Merge from stable branch. (e9d247d2) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Configure

+2 −0

Original line number	Diff line number	Diff line
		@@ -613,6 +613,8 @@ my $fips=0;

		my %disabled = ( # "what" => "comment"
		"camellia" => "default",
		"capieng" => "default",
		"cms" => "default",
		"gmp" => "default",
		"mdc2" => "default",
		"rc5" => "default",

Makefile.org

+1 −1

Original line number	Diff line number	Diff line
		@@ -142,7 +142,7 @@ SDIRS= \
		bn ec rsa dsa ecdsa dh ecdh dso engine \
		buffer bio stack lhash rand err \
		evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
		store pqueue
		store cms pqueue
		# keep in mind that the above list is adjusted by ./Configure
		# according to no-xxx arguments...

Netware/build.bat

+26 −7

Original line number	Diff line number	Diff line
		@@ -7,8 +7,9 @@ rem usage:
		rem build [target] [debug opts] [assembly opts] [configure opts]
		rem
		rem target - "netware-clib" - CLib NetWare build (WinSock Sockets)
		rem - "netware-libc" - LibC NKS NetWare build (WinSock Sockets)
		rem - "netware-libc-bsdsock" - LibC NKS NetWare build (BSD Sockets)
		rem - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
		rem - "netware-libc" - LibC NetWare build (WinSock Sockets)
		rem - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
		rem
		rem debug opts - "debug" - build debug
		rem
		@@ -75,6 +76,8 @@ if "%1" == "nw-mwasm" set NO_ASM=
		if "%1" == "nw-mwasm" set ARG_PROCESSED=YES
		if "%1" == "netware-clib" set BLD_TARGET=netware-clib
		if "%1" == "netware-clib" set ARG_PROCESSED=YES
		if "%1" == "netware-clib-bsdsock" set BLD_TARGET=netware-clib-bsdsock
		if "%1" == "netware-clib-bsdsock" set ARG_PROCESSED=YES
		if "%1" == "netware-libc" set BLD_TARGET=netware-libc
		if "%1" == "netware-libc" set ARG_PROCESSED=YES
		if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock
		@@ -94,6 +97,7 @@ if "%BLD_TARGET%" == "no_target" goto no_target
		rem build the nlm make file name which includes target and debug info
		set NLM_MAKE=
		if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
		if "%BLD_TARGET%" == "netware-clib-bsdsock" set NLM_MAKE=netware\nlm_clib_bsdsock
		if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
		if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock
		if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
		@@ -110,7 +114,14 @@ echo Generating x86 for %ASSEMBLER% assembler

		echo Bignum
		cd crypto\bn\asm
		perl x86.pl %ASM_MODE% > bn-nw.asm
		rem perl x86.pl %ASM_MODE% > bn-nw.asm
		perl bn-586.pl %ASM_MODE% > bn-nw.asm
		perl co-586.pl %ASM_MODE% > co-nw.asm
		cd ..\..\..

		echo AES
		cd crypto\aes\asm
		perl aes-586.pl %ASM_MODE% > a-nw.asm
		cd ..\..\..

		echo DES
		@@ -160,6 +171,11 @@ cd crypto\rc5\asm
		perl rc5-586.pl %ASM_MODE% > r5-nw.asm
		cd ..\..\..

		echo CPUID
		cd crypto
		perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm
		cd ..\

		rem ===============================================================
		rem
		:do_config
		@@ -176,8 +192,10 @@ echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET%
		echo .
		perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE%

		make -f %NLM_MAKE% vclean
		echo .
		echo The makefile "%NLM_MAKE%" has been created use your maketool to
		echo build (ex: gmake -f %NLM_MAKE%)
		echo build (ex: make -f %NLM_MAKE%)
		goto end

		rem ===============================================================
		@@ -189,8 +207,9 @@ echo .
		echo . usage: build [target] [debug opts] [assembly opts] [configure opts]
		echo .
		echo . target - "netware-clib" - CLib NetWare build (WinSock Sockets)
		echo . - "netware-libc" - LibC NKS NetWare build (WinSock Sockets)
		echo . - "netware-libc-bsdsock" - LibC NKS NetWare build (BSD Sockets)
		echo . - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
		echo . - "netware-libc" - LibC NetWare build (WinSock Sockets)
		echo . - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
		echo .
		echo . debug opts - "debug" - build debug
		echo .

