perl-IO-Socket-SSL-2.023-1.fc23$>BprƲX?4=}>:?ٲd " C#2C Rh)D) ) ) )  5)  `))))l (89:3CGΤ)HH)I)X Y@ \h)] )^X bԯdգeըfիlխt)up)vw)x؄)y( ٨٬Cperl-IO-Socket-SSL2.0231.fc23Perl library for transparent SSLThis module is a true drop-in replacement for IO::Socket::INET that uses SSL to encrypt data before it is transferred to a remote server or client. IO::Socket::SSL supports all the extra features that one needs to write a full-featured SSL client or server application: multiple SSL contexts, cipher selection, certificate verification, and SSL version selection. As an extra bonus, it works perfectly with mod_perl.VCarm04-builder05.arm.fedoraproject.orgIFedora ProjectFedora ProjectGPL+ or ArtisticFedora ProjectDevelopment/Librarieshttp://search.cpan.org/dist/IO-Socket-SSL/linuxnoarch w[ awx~# Sn.C l.=)XNA큤A큤A큤A큤AAA큤VBVHVVHVFSFkSFkSFkSFkVHVHSFkVHSFkSFkI>oSFkVHVHSFkVFIxVFVHSFkVHVHVHVHVVVVVVVVVVvV_LVi#b63a083098f320f858d81d5a2578fd07f805c6865c65a189bcf31a28270ca1f62e007e9e374bc2fd183002a146c6bb923de89c3104e8081bb7e3f28213b4284b090aff5421fd55a9dceeaf6c612c36360402e8d29c1284aef88c87be565ce032b74ec5a3294a3de453853efa732cbde5ac190c9cb9d50bf511ca42315cf377d399b8710d0256dad30dfb8bec9f4380efdbbaea07a45a765e5831ad10a4fb2069cd9a8877a774d22b50929228e7b9d9a2077aa84d27a370ca8c125d6592683f45a033eaa3c73c6b8bd8641d2d9e845878e929d40384d9e049cbe2a24ffc7e943e142dc3929105980c00e1343160150defa12ec6194dd01c3318797b8faa4a3b86abba71ff26f5d673b096a65a14e323efec37cee6d5a47017baba0b61e591ff8f5b4304f8a13c1f7d45c2f90795ffdfc6804cf8bfaa0a0ef40d1e9d1cf896e6b0cd9e950e9b6d80499090d4e6b3470998e05df5e05d1f219235a85021ae8e05c4c81701c0f2a533c344560d173b001af997435d399011ab99d2d563e1d6df2392e0e8bd65f451cd11ad12d8d8475e1ed447fde4d4beb5217d19defb72e8358fa0efd5967a07dcbc66eb3b18e326dc10a3146a9bd486c755e2b6fb1ee14f3fad5add310461b7b716bd7f334e44f20a955dd2daf79fd338da21d28dfd794603fb75f5cf6d974ceb233a4a79bb2f6cd2225c1d57de0aa3dbf12e0e85a4adde9f730f55192328497dddd3bd1dd53f84aa4899c88ee3221b1dcfcba4e60d74f34cb382a033eaa3c73c6b8bd8641d2d9e845878e929d40384d9e049cbe2a24ffc7e943e1f5c61ed07dc78e7bf6ddae4f001cddf4e3e442f6afa17e89e897d70129da93216477edca75d91afa38bf789d27102138273d5575960f691c08ed0e0f8b8d549b492f39b252fb0092bd4a1d6f0ca8ac41df36bdc997a3ca2127435f97540c45ebf6fcca47a4b4245420813689304921ebd89e630a8b2a701e6c42f5e04a73e270a2532b9ba4ee48315c28045cb79ee8669de2abe4fc10ef40115ae1032c81b5db66e65faf04560d21648164507b93964301e0777b6e98b6cb08bf0e65f0d8d23a6308dadf33c4ccd1bbf7ca2d831538df28522620902ab1e971254f152f8eed463b00729745314b981e1902aadfc40e2016e372b623699069085ca4007684bf020b9ea3da787652ff6dbd5b920ecee80f990ad6279a9c6699004955829d01fcbc2220ca81b7e88041d9d3cd49f282a61524ce35bd7141023134521fd1dc5ac95824dbb8755ac724ae5c6bd1ca6d39f168df56b5d72bb5381eb8744ffae965b277e1c51b58f364d6ad230e56a4ec609e10f2af1f10845a3f8d1b9f3eb9863abce979e719d50f40a1dad5646afb3dbc586f98000809a0429621728d502d6fb1d327a704a35bbc59639ceb596c2cfc92a6df3df7903af9446e155e4628fc0ccb9e53aa3c237be00c338729ce13bf4dd96ba48d7647f6a0c4cd7b6b407ba5e053de117bca85dc402f86cf823df3d8a9ab89ca4d7a8ff910e1ab80efd38b949c7336brootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootperl-IO-Socket-SSL-2.023-1.fc23.src.rpmperl(IO::Socket::SSL)perl(IO::Socket::SSL::Intercept)perl(IO::Socket::SSL::OCSP_Cache)perl(IO::Socket::SSL::OCSP_Resolver)perl(IO::Socket::SSL::PublicSuffix)perl(IO::Socket::SSL::SSL_Context)perl(IO::Socket::SSL::SSL_HANDLE)perl(IO::Socket::SSL::Session_Cache)perl(IO::Socket::SSL::Utils)perl-IO-Socket-SSL @@@@ @@@@ @@@@    opensslperl(:MODULE_COMPAT_5.22.1)perl(Carp)perl(Errno)perl(Exporter)perl(HTTP::Tiny)perl(IO::Socket)perl(IO::Socket::IP)perl(IO::Socket::SSL::PublicSuffix)perl(IO::Socket::SSL::Utils)perl(Net::SSLeay)perl(Net::SSLeay)perl(Socket)perl(URI::_idna)perl(constant)perl(strict)perl(vars)perl(warnings)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)0.9.80.201.461.953.0.4-14.6.0-14.0-15.2-14.13.0-rc1VVii@V`.U@U@UAUUv@Ut2@UrUT@UHUCjTfT@TT@TTw@Tq@TG@TFJT?