modulus.len = privKey->modulus.len;
+	pubKey->modulus.data = privKey->modulus.data;
+	pubKey->publicExponent.len = privKey->publicExponent.len;
+	pubKey->publicExponent.data = privKey->publicExponent.data;
+	asymk->pubKey = (void *)pubKey;
+    }
+    switch (cipherInfo->mode) {
+        case bltestRSA:
+            cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_PublicKeyOp
+                                                      : rsa_PrivateKeyOp;
+            break;
+        case bltestRSA_PSS:
+            cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_signDigestPSS
+                                                      : rsa_verifyDigestPSS;
+            break;
+        case bltestRSA_OAEP:
+            cipherInfo->cipher.pubkeyCipher = encrypt ? rsa_encryptOAEP
+                                                      : rsa_decryptOAEP;
+            break;
     }
     return SECSuccess;
 }
 
 SECStatus
 blapi_pqg_param_gen(unsigned int keysize, PQGParams **pqg, PQGVerify **vfy)
 {
     if (keysize < 1024) {
@@ -1553,20 +1664,20 @@ bltest_pqg_init(bltestDSAParams *dsap)
 
 SECStatus
 bltest_dsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     int i;
     DSAPrivateKey **dummyKey;
     PQGParams *dummypqg;
     PRIntervalTime time1, time2;
-    bltestDSAParams *dsap = &cipherInfo->params.dsa;
+    bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
+    bltestDSAParams *dsap = &asymk->cipherParams.dsa;
     PQGVerify *ignore = NULL;
-    /* DSA key gen was done during parameter setup */
-    cipherInfo->cx = cipherInfo->params.dsa.dsakey;
+    cipherInfo->cx = asymk;
     /* For performance testing */
     if (cipherInfo->cxreps > 0) {
 	/* Create space for n private key objects */
 	dummyKey = (DSAPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
 	                                         sizeof(DSAPrivateKey *));
 	/* Time n keygens, storing in the array */
 	TIMESTART();
 	for (i=0; i<cipherInfo->cxreps; i++) {
@@ -1578,77 +1689,77 @@ bltest_dsa_init(bltestCipherInfo *cipher
 	/* Free the n key objects */
 	for (i=0; i<cipherInfo->cxreps; i++)
 	    PORT_FreeArena(dummyKey[i]->params.arena, PR_TRUE);
 	PORT_Free(dummyKey);
     }
     if (!dsap->pqg && dsap->pqgdata.buf.len > 0) {
 	dsap->pqg = pqg_from_filedata(&dsap->pqgdata.buf);
     }
-    if (!cipherInfo->cx && dsap->key.buf.len > 0) {
-	cipherInfo->cx = dsakey_from_filedata(&dsap->key.buf);
+    if (!asymk->privKey && asymk->key.buf.len > 0) {
+	asymk->privKey = dsakey_from_filedata(&asymk->key.buf);
     }
     if (encrypt) {
 	cipherInfo->cipher.pubkeyCipher = dsa_signDigest;
     } else {
 	/* Have to convert private key to public key.  Memory
 	 * is freed with private key's arena  */
 	DSAPublicKey *pubkey;
-	DSAPrivateKey *key = (DSAPrivateKey *)cipherInfo->cx;
+	DSAPrivateKey *key = (DSAPrivateKey *)asymk->privKey;
 	pubkey = (DSAPublicKey *)PORT_ArenaZAlloc(key->params.arena,
 						  sizeof(DSAPublicKey));
 	pubkey->params.prime.len = key->params.prime.len;
 	pubkey->params.prime.data = key->params.prime.data;
 	pubkey->params.subPrime.len = key->params.subPrime.len;
 	pubkey->params.subPrime.data = key->params.subPrime.data;
 	pubkey->params.base.len = key->params.base.len;
 	pubkey->params.base.data = key->params.base.data;
 	pubkey->publicValue.len = key->publicValue.len;
 	pubkey->publicValue.data = key->publicValue.data;
+	asymk->pubKey = pubkey;
 	cipherInfo->cipher.pubkeyCipher = dsa_verifyDigest;
     }
     return SECSuccess;
 }
 
 #ifdef NSS_ENABLE_ECC
 SECStatus
 bltest_ecdsa_init(bltestCipherInfo *cipherInfo, PRBool encrypt)
 {
     int i;
     ECPrivateKey **dummyKey;
     PRIntervalTime time1, time2;
-    bltestECDSAParams *ecdsap = &cipherInfo->params.ecdsa;
-    /* ECDSA key gen was done during parameter setup */
-    cipherInfo->cx = cipherInfo->params.ecdsa.eckey;
+    bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
+    cipherInfo->cx = asymk;
     /* For performance testing */
     if (cipherInfo->cxreps > 0) {
 	/* Create space for n private key objects */
 	dummyKey = (ECPrivateKey **)PORT_ZAlloc(cipherInfo->cxreps *
 	                                         sizeof(ECPrivateKey *));
 	/* Time n keygens, storing in the array */
 	TIMESTART();
 	for (i=0; i<cipherInfo->cxreps; i++) {
-	    EC_NewKey(&ecdsap->eckey->ecParams, &dummyKey[i]);
+	    EC_NewKey(&((ECPrivateKey *)asymk->privKey)->ecParams, &dummyKey[i]);
 	}
 	TIMEFINISH(cipherInfo->cxtime, cipherInfo->cxreps);
 	/* Free the n key objects */
 	for (i=0; i<cipherInfo->cxreps; i++)
 	    PORT_FreeArena(dummyKey[i]->ecParams.arena, PR_TRUE);
 	PORT_Free(dummyKey);
     }
-    if (!cipherInfo->cx && ecdsap->key.buf.len > 0) {
-	cipherInfo->cx = eckey_from_filedata(&ecdsap->key.buf);
+    if (!asymk->privKey && asymk->key.buf.len > 0) {
+        asymk->privKey = eckey_from_filedata(&asymk->key.buf);
     }
     if (encrypt) {
 	cipherInfo->cipher.pubkeyCipher = ecdsa_signDigest;
     } else {
 	/* Have to convert private key to public key.  Memory
 	 * is freed with private key's arena  */
 	ECPublicKey *pubkey;
-	ECPrivateKey *key = (ECPrivateKey *)cipherInfo->cx;
+	ECPrivateKey *key = (ECPrivateKey *)asymk->privKey;
 	pubkey = (ECPublicKey *)PORT_ArenaZAlloc(key->ecParams.arena,
 						  sizeof(ECPublicKey));
 	pubkey->ecParams.type = key->ecParams.type;
 	pubkey->ecParams.fieldID.size = key->ecParams.fieldID.size;
 	pubkey->ecParams.fieldID.type = key->ecParams.fieldID.type;
 	pubkey->ecParams.fieldID.u.prime.len = key->ecParams.fieldID.u.prime.len;
 	pubkey->ecParams.fieldID.u.prime.data = key->ecParams.fieldID.u.prime.data;
 	pubkey->ecParams.fieldID.k1 = key->ecParams.fieldID.k1;
@@ -1665,16 +1776,17 @@ bltest_ecdsa_init(bltestCipherInfo *ciph
 	pubkey->ecParams.order.len = key->ecParams.order.len;
 	pubkey->ecParams.order.data = key->ecParams.order.data;
 	pubkey->ecParams.cofactor = key->ecParams.cofactor;
 	pubkey->ecParams.DEREncoding.len = key->ecParams.DEREncoding.len;
 	pubkey->ecParams.DEREncoding.data = key->ecParams.DEREncoding.data;
 	pubkey->ecParams.name= key->ecParams.name;
 	pubkey->publicValue.len = key->publicValue.len;
 	pubkey->publicValue.data = key->publicValue.data;
+	asymk->pubKey = pubkey;
 	cipherInfo->cipher.pubkeyCipher = ecdsa_verifyDigest;
     }
     return SECSuccess;
 }
 #endif
 
 /* XXX unfortunately, this is not defined in blapi.h */
 SECStatus
@@ -1968,84 +2080,91 @@ pubkeyInitKey(bltestCipherInfo *cipherIn
 #ifdef NSS_ENABLE_ECC
 	      int keysize, int exponent, char *curveName)
 #else
 	      int keysize, int exponent)
 #endif
 {
     int i;
     SECStatus rv = SECSuccess;
+    bltestAsymKeyParams *asymk = &cipherInfo->params.asymk;
     bltestRSAParams *rsap;
+    RSAPrivateKey **rsaKey = NULL;
     bltestDSAParams *dsap;
+    DSAPrivateKey **dsaKey = NULL;
 #ifdef NSS_ENABLE_ECC
-    bltestECDSAParams *ecdsap;
     SECItem *tmpECParamsDER;
     ECParams *tmpECParams = NULL;
     SECItem ecSerialize[3];
+    ECPrivateKey **ecKey = NULL;
 #endif
     switch (cipherInfo->mode) {
     case bltestRSA:
-	rsap = &cipherInfo->params.rsa;
+    case bltestRSA_PSS:
+    case bltestRSA_OAEP:
+	rsap = &asymk->cipherParams.rsa;
+        rsaKey = (RSAPrivateKey **)&asymk->privKey;
 	if (keysize > 0) {
 	    SECItem expitem = { 0, 0, 0 };
 	    SECITEM_AllocItem(cipherInfo->arena, &expitem, sizeof(int));
 	    for (i = 1; i <= sizeof(int); i++)
 		expitem.data[i-1] = exponent >> (8*(sizeof(int) - i));
-	    rsap->rsakey = RSA_NewKey(keysize * 8, &expitem);
-	    serialize_key(&rsap->rsakey->version, 9, file);
+	    *rsaKey = RSA_NewKey(keysize * 8, &expitem);
+	    serialize_key(&(*rsaKey)->version, 9, file);
 	    rsap->keysizeInBits = keysize * 8;
 	} else {
-	    setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0);
-	    rsap->rsakey = rsakey_from_filedata(&cipherInfo->params.key.buf);
-	    rsap->keysizeInBits = rsap->rsakey->modulus.len * 8;
+	    setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+	    *rsaKey = rsakey_from_filedata(&asymk->key.buf);
+	    rsap->keysizeInBits = (*rsaKey)->modulus.len * 8;
 	}
 	break;
     case bltestDSA:
-	dsap = &cipherInfo->params.dsa;
+	dsap = &asymk->cipherParams.dsa;
+	dsaKey = (DSAPrivateKey **)&asymk->privKey;
 	if (keysize > 0) {
 	    dsap->keysize = keysize*8;
 	    if (!dsap->pqg)
 		bltest_pqg_init(dsap);
-	    rv = DSA_NewKey(dsap->pqg, &dsap->dsakey);
+	    rv = DSA_NewKey(dsap->pqg, dsaKey);
 	    CHECKERROR(rv, __LINE__);
-	    serialize_key(&dsap->dsakey->params.prime, 5, file);
+	    serialize_key(&(*dsaKey)->params.prime, 5, file);
 	} else {
-	    setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0);
-	    dsap->dsakey = dsakey_from_filedata(&cipherInfo->params.key.buf);
-	    dsap->keysize = dsap->dsakey->params.prime.len*8;
+	    setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+	    *dsaKey = dsakey_from_filedata(&asymk->key.buf);
+	    dsap->keysize = (*dsaKey)->params.prime.len*8;
 	}
 	break;
 #ifdef NSS_ENABLE_ECC
     case bltestECDSA:
-	ecdsap = &cipherInfo->params.ecdsa;
+	ecKey = (ECPrivateKey **)&asymk->privKey;
 	if (curveName != NULL) {
 	    tmpECParamsDER = getECParams(curveName);
 	    rv = SECOID_Init();
 	    CHECKERROR(rv, __LINE__);
 	    rv = EC_DecodeParams(tmpECParamsDER, &tmpECParams) == SECFailure;
 	    CHECKERROR(rv, __LINE__);
-	    rv = EC_NewKey(tmpECParams, &ecdsap->eckey);
+	    rv = EC_NewKey(tmpECParams, ecKey);
 	    CHECKERROR(rv, __LINE__);
 	    ecSerialize[0].type = tmpECParamsDER->type;
 	    ecSerialize[0].data = tmpECParamsDER->data;
 	    ecSerialize[0].len  = tmpECParamsDER->len;
-	    ecSerialize[1].type = ecdsap->eckey->publicValue.type;
-	    ecSerialize[1].data = ecdsap->eckey->publicValue.data;
-	    ecSerialize[1].len  = ecdsap->eckey->publicValue.len;
-	    ecSerialize[2].type = ecdsap->eckey->privateValue.type;
-	    ecSerialize[2].data = ecdsap->eckey->privateValue.data;
-	    ecSerialize[2].len  = ecdsap->eckey->privateValue.len;
+	    ecSerialize[1].type = (*ecKey)->publicValue.type;
+	    ecSerialize[1].data = (*ecKey)->publicValue.data;
+	    ecSerialize[1].len  = (*ecKey)->publicValue.len;
+	    ecSerialize[2].type = (*ecKey)->privateValue.type;
+	    ecSerialize[2].data = (*ecKey)->privateValue.data;
+	    ecSerialize[2].len  = (*ecKey)->privateValue.len;
 	    serialize_key(&(ecSerialize[0]), 3, file);
 	    SECITEM_FreeItem(tmpECParamsDER, PR_TRUE);
 	    PORT_FreeArena(tmpECParams->arena, PR_TRUE);
 	    rv = SECOID_Shutdown();
 	    CHECKERROR(rv, __LINE__);
 	} else {
-	    setupIO(cipherInfo->arena, &cipherInfo->params.key, file, NULL, 0);
-	    ecdsap->eckey = eckey_from_filedata(&cipherInfo->params.key.buf);
+	    setupIO(cipherInfo->arena, &asymk->key, file, NULL, 0);
+	    *ecKey = eckey_from_filedata(&asymk->key.buf);
 	}
 	break;
 #endif
     default:
 	return SECFailure;
     }
     return SECSuccess;
 }
@@ -2103,29 +2222,39 @@ cipherInit(bltestCipherInfo *cipherInfo,
 	break;
     case bltestSEED_ECB:
     case bltestSEED_CBC:
 	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
 			  cipherInfo->input.pBuf.len);
 	return bltest_seed_init(cipherInfo, encrypt);
 	break;
     case bltestRSA:
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  cipherInfo->input.pBuf.len);
+    case bltestRSA_OAEP:
+    case bltestRSA_PSS:
+	if (encrypt || cipherInfo->mode != bltestRSA_PSS) {
+		/* Don't allocate a buffer for PSS in verify mode, as no actual
+		 * output is produced. */
+		SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+		                  RSA_MAX_MODULUS_BITS / 8);
+	}
 	return bltest_rsa_init(cipherInfo, encrypt);
 	break;
     case bltestDSA:
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  DSA_MAX_SIGNATURE_LEN);
+	if (encrypt) {
+		SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+		                  DSA_MAX_SIGNATURE_LEN);
+	}
 	return bltest_dsa_init(cipherInfo, encrypt);
 	break;
 #ifdef NSS_ENABLE_ECC
     case bltestECDSA:
-	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
-			  2 * MAX_ECKEY_LEN);
+	if (encrypt) {
+		SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
+		                  2 * MAX_ECKEY_LEN);
+	}
 	return bltest_ecdsa_init(cipherInfo, encrypt);
 	break;
 #endif
     case bltestMD2:
 	restart = cipherInfo->params.hash.restart;
 	SECITEM_AllocItem(cipherInfo->arena, &cipherInfo->output.buf,
 			  MD2_LENGTH);
 	cipherInfo->cipher.hashCipher = (restart) ? md2_restart : md2_HashBuf;
@@ -2179,272 +2308,24 @@ cipherInit(bltestCipherInfo *cipherInfo,
 	break;
     default:
 	return SECFailure;
     }
     return SECSuccess;
 }
 
 SECStatus
-dsaOp(bltestCipherInfo *cipherInfo)
-{
-    PRIntervalTime time1, time2;
-    SECStatus rv = SECSuccess;
-    int i;
-    int maxLen = cipherInfo->output.pBuf.len;
-    SECItem dummyOut = { 0, 0, 0 };
-    SECITEM_AllocItem(NULL, &dummyOut, maxLen);
-    if (cipherInfo->cipher.pubkeyCipher == dsa_signDigest) {
-	if (cipherInfo->params.dsa.sigseed.buf.len > 0) {
-            bltestDSAParams *dsa = &cipherInfo->params.dsa;
-            DSAPrivateKey *key = (DSAPrivateKey *)cipherInfo->cx;
-
-            TIMESTART();
-            rv = DSA_SignDigestWithSeed(key,
-                                        &cipherInfo->output.pBuf,
-                                        &cipherInfo->input.pBuf,
-                                        dsa->sigseed.buf.data);
-            TIMEFINISH(cipherInfo->optime, 1.0);
-            CHECKERROR(rv, __LINE__);
-            cipherInfo->repetitions = 0;
-            if (cipherInfo->repetitionsToPerfom != 0) {
-                TIMESTART();
-                for (i=0; i<cipherInfo->repetitionsToPerfom;
-                     i++, cipherInfo->repetitions++) {
-                    rv = DSA_SignDigestWithSeed(key, &dummyOut,
-                                                &cipherInfo->input.pBuf,
-                                                dsa->sigseed.buf.data);
-                    CHECKERROR(rv, __LINE__);
-                }
-            } else {
-                int opsBetweenChecks = 0;
-                TIMEMARK(cipherInfo->seconds);
-                while (! (TIMETOFINISH())) {
-                    int j = 0;
-                    for (;j < opsBetweenChecks;j++) {
-                        rv = DSA_SignDigestWithSeed(key, &dummyOut,
-                                                    &cipherInfo->input.pBuf,
-                                                    dsa->sigseed.buf.data);
-                        CHECKERROR(rv, __LINE__);
-                    }
-                    cipherInfo->repetitions += j;
-                }
-            }
-            TIMEFINISH(cipherInfo->optime, 1.0);
-        } else {
-            TIMESTART();
-            rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx,
-                                &cipherInfo->output.pBuf,
-                                &cipherInfo->input.pBuf);
-            TIMEFINISH(cipherInfo->optime, 1.0);
-            CHECKERROR(rv, __LINE__);
-            cipherInfo->repetitions = 0;
-            if (cipherInfo->repetitionsToPerfom != 0) {
-                TIMESTART();
-                for (i=0; i<cipherInfo->repetitionsToPerfom;
-                     i++, cipherInfo->repetitions++) {
-                    rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx,
-                                        &dummyOut,
-                                        &cipherInfo->input.pBuf);
-                    CHECKERROR(rv, __LINE__);
-                }
-            } else {
-                int opsBetweenChecks = 0;
-                TIMEMARK(cipherInfo->seconds);
-                while (! (TIMETOFINISH())) {
-                    int j = 0;
-                    for (;j < opsBetweenChecks;j++) {
-                        rv = DSA_SignDigest((DSAPrivateKey *)cipherInfo->cx,
-                                            &dummyOut,
-                                            &cipherInfo->input.pBuf);
-                        CHECKERROR(rv, __LINE__);
-                    }
-                    cipherInfo->repetitions += j;
-                }
-            }
-            TIMEFINISH(cipherInfo->optime, 1.0);
-        }
-	cipherInfo->output.buf.len = cipherInfo->output.pBuf.len;
-        bltestCopyIO(cipherInfo->arena, &cipherInfo->params.dsa.sig, 
-                     &cipherInfo->output);
-    } else {
-        TIMESTART();
-        rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx,
-                              &cipherInfo->params.dsa.sig.buf,
-                              &cipherInfo->input.pBuf);
-        TIMEFINISH(cipherInfo->optime, 1.0);
-        CHECKERROR(rv, __LINE__);
-        cipherInfo->repetitions = 0;
-        if (cipherInfo->repetitionsToPerfom != 0) {
-            TIMESTART();
-            for (i=0; i<cipherInfo->repetitionsToPerfom;
-                 i++, cipherInfo->repetitions++) {
-                rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx,
-                                      &cipherInfo->params.dsa.sig.buf,
-                                      &cipherInfo->input.pBuf);
-                CHECKERROR(rv, __LINE__);
-            }
-        } else {
-            int opsBetweenChecks = 0;
-            TIMEMARK(cipherInfo->seconds);
-            while (! (TIMETOFINISH())) {
-                int j = 0;
-                for (;j < opsBetweenChecks;j++) {
-                    rv = DSA_VerifyDigest((DSAPublicKey *)cipherInfo->cx,
-                                          &cipherInfo->params.dsa.sig.buf,
-                                          &cipherInfo->input.pBuf);
-                    CHECKERROR(rv, __LINE__);
-                }
-                cipherInfo->repetitions += j;
-            }
-        }
-        TIMEFINISH(cipherInfo->optime, 1.0);
-    }
-    SECITEM_FreeItem(&dummyOut, PR_FALSE);
-    return rv;
-}
-
-#ifdef NSS_ENABLE_ECC
-SECStatus
-ecdsaOp(bltestCipherInfo *cipherInfo)
-{
-    PRIntervalTime time1, time2;
-    SECStatus rv = SECSuccess;
-    int i;
-    int maxLen = cipherInfo->output.pBuf.len;
-    SECItem dummyOut = { 0, 0, 0 };
-    SECITEM_AllocItem(NULL, &dummyOut, maxLen);
-    if (cipherInfo->cipher.pubkeyCipher == ecdsa_signDigest) {
-        if (cipherInfo->params.ecdsa.sigseed.buf.len > 0) {
-            ECPrivateKey *key = (ECPrivateKey *)cipherInfo->cx;
-            bltestECDSAParams *ecdsa = &cipherInfo->params.ecdsa;
-
-            TIMESTART();
-            rv = ECDSA_SignDigestWithSeed(key,
-                                          &cipherInfo->output.pBuf,
-                                          &cipherInfo->input.pBuf,
-                                          ecdsa->sigseed.buf.data,
-                                          ecdsa->sigseed.buf.len);
-            TIMEFINISH(cipherInfo->optime, 1.0);
-            CHECKERROR(rv, __LINE__);
-            cipherInfo->repetitions = 0;
-            if (cipherInfo->repetitionsToPerfom != 0) {
-                TIMESTART();
-                for (i=0; i<cipherInfo->repetitionsToPerfom;
-                     i++, cipherInfo->repetitions++) {
-                    rv = ECDSA_SignDigestWithSeed(key, &dummyOut,
-                                                  &cipherInfo->input.pBuf,
-                                                  ecdsa->sigseed.buf.data,
-                                                  ecdsa->sigseed.buf.len);
-                    CHECKERROR(rv, __LINE__);
-                }
-            } else {
-                int opsBetweenChecks = 0;
-                TIMEMARK(cipherInfo->seconds);
-                while (! (TIMETOFINISH())) {
-                    int j = 0;
-                    for (;j < opsBetweenChecks;j++) {
-                        rv = ECDSA_SignDigestWithSeed(key, &dummyOut,
-                                                      &cipherInfo->input.pBuf,
-                                                      ecdsa->sigseed.buf.data,
-                                                      ecdsa->sigseed.buf.len);
-                        CHECKERROR(rv, __LINE__);
-                    }
-                    cipherInfo->repetitions += j;
-                }
-            }
-            TIMEFINISH(cipherInfo->optime, 1.0);
-        } else {
-            TIMESTART();
-            rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx,
-                                  &cipherInfo->output.pBuf,
-                                  &cipherInfo->input.pBuf);
-            TIMEFINISH(cipherInfo->optime, 1.0);
-            CHECKERROR(rv, __LINE__);
-            cipherInfo->repetitions = 0;
-            if (cipherInfo->repetitionsToPerfom != 0) {
-                TIMESTART();
-                for (i=0; i<cipherInfo->repetitionsToPerfom;
-                     i++, cipherInfo->repetitions++) {
-                    rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx,
-                                          &dummyOut,
-                                          &cipherInfo->input.pBuf);
-                    CHECKERROR(rv, __LINE__);
-                }
-            } else {
-                int opsBetweenChecks = 0;
-                TIMEMARK(cipherInfo->seconds);
-                while (! (TIMETOFINISH())) {
-                    int j = 0;
-                    for (;j < opsBetweenChecks;j++) {
-                        rv = ECDSA_SignDigest((ECPrivateKey *)cipherInfo->cx,
-                                              &dummyOut,
-                                              &cipherInfo->input.pBuf);
-                        CHECKERROR(rv, __LINE__);
-                    }
-                    cipherInfo->repetitions += j;
-                }
-            }
-            TIMEFINISH(cipherInfo->optime, 1.0);
-        }
-        bltestCopyIO(cipherInfo->arena, &cipherInfo->params.ecdsa.sig, 
-                     &cipherInfo->output);
-    } else {
-        TIMESTART();
-        rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx,
-                                &cipherInfo->params.ecdsa.sig.buf,
-                                &cipherInfo->input.pBuf);
-        TIMEFINISH(cipherInfo->optime, 1.0);
-        CHECKERROR(rv, __LINE__);
-        cipherInfo->repetitions = 0;
-        if (cipherInfo->repetitionsToPerfom != 0) {
-            TIMESTART();
-            for (i=0; i<cipherInfo->repetitionsToPerfom;
-                 i++, cipherInfo->repetitions++) {
-                rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx,
-                                        &cipherInfo->params.ecdsa.sig.buf,
-                                        &cipherInfo->input.pBuf);
-                CHECKERROR(rv, __LINE__);
-            }
-        } else {
-            int opsBetweenChecks = 0;
-            TIMEMARK(cipherInfo->seconds);
-            while (! (TIMETOFINISH())) {
-                int j = 0;
-                for (;j < opsBetweenChecks;j++) {
-                    rv = ECDSA_VerifyDigest((ECPublicKey *)cipherInfo->cx,
-                                            &cipherInfo->params.ecdsa.sig.buf,
-                                            &cipherInfo->input.pBuf);
-                    CHECKERROR(rv, __LINE__);
-                }
-                cipherInfo->repetitions += j;
-            }
-        }
-        TIMEFINISH(cipherInfo->optime, 1.0);
-    }
-    SECITEM_FreeItem(&dummyOut, PR_FALSE);
-    return rv;
-}
-#endif
-
-SECStatus
 cipherDoOp(bltestCipherInfo *cipherInfo)
 {
     PRIntervalTime time1, time2;
     SECStatus rv = SECSuccess;
     int i;
     unsigned int len;
     unsigned int maxLen = cipherInfo->output.pBuf.len;
     unsigned char *dummyOut;
-    if (cipherInfo->mode == bltestDSA)
-	return dsaOp(cipherInfo);
-#ifdef NSS_ENABLE_ECC
-    else if (cipherInfo->mode == bltestECDSA)
-	return ecdsaOp(cipherInfo);
-#endif
     dummyOut = PORT_Alloc(maxLen);
     if (is_symmkeyCipher(cipherInfo->mode)) {
         const unsigned char *input = cipherInfo->input.pBuf.data;
         unsigned int inputLen = is_singleShotCipher(cipherInfo->mode) ?
                  cipherInfo->input.pBuf.len :
                  PR_MIN(cipherInfo->input.pBuf.len, 16);
         unsigned char *output = cipherInfo->output.pBuf.data;
         unsigned int outputLen = maxLen;
@@ -2604,18 +2485,20 @@ cipherFinish(bltestCipherInfo *cipherInf
 	RC4_DestroyContext((RC4Context *)cipherInfo->cx, PR_TRUE);
 	break;
 #ifdef NSS_SOFTOKEN_DOES_RC5
     case bltestRC5_ECB:
     case bltestRC5_CBC:
 	RC5_DestroyContext((RC5Context *)cipherInfo->cx, PR_TRUE);
 	break;
 #endif
-    case bltestRSA: /* keys are alloc'ed within cipherInfo's arena, */
-    case bltestDSA: /* will be freed with it. */
+    case bltestRSA:      /* keys are alloc'ed within cipherInfo's arena, */
+    case bltestRSA_PSS:  /* will be freed with it. */
+    case bltestRSA_OAEP:
+    case bltestDSA:
 #ifdef NSS_ENABLE_ECC
     case bltestECDSA:
 #endif
     case bltestMD2: /* hash contexts are ephemeral */
     case bltestMD5:
     case bltestSHA1:
     case bltestSHA224:
     case bltestSHA256:
@@ -2767,40 +2650,46 @@ print_td:
               printf("symmetric key(bytes)=%d,", info->params.sk.key.buf.len);
           if (info->rounds > 0)
               printf("rounds=%d,", info->params.rc5.rounds);
           if (info->wordsize > 0)
               printf("wordsize(bytes)=%d,", info->params.rc5.wordsize);
           break;
 #endif
       case bltestRSA:
+      case bltestRSA_PSS:
+      case bltestRSA_OAEP:
           if (td) {
               fprintf(stdout, "%8s", "rsa_mod");
               fprintf(stdout, "%12s", "rsa_pe");
           } else {
-              fprintf(stdout, "%8d", info->params.rsa.keysizeInBits);
-              print_exponent(&info->params.rsa.rsakey->publicExponent);
+              bltestAsymKeyParams *asymk = &info->params.asymk;
+              fprintf(stdout, "%8d", asymk->cipherParams.rsa.keysizeInBits);
+              print_exponent(
+                  &((RSAPrivateKey *)asymk->privKey)->publicExponent);
           }
           break;
       case bltestDSA:
-          if (td)
+          if (td) {
               fprintf(stdout, "%8s", "pqg_mod");
-          else
-              fprintf(stdout, "%8d", info->params.dsa.keysize);
+          } else {
+              fprintf(stdout, "%8d", info->params.asymk.cipherParams.dsa.keysize);
+          }
           break;
 #ifdef NSS_ENABLE_ECC
       case bltestECDSA:
-          if (td)
+          if (td) {
               fprintf(stdout, "%12s", "ec_curve");
-          else {
-	      ECCurveName curveName = info->params.ecdsa.eckey->ecParams.name;
+          } else {
+              ECPrivateKey *key = (ECPrivateKey*)info->params.asymk.privKey;
+              ECCurveName curveName = key->ecParams.name;
               fprintf(stdout, "%12s",
                       ecCurve_map[curveName]? ecCurve_map[curveName]->text:
-					      "Unsupported curve");
-	  }
+                      "Unsupported curve");
+          }
           break;
 #endif
       case bltestMD2:
       case bltestMD5:
       case bltestSHA1:
       case bltestSHA256:
       case bltestSHA384:
       case bltestSHA512:
@@ -2875,22 +2764,50 @@ load_file_data(PLArenaPool *arena, bltes
     data->pBuf.len = 0;
     file = PR_Open(fn, PR_RDONLY, 00660);
     if (file) {
 	setupIO(arena, data, file, NULL, 0);
 	PR_Close(file);
     }
 }
 
