[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS dumping core



I am getting repeatable slapd core dumps when trying to use TLS with the CVS
HEAD version of openldap. Here are the details:

* openldap HEAD from CVS as of 2005-10-16 1135 GMT, unmodified

* built under FreeBSD 5.4-RELEASE

    $ openssl version
    OpenSSL 0.9.7e 25 Oct 2004

* compiled using:

    $ ./configure --prefix=/opt/openldap-cvs --disable-bdb --disable-hdb \
      --disable-ldbm --enable-shell
    $ make depend && make
    $ sudo make install STRIP="-v"

* /opt/openldap-cvs/etc/openldap/slapd.conf contains:

include         /opt/openldap-cvs/etc/openldap/schema/core.schema
pidfile         /opt/openldap-cvs/var/run/slapd.pid
argsfile        /opt/openldap-cvs/var/run/slapd.args
TLSCACertificateFile    /opt/openldap-cvs/etc/openldap/cacert.pem
TLSCertificateFile      /opt/openldap-cvs/etc/openldap/servercrt.pem
TLSCertificateKeyFile   /opt/openldap-cvs/etc/openldap/serverkey.pem

database        shell
suffix          "dc=example,dc=com"
search          /opt/openldap-cvs/searchexample.sh

* SSL files created as per http://www.openldap.org/faq/index.cgi?_highlightWords=ssl&file=185

    # mkdir /var/myca
    # cd /var/myca
    # sh /usr/src/crypto/openssl/apps/CA.sh -newca
    ...
    # openssl req -new -nodes -keyout newreq.pem -out newreq.pem
    ...
    # sh /usr/src/crypto/openssl/apps/CA.sh -sign 
    ...
    # cp demoCA/cacert.pem /opt/openldap-cvs/etc/openldap/cacert.pem
    # cp newcert.pem /opt/openldap-cvs/etc/openldap/servercrt.pem
    # cp newreq.pem /opt/openldap-cvs/etc/openldap/serverkey.pem
    # chmod 600 /opt/openldap-cvs/etc/openldap/serverkey.pem

[aside: I think these instructions are somewhat broken, as you'd never send
a _private_ key to a CA for signing, but I also tried other crt.pem and
key.pem files and that didn't make any difference]

* started using

    # gdb /opt/openldap-cvs/libexec/slapd
    run -d 255

* issue the following client command:

    $ /opt/openldap-cvs/bin/ldapsearch -Z -b "dc=example,dc=com" \
      -H ldap://localhost "(uid=brian)"

(this command works fine without the -Z flag)