@T7@T @SSj@Sj@S@SSS@SSS~@S@SwO@St@SsZSnSf+SXSCSCSAAS>S;S;S2@S.S-{@S)S%@S!RR߲R@Rx@R&R0@R@RiR@RRW@R5@QQQQQ@Q@QQ?@Q?@QQ'@QU@Qw@QnQkQtQQQh@PPP@P@PnP H@OG@O@O@OO@O\@O O O O O,@Or@OqOhq@OX@OKp@ODOB5O yNNU@N@N@N^Nj@NN%qMߒ@Mz@M(MMoMQ0@M5M@ML@L@Ki@K@K@K@JSJ:JmJjJOD@JMIԨI2I{Ix_I"@H8@H׈H6@H}GPG@GMX@G!GEqjE@D@DB@D@D@D;@BۙBS@Ak@@@@?Paul Howarth - 2.023-1Paul Howarth - 2.022-1Paul Howarth - 2.021-1Paul Howarth - 2.020-1Paul Howarth - 2.019-1Paul Howarth - 2.018-1Fedora Release Engineering - 2.016-3Jitka Plesnikova - 2.016-2Paul Howarth - 2.016-1Jitka Plesnikova - 2.015-2Paul Howarth - 2.015-1Paul Howarth - 2.014-1Paul Howarth - 2.013-1Paul Howarth - 2.012-1Paul Howarth - 2.011-1Paul Howarth - 2.010-1Paul Howarth - 2.009-1Paul Howarth - 2.008-1Paul Howarth - 2.007-1Paul Howarth - 2.006-1Paul Howarth - 2.002-1Paul Howarth - 2.001-1Paul Howarth - 2.000-1Paul Howarth - 1.999-1Paul Howarth - 1.998-1Jitka Plesnikova - 1.997-4Paul Howarth - 1.997-3Paul Howarth - 1.997-2Paul Howarth - 1.997-1Paul Howarth - 1.994-1Paul Howarth - 1.993-1Paul Howarth - 1.992-1Fedora Release Engineering - 1.991-2Paul Howarth - 1.991-1Paul Howarth - 1.990-1Paul Howarth - 1.989-1Paul Howarth - 1.988-1Paul Howarth - 1.985-1Paul Howarth - 1.984-2Paul Howarth - 1.984-1Paul Howarth - 1.983-1Paul Howarth - 1.982-1Paul Howarth - 1.981-1Paul Howarth - 1.980-1Paul Howarth - 1.979-1Paul Howarth - 1.978-1Paul Howarth - 1.975-1Paul Howarth - 1.974-1Paul Howarth - 1.973-1Paul Howarth - 1.972-1Paul Howarth - 1.971-1Paul Howarth - 1.970-1Paul Howarth - 1.969-1Paul Howarth - 1.968-1Paul Howarth - 1.967-1Paul Howarth - 1.966-1Paul Howarth - 1.965-1Paul Howarth - 1.964-1Paul Howarth - 1.963-1Paul Howarth - 1.962-1Paul Howarth - 1.961-1Paul Howarth - 1.960-1Paul Howarth - 1.95.9-1Paul Howarth - 1.95.8-1Paul Howarth - 1.95.5-1Paul Howarth - 1.95.4-1Fedora Release Engineering - 1.95.3-3Petr Pisar - 1.95.3-2Paul Howarth - 1.95.3-1Paul Howarth - 1.95.2-1Paul Howarth - 1.95.1-1Paul Howarth - 1.94-1Paul Howarth - 1.93-1Paul Howarth - 1.92-1Paul Howarth - 1.91-1Paul Howarth - 1.90-1Paul Howarth - 1.89-1Paul Howarth - 1.88-1Paul Howarth - 1.87-1Paul Howarth - 1.86-1Paul Howarth - 1.85-1Paul Howarth - 1.84-1Paul Howarth - 1.83-2Paul Howarth - 1.83-1Paul Howarth - 1.82-1Paul Howarth - 1.81-1Paul Howarth - 1.80-1Paul Howarth - 1.79-1Petr Šabata - 1.77-2Paul Howarth - 1.77-1Fedora Release Engineering - 1.76-3Petr Pisar - 1.76-2Paul Howarth - 1.76-1Petr Pisar - 1.74-2Paul Howarth - 1.74-1Paul Howarth - 1.73-1Paul Howarth - 1.71-1Paul Howarth - 1.70-1Paul Howarth - 1.69-1Paul Howarth - 1.66-1Paul Howarth - 1.65-1Paul Howarth - 1.64-1Paul Howarth - 1.62-1Paul Howarth - 1.61-1Paul Howarth - 1.60-1Paul Howarth - 1.59-1Paul Howarth - 1.58-1Paul Howarth - 1.56-1Paul Howarth - 1.55-1Paul Howarth - 1.54-1Paul Howarth - 1.53-1Paul Howarth - 1.52-1Paul Howarth - 1.49-1Paul Howarth - 1.48-1Paul Howarth - 1.47-1Paul Howarth - 1.46-1Paul Howarth - 1.45-1Petr Sabata - 1.44-2Paul Howarth - 1.44-1Paul Howarth - 1.43-1Paul Howarth - 1.41-1Paul Howarth - 1.40-1Paul