+HASH_HashType
+mode_str_to_hash_alg(const SECItem *modeStr)
+{
+    bltestCipherMode mode;
+    char* tempModeStr = NULL;
+    if (!modeStr || modeStr->len == 0)
+        return HASH_AlgNULL;
+    tempModeStr = PORT_Alloc(modeStr->len + 1);
+    if (!tempModeStr)
+        return HASH_AlgNULL;
+    memcpy(tempModeStr, modeStr->data, modeStr->len);
+    tempModeStr[modeStr->len] = '\0';
+    mode = get_mode(tempModeStr);
+    PORT_Free(tempModeStr);
+    switch (mode) {
+        case bltestMD2:    return HASH_AlgMD2;
+        case bltestMD5:    return HASH_AlgMD5;
+        case bltestSHA1:   return HASH_AlgSHA1;
+        case bltestSHA224: return HASH_AlgSHA224;
+        case bltestSHA256: return HASH_AlgSHA256;
+        case bltestSHA384: return HASH_AlgSHA384;
+        case bltestSHA512: return HASH_AlgSHA512;
+    }
+    return HASH_AlgNULL;
+}
+
 void
 get_params(PLArenaPool *arena, bltestParams *params,
 	   bltestCipherMode mode, int j)
 {
     char filename[256];
     char *modestr = mode_strings[mode];
+    bltestIO tempIO;
+
 #ifdef NSS_SOFTOKEN_DOES_RC5
     FILE *file;
     char *mark, *param, *val;
     int index = 0;
 #endif
     switch (mode) {
     case bltestAES_GCM:
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "aad", j);
@@ -2939,48 +2856,72 @@ get_params(PLArenaPool *arena, bltestPar
 	    } else if (PL_strcmp(param, "wordsize") == 0) {
 		params->rc5.wordsize = atoi(val);
 	    }
 	    index += PL_strlen(param) + PL_strlen(val) + 2;
 	    param = mark + 1;
 	}
 	break;
 #endif
+    case bltestRSA_PSS:
+	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j);
+	load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
+	/* fall through */
+    case bltestRSA_OAEP:
+	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "seed", j);
+	load_file_data(arena, &params->asymk.cipherParams.rsa.seed,
+	               filename, bltestBase64Encoded);
+
+	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "hash", j);
+	load_file_data(arena, &tempIO, filename, bltestBinary);
+	params->asymk.cipherParams.rsa.hashAlg =
+	    mode_str_to_hash_alg(&tempIO.buf);
+
+	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "maskhash", j);
+	load_file_data(arena, &tempIO, filename, bltestBinary);
+	params->asymk.cipherParams.rsa.maskHashAlg =
+	    mode_str_to_hash_alg(&tempIO.buf);
+	/* fall through */
     case bltestRSA:
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
-	load_file_data(arena, &params->rsa.key, filename, bltestBase64Encoded);
-	params->rsa.rsakey = rsakey_from_filedata(&params->key.buf);
+	load_file_data(arena, &params->asymk.key, filename,
+	               bltestBase64Encoded);
+	params->asymk.privKey =
+	    (void *)rsakey_from_filedata(&params->asymk.key.buf);
 	break;
     case bltestDSA:
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
-	load_file_data(arena, &params->dsa.key, filename, bltestBase64Encoded);
-	params->dsa.dsakey = dsakey_from_filedata(&params->key.buf);
+	load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
+	params->asymk.privKey =
+	     (void *)dsakey_from_filedata(&params->asymk.key.buf);
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "pqg", j);
-	load_file_data(arena, &params->dsa.pqgdata, filename,
-		       bltestBase64Encoded);
-	params->dsa.pqg = pqg_from_filedata(&params->dsa.pqgdata.buf);
+	load_file_data(arena, &params->asymk.cipherParams.dsa.pqgdata, filename,
+	               bltestBase64Encoded);
+	params->asymk.cipherParams.dsa.pqg =
+	      pqg_from_filedata(&params->asymk.cipherParams.dsa.pqgdata.buf);
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j);
-	load_file_data(arena, &params->dsa.keyseed, filename, 
+	load_file_data(arena, &params->asymk.cipherParams.dsa.keyseed, filename,
 	               bltestBase64Encoded);
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
-	load_file_data(arena, &params->dsa.sigseed, filename, 
+	load_file_data(arena, &params->asymk.cipherParams.dsa.sigseed, filename,
 	               bltestBase64Encoded);
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
-	load_file_data(arena, &params->dsa.sig, filename, bltestBase64Encoded);
+	load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
 	break;
 #ifdef NSS_ENABLE_ECC
     case bltestECDSA:
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j);
-	load_file_data(arena, &params->ecdsa.key, filename, bltestBase64Encoded);
-	params->ecdsa.eckey = eckey_from_filedata(&params->key.buf);
+	load_file_data(arena, &params->asymk.key, filename, bltestBase64Encoded);
+	params->asymk.privKey =
+	      (void *)eckey_from_filedata(&params->asymk.key.buf);
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j);
-	load_file_data(arena, &params->ecdsa.sigseed, filename, 
-	               bltestBase64Encoded);
+	load_file_data(arena, &params->asymk.cipherParams.ecdsa.sigseed,
+	               filename, bltestBase64Encoded);
 	sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext",j);
-	load_file_data(arena, &params->ecdsa.sig, filename, bltestBase64Encoded);
+	load_file_data(arena, &params->asymk.sig, filename, bltestBase64Encoded);
 	break;
 #endif
     case bltestMD2:
     case bltestMD5:
     case bltestSHA1:
     case bltestSHA224:
     case bltestSHA256:
     case bltestSHA384:
@@ -3069,173 +3010,114 @@ blapi_selftest(bltestCipherMode *modes, 
 	    mode = i;
 	if (mode == bltestINVALID) {
 	    fprintf(stderr, "%s: Skipping invalid mode.\n",progName);
 	    continue;
 	}
 	modestr = mode_strings[mode];
 	cipherInfo.mode = mode;
 	params = &cipherInfo.params;
-#ifdef TRACK_BLTEST_BUG
-	if (mode == bltestRSA) {
-	    fprintf(stderr, "[%s] Self-Testing RSA\n", __bltDBG);
-	}
-#endif
 	/* get the number of tests in the directory */
 	sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests");
 	file = PR_Open(filename, PR_RDONLY, 00660);
 	if (!file) {
 	    fprintf(stderr, "%s: File %s does not exist.\n", progName,filename);
 	    return SECFailure;
 	}
 	rv = SECU_FileToItem(&item, file);
-#ifdef TRACK_BLTEST_BUG
-	if (mode == bltestRSA) {
-	    fprintf(stderr, "[%s] Loaded data from %s\n", __bltDBG, filename);
-	}
-#endif
 	PR_Close(file);
 	/* loop over the tests in the directory */
 	numtests = 0;
 	for (j=0; j<item.len; j++) {
 	    if (!isdigit(item.data[j])) {
 		break;
 	    }
 	    numtests *= 10;
 	    numtests += (int) (item.data[j] - '0');
 	}
 	for (j=0; j<numtests; j++) {
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Executing self-test #%d\n", __bltDBG, j);
-	    }
-#endif
-	    sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
-			      "plaintext", j);
-	    load_file_data(arena, &pt, filename, 
-#ifdef NSS_ENABLE_ECC
-	                   ((mode == bltestDSA) || (mode == bltestECDSA))
-#else
-	                   (mode == bltestDSA)
-#endif
-	                   ? bltestBase64Encoded : bltestBinary);
 	    sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
-			      "ciphertext", j);
+	            "plaintext", j);
+	    load_file_data(arena, &pt, filename,
+	                   is_sigCipher(mode) ? bltestBase64Encoded
+	                                      : bltestBinary);
+	    sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr,
+	            "ciphertext", j);
 	    load_file_data(arena, &ct, filename, bltestBase64Encoded);
 
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Loaded data for  self-test #%d\n", __bltDBG, j);
-	    }
-#endif
 	    get_params(arena, params, mode, j);
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Got parameters for #%d\n", __bltDBG, j);
-	    }
-#endif
 	    /* Forward Operation (Encrypt/Sign/Hash)
 	    ** Align the input buffer (plaintext) according to request
 	    ** then perform operation and compare to ciphertext
 	    */
 	    /* XXX for now */
 	    rv = SECSuccess;
 	    if (encrypt) {
 		bltestCopyIO(arena, &cipherInfo.input, &pt);
 		misalignBuffer(arena, &cipherInfo.input, inoff);
 		memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
 		rv |= cipherInit(&cipherInfo, PR_TRUE);
 		misalignBuffer(arena, &cipherInfo.output, outoff);
-#ifdef TRACK_BLTEST_BUG
-		if (mode == bltestRSA) {
-		    fprintf(stderr, "[%s] Inited cipher context and buffers for #%d\n", __bltDBG, j);
-		}
-#endif
 		rv |= cipherDoOp(&cipherInfo);
-#ifdef TRACK_BLTEST_BUG
-		if (mode == bltestRSA) {
-		    fprintf(stderr, "[%s] Performed encrypt for #%d\n", __bltDBG, j);
-		}
-#endif
 		rv |= cipherFinish(&cipherInfo);
-#ifdef TRACK_BLTEST_BUG
-		if (mode == bltestRSA) {
-		    fprintf(stderr, "[%s] Finished encrypt for #%d\n", __bltDBG, j);
-		}
-#endif
 		rv |= verify_self_test(&cipherInfo.output, 
 		                       &ct, mode, PR_TRUE, 0);
-#ifdef TRACK_BLTEST_BUG
-		if (mode == bltestRSA) {
-		    fprintf(stderr, "[%s] Verified self-test for #%d\n", __bltDBG, j);
-		}
-#endif
 		/* If testing hash, only one op to test */
 		if (is_hashCipher(mode))
 		    continue;
 		/*if (rv) return rv;*/
+		if (is_sigCipher(mode)) {
+		    /* Verify operations support detached signature files. For
+		    ** consistency between tests that run Sign/Verify back to
+		    ** back (eg: self-tests) and tests that are only running
+		    ** verify operations, copy the output into the sig buf,
+		    ** and then copy the sig buf back out when verifying. For
+		    ** self-tests, this is unnecessary copying, but for
+		    ** verify-only operations, this ensures that the output
+		    ** buffer is properly configured
+		    */
+		    bltestCopyIO(arena, &params->asymk.sig, &cipherInfo.output);
+		}
 	    }
 	    if (!decrypt)
 		continue;
 	    /* XXX for now */
 	    rv = SECSuccess;
 	    /* Reverse Operation (Decrypt/Verify)
 	    ** Align the input buffer (ciphertext) according to request
 	    ** then perform operation and compare to plaintext
 	    */
-#ifdef NSS_ENABLE_ECC
-	    if ((mode != bltestDSA) && (mode != bltestECDSA))
-#else
-	    if (mode != bltestDSA)
-#endif
+	    if (is_sigCipher(mode)) {
+		bltestCopyIO(arena, &cipherInfo.input, &pt);
+		bltestCopyIO(arena, &cipherInfo.output, &params->asymk.sig);
+	    } else {
 		bltestCopyIO(arena, &cipherInfo.input, &ct);
-	    else
-		bltestCopyIO(arena, &cipherInfo.input, &pt);
+		memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
+	    }
 	    misalignBuffer(arena, &cipherInfo.input, inoff);
-	    memset(&cipherInfo.output.buf, 0, sizeof cipherInfo.output.buf);
 	    rv |= cipherInit(&cipherInfo, PR_FALSE);
 	    misalignBuffer(arena, &cipherInfo.output, outoff);
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Inited cipher context and buffers for #%d\n", __bltDBG, j);
-	    }
-#endif
 	    srv = SECSuccess;
 	    srv |= cipherDoOp(&cipherInfo);
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Performed decrypt for #%d\n", __bltDBG, j);
-	    }
-#endif
 	    rv |= cipherFinish(&cipherInfo);
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Finished decrypt for #%d\n", __bltDBG, j);
-	    }
-#endif
 	    rv |= verify_self_test(&cipherInfo.output, 
 	                           &pt, mode, PR_FALSE, srv);
-#ifdef TRACK_BLTEST_BUG
-	    if (mode == bltestRSA) {
-		fprintf(stderr, "[%s] Verified self-test for #%d\n", __bltDBG, j);
-	    }
-#endif
 	    /*if (rv) return rv;*/
 	}
     }
     return rv;
 }
 
 SECStatus
 dump_file(bltestCipherMode mode, char *filename)
 {
     bltestIO keydata;
     PLArenaPool *arena = NULL;
     arena = PORT_NewArena(BLTEST_DEFAULT_CHUNKSIZE);
-    if (mode == bltestRSA) {
+    if (mode == bltestRSA || mode == bltestRSA_PSS || mode == bltestRSA_OAEP) {
 	RSAPrivateKey *key;
 	load_file_data(arena, &keydata, filename, bltestBase64Encoded);
 	key = rsakey_from_filedata(&keydata.buf);
 	dump_rsakey(key);
     } else if (mode == bltestDSA) {
 #if 0
 	PQGParams *pqg;
 	get_file_data(filename, &item, PR_TRUE);
@@ -3716,19 +3598,19 @@ int main(int argc, char **argv)
 	}
 	if (bltest.commands[cmd_Decrypt].activated &&
 	    !bltest.commands[cmd_Encrypt].activated)
 	    encrypt = PR_FALSE;
 	if (bltest.commands[cmd_Encrypt].activated &&
 	    !bltest.commands[cmd_Decrypt].activated)
 	    decrypt = PR_FALSE;
 	rv = blapi_selftest(modesToTest, numModesToTest, inoff, outoff,
-                            encrypt, decrypt);
-        PORT_Free(cipherInfo);
-        return rv;
+	                    encrypt, decrypt);
+	PORT_Free(cipherInfo);
+	return rv;
     }
 
     /* Do FIPS self-test */
     if (bltest.commands[cmd_FIPS].activated) {
 	CK_RV ckrv = sftk_fipsPowerUpSelfTest();
 	fprintf(stdout, "CK_RV: %ld.\n", ckrv);
         PORT_Free(cipherInfo);
         if (ckrv == CKR_OK)
@@ -3960,38 +3842,31 @@ int main(int argc, char **argv)
             setupIO(cipherInfo->arena, &askp->aad, file, aadstr, 0);
             if (file) {
                 PR_Close(file);
             }
         }
         
         if (bltest.commands[cmd_Verify].activated) {
             file = PR_Open(bltest.options[opt_SigFile].arg, PR_RDONLY, 00660);
-            if (cipherInfo->mode == bltestDSA) {
-                memset(&cipherInfo->params.dsa.sig, 0, sizeof(bltestIO));
-                cipherInfo->params.dsa.sig.mode = ioMode;
-                setupIO(cipherInfo->arena, &cipherInfo->params.dsa.sig,
-                        file, NULL, 0);
-#ifdef NSS_ENABLE_ECC
-            } else if (cipherInfo->mode == bltestECDSA) {
-                memset(&cipherInfo->params.ecdsa.sig, 0, sizeof(bltestIO));
-                cipherInfo->params.ecdsa.sig.mode = ioMode;
-                setupIO(cipherInfo->arena, &cipherInfo->params.ecdsa.sig,
-                        file, NULL, 0);
-#endif
+            if (is_sigCipher(cipherInfo->mode)) {
+                memset(&params->asymk.sig, 0, sizeof(bltestIO));
+                params->asymk.sig.mode = ioMode;
+                setupIO(cipherInfo->arena, &params->asymk.sig, file, NULL, 0);
             }
             if (file) {
                 PR_Close(file);
             }
         }
         
         if (bltest.options[opt_PQGFile].activated) {
             file = PR_Open(bltest.options[opt_PQGFile].arg, PR_RDONLY, 00660);
-            params->dsa.pqgdata.mode = bltestBase64Encoded;
-            setupIO(cipherInfo->arena, &params->dsa.pqgdata, file, NULL, 0);
+            params->asymk.cipherParams.dsa.pqgdata.mode = bltestBase64Encoded;
+            setupIO(cipherInfo->arena, &params->asymk.cipherParams.dsa.pqgdata,
+                    file, NULL, 0);
             if (file) {
                 PR_Close(file);
             }
         }
 
         /* Set up the input buffer */
         if (bltest.options[opt_Input].activated) {
             if (bltest.options[opt_CmdLine].activated) {
--- a/security/nss/cmd/bltest/tests/README
+++ b/security/nss/cmd/bltest/tests/README
@@ -41,9 +41,16 @@ public key modes (RSA and DSA):
 Asymmetric key ciphers use keys with special properties, so creating a
 key file with "Mozilla!" in it will not get you very far!  To create a
 public key, run bltest with the plaintext you want to encrypt, using a
 trusted implementation.  bltest will generate a key and store it in
 "tmp.key", rename that file to keyN.  For example:
     bltest -E -m rsa -i plaintext0 -o ciphertext0 -e 65537 -g 32 -a
     mv tmp.key key0
 