* slapd then crashes. gdb reports

daemon: activity on 1 descriptor
slap_listener_activate(11): 
daemon: select: listen=10 active_threads=0 tvp=NULL
daemon: select: listen=11 busy
daemon: activity on 1 descriptor
slap_listener_activate(11): busy
daemon: select: listen=10 active_threads=0 tvp=NULL
daemon: select: listen=11 busy
daemon: listen=11, new connection on 12
daemon: added 12r
daemon: accept(11) failed errno=35 (Resource temporarily unavailable)
daemon: activity on 1 descriptor
daemon: waked
daemon: select: listen=10 active_threads=0 tvp=NULL
daemon: select: listen=11 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read activity on 12
daemon: select: listen=10 active_threads=0 tvp=NULL
daemon: select: listen=11 active_threads=0 tvp=NULL
connection_get(12)
connection_get(12): got connid=2
connection_read(12): checking for input on id=2
ber_get_next
ldap_read: want=8, got=8
  0000:  30 1d 02 01 01 77 18 80                            0....w..          
ldap_read: want=23, got=23
  0000:  16 31 2e 33 2e 36 2e 31  2e 34 2e 31 2e 31 34 36   .1.3.6.1.4.1.146  
  0010:  36 2e 32 30 30 33 37                               6.20037           
ber_get_next: tag 0x30 len 29 contents:
ber_dump: buf=0x081bd740 ptr=0x081bd740 end=0x081bd75d len=29
  0000:  02 01 01 77 18 80 16 31  2e 33 2e 36 2e 31 2e 34   ...w...1.3.6.1.4  
  0010:  2e 31 2e 31 34 36 36 2e  32 30 30 33 37            .1.1466.20037     
ber_get_next
ldap_read: want=8 error=(null)
ber_get_next on fd 12 failed errno=35 (Resource temporarily unavailable)
do_extended
ber_scanf fmt ({m) ber:
ber_dump: buf=0x081bd740 ptr=0x081bd743 end=0x081bd75d len=26
  0000:  77 18 80 16 31 2e 33 2e  36 2e 31 2e 34 2e 31 2e   w...1.3.6.1.4.1.  
  0010:  31 34 36 36 2e 32 30 30  33 37                     1466.20037        
do_extended: oid=1.3.6.1.4.1.1466.20037
send_ldap_extended: err=0 oid= len=0
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 12
  0000:  30 0c 02 01 01 78 07 0a  01 00 04 00 04 00         0....x........    
ldap_write: want=14, written=14
  0000:  30 0c 02 01 01 78 07 0a  01 00 04 00 04 00         0....x........    
daemon: activity on 1 descriptor
daemon: waked
daemon: select: listen=10 active_threads=0 tvp=NULL
daemon: select: listen=11 active_threads=0 tvp=NULL
daemon: activity on 1 descriptor
daemon: activity on: 12r
daemon: read activity on 12
daemon: select: listen=10 active_threads=0 tvp=NULL
daemon: select: listen=11 active_threads=0 tvp=NULL
connection_get(12)
connection_get(12): got connid=2
connection_read(12): checking for input on id=2
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
  0000:  30 0c 02 01 02 60 07 02  01 03 04                  0....`.....       
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_srvr.c:585
connection_read(12): TLS accept error error=-1 id=2, closing
connection_closing: readying conn=2 sd=12 for close
connection_close: conn=2 sd=12
daemon: removing 12
Assertion failed: (SLAP_SOCK_IS_ACTIVE( s )), function slapd_set_read, file daemon.c, line 548.

Program terminated with signal SIGABRT, Aborted.
The program no longer exists.
(gdb) bt
No stack.
(gdb)

* I get a similar problem if I try to use ldaps:/// instead.

    # gdb /opt/openldap-cvs/libexec/slapd
    run -h ldaps:/// -d 255

    $ /opt/openldap-cvs/bin/ldapsearch -b "dc=example,dc=com" \
      -H ldaps://localhost "(uid=brian)"

gdb shows this time:

...
daemon: select: listen=10 active_threads=0 tvp=NULL
connection_get(11)
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=0

TLS: can't accept.
connection_read(11): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=11 for close
connection_close: conn=0 sd=11
daemon: removing 11
Assertion failed: (SLAP_SOCK_IS_ACTIVE( s )), function slapd_set_read, file
daemon.c, line 548.

Program terminated with signal SIGABRT, Aborted.
The program no longer exists.
(gdb) bt
No stack.
(gdb)

And here's what the core dump shows:

# gdb -c slapd.core /opt/openldap-cvs/libexec/slapd
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `slapd'.
Program terminated with signal 6, Aborted.
Reading symbols from /usr/lib/libssl.so.3...done.
Loaded symbols for /usr/lib/libssl.so.3
Reading symbols from /lib/libcrypto.so.3...done.
Loaded symbols for /lib/libcrypto.so.3
Reading symbols from /usr/lib/libfetch.so.3...done.
Loaded symbols for /usr/lib/libfetch.so.3
Reading symbols from /usr/lib/libcom_err.so.2...done.
Loaded symbols for /usr/lib/libcom_err.so.2
Reading symbols from /usr/lib/libpthread.so.1...done.
Loaded symbols for /usr/lib/libpthread.so.1
Reading symbols from /lib/libc.so.5...done.
Loaded symbols for /lib/libc.so.5
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x282b431b in pthread_testcancel () from /usr/lib/libpthread.so.1
(gdb) bt
#0  0x282b431b in pthread_testcancel () from /usr/lib/libpthread.so.1
#1  0x282a5145 in sigaction () from /usr/lib/libpthread.so.1
#2  0x2829f1dd in pthread_kill () from /usr/lib/libpthread.so.1
#3  0x2829ebac in raise () from /usr/lib/libpthread.so.1
#4  0x2836fc1b in abort () from /lib/libc.so.5
#5  0x2834a9ff in __assert () from /lib/libc.so.5
#6  0x08057cd5 in slapd_set_read (s=12, wake=1) at daemon.c:548
#7  0x0805dc67 in connection_read_thread (ctx=0xbf6ece20, argv=0xc)
    at connection.c:1583
#8  0x080cb99b in ldap_int_thread_pool_wrapper (xpool=0x815ebc0) at tpool.c:619
#9  0x282a0af1 in pthread_create () from /usr/lib/libpthread.so.1
#10 0x2835b253 in _ctx_start () from /lib/libc.so.5
(gdb) 