Howarth - 1.39-1Fedora Release Engineering - 1.38-2Paul Howarth - 1.38-1Paul Howarth - 1.37-1Paul Howarth - 1.36-1Paul Howarth - 1.35-1Paul Howarth - 1.34-1Marcela Maslanova - 1.33-2Paul Howarth - 1.33-1Paul Howarth - 1.32-1Stepan Kasal - 1.31-2Paul Howarth - 1.31-1Paul Howarth - 1.30-1Paul Howarth - 1.27-1Fedora Release Engineering - 1.26-2Paul Howarth - 1.26-1Paul Howarth - 1.25-1Paul Howarth - 1.24-1Paul Howarth - 1.23-1Paul Howarth - 1.22-1Paul Howarth - 1.20-1Paul Howarth - 1.18-1Paul Howarth - 1.17-1Paul Howarth - 1.16-1Paul Howarth - 1.15-1Paul Howarth - 1.14-1Tom "spot" Callaway - 1.12-4Tom "spot" Callaway - 1.12-3Paul Howarth - 1.12-2Robin Norwood - 1.12-1Tom "spot" Callaway - 1.02-1.1Robin Norwood - 1.02-1Warren Togami - 1.01-1Warren Togami - 0.998-1Warren Togami - 0.994-1Warren Togami - 0.991-1Warren Togami - 0.97-3Jose Pedro Oliveira - 0.97-2Ville Skyttä - 0.97-1Michael Schwendt - 0.96-4Ville Skyttä - 0:0.96-3Ville Skyttä - 0:0.96-0.fdr.2Ville Skyttä - 0:0.96-0.fdr.1Ville Skyttä - 0:0.95-0.fdr.1- Update to 2.023 - OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS connection was not fully established, which somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep trying) and hence an endless loop; it will now ignore this result in case the TLS connection was not yet established and consider the TLS connection closed instead - Update patches as needed- Update to 2.022 - Fix stringification of IPv6 inside subjectAltNames in Utils::CERT_asHash (CPAN RT#110253)- Update to 2.021 - Fixes for documentation and typos - Update PublicSuffix with latest version from publicsuffix.org - Update patches as needed- Update to 2.020 - Support multiple directories in SSL_ca_path (CPAN RT#106711); directories can be given as array or as string with a path separator - Typos fixed (https://github.com/noxxi/p5-io-socket-ssl/pull/34) - Update patches as needed- Update to 2.019 - Work around different behavior of getnameinfo from Socket and Socket6 by using a different wrapper depending on which module is used for IPv6 - Update patches as needed- Update to 2.018 - Checks for readability of files/dirs for certificates and CA no longer use -r because this is not safe when ACLs are used (CPAN RT#106295) - New method sock_certificate similar to peer_certificate (CPAN RT#105733) - get_fingerprint can now take optional certificate as argument and compute the fingerprint of it; useful in connection with sock_certificate - Check for both EWOULDBLOCK and EAGAIN since these codes are different on some platforms (CPAN RT#106573) - Enforce default verification scheme if nothing was specified, i.e. no longer just warn but accept; if really no verification is wanted, a scheme of 'none' must be explicitly specified - Support different cipher suites per SNI hosts - startssl.t failed on darwin with old openssl since server requested client certificate but offered also anon ciphers (CPAN RT#106687) - Update patches as needed- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Perl 5.22 rebuild- Update to 2.016 - Add flag X509_V_FLAG_TRUSTED_FIRST by default if available in OpenSSL (since 1.02) and available with Net::SSLeay (CPAN RT#104759) - Work around hanging prompt() with older perl in Makefile.PL (CPAN RT#104731) - Make t/memleak_bad_handshake.t work on cygwin and other systems having /proc/pid/statm (CPAN RT#104659) - Add better debugging- Perl 5.22 rebuild- Update to 2.015 - Work around problem with IO::Socket::INET6 on Windows, by explicitly