+RSA-OAEP/RSA-PSS:
+RSA-OAEP and RSA-PSS have a number of additional parameters to feed in.
+- "seedN": The seed or salt to use when encrypting/signing
+- "hashN" / "maskhashN" - The base digest algorithm and the digest algorithm
+   to use with MGF1, respectively. This should be an ASCII string specifying
+   one of the hash algorithms recognized by bltest (eg: "sha1", "sha256")
+
 [note: specifying a keysize (-g) when using RSA is important!]
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext0
@@ -0,0 +1,3 @@
+NU/me0oSbV01/jbHd3kaP3uhPe9ITi05CK/3IvrUaPshaW3pXQvpEcLTF0+K/MIBA197bY5pQC3l
+RRYYwhpTX6nXv8W43Z/CQ/jPkn2zEyLW6IHqqRqZYXDmV6BaJmQm2YyIAD+Ed8EicJSg2foejEAk
+MJzh7My1IQA11HrHLoo=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext1
@@ -0,0 +1,3 @@
+ZA2xrMWOBWj+VAfl+bcB3/jDyR5xbFNvx/zsbLW3HBFlmI1KJ54Vd9cw/Hopky4/AMgVFSNtjY4x
+AXp6Cd9DUtkEzet5qlg63MMeppikwFKD2rqQib5UkfZ8Gk7kjcdLu+ZkOu+EZnm0yzlaNS1e0RWR
+LfaW/+BwKTKUbXFJK0Q=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext10
@@ -0,0 +1,4 @@
+Iyr7ySf6CML2onuH1KXLCcB9wm+uc9c6kFWIOfT9ZtKBuH7HNLziN7oWZpjtgpEGp95pQs1s3OeP
+7Y0uTYFCjmZJDQNiZM75KvlB0+NQVf45geFNKcu5pPZ0cwY7rseaEXn1oXycGDLyg4/X1eWbuWWd
+VtzooBnt7xuzrMxpfMbMenePYKBkx/b11SnGIQJi4APeWD6B4xZ7iZcfuMDhXUT//vibU9jWTdeX
+0Vm1bSsI6lMH6hLCQb1Y1O4nih8u
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext11
@@ -0,0 +1,4 @@
+Q4zH3AimjaJJ5CUF+Fc7pg4sJ3PVspD0z53/cY6EIIHDg+ZwJKDylZTqmHudJeS3OPKFlw0ZWrs6
+jIBU49eda5yagye6WW8SWeJxJmdHZpB9jVgv86hHYVSSmtsebRI1ssy07I9mO6nMZwqSvr2FPI2/
+acZDbQFvYa3YNulHMkUENCB/n9TEPewqEqlY76Ae/iZpiZteYEwlXFX7cWbeVYnjaVl7sJFowG3V
+2xd+BqF0DrLVyC+uym2S/O6ZMbqf
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext12
@@ -0,0 +1,5 @@
+U+pdwIzSYPs7hYVnKH+pFVLDCy/r+6IT8K6HcC0GjRm6sH/ldFI9+0ITnWjDxa/u4L/ky3lpy/OC
+uATW5hOWFE4tDmB0H4mTwwFLWLmxlXqLq80jr4VPTDVvsWYqpyv8x+WGVZ3EKA0WDBJnhacj6+6+
+/3HxFZRECq74fRB5Ood0ojnUoEyH/hRnudr4UgjsbHJVeUqWzCkUL5qL1Bjjwf1nNEsM0IKd87K+
+xgJTGWKTxrNNP3XTLyE91Fxic9UFrfTM7RBXy3WPwmru+kQSVe1OZMGZ7gdefxZkYYL9tGRzm2ir
+Xa/w5j6VUgFoJPBUv008jJCpe7a2VTKE60KfzA==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext13
@@ -0,0 +1,5 @@
+orGkMKnWV+L6HCu17UP/slwFowj+kJPAEDF5X1h0QAEQgorlj7m1gc6d3dPlSa4EoJhUWb3mxiZZ
+TnsF3EJ4sqFGXBNoQIgjyF6W3GbDowmDxjlmT8RWmjf+IeWhlbV3bu0t+NjTYa9obnUCKbvWY/Fh
+hopQYV4MM3vsDKNf7AuxnDbrLgu8wFgvodk6rNsGEGP1nyzh7kNgXl2J7KGD0qzf6fgQEQIq07Q6
+PdQX2slLThHqgbGSlm6WaxgggucZZGB7T4AC82KZhEoR8q4PrqwurnD49PmAiKzc0KxVbp/MxRFS
+GQj60m8ExkIBRQMFd4dYsFOL+LW7FEqCjmKXlQ==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext14
@@ -0,0 +1,5 @@
+mIbD5nZKi5qE6EFI69jDsaqAUDgaePZocUwW2c/Spu3FaXnFNdne47RLhcGL6JKJkjcXEUciFtld
+2pjS7oNHybFN/9/4SqSNJawG99fmU5islnsc6Qkl9n3OBJt/gS2wdCmXp01E/oHb4Oej/q8uXECv
+iI1VDdu+O8IGV6KVQ/j8KRO5vRphsqsiVuxAm719wNF3F+olxD9C7Sffhzi/SvxnZv96/whZVV7i
+g5IPTIpjxKc0DLr93DOezbSwUVAC+WyTK1t5Fnr2mcCtP8z98PROhacCYr8uGP40uFBYmXXoZ/+W
+nUjqvyEicVRs3AWmnstSblKHDINvMHvXmHgO3g==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext15
@@ -0,0 +1,5 @@
+Yxjp+1wNBeUwfhaDQ26QMpOsRkI1iqoiPXFjATq6h+Lf2o5gxoYOKaHpJoYWPqC5F18ynKOxMaHt
+06d3Wai5e61qT49DlvKM9vOcpYES5IFg1uID2qWFbzrKX/7Vd69JlAjj39Iz4+YE2+NKnEyQgt5l
+UnysYzHSncgOBQig+nEi5/Mp9sylz6NNTR2kF4BUV+AIvsVJ5Hj/nhKnY8R30Vu7ePW2m9V4MPws
+TtaG15vHKpXYX4gTTGsK/laozPvIVYKLszm9F5Cc8dcN4zNa4HA5CT5gbWVTZd5lULhyzW3h1EDu
+AxthlF9imtijU7DUCTnpajxFDSqNXu6fZ4CTyA==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext16
@@ -0,0 +1,5 @@
+dSkIcsz9SkUFZg1lH1babaoJyhMB2JBjL2qZLz1WXO5GSv3tQO07W+k1ZxTqWqdlX0oTZsLxfHKP
+byxaXR+OKEKbxOb48s/42o3A4KmAjkX9CeovpAyyts5v//XA4VnRG2jZCoX3uE4QOwnmgmZkgMZX
+UFwJKSWUaKMUeG106rExVzzyNL9X232eZsxnSBkuAC3A3uqTBYXwgx/c2bwz1R957S/8Frz01ZgS
+/OvKo/kGmw5EVobWRMJcz2O0Vu5fpv/pbxnN91H+2erzWVd1Tb9L/qUhaqGETcUHyy0IDnIuuhUD
+CMK1/xGTYg8XZuz0SBuvuUO9KSh38hNspJSroA==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext17
@@ -0,0 +1,5 @@
+LSB6c0Mqj7TAMFGz9zsophdkCY36NMR6IJlfgRWqaBZnm1V+gtvuWEkIxuaXgtfes029Za8GPVf8
+p2pf0GlJL9YGjZmE0gk1BWWmLlx38jA4wSyxDGY0cJtUfEb2tKcJvYXKEi10Rl75d2LCl2Pgbbx6
+nnOMeL/KAQLcXnnWW5c/KCQMqrLhYaeLV9JiRX7YGV1T48eunaAhiDxtt8JK/dIyLqyXKtPDVMX8
+7x4UbDoCkPtnrfAHBm4AQo0s7BjOWPkyhpje/vSy617HaRj94cGYy7OLevxnYmqa7+xDIr/ZDSVj
+SByaIh94yCcsgtG2KrkU4cafavbvMMpSYNtKRg==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext2
@@ -0,0 +1,3 @@
+Qjc27QNfYCavJ2w1wLN0GzZeX3bKCRtOjCni8L7+5gNZWqgyLWAtLmJeleuBsvHJck6CLsp224YY
+zwnFNDUDpDYINbWQO8Y344efsF4O8yaF1a7FBnzXzJb+SyZwturDBmsfz1aGtoWJqvt9YpsC2Phi
+XKODNiTUgA+wgbHPlOs=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext3
@@ -0,0 +1,3 @@
+RerUylUeZiyYAPGsqCg7BSXmq64wvktKunYvpA/T044iq+/Gl5T267vAXduxEhYkfS9BL9D7qHxu
+Os2IiBNkb9DkjnhSBPnD9z1tgjlWJyLd3Ydx/sSLg6Me5vWSxM/UvIgXTzsToRKq47n3uA4Pxvcl
+W6iA3H2AIeIq1qhfB1U=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext4
@@ -0,0 +1,3 @@
+NvbjTZSo002qy6M6ITnQCthak0WoYFHnMHFiAFa5IOIZAFhVohOg8jiXzc1zG0UlfHd/6QggK+/d
+C1g4axJE6gz1OaBdXRAynaROEwMP12Dc1kTP7yCU0ZENP0M+HHxt0YvB8t9/ZD1mL7ndN+rZBZGQ
+9PpmyjnoacTrRJy9xDk=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext5
@@ -0,0 +1,3 @@
+Qs7iYXsezqTbP0gpOG+9Ydr78DjhgNg3yWNm3yTAl7SrD6xr31kNghyfEGQuaBrQW414s3jA9Gzi
++tY/dOCtPfBrB11+tfVjb41AO5BZynYbXGK7UqpFAC6nC6rOCN7SQ7nYy9YqaK3iZYMrVlZOQ6b6
+Qu0ZmgmXaXQt8VOeglU=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext6
@@ -0,0 +1,4 @@
+JnvNEYrKsfyLqByF1zADy4YQ+lXB2X2o1Ip8fwaJak23UaooQlW502rWXzdlPYKfGzf5e4ABlCVF
+svwsVac3bKehvksXYMjgWjPlqiUmuNmOMXCI54NMdVsqWbEmMaGCwF1dQ6sXeSZPhFb1Fc5X399R
+LVST2re3M43Et9eNucCRrDuvU3pp/H9UnZefDv+alP2kFpvU0dGaacmeM8O1VJDVAbObHtrhGP9n
+k6FTJhWE06Xzn25oLj0XyM0SYfpy
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext7
@@ -0,0 +1,4 @@
+k6yfBnHsKay7RE7/waV0E1HWD9sOOT+/dUrPDeSXYaFIQd93cum8gnc5ZqFYTE1yuuoAEY+D81zK
+blN8vU2BH1WDspeD2KbZTNMb5w1vUmwQ/wnG+nzgaXlaP80FEf1fy1ZLzIDqnHjzi4ABJTnYpN32
+/oHpzdt/UNu7vMfl2GCXzPTsSRifuL8xi+bVoHFdUWtJrxkSWM0y3IM85utGc8A6Gbus6IzFSJX2
+NswMHsiQltEc4jWiZcoXZCMqaJro
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext8
@@ -0,0 +1,4 @@
+gevdlQVLDIIu+a12k/Woet+0tMTOcN8t+E7UnATaWLpfwgoZ4abot6OQCyJ5bcToae5rQnktFajs
+61bAnGmRToE86o9pMeS47W9CGvKY1ZXJf0eJx8qmEsfvNgmEwhuT7cVAEGi1r0x4qHcbmE1TuOqK
+3y9qfUoLp2x14d2fZY8g3tSkYHHUbXeRtWgD2P6n8LD45Brj8JODpvlYX+d1Pqr/0r+UVjEIvuzC
+B7u1NfX8xwXw3en3CMYvSanJA3HT
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/ciphertext9
@@ -0,0 +1,4 @@
+vMNflM3mbLETZiXWJblEMqNbIvPS+hGmE/8PylvVf4e5AszcHNCuvLBxXuhp0dH+OV9nkwA/XspG
+UFnIhmDURv9fCBhVICJVfjjAimfq2ZEmIlTxBoKXXsVjl3aFN/SXevbV9qrOt/sl3sWTcjAjH9iX
+ivSRGaKfKeQkq4JytHVieS1clPd0uIKdCw2fGoye3fN1dNX6JI7vqcUnH8XsJXnIG91htBD6Yf42
+5CQiHBE63bJ1ZkyAHTTKjGNR5KhY
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash0
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash1
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash10
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash11
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash12
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash13
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash14
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash15
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash16
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash17
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash2
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash3
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash4
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash5
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash6
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash7
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash8
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/hash9
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key0
@@ -0,0 +1,1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key1
@@ -0,0 +1,1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key10
@@ -0,0 +1,1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key11
@@ -0,0 +1,1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key12
@@ -0,0 +1,1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key13
@@ -0,0 +1,1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key14
@@ -0,0 +1,1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key15
@@ -0,0 +1,1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key16
@@ -0,0 +1,1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key17
@@ -0,0 +1,1 @@
+AAAAAQAAAAEArkXtVgHOxrjMBfgDk1xnTdvg11xMCf15UfxrDK7DE6jfOZcMUYv/ul7Wjz8NfyKkAp1BPxrgfk6+nkF3ziPn9UBLVp5O4b3PPB+wPvETgC1PhV65tRNLWnyAha3K5vovoUF+w3Y74XGwxit2Dt4jwSrZK5gIhMZB9aj6wmva1KAzgaIv4bdUiFCUyCUG1AGaU1ooav6ycbubpZLeGNz2AMKu6uVuAvfPefwUzzvcfNhP67v5UMqQMEsiGaeqBjrvosPBmA5WDNZK/neVhbYQdle5V4V+/eYBCYirfeQX/IjY84TE5ucsP5Q+DDHAxKXMNvh52KOsnX1Zhg6q2muDuwAAAAMBAAEAAAEABWsEIW/l81SsdyUKS2sMhSWoXFmwvYDFZFCiLV9DjllqMzqodeKR3UP0jLiLnV/A1Jn5/NHDl/mvwHDNnjmMjRnmHbfHQQprJnXfv100W4BNIBrdUC1c4t/LCRzpmXu+vlcwbzg+TViBA/A29+hdGTTRUqMj5KjbRR1vSlsbDxAswVDgL+7iuI3qStTBusyyTYQHLRTh0kpncfdAjuMFZPuG1Dk6NLzwt4hQHRkzA/E6IoSwAfD2Ser3kyjUrFxDCrRBSSCpRg7Rt7xA7GU+h20Jq8UJrkW1JRkBFqDCYQGEgphQnBw786SD5ydAVOFelwdQNumJ9gkygHtSV3UeeQAAAIDs9a7NHlUV//rL11ooFsbr9JAYzftGOOGF1mpzlrb4CQ+AGMf9lcw0uFfcF/DMZRa7E0arTVgsra17QQM1I4e3AzjQhAR8nZU5tkliBLPdbqRCSZIHvsAflkKH/2M2w5hGWDNoRvVuRoYYgcECM9IXa/FaXpbdx4C8hoqnfTznaQAAAIC8RsRk/GrEyng7DrCKPIQbdy9+my8our1YiuiF4aDGHkhYoPslrCmZkPNb6FFkwlm6EXXN1xknBxNRhJkrbCm3Rt0NLKvhQoNffRSMwWFSS0oJlG1IuChHPxzna2y2iGw0XAPgX0HVG1w6kKPyQHPH10pP4l2c8hx1lg8/w4YxgwAAAIDHNWRXHQD7FdCKPemVelCRXXEm6UQtrPQryC6GLlZz/2oAjtTS43RhffifF6FgtDt/2py2trdCGGCYFffUXKJjwVmqMtJy0Sf69LyMotdzeOiusZsK19o8s94K5zFJgPYrbUsKh10d8DwbrjnM2DPvbNfi2VKL8ITR+WnnlOn2wQAAAIAmWLN/bfnBAwvh22gRf6nYfjnqK2k7fm06L3CUdBPuxhQuGPuN/LasVF18hqCtSPhFcXDw77JrxIEmxT79HRaSAZjcKhEH3CgttqgM0wYjYLo/oT9w5DEv8abNa4/EzZxcPbF8bWpXIS9zrin2GTJ7rVmxU4WFhbpOKLYKYqReSQAAAIBvOFJrOSUIVTTvPkFag27ei4YViix8v+zLC9g0ME/saDuo1PR5xDPUNBbmMmliPOoQB3bYWv9AHT//YQ7mVBHOOxNj1jqXCe7eQmR86lYUk9VFcKh5wYaCzZdxC5YgXsMRF9c7XzYiP63W6LqQ3XwO5h1E4WMlHiDH9m6zBRF8uA==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key2
@@ -0,0 +1,1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key3
@@ -0,0 +1,1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key4
@@ -0,0 +1,1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key5
@@ -0,0 +1,1 @@
+AAAAAQAAAACAqLOyhK+OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx+CwgtaTpef87Wdc9GaFEncsDLxkp0LGxjD1M8jMcvYq6DPEC/JYQumEu3i9v5fAEH1VvbZi9cTg+rmEXLUUjvc5LdOq/5OuHmtme7PUJHYW1PW6ENTP0ibeiNOfFvsAAAADAQABAAAAgFMznP23n8hGamVccxasqFxV/Y9t2Jj9rxGVF+9PUuj9jiWN+T/uGA+g5KspaTzYOxUqVT1KxNGBK4ufpa8Of1X+cwTfQVcJJvMxHxXE1lpzLEgxFu49PS0K81Sa2b98v7eK2IT4TVvrBHJNxzabMd7zfQz1OenPzdPeZTcp6tXRAAAAQNMnN+cmf/4TQbLVwNFQqBtYb7MTK+0vjVJihkqcufMK84vkSFmNQToXLvuALCGs8cEcUgwvJqRx3K0hLqx8o50AAABAzIhT0dVNpjD6wAT0cfKBx7iYLYIkpJDtvrM9Pj1cyTxHZXA9HdeRZC8fEWoN2FK+JBmyr3K/6aAw6GCwKItddwAAAEAOEr8XGOnO9VmbocOIL+gEapCHTu/OjyzMIOTydB+wozo4SK7JyTBfvsvS12gZln1GcazGQx5AN5aNs3h45pXBAAAAQJUpew+Vovpn0AcH1gnf1PwFyJ2vwu9tbqVb7HceozNzTZJR55CC7NqGbv7xPEWeGmMThrfjVMiZ9fESyoXXFYMAAABAT0VsUCSTvcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2h90qjKHS9PvY4Q==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key6
@@ -0,0 +1,1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key7
@@ -0,0 +1,1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key8
@@ -0,0 +1,1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/key9
@@ -0,0 +1,1 @@
+AAAAAQAAAADAzyzUHjTKOnKOpcuK/2TDbSe971Nk4zb9aNMSPFoZaowocBPoU9UVbVjRUZVFIPtPbXsXq7aBd2WQnFdhGWWdkCsZBu2KKxDBVcJNEkUo2rnurjeb6sZuSkEXhty4/QBi68Aw3hIZoEwqjBt90xMeTWtsruLjGl7UGsFQmy7x7iqxg2S+VoypQcJezIT/nWQ7XsGqrhAqINc/R5t4D9bakQdSEtnqwDoGdNiZ66LkMfTES2Fba6IjK9SzO67XPWJdAAAAAwEAAQAAAMAZjBQeI3FakrzPahGaW8ETiUaNKBH1SNcn4XtKsOuYbW8hHvtTtx98y+qH7mnHXuYVAIxTMt61K/OQq9+/431yBTaBWbJjjB3jJuIdIiUfD7WEizvxUAXSp0Mw8K/pFu5izME0TR2DpwnmBnYnOED383dCSl4KTadfAbMf92gZz5y/3SFSQ8ORfAPvOBmTEuVns7967Tq0V/Nx74oUI/RbaMbiguwRG7ooM7mH/Wn62DvBuMYTxeHqFsEe0SXqfsEAAABg/I1sBL7E65qBksp5AMvlNuLotRnezzOyRZeYxpCd9PF2230jGQ/HK4hlpxiviV8bzZFFKYAnQjtgXnCkfPWDkKjD6I/IxI6LMuPaIQ374+iB6lZ0tqNIwh6T+eVepl79AAAAYNIA1F54iqzqYGpAHQRg+H3VwQJ+EtwaDXWG6JOdnPeJtA9RrARClh3n0hzCHgXIMVXB8qqRkzh8/flWy0jRU7onBAb5u7pTfUmH2eL5lC16FMv//qdP7N2pKNI+JZ9e4QAAAGDbFoAveaLw1F81jWn9M+RLgfroKGIuk6VCU+mX0BsHQ3WdoOgStKpObIvqsjKNVDGVWkGKZ/8mqMXIB6XaNU4F7zHMjPdY9GNzKVCwPiZXJvuU451qVyomJEqwjbdXUq0AAABgoKMXz+ffFCP4em3uhFH04rSmflSX8ptPHk6DC5+t2UARZwJvVZblo5yXgX4PXxbifhnsmQLgHX6m+5qjx2Cv7h44G2neasnAdYWgatnEugC/dcitL6iYpHnoCuKU/tKhAAAAYAsh8zXDUzQutEw6okRFeAwtZVuUAXTK44x8ik5kk8C6n9MDdIJnsIO5p6bLYeQts2K4yYlttwZOAq1a5hWH2hW0ZJyQWUkJ/rN9vLZUvrcmjsgB5ai0qjkRvr2IVC8Fvg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash0
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash1
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash10
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash11
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash12
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash13
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash14
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash15
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash16
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash17
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash2
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash3
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash4
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash5
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash6
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash7
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash8
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/maskhash9
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/numtests
@@ -0,0 +1,1 @@
+18
new file mode 100644
index 0000000000000000000000000000000000000000..5961feea3d47407f8b2be5ccc39ba3f7928a99d6
GIT binary patch
literal 28
kc$`bqkn|H`x7}d9(&yH^pTWx0uk!Ay+}Y0H_3xhv0G$2|c>n+a
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext1
@@ -0,0 +1,1 @@
+u@GGe#)ɺEo
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext10
@@ -0,0 +1,1 @@
+S)1~tێL̢_<tnz:c79絕nUO{37
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext11
@@ -0,0 +1,1 @@
+d
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext12
@@ -0,0 +1,1 @@
+k*lunhpSkN
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext13
@@ -0,0 +1,1 @@
+;XEu7>W
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext14
@@ -0,0 +1,2 @@
+Q
+,o4SN%c>EKA$
\ No newline at end of file
new file mode 100644
index 0000000000000000000000000000000000000000..36812091de63f6bc664e4b80344adb93975c21a5
GIT binary patch
literal 36
uc$@(w0Nek(-5Cv|x6=UMng-%5s^X_#5Xm3*XScy?-iuQPN+wCEKt;({8xghu
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext16
@@ -0,0 +1,1 @@
+l}KF_óߔ~r2
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext17
@@ -0,0 +1,1 @@
+:F	S}"ocN|9i"׸,
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext2
@@ -0,0 +1,1 @@
+J.dEB3mSKtm$EYB>-OFinQ
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext3
@@ -0,0 +1,1 @@
+RPَ*O!S~1o4jz
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext4
@@ -0,0 +1,1 @@
+tF+Il
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext5
@@ -0,0 +1,1 @@
+&RPBq
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext6
@@ -0,0 +1,1 @@
+5UY,;RЕYTFlYbTͼ!.ɶ/9
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext7
@@ -0,0 +1,1 @@
+`P:-ᗉ@Lttm>Ԃ́ FY
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext8
@@ -0,0 +1,1 @@
+2d)ߛ	KO$
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/plaintext9
@@ -0,0 +1,3 @@
+E_r:.VbHM
+ )֬;>f(L֞J
+ғZygr
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed0
@@ -0,0 +1,1 @@
+GLd26iEGnWl3ajPpa61I4d2gpe8=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed1
@@ -0,0 +1,1 @@
+DMdCzkqbfzL5UbyyUe/ZJf5P418=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed10
@@ -0,0 +1,1 @@
+/LxCFALp7KvGCCr6QLpfJlIshA4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed11
@@ -0,0 +1,1 @@
+I6reDh4Iu5uaeNIwKlL5whsuG6I=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed12
@@ -0,0 +1,1 @@
+R+GrcRn+5WyV7l6q2G9A0KpjvTM=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed13
@@ -0,0 +1,1 @@
+bRf1tMH/rDUdGVv3sJ0J8JpAec8=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed14
@@ -0,0 +1,1 @@
+OFOHUU3szHx0DdjN+druSaHL/VQ=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed15
@@ -0,0 +1,1 @@
+XKymoPdkFhqWhPhdkrbg7zfKi2U=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed16
@@ -0,0 +1,1 @@
+lbyp44WYlLPdhp+n7NW7xkAb8+Q=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed17
@@ -0,0 +1,1 @@
+n0fd9C6X7qhWqb28cU6zrCL26zI=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed2
@@ -0,0 +1,1 @@
+JRTfRpV1WmeyiOr0kFw27sZv0v0=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed3
@@ -0,0 +1,1 @@
+xENaPhoYpotoIENikKN877hds/s=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed4
@@ -0,0 +1,1 @@
+sxjELfO+D4P+qCP1p7R+1eQlo7U=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed5
@@ -0,0 +1,1 @@
+5OwJgsIzbzpnf2o1YXTrDOiHq8I=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed6
@@ -0,0 +1,1 @@
+jsll8TSj7Jkx6SocoNyBadXqcFw=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed7
@@ -0,0 +1,1 @@
+7LG4sl+lDNqwjlYEKGf0r1gm0Ww=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed8
@@ -0,0 +1,1 @@
+6JuwMsbOYiy9tTvJRmAU6nf3d8A=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_oaep/seed9
@@ -0,0 +1,1 @@
+YG87mcC5zNdx6qKeoOTIhPMYnMw=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext0
@@ -0,0 +1,3 @@
+kHQwj7WY6XAbIpQ4jlL5cfqsK2ClFFrxhd9Sh7XtKIflfOf9RNyGNOQHyODkNgvCJvPsIn+dnlRj
+jo0x9QUSFd9uu5wvlXmqd1mKOPkUtbnBvYPE4vnzgqDQqjVC/+5lmEpgG8aeso3rJ9yhLILC1MP2
+bNUA8f8rmU2KTjDLszw=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext1
@@ -0,0 +1,3 @@
+Pvf0boMb+SsyJ0FCpYX/zvvcp7Mq6Q0Q+w8McpmE8E7ymp3weAd1zkNzm5eDg5DbClUF5j3pJwKN
+nSmyGcosRReDJVilXWlKbSW52rZgA8TMzZB4Ahk75RcNJhR9N7k1kCQb5RwlBV9H72J1LPviFBj6
+/pjCLE1NR3JP21Zp6EM=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext10
@@ -0,0 +1,4 @@
+ghAt+MuR5xeZGaBNJtM11k+8L4csRIM5QyQd6EVIECdM3z219C1CPbFSr3E19wFCDjm0lKZ8v9Gf
+kRnaIzoj2lxkObW6DSvDc+7jUHABN41KQHOFa3/iq6C17pOyf0r+x9TRIJIcg/YGdlsCwZ5Naho7
+lfpMQilRvk9SExB37xcXlynN3721aVDbrO7+eMsWZAoJnqVtJDie7xD4/ssxuj6jsifAqGaYu4nj
+6TY5Bb8id3sqOqUhtltM73bYO95M
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext11
@@ -0,0 +1,4 @@
+p/2w0lkWXKLIjQC78QKKhn0zdpnQYRk7F6lkjhTMu6rerKrN7IFedXEpTruKEXryBfoHi0ewcSwZ
+njrQUTXFBMJLgXBRFXQIAkh5kv/VEdSvxrhUSR6z8N1SMTlUL/FcMQHuhVQ1F8ajx5QXxn4t2ap0
+HpopsG3LWTwjNrNnCuOvusfD524hVHPoZuM4yiRN4AtiYk1rlCaCLOrp+MxGCJX0ElAHP9RcWh57
+QlwgSkI6aZFZ9pA+cQs3p7sryASf
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext12
@@ -0,0 +1,5 @@
+gsKxYAk7iqPA91IrGfhzVAZsd4R6vyqfzlQtDoTpIMWvtJ/9/azhZWDulKE2lgEUjrrXoOFRzxYz
+F5Glcn0F8h505+uBFEAgaTXXRHZaFeefAVy2bFMsh6agWWHIv610GppmVwIolDk+ciNzl5bAKndF
+XQ9VWw7AHd8lm2IH/Q/VdhTO8aVXO6r/TsAAaZUWWbhfJDAKJRYMqFItxuZyflfQGdfmNim4/l6J
+4lzBW+s6ZHV3VZKZKAubKPebBAkAC+JbvZZAi6O0PMSGGE3RyOYlU/oa9AQPYGY95/XknAQ4jiV/
+HOicldq0ijFdm2axt2KCM4dv8jhSMNBw0H4WZg==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext13
@@ -0,0 +1,5 @@
+FK412d0GupL387iXl4rtfNS/X/C1haQL1GzhtCzScDBTu5BE1k6BPY+W2y3XAH0QEY9vj4SWCXrX
+Xh/2kjQbKJKtVaYzocVefwoK1ZoOIDpbgniuxU3YYi4oMdhxdPjK/0PubEZEU0XYSlllm/uS7NTI
+GGaGlfNHBvZoKKiZWWN/K/PjJRwkvbpNS3ZJ2gAiIYsRnITnmmUn7FuKX4YcFZlS4j7AXh5xc0b6
+7+ixaGglvSsmL7JTEGbA3gms3i5CMWkHKLXYXhFaL2uSt5wlq8m9k5n/i8+CWlLqH1bqdt0m9Duq
++hi/qSpQTL01aZ4m0dzFoohzhfPGMjLwbzJEww==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext14
@@ -0,0 +1,5 @@
+bj5Ne2sV0vtGATuJAKpbuzk5zywJVxeYcEICbuYsdMVM/9XX1X77v5UKD1xXT6CdP8HJ9ROwW0/1
+Ddjfft+iAQKFTDXlkhgBGacM5bCFGCqgLZ6iqpDR3wPy2q6IW6L10Fr9rJdHbwa5O1vJShqAqpEW
+xNYV8zOwmIkrJf+s4mb121paO8wQqCTtVarTW3J4NPuMB9oo/PQWpdmyIk8fi0QrNvkeRW/eotfP
+4zZyaN4DB6THTpJBWe0zOT1eBlVTHHcye4mCG97fiAFhx4zUGWtUGfesw/E+Xr8WG258ZyRxbKM7
+hcLiVkAZKsKFllHVC95+uXblHOyCi5i2VjuGuw==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext15
@@ -0,0 +1,5 @@
+NAR/+WxNwNyQstT/WaGjYaR1SyVdLuCvfYv4fJvJ593u3jOTTGPKHA49JiyxRe+TKh8sCpl6pqNP
+jq7nR32CzPCQlaa4rK041O7J+36retAtodEdjlTBgl5Vv1jCojI0uQK+Ek+ekDio9o+kXaty9m4J
+Rb8di6zJBExvBwmMn87FijqrEAyAUXgVXwMKEkxFDlrL2kfQ5PELgKI/gD53TQI7ABXCC5+bvnyR
+KWM41ey0ccr7AyAHtnpgvl9pUEqfAauzy0Z7Jg4rzoYL6Nlb+SwMjhSW7R5ShZOkq7bfRi3eiglo
+3/5GgxFoV6Iy9ev2yFviOHRa0POPdnpf2/SG+w==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext16
@@ -0,0 +1,5 @@
+fgk16hj01sHRfOgusrODbFWzhFic4Z3+dDNjrJlI0fNGt7/d/pLv14rbIfrvyJreQrEPN0AD/hIu
+Z0KaHLjL0fjZAUVkxE0SARb0mQ8abjh3TBlL0bghMoawd7BJnS57P0NKsSKJxVZoTe7XgTGTS7Pd
+ZTcjb3xvPcsJ1Ha+B3IeN+HO7Zsve0Boh71TFXMF4ci0+E1zO8Hhhv4GzFm27bj0vX/+/fT3upz7
+nVcGibWhpBCadGppCJPbN5klWgy5IV0tHNSQWQ6VLoyHhqoAESZSUkcMBB37w+7Hw8v3HCSGnRFc
+DLSpVvVtUwuAq1iaz+/GkHUd3zbo04P4PO3SzA==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext17
@@ -0,0 +1,5 @@
+bTtbh/Z+plevIfdUQZd9IYD5GyxfaS3oKVVpamhnMNm5d42XB1jMsmBxwiCf+9YSW+LpbqgbZ8ub
+kwgjn9oX97K2Ts2glra5NWQKWhy0KpFVscnvemM6AsWfDW7lm4UsQ7NQKec8lA/wQQ6PEU7tRrvQ
++uFl5CviUopAHDso/YGO8yMtyp9NKg9RZuxZxCOW1sEdvBIVpW+hcWnblXU0PvNPneMqSc3DF0ki
+8inCPhjkXfk1MRnsQxnO3OehfGQIjB9vUr4pY0EAs5GdOPPR7ZTmiR5mpzuPuEn1h031lFnimMe7
+zi7ueCoZWqZv4tBzKyXllfV9PgYbH8PkBjv5jw==
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext2
@@ -0,0 +1,3 @@
+ZmAm+6cb0+fPExV8wsUajkqmhK+XePkYSfNDNdFBwAFUxBl2IfliSmdbWrwi7n1bqv+q4cm6yizD
+c7PzPnjmFDw5WpGqf6ymZOtzOv0U2IJyWdmadVD6ylAe8rBOM8I6pR9LnoKC79tyjMCrCUBakWB8
+Y2mWG8gnDS1POfzmErE=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext3
@@ -0,0 +1,3 @@
+Rgl5OyPp0JNi3CG7R9oLTzp2ImSaR9RkAZua6v5TNZwXjJHNWLpry3i+A0anvGN/S4c9S6s47mYf
+GZY0xUehrYRC4D2gFbE25UP3qwfAwT5CJbjejM4l1PbrhAD4H34YM7fubjNNNwlkynn9uHK011Ij
+te6wgQFZH7Uy0VWm3oc=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext4
@@ -0,0 +1,3 @@
+HSqtIhyk0x3fE1CSOQGTmOPRSzLcNNxa9K6uo8CVr3NHnPCkXlYpY1pToBg3dhWxbLmxOz4J1nHr
+ceOHuFRcWWDaWmR3bnaOgrLJNYO/EEw/2yNRK3tOifYz3QBjpTDbRSSwHD84TAkxDjFaedzT1oQC
+Kn8xyGWmZOMWl4t1n60=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext5
@@ -0,0 +1,3 @@
+KjT2El4fawv5cehPvUHGMr6PLCrOfei2km4x/5Ppr5h/vAblHpvhT1GY+R8/lTvWfaYKnfWXZMPc
+D+COHL7wt1+GjRCtP7p0n+9Z+22sRqDW5QQ2kzFYb1jkYo85qieJglQ7wO61N9xhlYAZs5T7Jz8h
+WFigoBrE1lC5VcZ/TFg=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext6
@@ -0,0 +1,4 @@
+WGEHImw84BOnyPBNGmopWbtLjiBbpDontQ8SQRG8Ne9YmwOfWTIYfLaW19mjLAw4MApc3aSDS2LS
+6yQK8z950T378JW/WZ4NloaUjBlkdHtn6JyaulzYUBYjb1ZsxYAssT6tUbx8pr7zuU3L27HVcEaX
+cd8OALGooGd3Ry0jFiee2uhkdGaNTh7/+V8d5hxgINoyrpK78WUg/vPPTYj2ESHyS72f6RtZyvEj
+WyqT/4H8QDrd9OveqEk0qc2vjhqe
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext7
@@ -0,0 +1,4 @@
+gLbWQyVSCfCkVnY4l6ye0lnUWbScKIfliC7LRDTP1m3X4WmTdTgeUc1/VU8sJxcEs5nUK0viVAoO
+ymGVH1Umf3woeMEihC2tsosBvV+MAl9+IoQYpnPAPWvAxzbQopVGvWf3htnWkszqd41x2YwgY7en
+EJIYek01rxCBEdg+g+rkbEaqNCd+BgRFiZA3iPHV587iX7SF6SlJEYgU1vLD7jYUiQFvMn+1vFF+
+tQRwv/oa+l9M6aoM5bjuGb9VAblY
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext8
@@ -0,0 +1,4 @@
+SEQI84mM1fU0g/gIGe+/JwjDTSeosqb66LMi+SQCN/mBgXrKGEbxCE2qbXwHlfblvxr1nDjhhYQ3
+zh9+xBm5jIc2rfbdmgCxgG0r060Kc3deBfUt/vOlmrSwgUPw3wXNGtnQS+zsptqkohKYA+IAy8d3
+h8r0wdBmOmxZh7YFlSAZeCyvLsFCbWj7lO0dS+gWp+0IG3fmqzMLP/wHOCD+zeNyf8vile5hoFCj
+Q2WGN8P9ZZz7Y3Nt4y2fkNPC9j7K
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/ciphertext9
@@ -0,0 +1,4 @@
+hOvrSBvlmEW0ZGi6+0ccARLgKyNdhLXZEcvRkm7lB0rgQkSVyyDoIwi467ZfQZoD+0DnK3iYHYiq
+0UMFNoUXLJeynIt78K5ztbImPEA9oO0vgP90UK94KOuLhvACi9KosXak0ijMzqGDlPI4sJ/3WMwA
+vAQwEVI1V0LygrVOZjqRnnCdjaJK3lUAp7mqUCJuDKUpI+bC2GDsUP9ID6V0d+grBWX0N595x3LV
+wtqAr5+/Ml7Ob8ILAJYWFL7omhg+
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash0
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash1
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash10
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash11
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash12
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash13
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash14
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash15
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash16
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash17
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash2
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash3
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash4
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash5
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash6
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash7
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash8
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/hash9
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key0
@@ -0,0 +1,1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key1
@@ -0,0 +1,1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key10
@@ -0,0 +1,1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key11
@@ -0,0 +1,1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key12
@@ -0,0 +1,1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key13
@@ -0,0 +1,1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key14
@@ -0,0 +1,1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key15
@@ -0,0 +1,1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key16
@@ -0,0 +1,1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key17
@@ -0,0 +1,1 @@
+AAAAAQAAAAEApd2GesTLAvkLlFfUjBSncO+ZHFbDnA7GX9Ea+ok3zqV7m+esc7RcABdhW4LWIuMYdTtgJ8D9FXvhL4CQ/uKnrc0O73WfiLpJl8ekLVjJqhLLma4AH+UhwTu1QxRFqNWuT15MfpSKwifTYEBx8g5XfpBfvrFd+vBtHeWuYlPWOmohILMaXaXavJVQYA4g8n03OeJieSX+o8xQnyHf8E5u6kVJxUDWgJ/5MH7t6R//WHM9g4WiN9bTcFoz45GQCZIHDfet8TV89+NwDONmfeg/F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGuBQAAAAMBAAEAAAEALS/1Z7P+dOBhkbf97W3hEikMZwaSQw1ZaRhAR9ojTJaT3u0Wc+1ClTnJadNywE1rR+D1uM7ghD5cIoNdvTsFoJl5hK5gWLEbxJB8v2fthPqa4lLfsNDNSeYY4139/lm8o93WbDPOu8d61EGqaV4T4yS1GPAcYPWoXJlK0XnyprX76TQCsRdnvgG/BzRE1rod0rylvQdNSl+uNTGtEwPYSzDYlzGMu7oE4DwuZt5tkfgvluodS7VKWq4QLVlGV/XJeJVTUSspbeop2AIxljV+PjpulY8548I0QDjqYEsx7cbw9/9ucYGlfJKCaiaPhnaOlvh4Vi/HHYXWnkSGEvcEjwAAAIDP1QKD/u65f28I1zy8ezg2+Cu81JlHn15vdv38uLOMT3Hcnoi9am92Nxr9ZdKvGGKzKvs0qV9xuLEyBD/+vjqVK691kkSBSMA/nGmx1o5M5c8yyGuvRv7TAcoatAMGmzL0VrkfcYmKsIHNjEJS71JxkVyXlLjylYUdp1EPmctz6wAAAIDMTpDSobOgZdOy0fWo/OMbVER1Zk6rVh0pcbmft774ROjsHzYLjCrINZaSlx6mo49yP8whH128sXeg/axRZKHU/3+7ToKZhjU8uYNlmhSM3UIMfTG6OCLqkKMr5GwDDowX4foK03hZ4GsKpvo7IW2cvmwOIjOXacCmFZE+XacZzwAAAIAcLR/DL2vEAE/YXf3g+7+aTDj5x8TkHeoaqII0ogHNkvO32lJlg6mK2FuzYPuYO3EeI0SdVh0XeNelFUhry/R7Rsnp4aOh93AA776wmor+R+W4V82pnLFtf/+bcS471gypbZx5c9YW1Gk0qcBQKBwAQ5nO/x233aeHZqipucsIcwAAAIDLOzwEyqWMYL59my3rs+OWQ/T1c5e+CCNqHp6vqnBlNuccOs/gHMZR8jyeBYWP7hO7aor8R99O3JpLowvOy3PQFXhSMn7niQFcLo3ue58FoPMayU62FzFkdAxclRR81fO1riy0qDeH8B2Ksx8nwtDuot2KEauQarogfEPG7hJTMQAAAIAS9rLPE3SnNvrQVhYFD5arS2HRF3x/nVJaKfPRgOd2Z+mdmavwUl0HWGYPN1JlWw8luN+EMdmo/3fBbBKgpRIqnwv3z9WiZqNcFZ+ZEgi5Axb/RE8+C2vQ6TuKeiRI6Vfj3abPzyJmsQYBOsRoCNOziHs7ADRLqslTC0znCPwytg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key2
@@ -0,0 +1,1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key3
@@ -0,0 +1,1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key4
@@ -0,0 +1,1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key5
@@ -0,0 +1,1 @@
+AAAAAQAAAACApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcAAAADAQABAAAAgDOlBCqQsn1PVFHKm7vQtEdxoQGviENArvmIXypLvpLolKckrDxWjI+XhTrQfAJmyMajygkp8ejxEjGIRCn8TZrlX+6JahDOcHw+1+c05Ecno5V0UBpTJoMQnCq6yrooPDG0vS9Tw+4341LO40+eUDvYDAYirXnG3O6INUfGo7MlAAAAQOfolCcgqHdRcnOjVgU+oqG8DJSqctVcboYpay38lnlIwKcsvMyn6ss1cG4Jod9VoVNb2bPMNBYLO23NPtqOZEMAAABAtp3KHPfU1+yB51uQ/MqHSrzeEj/ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ/QAAAEAo+hOThlW+H4oVnLrKWnLqGQwwCJ4ZzSdKVW82xPbhn1VLNMB3eQQnu92N0+3iRIMo84XYGzDo5Dsv/6Anhhl5AAAAQBqLOPOY+nEgSYmNf7ee4Kd2aHkSmc36Ce/A5Qessh7XQwHvW/1IvkVerrbhZ4JVgnWAqOTo4UFR0VEKgqPy5ykAAABAJxVqukEm0kqB86Uoy/sn9WiG+ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key6
@@ -0,0 +1,1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key7
@@ -0,0 +1,1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key8
@@ -0,0 +1,1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/key9
@@ -0,0 +1,1 @@
+AAAAAQAAAADA5r1pKslmRXkEA/3Q9b64ub+S7RAAf8NlBGQZ3QbAXFtbL0js+YnkziaRCZecu0C0oK0k0iSD0e4xWtTMsVNCaDUmkcUk9t2ObCnSJM8kaXOuyGxb9rFAGoUNG5rRu4y87Eewbw+Mf0XT/I8xkpnFQz3bwrMFO0fe0uzUpMrv1hSDPci7Yi8xftB2uAV/6N4/hEgK1eg+SmGQSk8kj7OXAnNX4dMORjE5gVxv1P1axbgXKkUjDstjGKBPFFXYTlqLAAAAAwEAAQAAAMBqf9hPuF+tBzs0QG23T41hpqvBIZapYd15Vl6dpuUYe84tmAJQ9zWVdTWScNkVkLsOQnxxRgtV1RQQsZG88wn+oTGpLI5wJzj6cZ8eAEH1LkDpHyKfTZah5vFy4VWWtFEKba7CYQXyvrxTMWuHvfITEWZgcOjf7mnVLHGpdsqueccraNKFgNxobZ9RKdIl+Cs9YVUTqIKz25FBa0jOCIiCE+N+65r4ANgcqzKM5CBomQPADHtf0xt1UDptQZaE1ikAAABg+OuX6Y3xJmTu/bdhWWpp3c0Odtrs5u1L9aG1CsCG95KKTS+HJqd+UVt02kGYjyILHMh6ofyBDOmagvLRzoIe3O15TGlB9Cx6GguMTSjHXsYLZSJ59hVKdirtFl1H3uNnAAAAYO1NcdCm4kuTwuX2tLvgX1+wr6BC0gT+M3jTZcLyiLao2tfv5F0VPu9Aysx7gf+TQALRCJlLlKXkcozZyWM3WuSZZb2lXL8O/tjWVTtAJ/LYYgim5rSJwXYSgJLWKeSdPQAAAGArtovd+wxPVshVi/+viS2AQwN4Qef6gc+mGjjF45uQHI7nESKl2iInvWze60gUUsEq09YdXk93agq1Vlkb7+Plnlp/3bg0Xh8vNbn0zuV8MkFMCGrsmT6TU+SA2e7GKJ8AAABgT/iXcJ+tB5dGSUV45w/YVGEw7qtWJ8SbCA8F7krZ8+S3y6nWpd/xE6QcNAkzaDPxkIFtimvELpvsVrdWfQ88nGltthmyRdkB3YVtt8gJLnfpoczNVu5NukLF/bYa7CZpAAAAYHe50RN7UEBKmCcpMW76/H3+ZtNOWhgmANXzCgqFEgUcVg0IHU0KGDXsPSWmD05NaqlIsr89u1sSTLvDSJJVo6lINy9peElnRflD4dtPGDgs6qUF38ZXV7s/hXpY3OUhVg==
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash0
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash1
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash10
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash11
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash12
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash13
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash14
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash15
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash16
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash17
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash2
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash3
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash4
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash5
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash6
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash7
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash8
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/maskhash9
@@ -0,0 +1,1 @@
+sha1
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/numtests
@@ -0,0 +1,1 @@
+18
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext0
@@ -0,0 +1,1 @@
+zYtlOMuOjeVmtovQZ1advx7icY4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext1
@@ -0,0 +1,1 @@
+41vvwXodFguc41+9jrFufuSR0/0=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext10
@@ -0,0 +1,1 @@
+altL5M02zJff3pmV77+PCXpKmRo=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext11
@@ -0,0 +1,1 @@
+ud/R33akYcUeZXbGyO0Kkj0cUOc=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext12
@@ -0,0 +1,1 @@
+lZa7Ywz2qNTqRgBCK566ixNnXdQ=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext13
@@ -0,0 +1,1 @@
+tQMxk5knf9bByPEDPL8EGZ6iFxY=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext14
@@ -0,0 +1,1 @@
+UKrt6FNrLDByCLJ1pnri3xlsdig=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext15
@@ -0,0 +1,1 @@
+qgtyuLNx3dEMiuR0QlzMz4hCopQ=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext16
@@ -0,0 +1,1 @@
++tOQLJdQYiorxnJiLEgnDMV9Pqg=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext17
@@ -0,0 +1,1 @@
+EiGW3rXRIr2Mb8eB/2kk18aVqt4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext2
@@ -0,0 +1,1 @@
+BlLsZ7zuMPnSaZEiuRwZq9uon5E=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext3
@@ -0,0 +1,1 @@
+OcIcTM7anBrfg5x0ThISpkN1dew=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext4
@@ -0,0 +1,1 @@
+NtrpE7d70XyubnsJRT0kVEzrszw=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext5
@@ -0,0 +1,1 @@
+Re7xkfT3nDH+XS7eflCYmU6SnS0=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext6
@@ -0,0 +1,1 @@
+JxWkm4sAEs167oTBFkRubf4/rsA=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext7
@@ -0,0 +1,1 @@
+LayVbVOWR0isNk0GWVgnxrTxQ80=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext8
@@ -0,0 +1,1 @@
+KNmMRszK+9O8BOcvlnpUvT6hIpg=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/plaintext9
@@ -0,0 +1,1 @@
+CGbS/1p58l72aM1vMbQt7kIeTA4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed0
@@ -0,0 +1,1 @@
+3ulZx+BkETYUIP+AGF7Vfz5ndq8=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed1
@@ -0,0 +1,1 @@
+7yhp+kDDRssYPas9e//Jj9Vt9C0=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed10
@@ -0,0 +1,1 @@
+1okleobv+mghLF4MYZ7KKV+5G2c=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed11
@@ -0,0 +1,1 @@
+wl8Tv2fQgWcaBIGh8YINYTu6InY=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed12
@@ -0,0 +1,1 @@
+BOIV7m/5NLnacNdzDIc0q/zs3ok=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed13
@@ -0,0 +1,1 @@
+iyvdS0D69UXHeN35vBpJy1f5txs=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed14
@@ -0,0 +1,1 @@
+Tpb8GzmPkrRGcQEMDcPv1uIMLXM=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed15
@@ -0,0 +1,1 @@
+x81pjYS2USjYg146ix6w4By1Qew=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed16
@@ -0,0 +1,1 @@
+76i/+WISsvSj83GhDVdBUmVfXfs=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed17
@@ -0,0 +1,1 @@
+rYsVI3A2RiJLZgtVCIWRfKLR3yg=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed2
@@ -0,0 +1,1 @@
+cQucR0fYANTeh/Eq/c5t8YEHzHc=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed3
@@ -0,0 +1,1 @@
+BW8AmF3hTY71zqnoL4wnvvcgM14=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed4
@@ -0,0 +1,1 @@
+gOcP+GoI3j7GCXKzm0+/3Opnro4=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed5
@@ -0,0 +1,1 @@
+qKtp3YAfAHTCofxgZJg2xhbZloE=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed6
@@ -0,0 +1,1 @@
+wKQlMT3411ZL0kNNMRUj1SV+7YA=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed7
@@ -0,0 +1,1 @@
+swfEO0hQqNrC8V8y43g574xcDpE=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed8
@@ -0,0 +1,1 @@
+misAfoCXi7sZLDVOt9qa7fx02/U=
new file mode 100644
--- /dev/null
+++ b/security/nss/cmd/bltest/tests/rsa_pss/seed9
@@ -0,0 +1,1 @@
+cPOCvd9NXS3YizvHtzCL5jK4QEU=
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/lib/ckfw/builtins/bfind.c
+++ b/security/nss/lib/ckfw/builtins/bfind.c
@@ -110,21 +110,22 @@ builtins_attrmatch
 )
 {
   PRBool prb;
 