Netware/cpy_tests.bat

+1 −0

Original line number	Diff line number	Diff line
		@@ -73,6 +73,7 @@ copy %loc%\test\testsid.pem %2\openssl\test\
		copy %loc%\test\testx509.pem %2\openssl\test\
		copy %loc%\test\v3-cert1.pem %2\openssl\test\
		copy %loc%\test\v3-cert2.pem %2\openssl\test\
		copy %loc%\crypto\evp\evptests.txt %2\openssl\test\

		rem copy the apps directory stuff
		copy %loc%\apps\client.pem %2\openssl\apps\

Netware/do_tests.pl

+101 −71

Original line number	Diff line number	Diff line
		@@ -37,9 +37,14 @@ sub main()
		# open the main log file
		open(OUT, ">$log_file") \|\| die "unable to open $log_file\n";

		print( OUT "========================================================\n");
		my $outFile = "$output_path\\version.out";
		system("openssl2 version (CLIB_OPT)/>$outFile");
		log_output("CHECKING FOR OPENSSL VERSION:", $outFile);

		algorithm_tests();
		encryption_tests();
		evp_tests();
		pem_tests();
		verify_tests();
		ca_tests();
		@@ -56,9 +61,10 @@ sub algorithm_tests
		{
		my $i;
		my $outFile;
		my @tests = ( rsa_test, destest, ideatest, bftest, shatest, sha1test,
		md5test, dsatest, md2test, mdc2test, rc2test, rc4test, randtest,
		dhtest, exptest );
		my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test,
		sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test,
		rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest,
		ecdsatest, ectest, exptest, casttest, hmactest );

		print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");

		@@ -70,7 +76,7 @@ sub algorithm_tests
		if (-e "$base_path\\$i.nlm")
		{
		$outFile = "$output_path\\$i.out";
		system("$i > $outFile");
		system("$i (CLIB_OPT)/>$outFile");
		log_desc("Test: $i\.nlm:");
		log_output("", $outFile );
		}
		@@ -109,24 +115,24 @@ sub encryption_tests

		# do encryption
		$outFile = "$output_path\\enc.out";
		system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher > $outFile" );
		system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" );
		log_output("Encrypting: $input --> $cipher", $outFile);

		# do decryption
		$outFile = "$output_path\\dec.out";
		system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
		system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
		log_output("Decrypting: $cipher --> $clear", $outFile);

		# compare files
		$x = compare_files( $input, $clear, 1);
		if ( $x == 0 )
		{
		print( "SUCCESS - files match: $input, $clear\n");
		print( "\rSUCCESS - files match: $input, $clear\n");
		print( OUT "SUCCESS - files match: $input, $clear\n");
		}
		else
		{
		print( "ERROR: files don't match\n");
		print( "\rERROR: files don't match\n");
		print( OUT "ERROR: files don't match\n");
		}

		@@ -136,24 +142,24 @@ sub encryption_tests

		# do encryption B64
		$outFile = "$output_path\\B64enc.out";
		system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher > $outFile");
		system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile");
		log_output("Encrypting(B64): $cipher --> $clear", $outFile);

		# do decryption B64
		$outFile = "$output_path\\B64dec.out";
		system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear > $outFile");
		system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
		log_output("Decrypting(B64): $cipher --> $clear", $outFile);