using Domain AF_INET in the tests (CPAN RT#104226)- Update to 2.014 - Utils::CERT_create - work around problems with authorityInfoAccess, where OpenSSL i2v does not create the same string as v2i expects - Intercept - don't clone some specific extensions that only make sense with the original certificate- Update to 2.013 - Assign severities to internal error handling and make sure that follow-up errors like "configuration failed" or "certificate verify error" don't replace more specific "hostname verification failed" when reporting in sub errstr/$SSL_ERROR (CPAN RT#103423) - Enhanced documentation (https://github.com/noxxi/p5-io-socket-ssl/pull/26)- Update to 2.012 - Fix t/ocsp.t in case no HTTP::Tiny is installed- Update to 2.011 - Fix t/ocsp.t - don't count on revoked.grc.com using OCSP stapling (CPAN RT#101855) - Added option 'purpose' to Utils::CERT_create to get better control of the certificate's purpose; default is 'server,client' for non-CA (contrary to only 'server' before) - Removed RC4 from default cipher suites on the server side (https://github.com/noxxi/p5-io-socket-ssl/issues/22) - Refactoring of some tests using Test::More - Note that this package still uses system-default cipher and SSL versions, which may have RC4 enabled - Update patches as needed- Update to 2.010 - New options SSL_client_ca_file and SSL_client_ca to let the server send the list of acceptable CAs for the client certificate - t/protocol_version.t - fix in case SSLv3 is not supported in Net::SSLeay (CPAN RT#101485)- Update to 2.009 - Remove util/analyze.pl; this tool is now together with other SSL tools at https://github.com/noxxi/p5-ssl-tools - Added ALPN support (needs OpenSSL1.02, Net::SSLeay 1.56+) (CPAN RT#101452)- Update to 2.008 - Work around recent OCSP verification errors for revoked.grc.com (badly signed OCSP response, Firefox also complains about it) in test t/external/ocsp.t - util/analyze.pl - report more details about preferred cipher for specific TLS versions- Update to 2.007 - Make getline/readline fall back to super class if class is not sslified yet, i.e. behave the same as sysread, syswrite etc. (CPAN RT#100529)- Update to 2.006 - Make SSLv3 available even if the SSL library disables it by default in SSL_CTX_new (like done in LibreSSL); default will stay to disable SSLv3 so this will be only done when setting SSL_version explicitly - Fix possible segmentation fault when trying to use an invalid certificate - Use only the ICANN part of the default public suffix list and not the private domains; this makes existing exceptions for s3.amazonaws.com and googleapis.com obsolete - Fix t/protocol_version.t to deal with OpenSSL installations that are compiled without SSLv3 support - Make (hopefully) non-blocking work on windows by using EWOULDBLOCK instead of EAGAIN; while this is the same on UNIX it is different on Windows and socket operations return there (WSA)EWOULDBLOCK and not EAGAIN - Enable non-blocking tests on Windows too - Make PublicSuffix::_default_data thread safe - Update PublicSuffix with latest list from publicsuffix.org - Note that this package still uses system-default cipher and SSL versions, which may have SSL3.0 enabled - Classify buildreqs by usage- Update to 2.002 - Fix check for (invalid) IPv4 when validating hostname against certificate; do not use inet_aton any longer because it can cause DNS lookups for malformed IP (CPAN RT#99448) - Update PublicSuffix with latest version from publicsuffix.org - lots of new