   if( a->ulValueLen != b->size ) {
     /* match a decoded serial number */
     if ((a->type == CKA_SERIAL_NUMBER) && (a->ulValueLen < b->size)) {
 	int len;
-	unsigned char *data;
+	unsigned char *data = NULL;
 
 	len = builtins_derUnwrapInt(b->data,b->size,&data);
-	if ((len == a->ulValueLen) && 
-		nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
+	if (data &&
+	    (len == a->ulValueLen) && 
+	    nsslibc_memequal(a->pValue, data, len, (PRStatus *)NULL)) {
 	    return CK_TRUE;
 	}
     }
     return CK_FALSE;
   }
 
   prb = nsslibc_memequal(a->pValue, b->data, b->size, (PRStatus *)NULL);
 
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -67,16 +67,23 @@ CKA_CLASS CK_OBJECT_CLASS CKO_NSS_BUILTI
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Mozilla Builtin Roots"
 
 #
 # Certificate "GTE CyberTrust Global Root"
 #
+# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Serial Number: 421 (0x1a5)
+# Subject: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Not Valid Before: Thu Aug 13 00:29:00 1998
+# Not Valid After : Mon Aug 13 23:59:00 2018
+# Fingerprint (MD5): CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
+# Fingerprint (SHA1): 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GTE CyberTrust Global Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\165\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -139,16 +146,23 @@ CKA_VALUE MULTILINE_OCTAL
 \334\364\166\125\175\233\143\124\030\351\360\352\363\134\261\331
 \213\102\036\271\300\225\116\272\372\325\342\174\365\150\141\277
 \216\354\005\227\137\133\260\327\243\205\064\304\044\247\015\017
 \225\223\357\313\224\330\236\037\235\134\205\155\307\252\256\117
 \037\042\265\315\225\255\272\247\314\371\253\013\172\177
 END
 
 # Trust for Certificate "GTE CyberTrust Global Root"
+# Issuer: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Serial Number: 421 (0x1a5)
+# Subject: CN=GTE CyberTrust Global Root,OU="GTE CyberTrust Solutions, Inc.",O=GTE Corporation,C=US
+# Not Valid Before: Thu Aug 13 00:29:00 1998
+# Not Valid After : Mon Aug 13 23:59:00 2018
+# Fingerprint (MD5): CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
+# Fingerprint (SHA1): 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GTE CyberTrust Global Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \227\201\171\120\330\034\226\160\314\064\330\011\317\171\104\061
 \066\176\364\164
@@ -172,16 +186,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Thawte Server CA"
 #
+# Issuer: E=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Serial Number: 1 (0x1)
+# Subject: E=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Not Valid Before: Thu Aug 01 00:00:00 1996
+# Not Valid After : Thu Dec 31 23:59:59 2020
+# Fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
+# Fingerprint (SHA1): 23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Thawte Server CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\304\061\013\060\011\006\003\125\004\006\023\002\132\101
@@ -266,16 +287,23 @@ CKA_VALUE MULTILINE_OCTAL
 \100\333\250\314\062\164\271\157\015\306\343\263\104\013\331\212
 \157\232\051\233\231\030\050\073\321\343\100\050\232\132\074\325
 \265\347\040\033\213\312\244\253\215\351\121\331\342\114\054\131
 \251\332\271\262\165\033\366\102\362\357\307\362\030\371\211\274
 \243\377\212\043\056\160\107
 END
 
 # Trust for Certificate "Thawte Server CA"
+# Issuer: E=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Serial Number: 1 (0x1)
+# Subject: E=server-certs@thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Not Valid Before: Thu Aug 01 00:00:00 1996
+# Not Valid After : Thu Dec 31 23:59:59 2020
+# Fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
+# Fingerprint (SHA1): 23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Thawte Server CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \043\345\224\224\121\225\362\101\110\003\264\325\144\322\243\243
 \365\330\213\214
@@ -304,16 +332,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Thawte Premium Server CA"
 #
+# Issuer: E=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Serial Number: 1 (0x1)
+# Subject: E=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Not Valid Before: Thu Aug 01 00:00:00 1996
+# Not Valid After : Thu Dec 31 23:59:59 2020
+# Fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
+# Fingerprint (SHA1): 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Thawte Premium Server CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\316\061\013\060\011\006\003\125\004\006\023\002\132\101
@@ -401,16 +436,23 @@ CKA_VALUE MULTILINE_OCTAL
 \373\301\306\021\037\361\112\260\050\106\311\303\304\102\175\274
 \372\253\131\156\325\267\121\210\021\343\244\205\031\153\202\114
 \244\014\022\255\351\244\256\077\361\303\111\145\232\214\305\310
 \076\045\267\224\231\273\222\062\161\007\360\206\136\355\120\047
 \246\015\246\043\371\273\313\246\007\024\102
 END
 
 # Trust for Certificate "Thawte Premium Server CA"
+# Issuer: E=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Serial Number: 1 (0x1)
+# Subject: E=premium-server@thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
+# Not Valid Before: Thu Aug 01 00:00:00 1996
+# Not Valid After : Thu Dec 31 23:59:59 2020
+# Fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
+# Fingerprint (SHA1): 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Thawte Premium Server CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \142\177\215\170\047\145\143\231\322\175\177\220\104\311\376\263
 \363\076\372\232
@@ -440,16 +482,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Equifax Secure CA"
 #
+# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
+# Serial Number: 903804111 (0x35def4cf)
+# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
+# Not Valid Before: Sat Aug 22 16:41:51 1998
+# Not Valid After : Wed Aug 22 16:41:51 2018
+# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
+# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -519,16 +568,23 @@ CKA_VALUE MULTILINE_OCTAL
 \052\247\043\111\001\004\206\102\173\374\356\177\242\026\122\265
 \147\147\323\100\333\073\046\130\262\050\167\075\256\024\167\141
 \326\372\052\146\047\240\015\372\247\163\134\352\160\361\224\041
 \145\104\137\372\374\357\051\150\251\242\207\171\357\171\357\117
 \254\007\167\070
 END
 
 # Trust for Certificate "Equifax Secure CA"
+# Issuer: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
+# Serial Number: 903804111 (0x35def4cf)
+# Subject: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
+# Not Valid Before: Sat Aug 22 16:41:51 1998
+# Not Valid After : Wed Aug 22 16:41:51 2018
+# Fingerprint (MD5): 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
+# Fingerprint (SHA1): D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \322\062\011\255\043\323\024\043\041\164\344\015\177\235\142\023
 \227\206\143\072
@@ -549,16 +605,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Digital Signature Trust Co. Global CA 1"
 #
+# Issuer: OU=DSTCA E1,O=Digital Signature Trust Co.,C=US
+# Serial Number: 913315222 (0x36701596)
+# Subject: OU=DSTCA E1,O=Digital Signature Trust Co.,C=US
+# Not Valid Before: Thu Dec 10 18:10:23 1998
+# Not Valid After : Mon Dec 10 18:40:23 2018
+# Fingerprint (MD5): 25:7A:BA:83:2E:B6:A2:0B:DA:FE:F5:02:0F:08:D7:AD
+# Fingerprint (SHA1): 81:96:8B:3A:EF:1C:DC:70:F5:FA:32:69:C2:92:A3:63:5B:D1:23:D3
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Digital Signature Trust Co. Global CA 1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\106\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -628,16 +691,23 @@ CKA_VALUE MULTILINE_OCTAL
 \356\202\213\061\052\223\066\205\043\210\212\074\003\150\323\311
 \011\017\115\374\154\244\332\050\162\223\016\211\200\260\175\376
 \200\157\145\155\030\063\227\213\302\153\211\356\140\075\310\233
 \357\177\053\062\142\163\223\313\074\343\173\342\166\170\105\274
 \241\223\004\273\206\237\072\133\103\172\303\212\145
 END
 
 # Trust for Certificate "Digital Signature Trust Co. Global CA 1"
+# Issuer: OU=DSTCA E1,O=Digital Signature Trust Co.,C=US
+# Serial Number: 913315222 (0x36701596)
+# Subject: OU=DSTCA E1,O=Digital Signature Trust Co.,C=US
+# Not Valid Before: Thu Dec 10 18:10:23 1998
+# Not Valid After : Mon Dec 10 18:40:23 2018
+# Fingerprint (MD5): 25:7A:BA:83:2E:B6:A2:0B:DA:FE:F5:02:0F:08:D7:AD
+# Fingerprint (SHA1): 81:96:8B:3A:EF:1C:DC:70:F5:FA:32:69:C2:92:A3:63:5B:D1:23:D3
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Digital Signature Trust Co. Global CA 1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \201\226\213\072\357\034\334\160\365\372\062\151\302\222\243\143
 \133\321\043\323
@@ -658,16 +728,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Digital Signature Trust Co. Global CA 3"
 #
+# Issuer: OU=DSTCA E2,O=Digital Signature Trust Co.,C=US
+# Serial Number: 913232846 (0x366ed3ce)
+# Subject: OU=DSTCA E2,O=Digital Signature Trust Co.,C=US
+# Not Valid Before: Wed Dec 09 19:17:26 1998
+# Not Valid After : Sun Dec 09 19:47:26 2018
+# Fingerprint (MD5): 93:C2:8E:11:7B:D4:F3:03:19:BD:28:75:13:4A:45:4A
+# Fingerprint (SHA1): AB:48:F3:33:DB:04:AB:B9:C0:72:DA:5B:0C:C1:D0:57:F0:36:9B:46
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Digital Signature Trust Co. Global CA 3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\106\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -737,16 +814,23 @@ CKA_VALUE MULTILINE_OCTAL
 \143\335\136\247\342\272\237\365\367\115\245\061\173\234\051\055
 \114\376\144\076\354\266\123\376\352\233\355\202\333\164\165\113
 \007\171\156\036\330\031\203\163\336\365\076\320\265\336\347\113
 \150\175\103\056\052\040\341\176\240\170\104\236\010\365\230\371
 \307\177\033\033\326\006\040\002\130\241\303\242\003
 END
 
 # Trust for Certificate "Digital Signature Trust Co. Global CA 3"
+# Issuer: OU=DSTCA E2,O=Digital Signature Trust Co.,C=US
+# Serial Number: 913232846 (0x366ed3ce)
+# Subject: OU=DSTCA E2,O=Digital Signature Trust Co.,C=US
+# Not Valid Before: Wed Dec 09 19:17:26 1998
+# Not Valid After : Sun Dec 09 19:47:26 2018
+# Fingerprint (MD5): 93:C2:8E:11:7B:D4:F3:03:19:BD:28:75:13:4A:45:4A
+# Fingerprint (SHA1): AB:48:F3:33:DB:04:AB:B9:C0:72:DA:5B:0C:C1:D0:57:F0:36:9B:46
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Digital Signature Trust Co. Global CA 3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \253\110\363\063\333\004\253\271\300\162\332\133\014\301\320\127
 \360\066\233\106
@@ -767,16 +851,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 3 Public Primary Certification Authority"
 #
+# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
+# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
+# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon Jan 29 00:00:00 1996
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
+# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\137\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -836,16 +927,23 @@ CKA_VALUE MULTILINE_OCTAL
 \326\046\300\166\001\127\201\222\136\041\361\321\261\377\347\320
 \041\130\315\151\027\343\104\034\234\031\104\071\211\134\334\234
 \000\017\126\215\002\231\355\242\220\105\114\344\273\020\244\075
 \360\062\003\016\361\316\370\350\311\121\214\346\142\237\346\237
 \300\175\267\162\234\311\066\072\153\237\116\250\377\144\015\144
 END
 
 # Trust for Certificate "Verisign Class 3 Public Primary Certification Authority"
+# Issuer: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
+# Serial Number:70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
+# Subject: OU=Class 3 Public Primary Certification Authority,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon Jan 29 00:00:00 1996
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
+# Fingerprint (SHA1): 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \164\054\061\222\346\007\344\044\353\105\111\124\053\341\273\305
 \076\141\164\342
@@ -869,16 +967,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 1 Public Primary Certification Authority - G2"
 #
+# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 1 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Serial Number:4c:c7:ea:aa:98:3e:71:d3:93:10:f8:3d:3a:89:91:92
+# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 1 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon May 18 00:00:00 1998
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): DB:23:3D:F9:69:FA:4B:B9:95:80:44:73:5E:7D:41:83
+# Fingerprint (SHA1): 27:3E:E1:24:57:FD:C4:F9:0C:55:E8:2B:56:16:7F:62:F5:32:E5:47
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -963,16 +1068,23 @@ CKA_VALUE MULTILINE_OCTAL
 \212\265\335\117\303\233\023\165\270\001\300\346\311\133\153\245
 \270\211\334\254\244\335\162\355\116\241\367\117\274\006\323\352
 \310\144\164\173\302\225\101\234\145\163\130\361\220\232\074\152
 \261\230\311\304\207\274\317\105\155\105\342\156\042\077\376\274
 \017\061\134\350\362\331
 END
 
 # Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G2"
+# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 1 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Serial Number:4c:c7:ea:aa:98:3e:71:d3:93:10:f8:3d:3a:89:91:92
+# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 1 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon May 18 00:00:00 1998
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): DB:23:3D:F9:69:FA:4B:B9:95:80:44:73:5E:7D:41:83
+# Fingerprint (SHA1): 27:3E:E1:24:57:FD:C4:F9:0C:55:E8:2B:56:16:7F:62:F5:32:E5:47
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \047\076\341\044\127\375\304\371\014\125\350\053\126\026\177\142
 \365\062\345\107
@@ -1002,16 +1114,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 2 Public Primary Certification Authority - G2"
 #
+# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
+# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon May 18 00:00:00 1998
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
+# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -1096,16 +1215,23 @@ CKA_VALUE MULTILINE_OCTAL
 \151\157\162\332\154\256\010\360\143\222\067\346\273\304\060\027
 \255\167\314\111\065\252\317\330\217\321\276\267\030\226\107\163
 \152\124\042\064\144\055\266\026\233\131\133\264\121\131\072\263
 \013\024\364\022\337\147\240\364\255\062\144\136\261\106\162\047
 \214\022\173\305\104\264\256
 END
 
 # Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G2"
+# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Serial Number:00:b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
+# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 2 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon May 18 00:00:00 1998
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
+# Fingerprint (SHA1): B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \263\352\304\107\166\311\310\034\352\362\235\225\266\314\240\010
 \033\147\354\235
@@ -1135,16 +1261,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 3 Public Primary Certification Authority - G2"
 #
+# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 3 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Serial Number:7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
+# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 3 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon May 18 00:00:00 1998
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9
+# Fingerprint (SHA1): 85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\301\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -1229,16 +1362,23 @@ CKA_VALUE MULTILINE_OCTAL
 \271\021\144\164\314\265\163\237\034\110\251\274\141\001\356\342
 \027\246\014\343\100\010\073\016\347\353\104\163\052\232\361\151
 \222\357\161\024\303\071\254\161\247\221\011\157\344\161\006\263
 \272\131\127\046\171\000\366\370\015\242\063\060\050\324\252\130
 \240\235\235\151\221\375
 END
 
 # Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G2"
+# Issuer: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 3 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Serial Number:7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
+# Subject: OU=VeriSign Trust Network,OU="(c) 1998 VeriSign, Inc. - For authorized use only",OU=Class 3 Public Primary Certification Authority - G2,O="VeriSign, Inc.",C=US
+# Not Valid Before: Mon May 18 00:00:00 1998
+# Not Valid After : Tue Aug 01 23:59:59 2028
+# Fingerprint (MD5): A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9
+# Fingerprint (SHA1): 85:37:1C:A6:E5:50:14:3D:CE:28:03:47:1B:DE:3A:09:E8:F8:77:0F
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \205\067\034\246\345\120\024\075\316\050\003\107\033\336\072\011
 \350\370\167\017
@@ -1268,16 +1408,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GlobalSign Root CA"
 #
+# Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
+# Serial Number:04:00:00:00:00:01:15:4b:5a:c3:94
+# Subject: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
+# Not Valid Before: Tue Sep 01 12:00:00 1998
+# Not Valid After : Fri Jan 28 12:00:00 2028
+# Fingerprint (MD5): 3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A
+# Fingerprint (SHA1): B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GlobalSign Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\127\061\013\060\011\006\003\125\004\006\023\002\102\105\061
@@ -1354,16 +1501,23 @@ CKA_VALUE MULTILINE_OCTAL
 \014\252\202\344\231\121\335\160\267\333\126\075\141\344\152\341
 \134\326\366\376\075\336\101\314\007\256\143\122\277\123\123\364
 \053\351\307\375\266\367\202\137\205\322\101\030\333\201\263\004
 \034\305\037\244\200\157\025\040\311\336\014\210\012\035\326\146
 \125\342\374\110\311\051\046\151\340
 END
 