Any pointers as to what's happening here? It seems to me that SSL_accept is
failing, but why would this be, and isn't this a condition which should be
caught gracefully rather than dumping core?

A couple of other interesting things I tried:

    $ openssl s_client -connect localhost:636

This actually connected successfully, negotating TLS, without dumping core
on the server:

    ...
    No client certificate CA names sent
    ---
    SSL handshake has read 2446 bytes and written 340 bytes
    ---
    New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
    Server public key is 1024 bit
    SSL-Session:
        Protocol  : TLSv1
        Cipher    : DHE-RSA-AES256-SHA
        Session-ID: 8AF8D0B2D1A660B5B63AB66CFEBAF02747E7FDE9D9E94BD409BBF74CD174BF24
        Session-ID-ctx: 
        Master-Key: 5775262D0472AB8C57C30EFE37CA17215789516086299261145EA434B682826D92683583B51C7FBB92949A0906BFF342
        Key-Arg   : None
        Start Time: 1129466573
        Timeout   : 300 (sec)
        Verify return code: 19 (self signed certificate in certificate chain)
    ---

Secondly, if I use telnet to connect to port 636 and then disconnect without
sending anything, slapd dumps core again.

So there seem to be two problems here:

(1) ldapsearch is sending something bad (perhaps just operator error, e.g. I
didn't set LDAPTLS_CACERT first)

(2) slapd is crashing in response to this bad thing. If so, that's clearly a
bug, as it leaves open a trivial DoS attack.

Thinking along these lines, I also tried

$ env LDAPTLS_REQCERT=never /opt/openldap-cvs/bin/ldapsearch -b "dc=example,dc=com" -H ldaps://localhost "(uid=brian)"

but that gave the same core dump as before.

Regards,

Brian.


P.S. Here is some output from `tcpdump -i lo0 -n -s 1500 -X tcp port 636`

(1) When I type `env LDAPTLS_REQCERT=never /opt/openldap-cvs/bin/ldapsearch -b "dc=example,dc=com" -H ldaps://localhost "(uid=brian)"`
which crashes slapd:

13:48:26.615659 IP 127.0.0.1.60207 > 127.0.0.1.636: S 202213163:202213163(0) win 65535 <mss 16344,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 31980986 0>
        0x0000:  4500 0040 b437 4000 4006 887e 7f00 0001  E..@.7@.@..~....
        0x0010:  7f00 0001 eb2f 027c 0c0d 872b 0000 0000  ...../.|...+....
        0x0020:  b002 ffff 7d53 0000 0204 3fd8 0101 0402  ....}S....?.....
        0x0030:  0103 0301 0101 080a 01e7 fdba 0000 0000  ................
13:48:26.615719 IP 127.0.0.1.636 > 127.0.0.1.60207: S 358272328:358272328(0) ack 202213164 win 65535 <mss 16344,nop,wscale 1,nop,nop,timestamp 31980986 31980986,nop,nop,sackOK>
        0x0000:  4500 0040 b438 4000 4006 887d 7f00 0001  E..@.8@.@..}....
        0x0010:  7f00 0001 027c eb2f 155a cd48 0c0d 872c  .....|./.Z.H...,
        0x0020:  b012 ffff 9afd 0000 0204 3fd8 0103 0301  ..........?.....
        0x0030:  0101 080a 01e7 fdba 01e7 fdba 0101 0402  ................
13:48:26.615748 IP 127.0.0.1.60207 > 127.0.0.1.636: . ack 1 win 35840 <nop,nop,timestamp 31980986 31980986>
        0x0000:  4500 0034 b439 4000 4006 8888 7f00 0001  E..4.9@.@.......
        0x0010:  7f00 0001 eb2f 027c 0c0d 872c 155a cd49  ...../.|...,.Z.I
        0x0020:  8010 8c00 89ed 0000 0101 080a 01e7 fdba  ................
        0x0030:  01e7 fdba                                ....
13:48:26.627131 IP 127.0.0.1.60207 > 127.0.0.1.636: F 1:1(0) ack 1 win 35840 <nop,nop,timestamp 31980987 31980986>
        0x0000:  4500 0034 b43a 4000 4006 8887 7f00 0001  E..4.:@.@.......
        0x0010:  7f00 0001 eb2f 027c 0c0d 872c 155a cd49  ...../.|...,.Z.I
        0x0020:  8011 8c00 89eb 0000 0101 080a 01e7 fdbb  ................
        0x0030:  01e7 fdba                                ....
13:48:26.627771 IP 127.0.0.1.636 > 127.0.0.1.60207: . ack 2 win 35840 <nop,nop,timestamp 31980987 31980987>
        0x0000:  4500 0034 b43b 4000 4006 8886 7f00 0001  E..4.;@.@.......
        0x0010:  7f00 0001 027c eb2f 155a cd49 0c0d 872d  .....|./.Z.I...-
        0x0020:  8010 8c00 89ea 0000 0101 080a 01e7 fdbb  ................
        0x0030:  01e7 fdbb                                ....
13:48:26.629070 IP 127.0.0.1.636 > 127.0.0.1.60207: F 1:1(0) ack 2 win 35840 <nop,nop,timestamp 31980987 31980987>
        0x0000:  4500 0034 b43c 4000 4006 8885 7f00 0001  E..4.<@.@.......
        0x0010:  7f00 0001 027c eb2f 155a cd49 0c0d 872d  .....|./.Z.I...-
        0x0020:  8011 8c00 89e9 0000 0101 080a 01e7 fdbb  ................
        0x0030:  01e7 fdbb                                ....
13:48:26.629138 IP 127.0.0.1.60207 > 127.0.0.1.636: . ack 2 win 35839 <nop,nop,timestamp 31980987 31980987>
        0x0000:  4500 0034 b43d 4000 4006 8884 7f00 0001  E..4.=@.@.......
        0x0010:  7f00 0001 eb2f 027c 0c0d 872d 155a cd4a  ...../.|...-.Z.J
        0x0020:  8010 8bff 89ea 0000 0101 080a 01e7 fdbb  ................
        0x0030:  01e7 fdbb                                ....

As far as I can tell, ldapsearch is just connecting to port 636 and
immediately disconnecting, which is what made me think of trying to telnet
to port 636 and disconnect to replicate the problem.

(2) When I type `openssl s_client -connect localhost:636`, which
connects successfully:

13:49:11.810177 IP 127.0.0.1.63399 > 127.0.0.1.636: S 2189293018:2189293018(0) win 65535 <mss 16344,nop,nop,sackOK,nop,wscale 1,nop,nop,timestamp 31985505 0>
        0x0000:  4500 0040 b440 4000 4006 8875 7f00 0001  E..@.@@.@..u....
        0x0010:  7f00 0001 f7a7 027c 827d f5da 0000 0000  .......|.}......
        0x0020:  b002 ffff 7a14 0000 0204 3fd8 0101 0402  ....z.....?.....
        0x0030:  0103 0301 0101 080a 01e8 0f61 0000 0000  ...........a....
13:49:11.810238 IP 127.0.0.1.636 > 127.0.0.1.63399: S 2398385796:2398385796(0) ack 2189293019 win 65535 <mss 16344,nop,wscale 1,nop,nop,timestamp 31985505 31985505,nop,nop,sackOK>
        0x0000:  4500 0040 b441 4000 4006 8874 7f00 0001  E..@.A@.@..t....
        0x0010:  7f00 0001 027c f7a7 8ef4 7684 827d f5db  .....|....v..}..
        0x0020:  b012 ffff 6341 0000 0204 3fd8 0103 0301  ....cA....?.....
        0x0030:  0101 080a 01e8 0f61 01e8 0f61 0101 0402  .......a...a....
13:49:11.810267 IP 127.0.0.1.63399 > 127.0.0.1.636: . ack 1 win 35840 <nop,nop,timestamp 31985505 31985505>
        0x0000:  4500 0034 b442 4000 4006 887f 7f00 0001  E..4.B@.@.......
        0x0010:  7f00 0001 f7a7 027c 827d f5db 8ef4 7685  .......|.}....v.
        0x0020:  8010 8c00 5231 0000 0101 080a 01e8 0f61  ....R1.........a
        0x0030:  01e8 0f61                                ...a
13:49:11.811534 IP 127.0.0.1.63399 > 127.0.0.1.636: P 1:143(142) ack 1 win 35840 <nop,nop,timestamp 31985505 31985505>
        0x0000:  4500 00c2 b443 4000 4006 87f0 7f00 0001  E....C@.@.......
        0x0010:  7f00 0001 f7a7 027c 827d f5db 8ef4 7685  .......|.}....v.
        0x0020:  8018 8c00 1f3b 0000 0101 080a 01e8 0f61  .....;.........a
        0x0030:  01e8 0f61 808c 0103 0100 6300 0000 2000  ...a......c.....
        0x0040:  0039 0000 3800 0035 0000 1600 0013 0000  .9..8..5........
        0x0050:  0a07 00c0 0000 3300 0032 0000 2f03 0080  ......3..2../...
        0x0060:  0000 6600 0005 0000 0401 0080 0800 8000  ..f.............
        0x0070:  0063 0000 6200 0061 0000 1500 0012 0000  .c..b..a........
        0x0080:  0906 0040 0000 6500 0064 0000 6000 0014  ...@..e..d..`...
        0x0090:  0000 1100 0008 0000 0604 0080 0000 0302  ................
        0x00a0:  0080 8989 8716 2cbf 65e7 c082 5cda 11b3  ......,.e...\...
        0x00b0:  37ea baf7 e17a 92e3 b0ae 0ca2 c840 6aba  7....z.......@j.
        0x00c0:  f2c4                                     ..
13:49:11.870916 IP 127.0.0.1.636 > 127.0.0.1.63399: P 1:2388(2387) ack 143 win 35840 <nop,nop,timestamp 31985511 31985505>
        0x0000:  4500 0987 b444 4000 4006 7f2a 7f00 0001  E....D@.@..*....
        0x0010:  7f00 0001 027c f7a7 8ef4 7685 827d f669  .....|....v..}.i
        0x0020:  8018 8c00 ffb3 0000 0101 080a 01e8 0f67  ...............g
        0x0030:  01e8 0f61 1603 0100 4a02 0000 4603 0143  ...a....J...F..C
        0x0040:  524c 472d d1b4 4e51 e696 6f72 2ed1 e8c0  RLG-..NQ..or....
        0x0050:  88ba 2b62 9082 ae59 dedb 34f8 be47 3d20  ..+b...Y..4..G=.