top level domains - Add exception to PublicSuffix for s3.amazonaws.com (CPAN RT#99702)- Update to 2.001 - Add SSL_OP_SINGLE_(DH|ECDH)_USE to default options to increase PFS security - Update external tests with currently expected fingerprints of hosts - Some fixes to make it still work on 5.8.1- Update to 2.000 - Consider SSL3.0 as broken because of POODLE and disable it by default - Skip live tests without asking if environment NO_NETWORK_TESTING is set - Skip tests that require fork on non-default windows setups without proper fork (https://github.com/noxxi/p5-io-socket-ssl/pull/18) - Note that this package still uses system-default cipher and SSL versions, which may have SSL3.0 enabled- Update to 1.999 - Make sure we don't use version 0.30 of IO::Socket::IP - Make sure that PeerHost is checked in all places where PeerAddr is checked, because these are synonyms and IO::Socket::IP prefers PeerHost while others prefer PeerAddr; also accept PeerService additionally to PeerPort (https://github.com/noxxi/p5-io-socket-ssl/issues/16) - Add ability to use client certificates and to overwrite hostname with util/analyze-ssl.pl- Update to 1.998 - Make client authentication work at the server side when SNI is in by use having CA path and other settings in all SSL contexts instead of only the main one (https://github.com/noxxi/p5-io-socket-ssl/pull/15)- Perl 5.20 rebuild- Use system-default SSL version too- Use system-wide default cipher list to support use of system-wide crypto policy (#1076390, #1127577, CPAN RT#97816) https://fedoraproject.org/wiki/Changes/CryptoPolicy- Update to 1.997 - Fix initialization and creation of OpenSSL-internals for perlcc compatibility (CPAN RT#95452) - Add refresh option for peer_certificate, so that it checks if the certificate changed in the mean time (on renegotiation) - Fix fingerprint checking - now applies only to top-most certificate - IO::Socket::SSL::Utils - accept extensions within CERT_create - Various documentation fixes- Update to 1.994 - IO::Socket::SSL can now be used as dual-use socket, e.g. start plain, upgrade to SSL and downgrade again all with the same object; see documentation of SSL_startHandshake and chapter Advanced Usage - Try to apply SSL_ca* even if verify_mode is 0, but don't complain if this fails; this is needed if one wants to explicitly verify OCSP lookups even if verification is otherwise off, because otherwise the signature check would fail (this is mostly useful for testing) - Reorder documentation of attributes for new, so that the more important ones are at the top- Update to 1.993 - Major rewrite of documentation, now in separate file - Rework error handling to distinguish between SSL errors and internal errors (like missing capabilities) - Fix handling of default_ca if given during the run of the program (Debian #750646) - util/analyze-ssl.pl - fix hostname check if SNI does not work- Update to 1.992 - Set $! to undef before doing IO (accept, read...); on Windows a connection reset could cause an SSL read error without setting $!, so make sure we don't keep the old value and maybe thus run into an endless loop- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- Update to 1.991 - New option SSL_OCSP_TRY_STAPLE to enforce staple request even if VERIFY_NONE - Work around for CPAN RT#96013 in peer_certificates- Update to 1.990 - Added option SSL_ocsp_staple_callback to get the stapled OCSP response and verify it somewhere else - Try to fix warnings on Windows again (CPAN