 # Trust for Certificate "GlobalSign Root CA"
+# Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
+# Serial Number:04:00:00:00:00:01:15:4b:5a:c3:94
+# Subject: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
+# Not Valid Before: Tue Sep 01 12:00:00 1998
+# Not Valid After : Fri Jan 28 12:00:00 2028
+# Fingerprint (MD5): 3E:45:52:15:09:51:92:E1:B7:5D:37:9F:B1:87:29:8A
+# Fingerprint (SHA1): B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GlobalSign Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \261\274\226\213\324\364\235\142\052\250\232\201\362\025\001\122
 \244\035\202\234
@@ -1385,16 +1539,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GlobalSign Root CA - R2"
 #
+# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+# Serial Number:04:00:00:00:00:01:0f:86:26:e6:0d
+# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+# Not Valid Before: Fri Dec 15 08:00:00 2006
+# Not Valid After : Wed Dec 15 08:00:00 2021
+# Fingerprint (MD5): 94:14:77:7E:3E:5E:FD:8F:30:BD:41:B0:CF:E7:D0:30
+# Fingerprint (SHA1): 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GlobalSign Root CA - R2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\114\061\040\060\036\006\003\125\004\013\023\027\107\154\157
@@ -1473,16 +1634,23 @@ CKA_VALUE MULTILINE_OCTAL
 \301\377\357\253\156\040\304\120\311\137\235\115\233\027\214\014
 \345\001\311\240\101\152\163\123\372\245\120\264\156\045\017\373
 \114\030\364\375\122\331\216\151\261\350\021\017\336\210\330\373
 \035\111\367\252\336\225\317\040\170\302\140\022\333\045\100\214
 \152\374\176\102\070\100\144\022\367\236\201\341\223\056
 END
 
 # Trust for Certificate "GlobalSign Root CA - R2"
+# Issuer: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+# Serial Number:04:00:00:00:00:01:0f:86:26:e6:0d
+# Subject: CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R2
+# Not Valid Before: Fri Dec 15 08:00:00 2006
+# Not Valid After : Wed Dec 15 08:00:00 2021
+# Fingerprint (MD5): 94:14:77:7E:3E:5E:FD:8F:30:BD:41:B0:CF:E7:D0:30
+# Fingerprint (SHA1): 75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GlobalSign Root CA - R2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \165\340\253\266\023\205\022\047\034\004\370\137\335\336\070\344
 \267\044\056\376
@@ -1503,16 +1671,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "ValiCert Class 1 VA"
 #
+# Issuer: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 1 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Serial Number: 1 (0x1)
+# Subject: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 1 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Not Valid Before: Fri Jun 25 22:23:48 1999
+# Not Valid After : Tue Jun 25 22:23:48 2019
+# Fingerprint (MD5): 65:58:AB:15:AD:57:6C:1E:A8:A7:B5:69:AC:BF:FF:EB
+# Fingerprint (SHA1): E5:DF:74:3C:B6:01:C4:9B:98:43:DC:AB:8C:E8:6A:81:10:9F:E4:8E
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "ValiCert Class 1 VA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\273\061\044\060\042\006\003\125\004\007\023\033\126\141
@@ -1592,16 +1767,23 @@ CKA_VALUE MULTILINE_OCTAL
 \043\313\050\201\062\303\000\171\030\354\131\027\211\311\306\152
 \036\161\311\375\267\164\245\045\105\151\305\110\253\031\341\105
 \212\045\153\031\356\345\273\022\365\177\367\246\215\121\303\360
 \235\164\267\251\076\240\245\377\266\111\003\023\332\042\314\355
 \161\202\053\231\317\072\267\365\055\162\310
 END
 
 # Trust for Certificate "ValiCert Class 1 VA"
+# Issuer: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 1 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Serial Number: 1 (0x1)
+# Subject: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 1 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Not Valid Before: Fri Jun 25 22:23:48 1999
+# Not Valid After : Tue Jun 25 22:23:48 2019
+# Fingerprint (MD5): 65:58:AB:15:AD:57:6C:1E:A8:A7:B5:69:AC:BF:FF:EB
+# Fingerprint (SHA1): E5:DF:74:3C:B6:01:C4:9B:98:43:DC:AB:8C:E8:6A:81:10:9F:E4:8E
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "ValiCert Class 1 VA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \345\337\164\074\266\001\304\233\230\103\334\253\214\350\152\201
 \020\237\344\216
@@ -1629,16 +1811,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "ValiCert Class 2 VA"
 #
+# Issuer: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Serial Number: 1 (0x1)
+# Subject: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Not Valid Before: Sat Jun 26 00:19:54 1999
+# Not Valid After : Wed Jun 26 00:19:54 2019
+# Fingerprint (MD5): A9:23:75:9B:BA:49:36:6E:31:C2:DB:F2:E7:66:BA:87
+# Fingerprint (SHA1): 31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "ValiCert Class 2 VA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\273\061\044\060\042\006\003\125\004\007\023\033\126\141
@@ -1718,16 +1907,23 @@ CKA_VALUE MULTILINE_OCTAL
 \041\201\031\240\062\111\050\364\304\216\126\325\122\063\375\120
 \325\176\231\154\003\344\311\114\374\313\154\253\146\263\112\041
 \214\345\265\014\062\076\020\262\314\154\241\334\232\230\114\002
 \133\363\316\271\236\245\162\016\112\267\077\074\346\026\150\370
 \276\355\164\114\274\133\325\142\037\103\335
 END
 
 # Trust for Certificate "ValiCert Class 2 VA"
+# Issuer: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Serial Number: 1 (0x1)
+# Subject: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 2 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Not Valid Before: Sat Jun 26 00:19:54 1999
+# Not Valid After : Wed Jun 26 00:19:54 2019
+# Fingerprint (MD5): A9:23:75:9B:BA:49:36:6E:31:C2:DB:F2:E7:66:BA:87
+# Fingerprint (SHA1): 31:7A:2A:D0:7F:2B:33:5E:F5:A1:C3:4E:4B:57:E8:B7:D8:F1:FC:A6
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "ValiCert Class 2 VA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \061\172\052\320\177\053\063\136\365\241\303\116\113\127\350\267
 \330\361\374\246
@@ -1755,16 +1951,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "RSA Root Certificate 1"
 #
+# Issuer: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 3 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Serial Number: 1 (0x1)
+# Subject: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 3 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Not Valid Before: Sat Jun 26 00:22:33 1999
+# Not Valid After : Wed Jun 26 00:22:33 2019
+# Fingerprint (MD5): A2:6F:53:B7:EE:40:DB:4A:68:E7:FA:18:D9:10:4B:72
+# Fingerprint (SHA1): 69:BD:8C:F4:9C:D3:00:FB:59:2E:17:93:CA:55:6A:F3:EC:AA:35:FB
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "RSA Root Certificate 1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\273\061\044\060\042\006\003\125\004\007\023\033\126\141
@@ -1844,16 +2047,23 @@ CKA_VALUE MULTILINE_OCTAL
 \237\105\256\074\212\251\260\161\063\135\310\305\127\337\257\250
 \065\263\177\211\207\351\350\045\222\270\177\205\172\256\326\274
 \036\067\130\052\147\311\221\317\052\201\076\355\306\071\337\300
 \076\031\234\031\314\023\115\202\101\265\214\336\340\075\140\010
 \040\017\105\176\153\242\177\243\214\025\356
 END
 
 # Trust for Certificate "RSA Root Certificate 1"
+# Issuer: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 3 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Serial Number: 1 (0x1)
+# Subject: E=info@valicert.com,CN=http://www.valicert.com/,OU=ValiCert Class 3 Policy Validation Authority,O="ValiCert, Inc.",L=ValiCert Validation Network
+# Not Valid Before: Sat Jun 26 00:22:33 1999
+# Not Valid After : Wed Jun 26 00:22:33 2019
+# Fingerprint (MD5): A2:6F:53:B7:EE:40:DB:4A:68:E7:FA:18:D9:10:4B:72
+# Fingerprint (SHA1): 69:BD:8C:F4:9C:D3:00:FB:59:2E:17:93:CA:55:6A:F3:EC:AA:35:FB
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "RSA Root Certificate 1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \151\275\214\364\234\323\000\373\131\056\027\223\312\125\152\363
 \354\252\065\373
@@ -1881,16 +2091,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
 #
+# Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
+# Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73
+# Fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -1992,16 +2209,23 @@ CKA_VALUE MULTILINE_OCTAL
 \274\070\335\260\056\021\261\153\262\102\314\232\274\371\110\042
 \171\112\031\017\262\034\076\040\164\331\152\303\276\362\050\170
 \023\126\171\117\155\120\352\033\260\265\127\261\067\146\130\043
 \363\334\017\337\012\207\304\357\206\005\325\070\024\140\231\243
 \113\336\006\226\161\054\362\333\266\037\244\357\077\356
 END
 
 # Trust for Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
+# Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
+# Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73
+# Fingerprint (SHA1): 20:42:85:DC:F7:EB:76:41:95:57:8E:13:6B:D4:B7:D1:E9:8E:46:A5
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 1 Public Primary Certification Authority - G3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \040\102\205\334\367\353\166\101\225\127\216\023\153\324\267\321
 \351\216\106\245
@@ -2031,16 +2255,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
 #
+# Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
+# Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6
+# Fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -2142,16 +2373,23 @@ CKA_VALUE MULTILINE_OCTAL
 \106\043\071\124\365\216\142\011\004\035\224\220\246\233\346\045
 \342\102\105\252\270\220\255\276\010\217\251\013\102\030\224\317
 \162\071\341\261\103\340\050\317\267\347\132\154\023\153\111\263
 \377\343\030\174\211\213\063\135\254\063\327\247\371\332\072\125
 \311\130\020\371\252\357\132\266\317\113\113\337\052
 END
 
 # Trust for Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
+# Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
+# Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6
+# Fingerprint (SHA1): 61:EF:43:D7:7F:CA:D4:61:51:BC:98:E0:C3:59:12:AF:9F:EB:63:11
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 2 Public Primary Certification Authority - G3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \141\357\103\327\177\312\324\141\121\274\230\340\303\131\022\257
 \237\353\143\021
@@ -2181,16 +2419,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
 #
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
+# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -2292,16 +2537,23 @@ CKA_VALUE MULTILINE_OCTAL
 \124\000\317\360\361\301\307\230\060\032\073\066\026\333\243\156
 \352\375\255\262\302\332\357\002\107\023\212\300\361\263\061\255
 \117\034\341\117\234\257\017\014\235\367\170\015\330\364\065\126
 \200\332\267\155\027\217\235\036\201\144\341\376\305\105\272\255
 \153\271\012\172\116\117\113\204\356\113\361\175\335\021
 END
 
 # Trust for Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
+# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 3 Public Primary Certification Authority - G3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \023\055\015\105\123\113\151\227\315\262\325\303\071\342\125\166
 \140\233\134\306
@@ -2331,16 +2583,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Verisign Class 4 Public Primary Certification Authority - G3"
 #
+# Issuer: CN=VeriSign Class 4 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
+# Subject: CN=VeriSign Class 4 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): DB:C8:F2:27:2E:B1:EA:6A:29:23:5D:FE:56:3E:33:DF
+# Fingerprint (SHA1): C8:EC:8C:87:92:69:CB:4B:AB:39:E9:8D:7E:57:67:F3:14:95:73:9D
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 4 Public Primary Certification Authority - G3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -2442,16 +2701,23 @@ CKA_VALUE MULTILINE_OCTAL
 \056\203\106\110\262\327\040\137\222\066\217\347\171\017\230\136
 \231\350\360\320\244\273\365\123\275\052\316\131\260\257\156\177
 \154\273\322\036\000\260\041\355\370\101\142\202\271\330\262\304
 \273\106\120\363\061\305\217\001\250\164\353\365\170\047\332\347
 \367\146\103\363\236\203\076\040\252\303\065\140\221\316
 END
 
 # Trust for Certificate "Verisign Class 4 Public Primary Certification Authority - G3"
+# Issuer: CN=VeriSign Class 4 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:00:ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
+# Subject: CN=VeriSign Class 4 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Fri Oct 01 00:00:00 1999
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): DB:C8:F2:27:2E:B1:EA:6A:29:23:5D:FE:56:3E:33:DF
+# Fingerprint (SHA1): C8:EC:8C:87:92:69:CB:4B:AB:39:E9:8D:7E:57:67:F3:14:95:73:9D
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Verisign Class 4 Public Primary Certification Authority - G3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \310\354\214\207\222\151\313\113\253\071\351\215\176\127\147\363
 \024\225\163\235
@@ -2481,16 +2747,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Entrust.net Secure Server CA"
 #
+# Issuer: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US
+# Serial Number: 927650371 (0x374ad243)
+# Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US
+# Not Valid Before: Tue May 25 16:09:40 1999
+# Not Valid After : Sat May 25 16:39:40 2019
+# Fingerprint (MD5): DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
+# Fingerprint (SHA1): 99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Entrust.net Secure Server CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\303\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -2603,16 +2876,23 @@ CKA_VALUE MULTILINE_OCTAL
 \310\061\306\347\356\077\343\127\165\204\172\021\357\106\117\030
 \364\323\230\273\250\207\062\272\162\366\074\342\075\237\327\035
 \331\303\140\103\214\130\016\042\226\057\142\243\054\037\272\255
 \005\357\253\062\170\207\240\124\163\031\265\134\005\371\122\076
 \155\055\105\013\367\012\223\352\355\006\371\262
 END
 
 # Trust for Certificate "Entrust.net Secure Server CA"
+# Issuer: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US
+# Serial Number: 927650371 (0x374ad243)
+# Subject: CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US
+# Not Valid Before: Tue May 25 16:09:40 1999
+# Not Valid After : Sat May 25 16:39:40 2019
+# Fingerprint (MD5): DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
+# Fingerprint (SHA1): 99:A6:9B:E6:1A:FE:88:6B:4D:2B:82:00:7C:B8:54:FC:31:7E:15:39
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Entrust.net Secure Server CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \231\246\233\346\032\376\210\153\115\053\202\000\174\270\124\374
 \061\176\025\071
@@ -2801,16 +3081,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Baltimore CyberTrust Root"
 #
+# Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
+# Serial Number: 33554617 (0x20000b9)
+# Subject: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
+# Not Valid Before: Fri May 12 18:46:00 2000
+# Not Valid After : Mon May 12 23:59:00 2025
+# Fingerprint (MD5): AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
+# Fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Baltimore CyberTrust Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061
@@ -2887,16 +3174,23 @@ CKA_VALUE MULTILINE_OCTAL
 \222\302\342\343\026\215\232\062\002\253\216\030\335\351\020\021
 \356\176\065\253\220\257\076\060\224\172\320\063\075\247\145\017
 \365\374\216\236\142\317\107\104\054\001\135\273\035\265\062\322
 \107\322\070\056\320\376\201\334\062\152\036\265\356\074\325\374
 \347\201\035\031\303\044\102\352\143\071\251
 END
 
 # Trust for Certificate "Baltimore CyberTrust Root"
+# Issuer: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
+# Serial Number: 33554617 (0x20000b9)
+# Subject: CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
+# Not Valid Before: Fri May 12 18:46:00 2000
+# Not Valid After : Mon May 12 23:59:00 2025
+# Fingerprint (MD5): AC:B6:94:A5:9C:17:E0:D7:91:52:9B:B1:97:06:A6:E4
+# Fingerprint (SHA1): D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Baltimore CyberTrust Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \324\336\040\320\136\146\374\123\376\032\120\210\054\170\333\050
 \122\312\344\164
@@ -2918,16 +3212,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Equifax Secure Global eBusiness CA"
 #
+# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Not Valid Before: Mon Jun 21 04:00:00 1999
+# Not Valid After : Sun Jun 21 04:00:00 2020
+# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
+# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure Global eBusiness CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -2990,16 +3291,23 @@ CKA_VALUE MULTILINE_OCTAL
 \243\100\342\001\212\357\047\007\361\145\001\212\104\055\006\145
 \165\122\300\206\020\040\041\137\154\153\017\154\256\011\034\257
 \362\242\030\064\304\165\244\163\034\361\215\334\357\255\371\263
 \166\264\222\277\334\225\020\036\276\313\310\073\132\204\140\031
 \126\224\251\125
 END
 
 # Trust for Certificate "Equifax Secure Global eBusiness CA"
+# Issuer: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Not Valid Before: Mon Jun 21 04:00:00 1999
+# Not Valid After : Sun Jun 21 04:00:00 2020
+# Fingerprint (MD5): 8F:5D:77:06:27:C4:98:3C:5B:93:78:E7:D7:7D:9B:CC
+# Fingerprint (SHA1): 7E:78:4A:10:1C:82:65:CC:2D:E1:F1:6D:47:B4:40:CA:D9:0A:19:45
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure Global eBusiness CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \176\170\112\020\034\202\145\314\055\341\361\155\107\264\100\312
 \331\012\031\105
@@ -3021,16 +3329,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Equifax Secure eBusiness CA 1"
 #
+# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 4 (0x4)
+# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Not Valid Before: Mon Jun 21 04:00:00 1999
+# Not Valid After : Sun Jun 21 04:00:00 2020
+# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
+# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure eBusiness CA 1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\123\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -3092,16 +3407,23 @@ CKA_VALUE MULTILINE_OCTAL
 \130\036\107\207\124\076\130\241\265\265\370\052\357\161\347\274
 \303\366\261\111\106\342\327\240\153\345\126\172\232\047\230\174
 \106\142\024\347\311\374\156\003\022\171\200\070\035\110\202\215
 \374\027\376\052\226\053\265\142\246\246\075\275\177\222\131\315
 \132\052\202\262\067\171
 END
 
 # Trust for Certificate "Equifax Secure eBusiness CA 1"
+# Issuer: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Serial Number: 4 (0x4)
+# Subject: CN=Equifax Secure eBusiness CA-1,O=Equifax Secure Inc.,C=US
+# Not Valid Before: Mon Jun 21 04:00:00 1999
+# Not Valid After : Sun Jun 21 04:00:00 2020
+# Fingerprint (MD5): 64:9C:EF:2E:44:FC:C6:8F:52:07:D0:51:73:8F:CB:3D
+# Fingerprint (SHA1): DA:40:18:8B:91:89:A3:ED:EE:AE:DA:97:FE:2F:9D:F5:B7:D1:8A:41
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure eBusiness CA 1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \332\100\030\213\221\211\243\355\356\256\332\227\376\057\235\365
 \267\321\212\101
@@ -3123,16 +3445,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "AddTrust Low-Value Services Root"
 #
+# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:38:31 2000
+# Not Valid After : Sat May 30 10:38:31 2020
+# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
+# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust Low-Value Services Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061
@@ -3221,16 +3550,23 @@ CKA_VALUE MULTILINE_OCTAL
 \062\312\173\306\343\253\144\106\225\370\046\151\331\125\203\173
 \054\226\007\377\131\054\104\243\306\345\351\251\334\241\143\200
 \132\041\136\041\317\123\124\360\272\157\211\333\250\252\225\317
 \213\343\161\314\036\033\040\104\010\300\172\266\100\375\304\344
 \065\341\035\026\034\320\274\053\216\326\161\331
 END
 
 # Trust for Certificate "AddTrust Low-Value Services Root"
+# Issuer: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:38:31 2000
+# Not Valid After : Sat May 30 10:38:31 2020
+# Fingerprint (MD5): 1E:42:95:02:33:92:6B:B9:5F:C0:7F:DA:D6:B2:4B:FC
+# Fingerprint (SHA1): CC:AB:0E:A0:4C:23:01:D6:69:7B:DD:37:9F:CD:12:EB:24:E3:94:9D
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust Low-Value Services Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \314\253\016\240\114\043\001\326\151\173\335\067\237\315\022\353
 \044\343\224\235
@@ -3253,16 +3589,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "AddTrust External Root"
 #
+# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:48:38 2000
+# Not Valid After : Sat May 30 10:48:38 2020
+# Fingerprint (MD5): 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F
+# Fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust External Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061
@@ -3355,16 +3698,23 @@ CKA_VALUE MULTILINE_OCTAL
 \163\210\077\126\033\061\070\030\264\161\017\232\315\310\016\236
 \216\056\033\341\214\230\203\313\037\061\361\104\114\306\004\163
 \111\166\140\017\307\370\275\027\200\153\056\351\314\114\016\132
 \232\171\017\040\012\056\325\236\143\046\036\125\222\224\330\202
 \027\132\173\320\274\307\217\116\206\004
 END
 
 # Trust for Certificate "AddTrust External Root"
+# Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:48:38 2000
+# Not Valid After : Sat May 30 10:48:38 2020
+# Fingerprint (MD5): 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F
+# Fingerprint (SHA1): 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust External Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \002\372\363\342\221\103\124\150\140\170\127\151\115\365\344\133
 \150\205\030\150
@@ -3388,16 +3738,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "AddTrust Public Services Root"
 #
+# Issuer: CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:41:50 2000
+# Not Valid After : Sat May 30 10:41:50 2020
+# Fingerprint (MD5): C1:62:3E:23:C5:82:73:9C:03:59:4B:2B:E9:77:49:7F
+# Fingerprint (SHA1): 2A:B6:28:48:5E:78:FB:F3:AD:9E:79:10:DD:6B:DF:99:72:2C:96:E5
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust Public Services Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\144\061\013\060\011\006\003\125\004\006\023\002\123\105\061
@@ -3486,16 +3843,23 @@ CKA_VALUE MULTILINE_OCTAL
 \200\045\022\141\001\250\044\023\160\000\021\046\137\372\065\120
 \305\110\314\006\107\350\047\330\160\215\137\144\346\241\104\046
 \136\042\354\222\315\377\102\232\104\041\155\134\305\343\042\035
 \137\107\022\347\316\137\135\372\330\252\261\063\055\331\166\362
 \116\072\063\014\053\263\055\220\006
 END
 
 # Trust for Certificate "AddTrust Public Services Root"
+# Issuer: CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Public CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:41:50 2000
+# Not Valid After : Sat May 30 10:41:50 2020
+# Fingerprint (MD5): C1:62:3E:23:C5:82:73:9C:03:59:4B:2B:E9:77:49:7F
+# Fingerprint (SHA1): 2A:B6:28:48:5E:78:FB:F3:AD:9E:79:10:DD:6B:DF:99:72:2C:96:E5
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust Public Services Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \052\266\050\110\136\170\373\363\255\236\171\020\335\153\337\231
 \162\054\226\345
@@ -3518,16 +3882,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "AddTrust Qualified Certificates Root"
 #
+# Issuer: CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:44:50 2000
+# Not Valid After : Sat May 30 10:44:50 2020
+# Fingerprint (MD5): 27:EC:39:47:CD:DA:5A:AF:E2:9A:01:65:21:A9:4C:BB
+# Fingerprint (SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust Qualified Certificates Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\147\061\013\060\011\006\003\125\004\006\023\002\123\105\061
@@ -3617,16 +3988,23 @@ CKA_VALUE MULTILINE_OCTAL
 \365\160\105\260\334\135\372\366\162\132\167\322\143\315\317\130
 \211\000\102\143\077\171\071\320\104\260\202\156\101\031\350\335
 \340\301\210\132\321\036\161\223\037\044\060\164\345\036\250\336
 \074\047\067\177\203\256\236\167\317\360\060\261\377\113\231\350
 \306\241
 END
 
 # Trust for Certificate "AddTrust Qualified Certificates Root"
+# Issuer: CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Serial Number: 1 (0x1)
+# Subject: CN=AddTrust Qualified CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
+# Not Valid Before: Tue May 30 10:44:50 2000
+# Not Valid After : Sat May 30 10:44:50 2020
+# Fingerprint (MD5): 27:EC:39:47:CD:DA:5A:AF:E2:9A:01:65:21:A9:4C:BB
+# Fingerprint (SHA1): 4D:23:78:EC:91:95:39:B5:00:7F:75:8F:03:3B:21:1E:C5:4D:8B:CF
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "AddTrust Qualified Certificates Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \115\043\170\354\221\225\071\265\000\177\165\217\003\073\041\036
 \305\115\213\317
@@ -3649,16 +4027,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Entrust Root Certification Authority"
 #
+# Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
+# Serial Number: 1164660820 (0x456b5054)
+# Subject: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
+# Not Valid Before: Mon Nov 27 20:23:42 2006
+# Not Valid After : Fri Nov 27 20:53:42 2026
+# Fingerprint (MD5): D6:A5:C3:ED:5D:DD:3E:00:C1:3D:87:92:1F:1D:3F:E4
+# Fingerprint (SHA1): B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Entrust Root Certification Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\260\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -3765,16 +4150,23 @@ CKA_VALUE MULTILINE_OCTAL
 \172\356\205\112\247\120\200\360\247\134\112\224\056\137\005\231
 \074\122\101\340\315\264\143\317\001\103\272\234\203\334\217\140
 \073\363\132\264\264\173\256\332\013\220\070\165\357\201\035\146
 \322\367\127\160\066\263\277\374\050\257\161\045\205\133\023\376
 \036\177\132\264\074
 END
 
 # Trust for Certificate "Entrust Root Certification Authority"
+# Issuer: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
+# Serial Number: 1164660820 (0x456b5054)
+# Subject: CN=Entrust Root Certification Authority,OU="(c) 2006 Entrust, Inc.",OU=www.entrust.net/CPS is incorporated by reference,O="Entrust, Inc.",C=US
+# Not Valid Before: Mon Nov 27 20:23:42 2006
+# Not Valid After : Fri Nov 27 20:53:42 2026
+# Fingerprint (MD5): D6:A5:C3:ED:5D:DD:3E:00:C1:3D:87:92:1F:1D:3F:E4
+# Fingerprint (SHA1): B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Entrust Root Certification Authority"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \263\036\261\267\100\343\154\204\002\332\334\067\324\115\365\324
 \147\111\122\371
@@ -3802,16 +4194,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "RSA Security 2048 v3"
 #
+# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc
+# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02
+# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc
+# Not Valid Before: Thu Feb 22 20:39:23 2001
+# Not Valid After : Sun Feb 22 20:39:23 2026
+# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E
+# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "RSA Security 2048 v3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101
@@ -3884,16 +4283,23 @@ CKA_VALUE MULTILINE_OCTAL
 \045\102\164\005\200\050\277\275\301\044\226\130\025\261\027\041
 \351\211\113\333\007\210\147\364\025\255\160\076\057\115\205\073
 \302\267\333\376\230\150\043\211\341\164\017\336\364\305\204\143
 \051\033\314\313\007\311\000\244\251\327\302\042\117\147\327\167
 \354\040\005\141\336
 END
 
 # Trust for Certificate "RSA Security 2048 v3"
+# Issuer: OU=RSA Security 2048 V3,O=RSA Security Inc
+# Serial Number:0a:01:01:01:00:00:02:7c:00:00:00:0a:00:00:00:02
+# Subject: OU=RSA Security 2048 V3,O=RSA Security Inc
+# Not Valid Before: Thu Feb 22 20:39:23 2001
+# Not Valid After : Sun Feb 22 20:39:23 2026
+# Fingerprint (MD5): 77:0D:19:B1:21:FD:00:42:9C:3E:0C:A5:DD:0B:02:8E
+# Fingerprint (SHA1): 25:01:90:19:CF:FB:D9:99:1C:B7:68:25:74:8D:94:5F:30:93:95:42
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "RSA Security 2048 v3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \045\001\220\031\317\373\331\231\034\267\150\045\164\215\224\137
 \060\223\225\102
@@ -3914,16 +4320,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GeoTrust Global CA"
 #
+# Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
+# Serial Number: 144470 (0x23456)
+# Subject: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
+# Not Valid Before: Tue May 21 04:00:00 2002
+# Not Valid After : Sat May 21 04:00:00 2022
+# Fingerprint (MD5): F7:75:AB:29:FB:51:4E:B7:77:5E:FF:05:3C:99:8E:F5
+# Fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Global CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -3996,16 +4409,23 @@ CKA_VALUE MULTILINE_OCTAL
 \256\071\246\152\164\351\332\304\347\274\115\064\036\251\134\115
 \063\137\222\011\057\210\146\135\167\227\307\035\166\023\251\325
 \345\361\026\011\021\065\325\254\333\044\161\160\054\230\126\013
 \331\027\264\321\343\121\053\136\165\350\325\320\334\117\064\355
 \302\005\146\200\241\313\346\063
 END
 