        0x0060:  f596 e286 f8f5 2d4b abc2 c08d 5da4 ad6d  ......-K....]..m
        0x0070:  3aff 4e0f 92f9 8699 5445 5583 cc85 a6f7  :.N.....TEU.....
        0x0080:  0039 0016 0301 0764 0b00 0760 0007 5d00  .9.....d...`..].
        0x0090:  03c6 3082 03c2 3082 032b a003 0201 0202  ..0...0..+......
        0x00a0:  0101 300d 0609 2a86 4886 f70d 0101 0405  ..0...*.H.......
        0x00b0:  0030 818c 310b 3009 0603 5504 0613 0247  .0..1.0...U....G
        0x00c0:  4231 0f30 0d06 0355 0408 1306 4c6f 6e64  B1.0...U....Lond
        0x00d0:  6f6e 310f 300d 0603 5504 0713 064c 6f6e  on1.0...U....Lon
        0x00e0:  646f 6e31 1530 1306 0355 040a 130c 414d  don1.0...U....AM
        0x00f0:  5320 3137 3639 204c 7464 310b 3009 0603  S.1769.Ltd1.0...
        0x0100:  5504 0b13 0243 4131 1330 1106 0355 0403  U....CA1.0...U..
        0x0110:  130a 6c69 6e6e 6574 2e6f 7267 3122 3020  ..linnet.org1"0.
        0x0120:  0609 2a86 4886 f70d 0109 0116 1362 2e63  ..*.H........b.c
        0x0130:  616e 646c 6572 4070 6f62 6f78 2e63 6f6d  andler@pobox.com
        0x0140:  301e 170d 3035 3130 3136 3131 3533 3435  0...051016115345
        0x0150:  5a17 0d30 3631 3031 3631 3135 3334 355a  Z..061016115345Z
        0x0160:  3081 9c31 0b30 0906 0355 0406 1302 4742  0..1.0...U....GB
        0x0170:  310f 300d 0603 5504 0813 064c 6f6e 646f  1.0...U....Londo
        0x0180:  6e31 0f30 0d06 0355 0407 1306 4c6f 6e64  n1.0...U....Lond
        0x0190:  6f6e 3115 3013 0603 5504 0a13 0c41 4d53  on1.0...U....AMS
        0x01a0:  2031 3736 3920 4c74 6431 1430 1206 0355  .1769.Ltd1.0...U
        0x01b0:  040b 130b 4c44 4150 2073 6572 7665 7231  ....LDAP.server1
        0x01c0:  1a30 1806 0355 0403 1311 6d61 7070 6974  .0...U....mappit
        0x01d0:  2e6c 696e 6e65 742e 6f72 6731 2230 2006  .linnet.org1"0..
        0x01e0:  092a 8648 86f7 0d01 0901 1613 622e 6361  .*.H........b.ca
        0x01f0:  6e64 6c65 7240 706f 626f 782e 636f 6d30  ndler@pobox.com0
        0x0200:  819f 300d 0609 2a86 4886 f70d 0101 0105  ..0...*.H.......
        0x0210:  0003 818d 0030 8189 0281 8100 e0b5 236d  .....0........#m
        0x0220:  93f3 5767 daa6 b6a7 af66 0ee8 cbc9 282c  ..Wg.....f....(,
        0x0230:  35f1 eef6 a9e2 908f f74c ff86 9569 b60f  5........L...i..
        0x0240:  ee3b b443 8675 6e72 463d 4a29 4a57 3658  .;.C.unrF=J)JW6X
        0x0250:  884a eb1e eed2 6fa7 90c0 92f6 c75e b15f  .J....o......^._
        0x0260:  6858 a0b7 f776 f247 fe12 1496 3d97 7d09  hX...v.G....=.}.
        0x0270:  1579 2ea5 bb1f 36d9 eafd ef30 e841 61f0  .y....6....0.Aa.
        0x0280:  05e0 c9d8 dad0 dbfa 1f8a 156e c9bd 065d  ...........n...]
        0x0290:  74be 10f5 137b 5fb1 c730 63fd 0203 0100  t....{_..0c.....
        0x02a0:  01a3 8201 2030 8201 1c30 0906 0355 1d13  .....0...0...U..
        0x02b0:  0402 3000 302c 0609 6086 4801 86f8 4201  ..0.0,..`.H...B.
        0x02c0:  0d04 1f16 1d4f 7065 6e53 534c 2047 656e  .....OpenSSL.Gen
        0x02d0:  6572 6174 6564 2043 6572 7469 6669 6361  erated.Certifica