		# compare files
		$x = compare_files( $input, $clear, 1);
		if ( $x == 0 )
		{
		print( "SUCCESS - files match: $input, $clear\n");
		print( "\rSUCCESS - files match: $input, $clear\n");
		print( OUT "SUCCESS - files match: $input, $clear\n");
		}
		else
		{
		print( "ERROR: files don't match\n");
		print( "\rERROR: files don't match\n");
		print( OUT "ERROR: files don't match\n");
		}

		@@ -199,24 +205,24 @@ sub pem_tests

		if ($i ne "req" )
		{
		system("openssl2 $i -in $input -out $tmp_out > $outFile");
		system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile");
		log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
		}
		else
		{
		system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config > $outFile");
		system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile");
		log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
		}

		$x = compare_files( $input, $tmp_out);
		if ( $x == 0 )
		{
		print( "SUCCESS - files match: $input, $tmp_out\n");
		print( "\rSUCCESS - files match: $input, $tmp_out\n");
		print( OUT "SUCCESS - files match: $input, $tmp_out\n");
		}
		else
		{
		print( "ERROR: files don't match\n");
		print( "\rERROR: files don't match\n");
		print( OUT "ERROR: files don't match\n");
		}
		do_wait();
		@@ -231,7 +237,8 @@ sub verify_tests
		my $i;
		my $outFile = "$output_path\\verify.out";

		my @cert_files = <$cert_path\\*.pem>;
		$cert_path =~ s/\\/\//g;
		my @cert_files = <$cert_path/*.pem>;

		print( "\nRUNNING VERIFY TESTS:\n\n");

		@@ -242,7 +249,7 @@ sub verify_tests

		foreach $i (@cert_files)
		{
		system("openssl2 verify -CAfile $tmp_cert $i >$outFile");
		system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile");
		log_desc("Verifying cert: $i");
		log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
		}
		@@ -263,103 +270,103 @@ sub ssl_tests
		print( OUT "\n========================================================\n");
		print( OUT "SSL TESTS:\n\n");

		system("ssltest -ssl2 >$outFile");
		system("ssltest -ssl2 (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2:");
		log_output("ssltest -ssl2", $outFile);

		system("$ssltest -ssl2 -server_auth >$outFile");
		system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2 with server authentication:");
		log_output("$ssltest -ssl2 -server_auth", $outFile);

		system("$ssltest -ssl2 -client_auth >$outFile");
		system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2 with client authentication:");
		log_output("$ssltest -ssl2 -client_auth", $outFile);

		system("$ssltest -ssl2 -server_auth -client_auth >$outFile");
		system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2 with both client and server authentication:");
		log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile);

		system("ssltest -ssl3 >$outFile");
		system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv3:");
		log_output("ssltest -ssl3", $outFile);

		system("$ssltest -ssl3 -server_auth >$outFile");
		system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv3 with server authentication:");
		log_output("$ssltest -ssl3 -server_auth", $outFile);

		system("$ssltest -ssl3 -client_auth >$outFile");
		system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv3 with client authentication:");
		log_output("$ssltest -ssl3 -client_auth", $outFile);

		system("$ssltest -ssl3 -server_auth -client_auth >$outFile");
		system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv3 with both client and server authentication:");
		log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);

		system("ssltest >$outFile");
		system("ssltest (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2/sslv3:");
		log_output("ssltest", $outFile);

		system("$ssltest -server_auth >$outFile");
		system("$ssltest -server_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2/sslv3 with server authentication:");
		log_output("$ssltest -server_auth", $outFile);

		system("$ssltest -client_auth >$outFile");
		system("$ssltest -client_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2/sslv3 with client authentication:");
		log_output("$ssltest -client_auth ", $outFile);

		system("$ssltest -server_auth -client_auth >$outFile");
		system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2/sslv3 with both client and server authentication:");
		log_output("$ssltest -server_auth -client_auth", $outFile);

		system("ssltest -bio_pair -ssl2 >$outFile");
		system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2 via BIO pair:");
		log_output("ssltest -bio_pair -ssl2", $outFile);

		system("ssltest -bio_pair -dhe1024dsa -v >$outFile");
		system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
		log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);