 # Trust for Certificate "GeoTrust Global CA"
+# Issuer: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
+# Serial Number: 144470 (0x23456)
+# Subject: CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
+# Not Valid Before: Tue May 21 04:00:00 2002
+# Not Valid After : Sat May 21 04:00:00 2022
+# Fingerprint (MD5): F7:75:AB:29:FB:51:4E:B7:77:5E:FF:05:3C:99:8E:F5
+# Fingerprint (SHA1): DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Global CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \336\050\364\244\377\345\271\057\243\305\003\321\243\111\247\371
 \226\052\202\022
@@ -4026,16 +4446,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GeoTrust Global CA 2"
 #
+# Issuer: CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Mon Mar 04 05:00:00 2019
+# Fingerprint (MD5): 0E:40:A7:6C:DE:03:5D:8F:D1:0F:E4:D1:8D:F9:6C:A9
+# Fingerprint (SHA1): A9:E9:78:08:14:37:58:88:F2:05:19:B0:6D:2B:0D:2B:60:16:90:7D
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Global CA 2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\104\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -4109,16 +4536,23 @@ CKA_VALUE MULTILINE_OCTAL
 \000\315\111\271\263\154\173\123\004\032\342\250\311\252\022\005
 \043\302\316\347\273\004\002\314\300\107\242\344\304\051\057\133
 \105\127\211\121\356\074\353\122\010\377\007\065\036\237\065\152
 \107\112\126\230\321\132\205\037\214\365\042\277\253\316\203\363
 \342\042\051\256\175\203\100\250\272\154
 END
 
 # Trust for Certificate "GeoTrust Global CA 2"
+# Issuer: CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Global CA 2,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Mon Mar 04 05:00:00 2019
+# Fingerprint (MD5): 0E:40:A7:6C:DE:03:5D:8F:D1:0F:E4:D1:8D:F9:6C:A9
+# Fingerprint (SHA1): A9:E9:78:08:14:37:58:88:F2:05:19:B0:6D:2B:0D:2B:60:16:90:7D
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Global CA 2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \251\351\170\010\024\067\130\210\362\005\031\260\155\053\015\053
 \140\026\220\175
@@ -4139,16 +4573,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GeoTrust Universal CA"
 #
+# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Sun Mar 04 05:00:00 2029
+# Fingerprint (MD5): 92:65:58:8B:A2:1A:31:72:73:68:5C:B4:A5:7A:07:48
+# Fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Universal CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\105\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -4254,16 +4695,23 @@ CKA_VALUE MULTILINE_OCTAL
 \317\265\135\353\333\333\034\304\166\337\210\271\275\105\005\225
 \033\256\374\106\152\114\257\110\343\316\256\017\322\176\353\346
 \154\234\117\201\152\172\144\254\273\076\325\347\313\166\056\305
 \247\110\301\134\220\017\313\310\077\372\346\062\341\215\033\157
 \244\346\216\330\371\051\110\212\316\163\376\054
 END
 
 # Trust for Certificate "GeoTrust Universal CA"
+# Issuer: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Universal CA,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Sun Mar 04 05:00:00 2029
+# Fingerprint (MD5): 92:65:58:8B:A2:1A:31:72:73:68:5C:B4:A5:7A:07:48
+# Fingerprint (SHA1): E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Universal CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \346\041\363\065\103\171\005\232\113\150\060\235\212\057\164\042
 \025\207\354\171
@@ -4284,16 +4732,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GeoTrust Universal CA 2"
 #
+# Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Sun Mar 04 05:00:00 2029
+# Fingerprint (MD5): 34:FC:B8:D0:36:DB:9E:14:B3:C2:F2:DB:8F:E4:94:C7
+# Fingerprint (SHA1): 37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Universal CA 2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\107\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -4399,16 +4854,23 @@ CKA_VALUE MULTILINE_OCTAL
 \175\231\364\061\366\161\251\317\054\001\047\245\005\271\252\262
 \110\116\052\357\237\223\122\121\225\074\122\163\216\126\114\027
 \100\300\011\050\344\213\152\110\123\333\354\315\125\125\361\306
 \370\351\242\054\114\246\321\046\137\176\257\132\114\332\037\246
 \362\034\054\176\256\002\026\322\126\320\057\127\123\107\350\222
 END
 
 # Trust for Certificate "GeoTrust Universal CA 2"
+# Issuer: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=GeoTrust Universal CA 2,O=GeoTrust Inc.,C=US
+# Not Valid Before: Thu Mar 04 05:00:00 2004
+# Not Valid After : Sun Mar 04 05:00:00 2029
+# Fingerprint (MD5): 34:FC:B8:D0:36:DB:9E:14:B3:C2:F2:DB:8F:E4:94:C7
+# Fingerprint (SHA1): 37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Universal CA 2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \067\232\031\173\101\205\105\065\014\246\003\151\363\074\056\257
 \107\117\040\171
@@ -4429,16 +4891,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "UTN-USER First-Network Applications"
 #
+# Issuer: CN=UTN-USERFirst-Network Applications,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:30:4b:c0:33:77
+# Subject: CN=UTN-USERFirst-Network Applications,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:48:39 1999
+# Not Valid After : Tue Jul 09 18:57:49 2019
+# Fingerprint (MD5): BF:60:59:A3:5B:BA:F6:A7:76:42:DA:6F:1A:7B:50:CF
+# Fingerprint (SHA1): 5D:98:9C:DB:15:96:11:36:51:65:64:1B:56:0F:DB:EA:2A:C2:3E:F1
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN-USER First-Network Applications"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\243\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -4541,16 +5010,23 @@ CKA_VALUE MULTILINE_OCTAL
 \140\105\235\361\043\232\260\000\234\150\265\230\120\323\357\216
 \056\222\145\261\110\076\041\276\025\060\052\015\265\014\243\153
 \077\256\177\127\365\037\226\174\337\157\335\202\060\054\145\033
 \100\112\315\150\271\162\354\161\166\354\124\216\037\205\014\001
 \152\372\246\070\254\037\304\204
 END
 
 # Trust for Certificate "UTN-USER First-Network Applications"
+# Issuer: CN=UTN-USERFirst-Network Applications,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:30:4b:c0:33:77
+# Subject: CN=UTN-USERFirst-Network Applications,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:48:39 1999
+# Not Valid After : Tue Jul 09 18:57:49 2019
+# Fingerprint (MD5): BF:60:59:A3:5B:BA:F6:A7:76:42:DA:6F:1A:7B:50:CF
+# Fingerprint (SHA1): 5D:98:9C:DB:15:96:11:36:51:65:64:1B:56:0F:DB:EA:2A:C2:3E:F1
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN-USER First-Network Applications"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \135\230\234\333\025\226\021\066\121\145\144\033\126\017\333\352
 \052\302\076\361
@@ -4578,16 +5054,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "America Online Root Certification Authority 1"
 #
+# Issuer: CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US
+# Not Valid Before: Tue May 28 06:00:00 2002
+# Not Valid After : Thu Nov 19 20:43:00 2037
+# Fingerprint (MD5): 14:F1:08:AD:9D:FA:64:E2:89:E7:1C:CF:A8:AD:7D:5E
+# Fingerprint (SHA1): 39:21:C1:15:C1:5D:0E:CA:5C:CB:5B:C4:F0:7D:21:D8:05:0B:56:6A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "America Online Root Certification Authority 1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -4669,16 +5152,23 @@ CKA_VALUE MULTILINE_OCTAL
 \060\306\307\065\206\263\371\226\137\106\333\014\105\375\363\120
 \303\157\306\303\110\255\106\246\341\047\107\012\035\016\233\266
 \302\167\177\143\362\340\175\032\276\374\340\337\327\307\247\154
 \260\371\256\272\074\375\164\264\021\350\130\015\200\274\323\250
 \200\072\231\355\165\314\106\173
 END
 
 # Trust for Certificate "America Online Root Certification Authority 1"
+# Issuer: CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=America Online Root Certification Authority 1,O=America Online Inc.,C=US
+# Not Valid Before: Tue May 28 06:00:00 2002
+# Not Valid After : Thu Nov 19 20:43:00 2037
+# Fingerprint (MD5): 14:F1:08:AD:9D:FA:64:E2:89:E7:1C:CF:A8:AD:7D:5E
+# Fingerprint (SHA1): 39:21:C1:15:C1:5D:0E:CA:5C:CB:5B:C4:F0:7D:21:D8:05:0B:56:6A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "America Online Root Certification Authority 1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \071\041\301\025\301\135\016\312\134\313\133\304\360\175\041\330
 \005\013\126\152
@@ -4701,16 +5191,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "America Online Root Certification Authority 2"
 #
+# Issuer: CN=America Online Root Certification Authority 2,O=America Online Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=America Online Root Certification Authority 2,O=America Online Inc.,C=US
+# Not Valid Before: Tue May 28 06:00:00 2002
+# Not Valid After : Tue Sep 29 14:08:00 2037
+# Fingerprint (MD5): D6:ED:3C:CA:E2:66:0F:AF:10:43:0D:77:9B:04:09:BF
+# Fingerprint (SHA1): 85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "America Online Root Certification Authority 2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -4824,16 +5321,23 @@ CKA_VALUE MULTILINE_OCTAL
 \377\023\312\057\135\203\274\207\223\154\334\044\121\026\004\045
 \146\372\263\331\302\272\051\276\232\110\070\202\231\364\277\073
 \112\061\031\371\277\216\041\063\024\312\117\124\137\373\316\373
 \217\161\177\375\136\031\240\017\113\221\270\304\124\274\006\260
 \105\217\046\221\242\216\376\251
 END
 
 # Trust for Certificate "America Online Root Certification Authority 2"
+# Issuer: CN=America Online Root Certification Authority 2,O=America Online Inc.,C=US
+# Serial Number: 1 (0x1)
+# Subject: CN=America Online Root Certification Authority 2,O=America Online Inc.,C=US
+# Not Valid Before: Tue May 28 06:00:00 2002
+# Not Valid After : Tue Sep 29 14:08:00 2037
+# Fingerprint (MD5): D6:ED:3C:CA:E2:66:0F:AF:10:43:0D:77:9B:04:09:BF
+# Fingerprint (SHA1): 85:B5:FF:67:9B:0C:79:96:1F:C8:6E:44:22:00:46:13:DB:17:92:84
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "America Online Root Certification Authority 2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \205\265\377\147\233\014\171\226\037\310\156\104\042\000\106\023
 \333\027\222\204
@@ -4856,16 +5360,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Visa eCommerce Root"
 #
+# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
+# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62
+# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
+# Not Valid Before: Wed Jun 26 02:18:36 2002
+# Not Valid After : Fri Jun 24 00:16:12 2022
+# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02
+# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Visa eCommerce Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -4948,16 +5459,23 @@ CKA_VALUE MULTILINE_OCTAL
 \373\340\333\146\243\000\001\275\346\054\332\221\137\240\106\213
 \115\152\234\075\075\335\005\106\376\166\277\240\012\074\344\000
 \346\047\267\377\204\055\336\272\042\047\226\020\161\353\042\355
 \337\337\063\234\317\343\255\256\216\324\216\346\117\121\257\026
 \222\340\134\366\007\017
 END
 
 # Trust for Certificate "Visa eCommerce Root"
+# Issuer: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
+# Serial Number:13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62
+# Subject: CN=Visa eCommerce Root,OU=Visa International Service Association,O=VISA,C=US
+# Not Valid Before: Wed Jun 26 02:18:36 2002
+# Not Valid After : Fri Jun 24 00:16:12 2022
+# Fingerprint (MD5): FC:11:B8:D8:08:93:30:00:6D:23:F9:7E:EB:52:1E:02
+# Fingerprint (SHA1): 70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Visa eCommerce Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \160\027\233\206\214\000\244\372\140\221\122\042\077\237\076\062
 \275\340\005\142
@@ -4981,16 +5499,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Certum Root CA"
 #
+# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Serial Number: 65568 (0x10020)
+# Subject: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Not Valid Before: Tue Jun 11 10:46:39 2002
+# Not Valid After : Fri Jun 11 10:46:39 2027
+# Fingerprint (MD5): 2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9
+# Fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Certum Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\076\061\013\060\011\006\003\125\004\006\023\002\120\114\061
@@ -5056,16 +5581,23 @@ CKA_VALUE MULTILINE_OCTAL
 \362\274\156\144\365\132\126\220\250\307\016\114\164\017\056\161
 \073\367\310\107\364\151\157\025\362\021\136\203\036\234\174\122
 \256\375\002\332\022\250\131\147\030\333\274\160\335\233\261\151
 \355\200\316\211\100\110\152\016\065\312\051\146\025\041\224\054
 \350\140\052\233\205\112\100\363\153\212\044\354\006\026\054\163
 END
 
 # Trust for Certificate "Certum Root CA"
+# Issuer: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Serial Number: 65568 (0x10020)
+# Subject: CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
+# Not Valid Before: Tue Jun 11 10:46:39 2002
+# Not Valid After : Fri Jun 11 10:46:39 2027
+# Fingerprint (MD5): 2C:8F:9F:66:1D:18:90:B1:47:26:9D:8E:86:82:8C:A9
+# Fingerprint (SHA1): 62:52:DC:40:F7:11:43:A2:2F:DE:9E:F7:34:8E:06:42:51:B1:81:18
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Certum Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \142\122\334\100\367\021\103\242\057\336\236\367\064\216\006\102
 \121\261\201\030
@@ -5085,16 +5617,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Comodo AAA Services root"
 #
+# Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): 49:79:04:B0:EB:87:19:AC:47:B0:BC:11:51:9B:74:D0
+# Fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Comodo AAA Services root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\173\061\013\060\011\006\003\125\004\006\023\002\107\102\061
@@ -5187,16 +5726,23 @@ CKA_VALUE MULTILINE_OCTAL
 \227\140\370\220\136\164\324\242\232\123\275\362\251\150\340\242
 \156\302\327\154\261\243\017\236\277\353\150\347\126\362\256\362
 \343\053\070\072\011\201\265\153\205\327\276\055\355\077\032\267
 \262\143\342\365\142\054\202\324\152\000\101\120\361\071\203\237
 \225\351\066\226\230\156
 END
 
 # Trust for Certificate "Comodo AAA Services root"
+# Issuer: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): 49:79:04:B0:EB:87:19:AC:47:B0:BC:11:51:9B:74:D0
+# Fingerprint (SHA1): D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Comodo AAA Services root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \321\353\043\244\155\027\326\217\331\045\144\302\361\361\140\027
 \144\330\343\111
@@ -5220,16 +5766,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Comodo Secure Services root"
 #
+# Issuer: CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): D3:D9:BD:AE:9F:AC:67:24:B3:C8:1B:52:E1:B9:A9:BD
+# Fingerprint (SHA1): 4A:65:D5:F4:1D:EF:39:B8:B8:90:4A:4A:D3:64:81:33:CF:C7:A1:D1
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Comodo Secure Services root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\176\061\013\060\011\006\003\125\004\006\023\002\107\102\061
@@ -5323,16 +5876,23 @@ CKA_VALUE MULTILINE_OCTAL
 \243\360\244\050\244\025\304\205\364\047\324\153\277\345\134\344
 \145\002\166\124\264\343\067\146\044\323\031\141\310\122\020\345
 \213\067\232\271\251\371\035\277\352\231\222\141\226\377\001\315
 \241\137\015\274\161\274\016\254\013\035\107\105\035\301\354\174
 \354\375\051
 END
 
 # Trust for Certificate "Comodo Secure Services root"
+# Issuer: CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=Secure Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): D3:D9:BD:AE:9F:AC:67:24:B3:C8:1B:52:E1:B9:A9:BD
+# Fingerprint (SHA1): 4A:65:D5:F4:1D:EF:39:B8:B8:90:4A:4A:D3:64:81:33:CF:C7:A1:D1
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Comodo Secure Services root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \112\145\325\364\035\357\071\270\270\220\112\112\323\144\201\063
 \317\307\241\321
@@ -5356,16 +5916,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Comodo Trusted Services root"
 #
+# Issuer: CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): 91:1B:3F:6E:CD:9E:AB:EE:07:FE:1F:71:D2:B3:61:27
+# Fingerprint (SHA1): E1:9F:E3:0E:8B:84:60:9E:80:9B:17:0D:72:A8:C5:BA:6E:14:09:BD
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Comodo Trusted Services root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\177\061\013\060\011\006\003\125\004\006\023\002\107\102\061
@@ -5461,16 +6028,23 @@ CKA_VALUE MULTILINE_OCTAL
 \115\045\107\356\057\210\310\265\341\005\105\300\276\024\161\336
 \172\375\216\173\175\115\010\226\245\022\163\360\055\312\067\047
 \164\022\047\114\313\266\227\351\331\256\010\155\132\071\100\335
 \005\107\165\152\132\041\263\243\030\317\116\367\056\127\267\230
 \160\136\310\304\170\260\142
 END
 
 # Trust for Certificate "Comodo Trusted Services root"
+# Issuer: CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Serial Number: 1 (0x1)
+# Subject: CN=Trusted Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
+# Not Valid Before: Thu Jan 01 00:00:00 2004
+# Not Valid After : Sun Dec 31 23:59:59 2028
+# Fingerprint (MD5): 91:1B:3F:6E:CD:9E:AB:EE:07:FE:1F:71:D2:B3:61:27
+# Fingerprint (SHA1): E1:9F:E3:0E:8B:84:60:9E:80:9B:17:0D:72:A8:C5:BA:6E:14:09:BD
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Comodo Trusted Services root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \341\237\343\016\213\204\140\236\200\233\027\015\162\250\305\272
 \156\024\011\275
@@ -5495,16 +6069,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "QuoVadis Root CA"
 #
+# Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
+# Serial Number: 985026699 (0x3ab6508b)
+# Subject: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
+# Not Valid Before: Mon Mar 19 18:33:33 2001
+# Not Valid After : Wed Mar 17 18:33:33 2021
+# Fingerprint (MD5): 27:DE:36:FE:72:B7:00:03:00:9D:F4:F0:1E:6C:04:24
+# Fingerprint (SHA1): DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "QuoVadis Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\177\061\013\060\011\006\003\125\004\006\023\002\102\115\061
@@ -5625,16 +6206,23 @@ CKA_VALUE MULTILINE_OCTAL
 \242\346\352\131\042\207\370\227\365\016\375\352\314\222\244\026
 \304\122\030\352\041\316\261\361\346\204\201\345\272\251\206\050
 \362\103\132\135\022\235\254\036\331\250\345\012\152\247\177\240
 \207\051\317\362\211\115\324\354\305\342\346\172\320\066\043\212
 \112\164\066\371
 END
 
 # Trust for Certificate "QuoVadis Root CA"
+# Issuer: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
+# Serial Number: 985026699 (0x3ab6508b)
+# Subject: CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM
+# Not Valid Before: Mon Mar 19 18:33:33 2001
+# Not Valid After : Wed Mar 17 18:33:33 2021
+# Fingerprint (MD5): 27:DE:36:FE:72:B7:00:03:00:9D:F4:F0:1E:6C:04:24
+# Fingerprint (SHA1): DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "QuoVadis Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \336\077\100\275\120\223\323\233\154\140\366\332\274\007\142\001
 \000\211\166\311
@@ -5659,16 +6247,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "QuoVadis Root CA 2"
 #
+# Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
+# Serial Number: 1289 (0x509)
+# Subject: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
+# Not Valid Before: Fri Nov 24 18:27:00 2006
+# Not Valid After : Mon Nov 24 18:23:33 2031
+# Fingerprint (MD5): 5E:39:7B:DD:F8:BA:EC:82:E9:AC:62:BA:0C:54:00:2B
+# Fingerprint (SHA1): CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "QuoVadis Root CA 2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061
@@ -5779,16 +6374,23 @@ CKA_VALUE MULTILINE_OCTAL
 \341\243\223\035\314\212\046\132\011\070\320\316\327\015\200\026
 \264\170\245\072\207\114\215\212\245\325\106\227\362\054\020\271
 \274\124\042\300\001\120\151\103\236\364\262\357\155\370\354\332
 \361\343\261\357\337\221\217\124\052\013\045\301\046\031\304\122
 \020\005\145\325\202\020\352\302\061\315\056
 END
 
 # Trust for Certificate "QuoVadis Root CA 2"
+# Issuer: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
+# Serial Number: 1289 (0x509)
+# Subject: CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
+# Not Valid Before: Fri Nov 24 18:27:00 2006
+# Not Valid After : Mon Nov 24 18:23:33 2031
+# Fingerprint (MD5): 5E:39:7B:DD:F8:BA:EC:82:E9:AC:62:BA:0C:54:00:2B
+# Fingerprint (SHA1): CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "QuoVadis Root CA 2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \312\072\373\317\022\100\066\113\104\262\026\040\210\200\110\071
 \031\223\174\367
@@ -5809,16 +6411,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "QuoVadis Root CA 3"
 #
+# Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
+# Serial Number: 1478 (0x5c6)
+# Subject: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
+# Not Valid Before: Fri Nov 24 19:11:23 2006
+# Not Valid After : Mon Nov 24 19:06:44 2031
+# Fingerprint (MD5): 31:85:3C:62:94:97:63:B9:AA:FD:89:4E:AF:6F:E0:CF
+# Fingerprint (SHA1): 1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "QuoVadis Root CA 3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\105\061\013\060\011\006\003\125\004\006\023\002\102\115\061
@@ -5944,16 +6553,23 @@ CKA_VALUE MULTILINE_OCTAL
 \230\231\140\224\134\043\317\132\047\227\136\013\005\006\223\067
 \036\073\151\066\353\251\236\141\035\217\062\332\216\014\326\164
 \076\173\011\044\332\001\167\107\304\073\315\064\214\231\365\312
 \341\045\141\063\262\131\033\342\156\327\067\127\266\015\251\022
 \332
 END
 
 # Trust for Certificate "QuoVadis Root CA 3"
+# Issuer: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
+# Serial Number: 1478 (0x5c6)
+# Subject: CN=QuoVadis Root CA 3,O=QuoVadis Limited,C=BM
+# Not Valid Before: Fri Nov 24 19:11:23 2006
+# Not Valid After : Mon Nov 24 19:06:44 2031
+# Fingerprint (MD5): 31:85:3C:62:94:97:63:B9:AA:FD:89:4E:AF:6F:E0:CF
+# Fingerprint (SHA1): 1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "QuoVadis Root CA 3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \037\111\024\367\330\164\225\035\335\256\002\300\276\375\072\055
 \202\165\121\205
@@ -5974,16 +6590,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Security Communication Root CA"
 #
+# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
+# Not Valid Before: Tue Sep 30 04:20:49 2003
+# Not Valid After : Sat Sep 30 04:20:49 2023
+# Fingerprint (MD5): F1:BC:63:6A:54:E0:B5:27:F5:CD:E7:1A:E3:4D:6E:4A
+# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Security Communication Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\120\061\013\060\011\006\003\125\004\006\023\002\112\120\061
@@ -6058,16 +6681,23 @@ CKA_VALUE MULTILINE_OCTAL
 \065\303\340\210\141\311\210\307\337\066\020\042\230\131\352\260
 \112\373\126\026\163\156\254\115\367\042\241\117\255\035\172\055
 \105\047\345\060\301\136\362\332\023\313\045\102\121\225\107\003
 \214\154\041\314\164\102\355\123\377\063\213\217\017\127\001\026
 \057\317\246\356\311\160\042\024\275\375\276\154\013\003
 END
 
 # Trust for Certificate "Security Communication Root CA"
+# Issuer: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
+# Serial Number: 0 (0x0)
+# Subject: OU=Security Communication RootCA1,O=SECOM Trust.net,C=JP
+# Not Valid Before: Tue Sep 30 04:20:49 2003
+# Not Valid After : Sat Sep 30 04:20:49 2023
+# Fingerprint (MD5): F1:BC:63:6A:54:E0:B5:27:F5:CD:E7:1A:E3:4D:6E:4A
+# Fingerprint (SHA1): 36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Security Communication Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \066\261\053\111\371\201\236\327\114\236\274\070\017\306\126\217
 \135\254\262\367
@@ -6089,16 +6719,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Sonera Class 1 Root CA"
 #
+# Issuer: CN=Sonera Class1 CA,O=Sonera,C=FI
+# Serial Number: 36 (0x24)
+# Subject: CN=Sonera Class1 CA,O=Sonera,C=FI
+# Not Valid Before: Fri Apr 06 10:49:13 2001
+# Not Valid After : Tue Apr 06 10:49:13 2021
+# Fingerprint (MD5): 33:B7:84:F5:5F:27:D7:68:27:DE:14:DE:12:2A:ED:6F
+# Fingerprint (SHA1): 07:47:22:01:99:CE:74:B9:7C:B0:3D:79:B2:64:A2:C8:55:E9:33:FF
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Sonera Class 1 Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061
@@ -6166,16 +6803,23 @@ CKA_VALUE MULTILINE_OCTAL
 \032\270\273\075\217\251\212\070\025\367\163\320\132\140\321\200
 \260\360\334\325\120\315\116\356\222\110\151\355\262\043\036\060
 \314\310\224\310\266\365\073\206\177\077\246\056\237\366\076\054
 \265\222\226\076\337\054\223\212\377\201\214\017\017\131\041\031
 \127\275\125\232
 END
 
 # Trust for Certificate "Sonera Class 1 Root CA"
+# Issuer: CN=Sonera Class1 CA,O=Sonera,C=FI
+# Serial Number: 36 (0x24)
+# Subject: CN=Sonera Class1 CA,O=Sonera,C=FI
+# Not Valid Before: Fri Apr 06 10:49:13 2001
+# Not Valid After : Tue Apr 06 10:49:13 2021
+# Fingerprint (MD5): 33:B7:84:F5:5F:27:D7:68:27:DE:14:DE:12:2A:ED:6F
+# Fingerprint (SHA1): 07:47:22:01:99:CE:74:B9:7C:B0:3D:79:B2:64:A2:C8:55:E9:33:FF
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Sonera Class 1 Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \007\107\042\001\231\316\164\271\174\260\075\171\262\144\242\310
 \125\351\063\377
@@ -6195,16 +6839,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Sonera Class 2 Root CA"
 #
+# Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Serial Number: 29 (0x1d)
+# Subject: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Not Valid Before: Fri Apr 06 07:29:40 2001
+# Not Valid After : Tue Apr 06 07:29:40 2021
+# Fingerprint (MD5): A3:EC:75:0F:2E:88:DF:FA:48:01:4E:0B:5C:48:6F:FB
+# Fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Sonera Class 2 Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\071\061\013\060\011\006\003\125\004\006\023\002\106\111\061
@@ -6272,16 +6923,23 @@ CKA_VALUE MULTILINE_OCTAL
 \256\364\135\304\261\022\334\312\073\250\056\235\024\132\005\165
 \267\354\327\143\342\272\065\266\004\010\221\350\332\235\234\366
 \146\265\030\254\012\246\124\046\064\063\322\033\301\324\177\032
 \072\216\013\252\062\156\333\374\117\045\237\331\062\307\226\132
 \160\254\337\114
 END
 
 # Trust for Certificate "Sonera Class 2 Root CA"
+# Issuer: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Serial Number: 29 (0x1d)
+# Subject: CN=Sonera Class2 CA,O=Sonera,C=FI
+# Not Valid Before: Fri Apr 06 07:29:40 2001
+# Not Valid After : Tue Apr 06 07:29:40 2021
+# Fingerprint (MD5): A3:EC:75:0F:2E:88:DF:FA:48:01:4E:0B:5C:48:6F:FB
+# Fingerprint (SHA1): 37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Sonera Class 2 Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \067\367\155\346\007\174\220\305\261\076\223\032\267\101\020\264
 \362\344\232\047
@@ -6301,16 +6959,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Staat der Nederlanden Root CA"
 #
+# Issuer: CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL
+# Serial Number: 10000010 (0x98968a)
+# Subject: CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL
+# Not Valid Before: Tue Dec 17 09:23:49 2002
+# Not Valid After : Wed Dec 16 09:15:38 2015
+# Fingerprint (MD5): 60:84:7C:5A:CE:DB:0C:D4:CB:A7:E9:FE:02:C6:A9:C0
+# Fingerprint (SHA1): 10:1D:FA:3F:D5:0B:CB:BB:9B:B5:60:0C:19:55:A4:1A:F4:73:3A:04
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Staat der Nederlanden Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\125\061\013\060\011\006\003\125\004\006\023\002\116\114\061
@@ -6391,16 +7056,23 @@ CKA_VALUE MULTILINE_OCTAL
 \135\026\027\054\021\151\347\176\376\305\203\010\337\274\334\042
 \072\056\040\151\043\071\126\140\147\220\213\056\166\071\373\021
 \210\227\366\174\275\113\270\040\026\147\005\215\342\073\301\162
 \077\224\225\067\307\135\271\236\330\223\241\027\217\377\014\146
 \025\301\044\174\062\174\003\035\073\241\130\105\062\223
 END
 