        0x02e0:  7465 301d 0603 551d 0e04 1604 14d0 65e7  te0...U.......e.
        0x02f0:  cd88 4dba 5fc9 4af6 e560 7a52 b868 2446  ..M._.J..`zR.h$F
        0x0300:  9830 81c1 0603 551d 2304 81b9 3081 b680  .0....U.#...0...
        0x0310:  145c a525 8760 9b91 174e 699d efc8 eed1  .\.%.`...Ni.....
        0x0320:  423e 9c0f d7a1 8192 a481 8f30 818c 310b  B>.........0..1.
        0x0330:  3009 0603 5504 0613 0247 4231 0f30 0d06  0...U....GB1.0..
        0x0340:  0355 0408 1306 4c6f 6e64 6f6e 310f 300d  .U....London1.0.
        0x0350:  0603 5504 0713 064c 6f6e 646f 6e31 1530  ..U....London1.0
        0x0360:  1306 0355 040a 130c 414d 5320 3137 3639  ...U....AMS.1769
        0x0370:  204c 7464 310b 3009 0603 5504 0b13 0243  .Ltd1.0...U....C
        0x0380:  4131 1330 1106 0355 0403 130a 6c69 6e6e  A1.0...U....linn
        0x0390:  6574 2e6f 7267 3122 3020 0609 2a86 4886  et.org1"0...*.H.
        0x03a0:  f70d 0109 0116 1362 2e63 616e 646c 6572  .......b.candler
        0x03b0:  4070 6f62 6f78 2e63 6f6d 8209 0086 89b2  @pobox.com......
        0x03c0:  5d4d 8c9c 0530 0d06 092a 8648 86f7 0d01  ]M...0...*.H....
        0x03d0:  0104 0500 0381 8100 9ba3 0eb5 082c df11  .............,..
        0x03e0:  ea34 5ede 33c8 b11e 26b1 2045 6f69 5805  .4^.3...&..EoiX.
        0x03f0:  ca81 0687 1ebe 20c0 4a28 2f38 a9da cd80  ........J(/8....
        0x0400:  0da1 c3e7 b4df f678 e827 dcaf ae05 f885  .......x.'......
        0x0410:  ac4b 833f 881a 948a 8ae1 c5d1 e755 5bfe  .K.?.........U[.
        0x0420:  1118 54ba 2bd0 3023 00cd 75a4 f11f 3e80  ..T.+.0#..u...>.
        0x0430:  4953 318a cde6 b2b4 e4e8 80c3 8ebf eda1  IS1.............
        0x0440:  37c2 2b64 7129 c88e c629 a898 fde3 791c  7.+dq)...)....y.
        0x0450:  0960 2be6 0933 18c3 0003 9130 8203 8d30  .`+..3.....0...0
        0x0460:  8202 f6a0 0302 0102 0209 0086 89b2 5d4d  ..............]M
        0x0470:  8c9c 0530 0d06 092a 8648 86f7 0d01 0104  ...0...*.H......
        0x0480:  0500 3081 8c31 0b30 0906 0355 0406 1302  ..0..1.0...U....
        0x0490:  4742 310f 300d 0603 5504 0813 064c 6f6e  GB1.0...U....Lon
        0x04a0:  646f 6e31 0f30 0d06 0355 0407 1306 4c6f  don1.0...U....Lo
        0x04b0:  6e64 6f6e 3115 3013 0603 5504 0a13 0c41  ndon1.0...U....A
        0x04c0:  4d53 2031 3736 3920 4c74 6431 0b30 0906  MS.1769.Ltd1.0..
        0x04d0:  0355 040b 1302 4341 3113 3011 0603 5504  .U....CA1.0...U.
        0x04e0:  0313 0a6c 696e 6e65 742e 6f72 6731 2230  ...linnet.org1"0
        0x04f0:  2006 092a 8648 86f7 0d01 0901 1613 622e  ...*.H........b.
        0x0500:  6361 6e64 6c65 7240 706f 626f 782e 636f  candler@pobox.co
        0x0510:  6d30 1e17 0d30 3531 3031 3631 3135 3132  m0...05101611512
        0x0520:  395a 170d 3036 3130 3136 3131 3531 3239  9Z..061016115129
        0x0530:  5a30 818c 310b 3009 0603 5504 0613 0247  Z0..1.0...U....G
        0x0540:  4231 0f30 0d06 0355 0408 1306 4c6f 6e64  B1.0...U....Lond
        0x0550:  6f6e 310f 300d 0603 5504 0713 064c 6f6e  on1.0...U....Lon