		system("$ssltest -bio_pair -ssl2 -server_auth >$outFile");
		system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2 with server authentication via BIO pair:");
		log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile);

		system("$ssltest -bio_pair -ssl2 -client_auth >$outFile");
		system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2 with client authentication via BIO pair:");
		log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile);

		system("$ssltest -bio_pair -ssl2 -server_auth -client_auth >$outFile");
		system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
		log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile);

		system("ssltest -bio_pair -ssl3 >$outFile");
		system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv3 via BIO pair:");
		log_output("ssltest -bio_pair -ssl3", $outFile);

		system("$ssltest -bio_pair -ssl3 -server_auth >$outFile");
		system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv3 with server authentication via BIO pair:");
		log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);

		system("$ssltest -bio_pair -ssl3 -client_auth >$outFile");
		system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv3 with client authentication via BIO pair:");
		log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);

		system("$ssltest -bio_pair -ssl3 -server_auth -client_auth >$outFile");
		system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
		log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);

		system("ssltest -bio_pair >$outFile");
		system("ssltest -bio_pair (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2/sslv3 via BIO pair:");
		log_output("ssltest -bio_pair", $outFile);

		system("$ssltest -bio_pair -server_auth >$outFile");
		system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
		log_output("$ssltest -bio_pair -server_auth", $outFile);

		system("$ssltest -bio_pair -client_auth >$outFile");
		system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
		log_output("$ssltest -bio_pair -client_auth", $outFile);

		system("$ssltest -bio_pair -server_auth -client_auth >$outFile");
		system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile");
		log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
		log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
		}
		@@ -389,39 +396,39 @@ sub ca_tests
		print( OUT "\n========================================================\n");
		print( OUT "CA TESTS:\n");

		system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new >$outFile");
		system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile");
		log_desc("Make a certificate request using req:");
		log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);

		system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey >$outFile");
		system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile");
		log_desc("Convert the certificate request into a self signed certificate using x509:");
		log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);

		system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >$outFile");
		system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile");
		log_desc("Convert a certificate into a certificate request using 'x509':");
		log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);

		system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout >$outFile");
		system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile");
		log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);

		system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout >$outFile");
		system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile");
		log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);

		system("openssl2 verify -CAfile $CAcert $CAcert >$outFile");
		system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile");
		log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);

		system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new >$outFile");
		system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile");
		log_desc("Make another certificate request using req:");
		log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);

		system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial >$outFile");
		system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile");
		log_desc("Sign certificate request with the just created CA via x509:");
		log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);

		system("openssl2 verify -CAfile $CAcert $Ucert >$outFile");
		system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile");
		log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);

		system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert >$outFile");
		system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile");
		log_desc("Certificate details");
		log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);

		@@ -435,6 +442,29 @@ sub ca_tests
		print(OUT "--\n");
		}

		############################################################################
		sub evp_tests
		{
		my $i = 'evp_test';

		print( "\nRUNNING EVP TESTS:\n\n");

		print( OUT "\n========================================================\n");
		print( OUT "EVP TESTS:\n\n");

		if (-e "$base_path\\$i.nlm")
		{
		my $outFile = "$output_path\\$i.out";
		system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile");
		log_desc("Test: $i\.nlm:");
		log_output("", $outFile );
		}
		else
		{
		log_desc("Test: $i\.nlm: file not found");
		}
		}

		############################################################################
		sub log_output( $ $ )
		{
		@@ -445,7 +475,7 @@ sub log_output( $ $ )

		if ($desc)
		{
		print("$desc\n");
		print("\r$desc\n");
		print(OUT "$desc\n");
		}

		@@ -562,7 +592,7 @@ sub do_wait()
		############################################################################
		sub make_tmp_cert_file()
		{
		my @cert_files = <$cert_path\\*.pem>;
		my @cert_files = <$cert_path/*.pem>;

		# delete the file if it already exists
		unlink($tmp_cert);