 # Trust for Certificate "Staat der Nederlanden Root CA"
+# Issuer: CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL
+# Serial Number: 10000010 (0x98968a)
+# Subject: CN=Staat der Nederlanden Root CA,O=Staat der Nederlanden,C=NL
+# Not Valid Before: Tue Dec 17 09:23:49 2002
+# Not Valid After : Wed Dec 16 09:15:38 2015
+# Fingerprint (MD5): 60:84:7C:5A:CE:DB:0C:D4:CB:A7:E9:FE:02:C6:A9:C0
+# Fingerprint (SHA1): 10:1D:FA:3F:D5:0B:CB:BB:9B:B5:60:0C:19:55:A4:1A:F4:73:3A:04
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Staat der Nederlanden Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \020\035\372\077\325\013\313\273\233\265\140\014\031\125\244\032
 \364\163\072\004
@@ -6422,16 +7094,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "TDC Internet Root CA"
 #
+# Issuer: OU=TDC Internet Root CA,O=TDC Internet,C=DK
+# Serial Number: 986490188 (0x3acca54c)
+# Subject: OU=TDC Internet Root CA,O=TDC Internet,C=DK
+# Not Valid Before: Thu Apr 05 16:33:17 2001
+# Not Valid After : Mon Apr 05 17:03:17 2021
+# Fingerprint (MD5): 91:F4:03:55:20:A1:F8:63:2C:62:DE:AC:FB:61:1C:8E
+# Fingerprint (SHA1): 21:FC:BD:8E:7F:6C:AF:05:1B:D1:B3:43:EC:A8:E7:61:47:F2:0F:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TDC Internet Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\103\061\013\060\011\006\003\125\004\006\023\002\104\113\061
@@ -6517,16 +7196,23 @@ CKA_VALUE MULTILINE_OCTAL
 \304\011\137\164\213\331\021\373\302\126\261\074\370\160\312\064
 \215\103\100\023\214\375\231\003\124\171\306\056\352\206\241\366
 \072\324\011\274\364\274\146\314\075\130\320\127\111\012\356\045
 \342\101\356\023\371\233\070\064\321\000\365\176\347\224\035\374
 \151\003\142\270\231\005\005\075\153\170\022\275\260\157\145
 END
 
 # Trust for Certificate "TDC Internet Root CA"
+# Issuer: OU=TDC Internet Root CA,O=TDC Internet,C=DK
+# Serial Number: 986490188 (0x3acca54c)
+# Subject: OU=TDC Internet Root CA,O=TDC Internet,C=DK
+# Not Valid Before: Thu Apr 05 16:33:17 2001
+# Not Valid After : Mon Apr 05 17:03:17 2021
+# Fingerprint (MD5): 91:F4:03:55:20:A1:F8:63:2C:62:DE:AC:FB:61:1C:8E
+# Fingerprint (SHA1): 21:FC:BD:8E:7F:6C:AF:05:1B:D1:B3:43:EC:A8:E7:61:47:F2:0F:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TDC Internet Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \041\374\275\216\177\154\257\005\033\321\263\103\354\250\347\141
 \107\362\017\212
@@ -6547,16 +7233,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "TDC OCES Root CA"
 #
+# Issuer: CN=TDC OCES CA,O=TDC,C=DK
+# Serial Number: 1044954564 (0x3e48bdc4)
+# Subject: CN=TDC OCES CA,O=TDC,C=DK
+# Not Valid Before: Tue Feb 11 08:39:30 2003
+# Not Valid After : Wed Feb 11 09:09:30 2037
+# Fingerprint (MD5): 93:7F:90:1C:ED:84:67:17:A4:65:5F:9B:CB:30:02:97
+# Fingerprint (SHA1): 87:81:C2:5A:96:BD:C2:FB:4C:65:06:4F:F9:39:0B:26:04:8A:0E:01
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TDC OCES Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\061\061\013\060\011\006\003\125\004\006\023\002\104\113\061
@@ -6655,16 +7348,23 @@ CKA_VALUE MULTILINE_OCTAL
 \071\334\342\074\306\330\125\365\025\116\310\005\016\333\306\320
 \142\246\354\025\264\265\002\202\333\254\214\242\201\360\233\231
 \061\365\040\040\250\210\141\012\007\237\224\374\320\327\033\314
 \056\027\363\004\047\166\147\353\124\203\375\244\220\176\006\075
 \004\243\103\055\332\374\013\142\352\057\137\142\123
 END
 
 # Trust for Certificate "TDC OCES Root CA"
+# Issuer: CN=TDC OCES CA,O=TDC,C=DK
+# Serial Number: 1044954564 (0x3e48bdc4)
+# Subject: CN=TDC OCES CA,O=TDC,C=DK
+# Not Valid Before: Tue Feb 11 08:39:30 2003
+# Not Valid After : Wed Feb 11 09:09:30 2037
+# Fingerprint (MD5): 93:7F:90:1C:ED:84:67:17:A4:65:5F:9B:CB:30:02:97
+# Fingerprint (SHA1): 87:81:C2:5A:96:BD:C2:FB:4C:65:06:4F:F9:39:0B:26:04:8A:0E:01
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TDC OCES Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \207\201\302\132\226\275\302\373\114\145\006\117\371\071\013\046
 \004\212\016\001
@@ -6684,16 +7384,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "UTN DATACorp SGC Root CA"
 #
+# Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:21:b4:11:d3:2a:68:06:a9:ad:69
+# Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Thu Jun 24 18:57:21 1999
+# Not Valid After : Mon Jun 24 19:06:30 2019
+# Fingerprint (MD5): B3:A5:3E:77:21:6D:AC:4A:C0:C9:FB:D5:41:3D:CA:06
+# Fingerprint (SHA1): 58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN DATACorp SGC Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\223\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -6794,16 +7501,23 @@ CKA_VALUE MULTILINE_OCTAL
 \330\300\215\355\221\172\114\000\217\162\177\135\332\335\033\213
 \105\153\347\335\151\227\250\305\126\114\017\014\366\237\172\221
 \067\366\227\202\340\335\161\151\377\166\077\140\115\074\317\367
 \231\371\306\127\364\311\125\071\170\272\054\171\311\246\210\053
 \364\010
 END
 
 # Trust for Certificate "UTN DATACorp SGC Root CA"
+# Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:21:b4:11:d3:2a:68:06:a9:ad:69
+# Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Thu Jun 24 18:57:21 1999
+# Not Valid After : Mon Jun 24 19:06:30 2019
+# Fingerprint (MD5): B3:A5:3E:77:21:6D:AC:4A:C0:C9:FB:D5:41:3D:CA:06
+# Fingerprint (SHA1): 58:11:9F:0E:12:82:87:EA:50:FD:D9:87:45:6F:4F:78:DC:FA:D6:D4
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN DATACorp SGC Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \130\021\237\016\022\202\207\352\120\375\331\207\105\157\117\170
 \334\372\326\324
@@ -6830,16 +7544,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "UTN USERFirst Email Root CA"
 #
+# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
+# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 17:28:50 1999
+# Not Valid After : Tue Jul 09 17:36:58 2019
+# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
+# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN USERFirst Email Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -6948,16 +7669,23 @@ CKA_VALUE MULTILINE_OCTAL
 \176\161\315\274\237\351\003\033\314\373\351\254\061\301\257\174
 \025\164\002\231\303\262\107\246\302\062\141\327\307\157\110\044
 \121\047\241\325\207\125\362\173\217\230\075\026\236\356\165\266
 \370\320\216\362\363\306\256\050\133\247\360\363\066\027\374\303
 \005\323\312\003\112\124
 END
 
 # Trust for Certificate "UTN USERFirst Email Root CA"
+# Issuer: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:25:25:67:c9:89
+# Subject: CN=UTN-USERFirst-Client Authentication and Email,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 17:28:50 1999
+# Not Valid After : Tue Jul 09 17:36:58 2019
+# Fingerprint (MD5): D7:34:3D:EF:1D:27:09:28:E1:31:02:5B:13:2B:DD:F7
+# Fingerprint (SHA1): B1:72:B1:A5:6D:95:F9:1F:E5:02:87:E1:4D:37:EA:6A:44:63:76:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN USERFirst Email Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \261\162\261\245\155\225\371\037\345\002\207\341\115\067\352\152
 \104\143\166\212
@@ -6986,16 +7714,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "UTN USERFirst Hardware Root CA"
 #
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
+# Subject: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:10:42 1999
+# Not Valid After : Tue Jul 09 18:19:22 2019
+# Fingerprint (MD5): 4C:56:41:E5:0D:BB:2B:E8:CA:A3:ED:18:08:AD:43:39
+# Fingerprint (SHA1): 04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN USERFirst Hardware Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\227\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -7097,16 +7832,23 @@ CKA_VALUE MULTILINE_OCTAL
 \176\307\150\345\202\201\310\152\047\371\047\210\052\325\130\120
 \225\037\360\073\034\127\273\175\024\071\142\053\232\311\224\222
 \052\243\042\014\377\211\046\175\137\043\053\107\327\025\035\251
 \152\236\121\015\052\121\236\201\371\324\073\136\160\022\177\020
 \062\234\036\273\235\370\146\250
 END
 
 # Trust for Certificate "UTN USERFirst Hardware Root CA"
+# Issuer: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
+# Subject: CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:10:42 1999
+# Not Valid After : Tue Jul 09 18:19:22 2019
+# Fingerprint (MD5): 4C:56:41:E5:0D:BB:2B:E8:CA:A3:ED:18:08:AD:43:39
+# Fingerprint (SHA1): 04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN USERFirst Hardware Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \004\203\355\063\231\254\066\010\005\207\042\355\274\136\106\000
 \343\276\371\327
@@ -7133,16 +7875,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "UTN USERFirst Object Root CA"
 #
+# Issuer: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
+# Subject: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:31:20 1999
+# Not Valid After : Tue Jul 09 18:40:36 2019
+# Fingerprint (MD5): A7:F2:E4:16:06:41:11:50:30:6B:9C:E3:B4:9C:B0:C9
+# Fingerprint (SHA1): E1:2D:FB:4B:41:D7:D9:C3:2B:30:51:4B:AC:1D:81:D8:38:5E:2D:46
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN USERFirst Object Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\225\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -7243,16 +7992,23 @@ CKA_VALUE MULTILINE_OCTAL
 \363\123\255\154\265\053\242\022\252\031\117\011\332\136\347\223
 \306\216\024\010\376\360\060\200\030\240\206\205\115\310\175\327
 \213\003\376\156\325\367\235\026\254\222\054\240\043\345\234\221
 \122\037\224\337\027\224\163\303\263\301\301\161\005\040\000\170
 \275\023\122\035\250\076\315\000\037\310
 END
 
 # Trust for Certificate "UTN USERFirst Object Root CA"
+# Issuer: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Serial Number:44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
+# Subject: CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
+# Not Valid Before: Fri Jul 09 18:31:20 1999
+# Not Valid After : Tue Jul 09 18:40:36 2019
+# Fingerprint (MD5): A7:F2:E4:16:06:41:11:50:30:6B:9C:E3:B4:9C:B0:C9
+# Fingerprint (SHA1): E1:2D:FB:4B:41:D7:D9:C3:2B:30:51:4B:AC:1D:81:D8:38:5E:2D:46
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "UTN USERFirst Object Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \341\055\373\113\101\327\331\303\053\060\121\113\254\035\201\330
 \070\136\055\106
@@ -7279,16 +8035,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Camerfirma Chambers of Commerce Root"
 #
+# Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Serial Number: 0 (0x0)
+# Subject: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Not Valid Before: Tue Sep 30 16:13:43 2003
+# Not Valid After : Wed Sep 30 16:13:44 2037
+# Fingerprint (MD5): B0:01:EE:14:D9:AF:29:18:94:76:8E:F1:69:33:2A:84
+# Fingerprint (SHA1): 6E:3A:55:A4:19:0C:19:5C:93:84:3C:C0:DB:72:2E:31:30:61:F0:B1
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Camerfirma Chambers of Commerce Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\177\061\013\060\011\006\003\125\004\006\023\002\105\125\061
@@ -7392,16 +8155,23 @@ CKA_VALUE MULTILINE_OCTAL
 \170\064\074\224\233\046\355\117\161\306\031\172\275\040\042\110
 \132\376\113\175\003\267\347\130\276\306\062\116\164\036\150\335
 \250\150\133\263\076\356\142\175\331\200\350\012\165\172\267\356
 \264\145\232\041\220\340\252\320\230\274\070\265\163\074\213\370
 \334
 END
 
 # Trust for Certificate "Camerfirma Chambers of Commerce Root"
+# Issuer: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Serial Number: 0 (0x0)
+# Subject: CN=Chambers of Commerce Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Not Valid Before: Tue Sep 30 16:13:43 2003
+# Not Valid After : Wed Sep 30 16:13:44 2037
+# Fingerprint (MD5): B0:01:EE:14:D9:AF:29:18:94:76:8E:F1:69:33:2A:84
+# Fingerprint (SHA1): 6E:3A:55:A4:19:0C:19:5C:93:84:3C:C0:DB:72:2E:31:30:61:F0:B1
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Camerfirma Chambers of Commerce Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \156\072\125\244\031\014\031\134\223\204\074\300\333\162\056\061
 \060\141\360\261
@@ -7426,16 +8196,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Camerfirma Global Chambersign Root"
 #
+# Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Serial Number: 0 (0x0)
+# Subject: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Not Valid Before: Tue Sep 30 16:14:18 2003
+# Not Valid After : Wed Sep 30 16:14:18 2037
+# Fingerprint (MD5): C5:E6:7B:BF:06:D0:4F:43:ED:C4:7A:65:8A:FB:6B:19
+# Fingerprint (SHA1): 33:9B:6B:14:50:24:9B:55:7A:01:87:72:84:D9:E0:2F:C3:D2:D8:E9
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Camerfirma Global Chambersign Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\175\061\013\060\011\006\003\125\004\006\023\002\105\125\061
@@ -7537,16 +8314,23 @@ CKA_VALUE MULTILINE_OCTAL
 \171\304\060\237\353\216\270\125\265\327\210\134\305\152\044\075
 \262\323\005\003\121\306\007\357\314\024\162\164\075\156\162\316
 \030\050\214\112\240\167\345\011\053\105\104\107\254\267\147\177
 \001\212\005\132\223\276\241\301\377\370\347\016\147\244\107\111
 \166\135\165\220\032\365\046\217\360
 END
 
 # Trust for Certificate "Camerfirma Global Chambersign Root"
+# Issuer: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Serial Number: 0 (0x0)
+# Subject: CN=Global Chambersign Root,OU=http://www.chambersign.org,O=AC Camerfirma SA CIF A82743287,C=EU
+# Not Valid Before: Tue Sep 30 16:14:18 2003
+# Not Valid After : Wed Sep 30 16:14:18 2037
+# Fingerprint (MD5): C5:E6:7B:BF:06:D0:4F:43:ED:C4:7A:65:8A:FB:6B:19
+# Fingerprint (SHA1): 33:9B:6B:14:50:24:9B:55:7A:01:87:72:84:D9:E0:2F:C3:D2:D8:E9
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Camerfirma Global Chambersign Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \063\233\153\024\120\044\233\125\172\001\207\162\204\331\340\057
 \303\322\330\351
@@ -7570,16 +8354,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "NetLock Qualified (Class QA) Root"
 #
+# Issuer: E=info@netlock.hu,CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Serial Number: 123 (0x7b)
+# Subject: E=info@netlock.hu,CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Not Valid Before: Sun Mar 30 01:47:11 2003
+# Not Valid After : Thu Dec 15 01:47:11 2022
+# Fingerprint (MD5): D4:80:65:68:24:F9:89:22:28:DB:F5:A4:9A:17:8F:14
+# Fingerprint (SHA1): 01:68:97:E1:A0:B8:F2:C3:B1:34:66:5C:20:A7:27:B7:A1:58:E2:8F
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Qualified (Class QA) Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\311\061\013\060\011\006\003\125\004\006\023\002\110\125
@@ -7724,16 +8515,23 @@ CKA_VALUE MULTILINE_OCTAL
 \363\166\146\211\124\244\246\076\304\120\134\272\211\030\202\165
 \110\041\322\117\023\350\140\176\007\166\333\020\265\121\346\252
 \271\150\252\315\366\235\220\165\022\352\070\032\312\104\350\267
 \231\247\052\150\225\146\225\253\255\357\211\313\140\251\006\022
 \306\224\107\351\050
 END
 
 # Trust for Certificate "NetLock Qualified (Class QA) Root"
+# Issuer: E=info@netlock.hu,CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Serial Number: 123 (0x7b)
+# Subject: E=info@netlock.hu,CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Not Valid Before: Sun Mar 30 01:47:11 2003
+# Not Valid After : Thu Dec 15 01:47:11 2022
+# Fingerprint (MD5): D4:80:65:68:24:F9:89:22:28:DB:F5:A4:9A:17:8F:14
+# Fingerprint (SHA1): 01:68:97:E1:A0:B8:F2:C3:B1:34:66:5C:20:A7:27:B7:A1:58:E2:8F
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Qualified (Class QA) Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \001\150\227\341\240\270\362\303\261\064\146\134\040\247\047\267
 \241\130\342\217
@@ -7762,16 +8560,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "NetLock Notary (Class A) Root"
 #
+# Issuer: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU
+# Serial Number: 259 (0x103)
+# Subject: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU
+# Not Valid Before: Wed Feb 24 23:14:47 1999
+# Not Valid After : Tue Feb 19 23:14:47 2019
+# Fingerprint (MD5): 86:38:6D:5E:49:63:6C:85:5C:DB:6D:DC:94:B7:D0:F7
+# Fingerprint (SHA1): AC:ED:5F:65:53:FD:25:CE:01:5F:1F:7A:48:3B:6A:74:9F:61:78:C6
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Notary (Class A) Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\257\061\013\060\011\006\003\125\004\006\023\002\110\125
@@ -7909,16 +8714,23 @@ CKA_VALUE MULTILINE_OCTAL
 \277\134\240\012\033\341\016\172\351\342\200\303\351\351\366\375
 \154\021\236\320\345\050\047\053\124\062\102\024\202\165\346\112
 \360\053\146\165\143\214\242\373\004\076\203\016\233\066\360\030
 \344\046\040\303\214\360\050\007\255\074\027\146\210\265\375\266
 \210
 END
 
 # Trust for Certificate "NetLock Notary (Class A) Root"
+# Issuer: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU
+# Serial Number: 259 (0x103)
+# Subject: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,ST=Hungary,C=HU
+# Not Valid Before: Wed Feb 24 23:14:47 1999
+# Not Valid After : Tue Feb 19 23:14:47 2019
+# Fingerprint (MD5): 86:38:6D:5E:49:63:6C:85:5C:DB:6D:DC:94:B7:D0:F7
+# Fingerprint (SHA1): AC:ED:5F:65:53:FD:25:CE:01:5F:1F:7A:48:3B:6A:74:9F:61:78:C6
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Notary (Class A) Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \254\355\137\145\123\375\045\316\001\137\037\172\110\073\152\164
 \237\141\170\306
@@ -7946,16 +8758,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "NetLock Business (Class B) Root"
 #
+# Issuer: CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Serial Number: 105 (0x69)
+# Subject: CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Not Valid Before: Thu Feb 25 14:10:22 1999
+# Not Valid After : Wed Feb 20 14:10:22 2019
+# Fingerprint (MD5): 39:16:AA:B9:6A:41:E1:14:69:DF:9E:6C:3B:72:DC:B6
+# Fingerprint (SHA1): 87:9F:4B:EE:05:DF:98:58:3B:E3:60:D6:33:E7:0D:3F:FE:98:71:AF
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Business (Class B) Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\231\061\013\060\011\006\003\125\004\006\023\002\110\125
@@ -8069,16 +8888,23 @@ CKA_VALUE MULTILINE_OCTAL
 \145\343\102\160\273\042\220\343\175\333\065\166\341\240\265\332
 \237\160\156\223\032\060\071\035\060\333\056\343\174\262\221\262
 \321\067\051\372\271\326\027\134\107\117\343\035\070\353\237\325
 \173\225\250\050\236\025\112\321\321\320\053\000\227\240\342\222
 \066\053\143\254\130\001\153\063\051\120\206\203\361\001\110
 END
 
 # Trust for Certificate "NetLock Business (Class B) Root"
+# Issuer: CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Serial Number: 105 (0x69)
+# Subject: CN=NetLock Uzleti (Class B) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Not Valid Before: Thu Feb 25 14:10:22 1999
+# Not Valid After : Wed Feb 20 14:10:22 2019
+# Fingerprint (MD5): 39:16:AA:B9:6A:41:E1:14:69:DF:9E:6C:3B:72:DC:B6
+# Fingerprint (SHA1): 87:9F:4B:EE:05:DF:98:58:3B:E3:60:D6:33:E7:0D:3F:FE:98:71:AF
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Business (Class B) Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \207\237\113\356\005\337\230\130\073\343\140\326\063\347\015\077
 \376\230\161\257
@@ -8104,16 +8930,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "NetLock Express (Class C) Root"
 #
+# Issuer: CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Serial Number: 104 (0x68)
+# Subject: CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Not Valid Before: Thu Feb 25 14:08:11 1999
+# Not Valid After : Wed Feb 20 14:08:11 2019
+# Fingerprint (MD5): 4F:EB:F1:F0:70:C2:80:63:5D:58:9F:DA:12:3C:A9:C4
+# Fingerprint (SHA1): E3:92:51:2F:0A:CF:F5:05:DF:F6:DE:06:7F:75:37:E1:65:EA:57:4B
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Express (Class C) Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\233\061\013\060\011\006\003\125\004\006\023\002\110\125
@@ -8228,16 +9061,23 @@ CKA_VALUE MULTILINE_OCTAL
 \244\355\056\365\375\374\275\376\115\067\010\014\274\343\226\203
 \042\365\111\033\177\113\053\264\124\301\200\174\231\116\035\320
 \214\356\320\254\345\222\372\165\126\376\144\240\023\217\270\270
 \026\235\141\005\147\200\310\320\330\245\007\002\064\230\004\215
 \063\004\324
 END
 
 # Trust for Certificate "NetLock Express (Class C) Root"
+# Issuer: CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Serial Number: 104 (0x68)
+# Subject: CN=NetLock Expressz (Class C) Tanusitvanykiado,OU=Tanusitvanykiadok,O=NetLock Halozatbiztonsagi Kft.,L=Budapest,C=HU
+# Not Valid Before: Thu Feb 25 14:08:11 1999
+# Not Valid After : Wed Feb 20 14:08:11 2019
+# Fingerprint (MD5): 4F:EB:F1:F0:70:C2:80:63:5D:58:9F:DA:12:3C:A9:C4
+# Fingerprint (SHA1): E3:92:51:2F:0A:CF:F5:05:DF:F6:DE:06:7F:75:37:E1:65:EA:57:4B
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "NetLock Express (Class C) Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \343\222\121\057\012\317\365\005\337\366\336\006\177\165\067\341
 \145\352\127\113
@@ -8263,16 +9103,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "XRamp Global CA Root"
 #
+# Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
+# Serial Number:50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad
+# Subject: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
+# Not Valid Before: Mon Nov 01 17:14:04 2004
+# Not Valid After : Mon Jan 01 05:37:19 2035
+# Fingerprint (MD5): A1:0B:44:B3:CA:10:D8:00:6E:9D:0F:D8:0F:92:0A:D1
+# Fingerprint (SHA1): B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "XRamp Global CA Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\202\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -8368,16 +9215,23 @@ CKA_VALUE MULTILINE_OCTAL
 \213\251\261\344\357\232\032\320\075\151\231\356\250\050\243\341
 \074\263\360\262\021\234\317\174\100\346\335\347\103\175\242\330
 \072\265\251\215\362\064\231\304\324\020\341\006\375\011\204\020
 \073\356\304\114\364\354\047\174\102\302\164\174\202\212\011\311
 \264\003\045\274
 END
 
 # Trust for Certificate "XRamp Global CA Root"
+# Issuer: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
+# Serial Number:50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad
+# Subject: CN=XRamp Global Certification Authority,O=XRamp Security Services Inc,OU=www.xrampsecurity.com,C=US
+# Not Valid Before: Mon Nov 01 17:14:04 2004
+# Not Valid After : Mon Jan 01 05:37:19 2035
+# Fingerprint (MD5): A1:0B:44:B3:CA:10:D8:00:6E:9D:0F:D8:0F:92:0A:D1
+# Fingerprint (SHA1): B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "XRamp Global CA Root"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \270\001\206\321\353\234\206\245\101\004\317\060\124\363\114\122
 \267\345\130\306
@@ -8403,16 +9257,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Go Daddy Class 2 CA"
 #
+# Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
+# Serial Number: 0 (0x0)
+# Subject: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
+# Not Valid Before: Tue Jun 29 17:06:20 2004
+# Not Valid After : Thu Jun 29 17:06:20 2034
+# Fingerprint (MD5): 91:DE:06:25:AB:DA:FD:32:17:0C:BB:25:17:2A:84:67
+# Fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Go Daddy Class 2 CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -8500,16 +9361,23 @@ CKA_VALUE MULTILINE_OCTAL
 \164\112\377\127\032\207\017\165\110\056\317\121\151\027\240\002
 \022\141\225\325\321\100\262\020\114\356\304\254\020\103\246\245
 \236\012\325\225\142\232\015\317\210\202\305\062\014\344\053\237
 \105\346\015\237\050\234\261\271\052\132\127\255\067\017\257\035
 \177\333\275\237
 END
 
 # Trust for Certificate "Go Daddy Class 2 CA"
+# Issuer: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
+# Serial Number: 0 (0x0)
+# Subject: OU=Go Daddy Class 2 Certification Authority,O="The Go Daddy Group, Inc.",C=US
+# Not Valid Before: Tue Jun 29 17:06:20 2004
+# Not Valid After : Thu Jun 29 17:06:20 2034
+# Fingerprint (MD5): 91:DE:06:25:AB:DA:FD:32:17:0C:BB:25:17:2A:84:67
+# Fingerprint (SHA1): 27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Go Daddy Class 2 CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \047\226\272\346\077\030\001\342\167\046\033\240\327\167\160\002
 \217\040\356\344
@@ -8532,16 +9400,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Starfield Class 2 CA"
 #
+# Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
+# Serial Number: 0 (0x0)
+# Subject: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
+# Not Valid Before: Tue Jun 29 17:39:16 2004
+# Not Valid After : Thu Jun 29 17:39:16 2034
+# Fingerprint (MD5): 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24
+# Fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Starfield Class 2 CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\150\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -8630,16 +9505,23 @@ CKA_VALUE MULTILINE_OCTAL
 \152\145\006\250\345\041\252\101\264\225\041\225\271\175\321\064
 \253\023\326\255\274\334\342\075\071\315\275\076\165\160\241\030
 \131\003\311\042\264\217\234\325\136\052\327\245\266\324\012\155
 \370\267\100\021\106\232\037\171\016\142\277\017\227\354\340\057
 \037\027\224
 END
 
 # Trust for Certificate "Starfield Class 2 CA"
+# Issuer: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
+# Serial Number: 0 (0x0)
+# Subject: OU=Starfield Class 2 Certification Authority,O="Starfield Technologies, Inc.",C=US
+# Not Valid Before: Tue Jun 29 17:39:16 2004
+# Not Valid After : Thu Jun 29 17:39:16 2034
+# Fingerprint (MD5): 32:4A:4B:BB:C8:63:69:9B:BE:74:9A:C6:DD:1D:46:24
+# Fingerprint (SHA1): AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Starfield Class 2 CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \255\176\034\050\260\144\357\217\140\003\100\040\024\303\320\343
 \067\016\265\212
@@ -8662,16 +9544,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "StartCom Certification Authority"
 #
+# Issuer: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Serial Number: 1 (0x1)
+# Subject: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Not Valid Before: Sun Sep 17 19:46:36 2006
+# Not Valid After : Wed Sep 17 19:46:36 2036
+# Fingerprint (MD5): 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16
+# Fingerprint (SHA1): 3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "StartCom Certification Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\175\061\013\060\011\006\003\125\004\006\023\002\111\114\061
@@ -8821,16 +9710,23 @@ CKA_VALUE MULTILINE_OCTAL
 \272\155\000\006\076\262\352\112\020\071\330\320\053\365\277\354
 \165\277\227\002\305\011\033\010\334\125\067\342\201\373\067\204
 \103\142\040\312\347\126\113\145\352\376\154\301\044\223\044\241
 \064\353\005\377\232\042\256\233\175\077\361\145\121\012\246\060
 \152\263\364\210\034\200\015\374\162\212\350\203\136
 END
 
 # Trust for Certificate "StartCom Certification Authority"
+# Issuer: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Serial Number: 1 (0x1)
+# Subject: CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL
+# Not Valid Before: Sun Sep 17 19:46:36 2006
+# Not Valid After : Wed Sep 17 19:46:36 2036
+# Fingerprint (MD5): 22:4D:8F:8A:FC:F7:35:C2:BB:57:34:90:7B:8B:22:16
+# Fingerprint (SHA1): 3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "StartCom Certification Authority"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \076\053\367\362\003\033\226\363\214\346\304\330\250\135\076\055
 \130\107\152\017
@@ -8854,16 +9750,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Taiwan GRCA"
 #
+# Issuer: O=Government Root Certification Authority,C=TW
+# Serial Number:1f:9d:59:5a:d7:2f:c2:06:44:a5:80:08:69:e3:5e:f6
+# Subject: O=Government Root Certification Authority,C=TW
+# Not Valid Before: Thu Dec 05 13:23:33 2002
+# Not Valid After : Sun Dec 05 13:23:33 2032
+# Fingerprint (MD5): 37:85:44:53:32:45:1F:20:F0:F3:95:E1:25:C4:43:4E
+# Fingerprint (SHA1): F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Taiwan GRCA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061
@@ -8971,16 +9874,23 @@ CKA_VALUE MULTILINE_OCTAL
 \323\263\013\076\255\236\320\164\000\016\353\275\121\255\300\336
 \054\300\303\152\376\357\334\013\247\372\106\337\140\333\234\246
 \131\120\165\043\151\163\223\262\371\374\002\323\107\346\161\316
 \020\002\356\047\214\204\377\254\105\015\023\134\203\062\340\045
 \245\206\054\174\364\022
 END
 