        0x0560:  646f 6e31 1530 1306 0355 040a 130c 414d  don1.0...U....AM
        0x0570:  5320 3137 3639 204c 7464 310b 3009 0603  S.1769.Ltd1.0...
        0x0580:  5504 0b13 0243 4131 1330 1106 0355 0403  U....CA1.0...U..
        0x0590:  130a 6c69 6e6e 6574 2e6f 7267 3122 3020  ..linnet.org1"0.
        0x05a0:  0609 2a86 4886 f70d 0109 0116 1362 2e63  ..*.H........b.c
        0x05b0:  616e 646c 6572 4070 6f62 6f78 2e63 6f6d  andler@pobox.com
        0x05c0:  3081 9f30 0d06 092a 8648 86f7 0d01 0101  0..0...*.H......
        0x05d0:  0500 0381 8d00 3081                      ......0.
13:49:11.949282 IP 127.0.0.1.63399 > 127.0.0.1.636: P 143:341(198) ack 2388 win 35840 <nop,nop,timestamp 31985519 31985511>
        0x0000:  4500 00fa b445 4000 4006 87b6 7f00 0001  E....E@.@.......
        0x0010:  7f00 0001 f7a7 027c 827d f669 8ef4 7fd8  .......|.}.i....
        0x0020:  8018 8c00 35fc 0000 0101 080a 01e8 0f6f  ....5..........o
        0x0030:  01e8 0f67 1603 0100 8610 0000 8200 800a  ...g............
        0x0040:  ac68 eef6 44ea 3700 c79a 1c2c d240 15ee  .h..D.7....,.@..
        0x0050:  0c89 1937 3485 b304 d7de b1a4 a5c5 3049  ...74.........0I
        0x0060:  4449 d046 dd3a 3e8a db15 2c88 ae4f 54f8  DI.F.:>...,..OT.
        0x0070:  529e 66e3 3101 a6f3 aafc a68c 08b1 b1cd  R.f.1...........
        0x0080:  0232 369a 3765 1bb9 e532 4bd2 494d 4155  .26.7e...2K.IMAU
        0x0090:  603e 4f17 0982 5550 f67d 8395 256b 4c1d  `>O...UP.}..%kL.
        0x00a0:  94ed a24d 1500 abb3 7312 ac81 fbf7 aded  ...M....s.......
        0x00b0:  62e5 0c04 1cf1 5b1a e940 7f8d 8f11 5b14  b.....[..@....[.
        0x00c0:  0301 0001 0116 0301 0030 8073 aeb0 09dd  .........0.s....
        0x00d0:  a44d fcad 2117 07c0 94fe c5ea 0d3d 9dd9  .M..!........=..
        0x00e0:  342b 26e2 5159 f038 6ed5 3d8f 949b 41f7  4+&.QY.8n.=...A.
        0x00f0:  cf51 2d1f 73e4 0175 6b56                 .Q-.s..ukV
13:49:11.991994 IP 127.0.0.1.636 > 127.0.0.1.63399: P 2388:2447(59) ack 341 win 35840 <nop,nop,timestamp 31985523 31985519>
        0x0000:  4500 006f b446 4000 4006 8840 7f00 0001  E..o.F@.@..@....
        0x0010:  7f00 0001 027c f7a7 8ef4 7fd8 827d f72f  .....|.......}./
        0x0020:  8018 8c00 8df3 0000 0101 080a 01e8 0f73  ...............s
        0x0030:  01e8 0f6f 1403 0100 0101 1603 0100 3076  ...o..........0v
        0x0040:  9063 646d 4279 4e82 b902 e748 2140 0b77  .cdmByN....H!@.w
        0x0050:  1802 280d e85a 0e44 2a83 dbc9 0f53 8818  ..(..Z.D*....S..
        0x0060:  3aab 88ed c8f2 b3ce 74b8 6dc6 fca6 15    :.......t.m....
13:49:12.083643 IP 127.0.0.1.63399 > 127.0.0.1.636: . ack 2447 win 35840 <nop,nop,timestamp 31985533 31985523>
        0x0000:  4500 0034 b447 4000 4006 887a 7f00 0001  E..4.G@.@..z....
        0x0010:  7f00 0001 f7a7 027c 827d f72f 8ef4 8013  .......|.}./....
        0x0020:  8010 8c00 4721 0000 0101 080a 01e8 0f7d  ....G!.........}
        0x0030:  01e8 0f73                                ...s