 # Trust for Certificate "Taiwan GRCA"
+# Issuer: O=Government Root Certification Authority,C=TW
+# Serial Number:1f:9d:59:5a:d7:2f:c2:06:44:a5:80:08:69:e3:5e:f6
+# Subject: O=Government Root Certification Authority,C=TW
+# Not Valid Before: Thu Dec 05 13:23:33 2002
+# Not Valid After : Sun Dec 05 13:23:33 2032
+# Fingerprint (MD5): 37:85:44:53:32:45:1F:20:F0:F3:95:E1:25:C4:43:4E
+# Fingerprint (SHA1): F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Taiwan GRCA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \364\213\021\277\336\253\276\224\124\040\161\346\101\336\153\276
 \210\053\100\271
@@ -9002,16 +9912,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Firmaprofesional Root CA"
 #
+# Issuer: E=ca@firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES
+# Serial Number: 1 (0x1)
+# Subject: E=ca@firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES
+# Not Valid Before: Wed Oct 24 22:00:00 2001
+# Not Valid After : Thu Oct 24 22:00:00 2013
+# Fingerprint (MD5): 11:92:79:40:3C:B1:83:40:E5:AB:66:4A:67:92:80:DF
+# Fingerprint (SHA1): A9:62:8F:4B:98:A9:1B:48:35:BA:D2:C1:46:32:86:BB:66:64:6A:8C
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Firmaprofesional Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\235\061\013\060\011\006\003\125\004\006\023\002\105\123
@@ -9110,16 +10027,23 @@ CKA_VALUE MULTILINE_OCTAL
 \071\361\047\313\310\100\326\343\206\020\251\043\022\222\340\151
 \101\143\247\257\045\013\300\305\222\313\036\230\243\132\272\305
 \063\017\240\227\001\335\177\340\173\326\006\124\317\241\342\115
 \070\353\113\120\265\313\046\364\312\332\160\112\152\241\342\171
 \252\341\247\063\366\375\112\037\366\331\140
 END
 
 # Trust for Certificate "Firmaprofesional Root CA"
+# Issuer: E=ca@firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES
+# Serial Number: 1 (0x1)
+# Subject: E=ca@firmaprofesional.com,CN=Autoridad de Certificacion Firmaprofesional CIF A62634068,L=C/ Muntaner 244 Barcelona,C=ES
+# Not Valid Before: Wed Oct 24 22:00:00 2001
+# Not Valid After : Thu Oct 24 22:00:00 2013
+# Fingerprint (MD5): 11:92:79:40:3C:B1:83:40:E5:AB:66:4A:67:92:80:DF
+# Fingerprint (SHA1): A9:62:8F:4B:98:A9:1B:48:35:BA:D2:C1:46:32:86:BB:66:64:6A:8C
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Firmaprofesional Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \251\142\217\113\230\251\033\110\065\272\322\301\106\062\206\273
 \146\144\152\214
@@ -9145,16 +10069,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Swisscom Root CA 1"
 #
+# Issuer: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Serial Number:5c:0b:85:5c:0b:e7:59:41:df:57:cc:3f:7f:9d:a8:36
+# Subject: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Not Valid Before: Thu Aug 18 12:06:20 2005
+# Not Valid After : Mon Aug 18 22:06:20 2025
+# Fingerprint (MD5): F8:38:7C:77:88:DF:2C:16:68:2E:C2:E2:52:4B:B8:F9
+# Fingerprint (SHA1): 5F:3A:FC:0A:8B:64:F6:86:67:34:74:DF:7E:A9:A2:FE:F9:FA:7A:51
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Swisscom Root CA 1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\144\061\013\060\011\006\003\125\004\006\023\002\143\150\061
@@ -9272,16 +10203,23 @@ CKA_VALUE MULTILINE_OCTAL
 \262\307\374\217\330\124\265\223\142\235\316\317\131\373\075\030
 \316\052\313\065\025\202\135\377\124\042\133\161\122\373\267\311
 \376\140\233\000\101\144\360\252\052\354\266\102\103\316\211\146
 \201\310\213\237\071\124\003\045\323\026\065\216\204\320\137\372
 \060\032\365\232\154\364\016\123\371\072\133\321\034
 END
 
 # Trust for Certificate "Swisscom Root CA 1"
+# Issuer: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Serial Number:5c:0b:85:5c:0b:e7:59:41:df:57:cc:3f:7f:9d:a8:36
+# Subject: CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
+# Not Valid Before: Thu Aug 18 12:06:20 2005
+# Not Valid After : Mon Aug 18 22:06:20 2025
+# Fingerprint (MD5): F8:38:7C:77:88:DF:2C:16:68:2E:C2:E2:52:4B:B8:F9
+# Fingerprint (SHA1): 5F:3A:FC:0A:8B:64:F6:86:67:34:74:DF:7E:A9:A2:FE:F9:FA:7A:51
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Swisscom Root CA 1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \137\072\374\012\213\144\366\206\147\064\164\337\176\251\242\376
 \371\372\172\121
@@ -9305,16 +10243,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "DigiCert Assured ID Root CA"
 #
+# Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
+# Subject: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
+# Fingerprint (SHA1): 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DigiCert Assured ID Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\145\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -9398,16 +10343,23 @@ CKA_VALUE MULTILINE_OCTAL
 \140\203\327\047\004\276\113\316\227\276\303\147\052\150\021\337
 \200\347\014\063\146\277\023\015\024\156\363\177\037\143\020\036
 \372\215\033\045\155\154\217\245\267\141\001\261\322\243\046\241
 \020\161\235\255\342\303\371\303\231\121\267\053\007\010\316\056
 \346\120\262\247\372\012\105\057\242\360\362
 END
 
 # Trust for Certificate "DigiCert Assured ID Root CA"
+# Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
+# Subject: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
+# Fingerprint (SHA1): 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DigiCert Assured ID Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \005\143\270\143\015\142\327\132\273\310\253\036\113\337\265\250
 \231\262\115\103
@@ -9431,16 +10383,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "DigiCert Global Root CA"
 #
+# Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
+# Subject: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): 79:E4:A9:84:0D:7D:3A:96:D7:C0:4F:E2:43:4C:89:2E
+# Fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DigiCert Global Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -9524,16 +10483,23 @@ CKA_VALUE MULTILINE_OCTAL
 \024\351\330\211\301\271\070\154\342\221\154\212\377\144\271\167
 \045\127\060\300\033\044\243\341\334\351\337\107\174\265\264\044
 \010\005\060\354\055\275\013\277\105\277\120\271\251\363\353\230
 \001\022\255\310\210\306\230\064\137\215\012\074\306\351\325\225
 \225\155\336
 END
 
 # Trust for Certificate "DigiCert Global Root CA"
+# Issuer: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
+# Subject: CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): 79:E4:A9:84:0D:7D:3A:96:D7:C0:4F:E2:43:4C:89:2E
+# Fingerprint (SHA1): A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DigiCert Global Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \250\230\135\072\145\345\345\304\262\327\326\155\100\306\335\057
 \261\234\124\066
@@ -9557,16 +10523,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "DigiCert High Assurance EV Root CA"
 #
+# Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
+# Subject: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): D4:74:DE:57:5C:39:B2:D3:9C:85:83:C5:C0:65:49:8A
+# Fingerprint (SHA1): 5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DigiCert High Assurance EV Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\154\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -9651,16 +10624,23 @@ CKA_VALUE MULTILINE_OCTAL
 \002\133\017\104\324\040\061\333\364\272\160\046\135\220\140\236
 \274\113\027\011\057\264\313\036\103\150\311\007\047\301\322\134
 \367\352\041\271\150\022\234\074\234\277\236\374\200\134\233\143
 \315\354\107\252\045\047\147\240\067\363\000\202\175\124\327\251
 \370\351\056\023\243\167\350\037\112
 END
 
 # Trust for Certificate "DigiCert High Assurance EV Root CA"
+# Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Serial Number:02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
+# Subject: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
+# Not Valid Before: Fri Nov 10 00:00:00 2006
+# Not Valid After : Mon Nov 10 00:00:00 2031
+# Fingerprint (MD5): D4:74:DE:57:5C:39:B2:D3:9C:85:83:C5:C0:65:49:8A
+# Fingerprint (SHA1): 5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DigiCert High Assurance EV Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \137\267\356\006\063\342\131\333\255\014\114\232\346\323\217\032
 \141\307\334\045
@@ -9684,16 +10664,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Certplus Class 2 Primary CA"
 #
+# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR
+# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
+# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR
+# Not Valid Before: Wed Jul 07 17:05:00 1999
+# Not Valid After : Sat Jul 06 23:59:59 2019
+# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B
+# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Certplus Class 2 Primary CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\075\061\013\060\011\006\003\125\004\006\023\002\106\122\061
@@ -9769,16 +10756,23 @@ CKA_VALUE MULTILINE_OCTAL
 \272\005\003\160\007\244\226\377\375\110\063\012\341\334\245\201
 \220\233\115\335\175\347\347\262\315\134\310\152\225\370\245\366
 \215\304\135\170\010\276\173\006\326\111\317\031\066\120\043\056
 \010\346\236\005\115\107\030\325\026\351\261\326\266\020\325\273
 \227\277\242\216\264\124
 END
 
 # Trust for Certificate "Certplus Class 2 Primary CA"
+# Issuer: CN=Class 2 Primary CA,O=Certplus,C=FR
+# Serial Number:00:85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23
+# Subject: CN=Class 2 Primary CA,O=Certplus,C=FR
+# Not Valid Before: Wed Jul 07 17:05:00 1999
+# Not Valid After : Sat Jul 06 23:59:59 2019
+# Fingerprint (MD5): 88:2C:8C:52:B8:A2:3C:F3:F7:BB:03:EA:AE:AC:42:0B
+# Fingerprint (SHA1): 74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Certplus Class 2 Primary CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \164\040\164\101\162\234\335\222\354\171\061\330\043\020\215\302
 \201\222\342\273
@@ -9799,16 +10793,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "DST Root CA X3"
 #
+# Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
+# Serial Number:44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
+# Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.
+# Not Valid Before: Sat Sep 30 21:12:19 2000
+# Not Valid After : Thu Sep 30 14:01:15 2021
+# Fingerprint (MD5): 41:03:52:DC:0F:F7:50:1B:16:F0:02:8E:BA:6F:45:C5
+# Fingerprint (SHA1): DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DST Root CA X3"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\077\061\044\060\042\006\003\125\004\012\023\033\104\151\147
@@ -9881,16 +10882,23 @@ CKA_VALUE MULTILINE_OCTAL
 \044\061\205\242\250\002\132\060\107\341\335\120\007\274\002\011
 \220\000\353\144\143\140\233\026\274\210\311\022\346\322\175\221
 \213\371\075\062\215\145\264\351\174\261\127\166\352\305\266\050
 \071\277\025\145\034\310\366\167\226\152\012\215\167\013\330\221
 \013\004\216\007\333\051\266\012\356\235\202\065\065\020
 END
 
 # Trust for Certificate "DST Root CA X3"
+# Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
+# Serial Number:44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
+# Subject: CN=DST Root CA X3,O=Digital Signature Trust Co.
+# Not Valid Before: Sat Sep 30 21:12:19 2000
+# Not Valid After : Thu Sep 30 14:01:15 2021
+# Fingerprint (MD5): 41:03:52:DC:0F:F7:50:1B:16:F0:02:8E:BA:6F:45:C5
+# Fingerprint (SHA1): DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DST Root CA X3"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \332\311\002\117\124\330\366\337\224\223\137\261\163\046\070\312
 \152\327\174\023
@@ -9912,16 +10920,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "DST ACES CA X6"
 #
+# Issuer: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Serial Number:0d:5e:99:0a:d6:9d:b7:78:ec:d8:07:56:3b:86:15:d9
+# Subject: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Not Valid Before: Thu Nov 20 21:19:58 2003
+# Not Valid After : Mon Nov 20 21:19:58 2017
+# Fingerprint (MD5): 21:D8:4C:82:2B:99:09:33:A2:EB:14:24:8D:8E:5F:E8
+# Fingerprint (SHA1): 40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DST ACES CA X6"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\133\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -10008,16 +11023,23 @@ CKA_VALUE MULTILINE_OCTAL
 \256\307\013\367\053\260\067\005\354\274\127\043\342\070\322\233
 \150\363\126\022\210\117\102\174\270\061\304\265\333\344\310\041
 \064\351\110\021\065\356\372\307\222\127\305\237\064\344\307\366
 \367\016\013\114\234\150\170\173\161\061\307\353\036\340\147\101
 \363\267\240\247\315\345\172\063\066\152\372\232\053
 END
 
 # Trust for Certificate "DST ACES CA X6"
+# Issuer: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Serial Number:0d:5e:99:0a:d6:9d:b7:78:ec:d8:07:56:3b:86:15:d9
+# Subject: CN=DST ACES CA X6,OU=DST ACES,O=Digital Signature Trust,C=US
+# Not Valid Before: Thu Nov 20 21:19:58 2003
+# Not Valid After : Mon Nov 20 21:19:58 2017
+# Fingerprint (MD5): 21:D8:4C:82:2B:99:09:33:A2:EB:14:24:8D:8E:5F:E8
+# Fingerprint (SHA1): 40:54:DA:6F:1C:3F:40:74:AC:ED:0F:EC:CD:DB:79:D1:53:FB:90:1D
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "DST ACES CA X6"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \100\124\332\157\034\077\100\164\254\355\017\354\315\333\171\321
 \123\373\220\035
@@ -10040,16 +11062,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "TURKTRUST Certificate Services Provider Root 1"
 #
+# Issuer: O=(c) 2005 T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hiz...,L=ANKARA,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=(c) 2005 T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hiz...,L=ANKARA,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Fri May 13 10:27:17 2005
+# Not Valid After : Sun Mar 22 10:27:17 2015
+# Fingerprint (MD5): F1:6A:22:18:C9:CD:DF:CE:82:1D:1D:B7:78:5C:A9:A5
+# Fingerprint (SHA1): 79:98:A3:08:E1:4D:65:85:E6:C2:1E:15:3A:71:9F:BA:5A:D3:4A:D9
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TURKTRUST Certificate Services Provider Root 1"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\267\061\077\060\075\006\003\125\004\003\014\066\124\303
@@ -10146,16 +11175,23 @@ CKA_VALUE MULTILINE_OCTAL
 \174\052\301\174\220\350\251\050\300\323\221\306\255\050\207\100
 \150\265\377\354\247\322\323\070\030\234\323\175\151\135\360\306
 \245\036\044\033\243\107\374\151\007\150\347\344\232\264\355\017
 \241\207\207\002\316\207\322\110\116\341\274\377\313\361\162\222
 \104\144\003\045\352\336\133\156\237\311\362\116\254\335\307
 END
 
 # Trust for Certificate "TURKTRUST Certificate Services Provider Root 1"
+# Issuer: O=(c) 2005 T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hiz...,L=ANKARA,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=(c) 2005 T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hiz...,L=ANKARA,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Fri May 13 10:27:17 2005
+# Not Valid After : Sun Mar 22 10:27:17 2015
+# Fingerprint (MD5): F1:6A:22:18:C9:CD:DF:CE:82:1D:1D:B7:78:5C:A9:A5
+# Fingerprint (SHA1): 79:98:A3:08:E1:4D:65:85:E6:C2:1E:15:3A:71:9F:BA:5A:D3:4A:D9
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TURKTRUST Certificate Services Provider Root 1"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \171\230\243\010\341\115\145\205\346\302\036\025\072\161\237\272
 \132\323\112\331
@@ -10183,16 +11219,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "TURKTRUST Certificate Services Provider Root 2"
 #
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Mon Nov 07 10:07:57 2005
+# Not Valid After : Wed Sep 16 10:07:57 2015
+# Fingerprint (MD5): 37:A5:6E:D4:B1:25:84:97:B7:FD:56:15:7A:F9:A2:00
+# Fingerprint (SHA1): B4:35:D4:E1:11:9D:1C:66:90:A7:49:EB:B3:94:BD:63:7B:A7:82:B7
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TURKTRUST Certificate Services Provider Root 2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\276\061\077\060\075\006\003\125\004\003\014\066\124\303
@@ -10295,16 +11338,23 @@ CKA_VALUE MULTILINE_OCTAL
 \270\121\011\214\352\175\315\210\162\263\140\063\261\360\012\104
 \357\017\365\011\067\210\044\016\054\153\040\072\242\372\021\362
 \100\065\234\104\150\143\073\254\063\157\143\274\054\273\362\322
 \313\166\175\175\210\330\035\310\005\035\156\274\224\251\146\214
 \167\161\307\372\221\372\057\121\236\351\071\122\266\347\004\102
 END
 
 # Trust for Certificate "TURKTRUST Certificate Services Provider Root 2"
+# Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Serial Number: 1 (0x1)
+# Subject: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,L=Ankara,C=TR,CN=T..RKTRUST Elektronik Sertifika Hizmet Sa..lay..c..s..
+# Not Valid Before: Mon Nov 07 10:07:57 2005
+# Not Valid After : Wed Sep 16 10:07:57 2015
+# Fingerprint (MD5): 37:A5:6E:D4:B1:25:84:97:B7:FD:56:15:7A:F9:A2:00
+# Fingerprint (SHA1): B4:35:D4:E1:11:9D:1C:66:90:A7:49:EB:B3:94:BD:63:7B:A7:82:B7
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "TURKTRUST Certificate Services Provider Root 2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \264\065\324\341\021\235\034\146\220\247\111\353\263\224\275\143
 \173\247\202\267
@@ -10333,16 +11383,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "SwissSign Platinum CA - G2"
 #
+# Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
+# Serial Number:4e:b2:00:67:0c:03:5d:4f
+# Subject: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:36:00 2006
+# Not Valid After : Sat Oct 25 08:36:00 2036
+# Fingerprint (MD5): C9:98:27:77:28:1E:3D:0E:15:3C:84:00:B8:85:03:E6
+# Fingerprint (SHA1): 56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SwissSign Platinum CA - G2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\111\061\013\060\011\006\003\125\004\006\023\002\103\110\061
@@ -10454,16 +11511,23 @@ CKA_VALUE MULTILINE_OCTAL
 \030\302\174\307\352\257\166\005\026\335\147\047\302\176\034\007
 \042\041\363\100\012\033\064\007\104\023\302\204\152\216\337\031
 \132\277\177\353\035\342\032\070\321\134\257\107\222\153\200\265
 \060\245\311\215\330\253\061\201\037\337\302\146\067\323\223\251
 \205\206\171\145\322
 END
 
 # Trust for Certificate "SwissSign Platinum CA - G2"
+# Issuer: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
+# Serial Number:4e:b2:00:67:0c:03:5d:4f
+# Subject: CN=SwissSign Platinum CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:36:00 2006
+# Not Valid After : Sat Oct 25 08:36:00 2036
+# Fingerprint (MD5): C9:98:27:77:28:1E:3D:0E:15:3C:84:00:B8:85:03:E6
+# Fingerprint (SHA1): 56:E0:FA:C0:3B:8F:18:23:55:18:E5:D3:11:CA:E8:C2:43:31:AB:66
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SwissSign Platinum CA - G2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \126\340\372\300\073\217\030\043\125\030\345\323\021\312\350\302
 \103\061\253\146
@@ -10484,16 +11548,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "SwissSign Gold CA - G2"
 #
+# Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
+# Serial Number:00:bb:40:1c:43:f5:5e:4f:b0
+# Subject: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:30:35 2006
+# Not Valid After : Sat Oct 25 08:30:35 2036
+# Fingerprint (MD5): 24:77:D9:A8:91:D1:3B:FA:88:2D:C2:FF:F8:CD:33:93
+# Fingerprint (SHA1): D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SwissSign Gold CA - G2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\105\061\013\060\011\006\003\125\004\006\023\002\103\110\061
@@ -10604,16 +11675,23 @@ CKA_VALUE MULTILINE_OCTAL
 \144\301\001\236\351\312\240\152\230\016\317\330\140\362\057\111
 \270\344\102\341\070\065\026\364\310\156\117\367\201\126\350\272
 \243\276\043\257\256\375\157\003\340\002\073\060\166\372\033\155
 \101\317\001\261\351\270\311\146\364\333\046\363\072\244\164\362
 \111\044\133\311\260\320\127\301\372\076\172\341\227\311
 END
 
 # Trust for Certificate "SwissSign Gold CA - G2"
+# Issuer: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
+# Serial Number:00:bb:40:1c:43:f5:5e:4f:b0
+# Subject: CN=SwissSign Gold CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:30:35 2006
+# Not Valid After : Sat Oct 25 08:30:35 2036
+# Fingerprint (MD5): 24:77:D9:A8:91:D1:3B:FA:88:2D:C2:FF:F8:CD:33:93
+# Fingerprint (SHA1): D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SwissSign Gold CA - G2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \330\305\070\212\267\060\033\033\156\324\172\346\105\045\072\157
 \237\032\047\141
@@ -10634,16 +11712,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "SwissSign Silver CA - G2"
 #
+# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
+# Serial Number:4f:1b:d4:2f:54:bb:2f:4b
+# Subject: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:32:46 2006
+# Not Valid After : Sat Oct 25 08:32:46 2036
+# Fingerprint (MD5): E0:06:A1:C9:7D:CF:C9:FC:0D:C0:56:75:96:D8:62:13
+# Fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SwissSign Silver CA - G2"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\107\061\013\060\011\006\003\125\004\006\023\002\103\110\061
@@ -10755,16 +11840,23 @@ CKA_VALUE MULTILINE_OCTAL
 \000\275\252\363\116\006\243\172\152\371\142\162\343\011\117\353
 \233\016\001\043\361\237\273\174\334\334\154\021\227\045\262\362
 \264\143\024\322\006\052\147\214\203\365\316\352\007\330\232\152
 \036\354\344\012\273\052\114\353\011\140\071\316\312\142\330\056
 \156
 END
 
 # Trust for Certificate "SwissSign Silver CA - G2"
+# Issuer: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
+# Serial Number:4f:1b:d4:2f:54:bb:2f:4b
+# Subject: CN=SwissSign Silver CA - G2,O=SwissSign AG,C=CH
+# Not Valid Before: Wed Oct 25 08:32:46 2006
+# Not Valid After : Sat Oct 25 08:32:46 2036
+# Fingerprint (MD5): E0:06:A1:C9:7D:CF:C9:FC:0D:C0:56:75:96:D8:62:13
+# Fingerprint (SHA1): 9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SwissSign Silver CA - G2"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \233\252\345\237\126\356\041\313\103\132\276\045\223\337\247\360
 \100\321\035\313
@@ -10785,16 +11877,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "GeoTrust Primary Certification Authority"
 #
+# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
+# Serial Number:18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1
+# Subject: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
+# Not Valid Before: Mon Nov 27 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): 02:26:C3:01:5E:08:30:37:43:A9:D0:7D:CF:37:E6:BF
+# Fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Primary Certification Authority"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -10872,16 +11971,23 @@ CKA_VALUE MULTILINE_OCTAL
 \122\063\355\247\311\322\071\002\160\372\340\261\102\146\051\252
 \233\121\355\060\124\042\024\137\331\253\035\301\344\224\360\370
 \365\053\367\352\312\170\106\326\270\221\375\246\015\053\032\024
 \001\076\200\360\102\240\225\007\136\155\315\314\113\244\105\215
 \253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131
 END
 
 # Trust for Certificate "GeoTrust Primary Certification Authority"
+# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
+# Serial Number:18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1
+# Subject: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
+# Not Valid Before: Mon Nov 27 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): 02:26:C3:01:5E:08:30:37:43:A9:D0:7D:CF:37:E6:BF
+# Fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "GeoTrust Primary Certification Authority"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \062\074\021\216\033\367\270\266\122\124\342\342\020\015\326\002
 \220\067\360\226
@@ -10904,16 +12010,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "thawte Primary Root CA"
 #
+# Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Serial Number:34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
+# Subject: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Not Valid Before: Fri Nov 17 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): 8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12
+# Fingerprint (SHA1): 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "thawte Primary Root CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\251\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -11012,16 +12125,23 @@ CKA_VALUE MULTILINE_OCTAL
 \273\101\310\301\002\371\104\143\040\236\201\316\102\323\326\077
 \054\166\323\143\234\131\335\217\246\341\016\240\056\101\367\056
 \225\107\317\274\375\063\363\366\013\141\176\176\221\053\201\107
 \302\047\060\356\247\020\135\067\217\134\071\053\344\004\360\173
 \215\126\214\150
 END
 
 # Trust for Certificate "thawte Primary Root CA"
+# Issuer: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Serial Number:34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
+# Subject: CN=thawte Primary Root CA,OU="(c) 2006 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
+# Not Valid Before: Fri Nov 17 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): 8C:CA:DC:0B:22:CE:F5:BE:72:AC:41:1A:11:A8:D8:12
+# Fingerprint (SHA1): 91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "thawte Primary Root CA"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \221\306\326\356\076\212\310\143\204\345\110\302\231\051\134\165
 \154\201\173\201
@@ -11049,16 +12169,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
 #
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Wed Nov 08 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): CB:17:E4:31:67:3E:E2:09:FE:45:57:93:F3:0A:FA:1C
+# Fingerprint (SHA1): 4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G5"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
@@ -11172,16 +12299,23 @@ CKA_VALUE MULTILINE_OCTAL
 \136\050\266\236\205\323\133\357\245\175\105\100\162\216\267\016
 \153\016\006\373\063\065\110\161\270\235\047\213\304\145\137\015
 \206\166\234\104\172\366\225\134\366\135\062\010\063\244\124\266
 \030\077\150\134\362\102\112\205\070\124\203\137\321\350\054\362
 \254\021\326\250\355\143\152
 END
 
 # Trust for Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Serial Number:18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU="(c) 2006 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
+# Not Valid Before: Wed Nov 08 00:00:00 2006
+# Not Valid After : Wed Jul 16 23:59:59 2036
+# Fingerprint (MD5): CB:17:E4:31:67:3E:E2:09:FE:45:57:93:F3:0A:FA:1C
+# Fingerprint (SHA1): 4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5
 CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "VeriSign Class 3 Public Primary Certification Authority - G5"
 CKA_CERT_SHA1_HASH MULTILINE_OCTAL
 \116\266\325\170\111\233\034\317\137\130\036\255\126\276\075\233
 \147\104\245\345
@@ -11211,16 +12345,23 @@ END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "SecureTrust CA"
 #
+# Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
+# Serial Number:0c:f0:8e:5c:08:16:a5:ad:42:7f:f0:eb:27:18:59:d0
+# Subject: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
+# Not Valid Before: Tue Nov 07 19:31:18 2006
+# Not Valid After : Mon Dec 31 19:40:55 2029
+# Fingerprint (MD5): DC:32:C3:A7:6D:25:57:C7:68:09:9D:EA:2D:A9:A2:D1
+# Fingerprint (SHA1): 87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "SecureTrust CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
 CKA_SUBJECT MULTILINE_OCTAL
 \060\110\061\013\060\011\006\003\125\004\006\023\002\125\123\061
@@ -11300,16 +12441,23 @@ CKA_VALUE MULTILINE_OCTAL
 \055\236\104\060\060\154\356\007\336\322\064\374\322\377\100\366
 \113\364\146\106\006\124\246\362\062\012\143\046\060\153\233\321
 \334\213\107\272\341\271\325\142\320\242\240\364\147\005\170\051
 \143\032\157\004\326\370\306\114\243\232\261\067\264\215\345\050
 \113\035\236\054\302\270\150\274\355\002\356\061
 END
 
 # Trust for Certificate "SecureTrust CA"
+# Issuer: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
+# Serial Number:0c:f0:8e:5c:08:16:a5:ad:42:7f:f0:eb:27:18:59:d0
+# Subject: CN=SecureTrust CA,O=SecureTrust Corporation,C=US
+# Not Valid Before: Tue Nov 07 19:31:18 2006
+# Not Valid After : Mon Dec 31 19:40:55 2029
+# Fingerprint (MD5): DC:32:C3:A7:6D:25:57:C7:68:09:9D:EA:2D:A9:A2:D1
+# Fingerprint (SHA1): 87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11
 CKA_CLASS C