RT#95967) - Work around temporary OCSP error in t/external/ocsp.t- Update to 1.989 - Fix warnings on Windows (CPAN RT#95881)- Update to 1.988 - Allow IPv4 in common name, because browsers allow this too; only for scheme www/http though, not for rfc2818 (because RC2818 does not allow this; in default scheme IPv6 and IPv4 are allowed in CN) - Fix handling of public suffix; add exemption for *.googleapis.com wildcard, which should not be allowed according to public suffix list but actually is used - Add hostname verification test based on older test of chromium, but change some of the test expectations because we don't want to support IP as SAN DNS and because we enforce a public suffix list (and thus *.co.uk should not be allowed) - Fix t/verify_hostname_standalone.t on systems without usable IDNA or IPv6 (CPAN RT#95719) - Enable IPv6 support only if we have a usable inet_pton - Remove stale entries from MANIFEST - Add transparent support for DER and PKCS#12 files to specify cert and key, e.g. it will autodetect the format - If SSL_cert_file is PEM and no SSL_key_file is given it will check if the key is in SSL_cert_file too- Update to 1.985 - Make OCSP callback return 1 even if it was called on the server side because of bad setup of the socket; otherwise we get an endless calling of the OCSP callback - Consider an OCSP response that is not yet or no longer valid a soft error instead of an hard error - Fix skip in t/external/ocsp.t in case fingerprint does not match - Call EVP_PKEY_free not EVP_KEY_free in IO::Socket::SSL::Utils::KEY_free (CPAN RT#95633) - util/analyze.pl - with --show-chain check if chain with SNI is different from chain w/o SNI - Drop ExtUtils::MakeMaker version requirement- Fix typo in Utils.pm (#1097640, CPAN RT#95633)- Update to 1.984 - Added OCSP support: - Needs Net::SSLeay ≥ 1.59 - For usage see documentation of IO::Socket::SSL (examples and anything with OCSP in the name) - New tool util/analyze-ssl.pl, which is intended to help in debugging of SSL problems and to get information about capabilities of server; it works also as an example of how to use various features (like OCSP, SNI...) - Fix peer_certificates (returns leaf certificate only once on client side) - Added timeout for stop_SSL (either with Timeout or with the default timeout for IO::Socket) - Fix IO::Socket::SSL::Utils mapping between ASN1_TIME and time_t when local time is not GMT; use Net::SSLeay::ASN1_TIME_timet if available - Fix t/external/usable_ca.t for system with junk in CA files- Update to 1.983 - Fix public suffix handling: ajax.googleapis.com should be ok even if googleapis.com is in public suffix list (e.g. check one level less) (CPAN RT#95317) - usable_ca.t - update fingerprints after heartbleed attack - usable_ca.t - make sure we have usable CA for tested hosts in CA store- Update to 1.982 - Fix for using subroutine as argument to set_args_filter_hack- Update to 1.981 - Fix ecdhe test for openssl 1.0.1d (CPAN RT#95432) - Fix detection of openssl 1.0.1d (detected 1.0.1e instead) - New function can_ecdh in IO::Socket::SSL- Update to 1.980 - Disable elliptic curve support for openssl 1.0.1d on 64-bit (http://rt.openssl.org/Ticket/Display.html?id=2975) - Fix certificate fingerprint calculation - Add patch to skip elliptic curve test for openssl 1.0.1d on 64-bit - Add patch to fix openssl version test- Update to 1.979 - Hostname checking: - Configuration of 'leftmost' is renamed to 'full_label', but the old version is kept for compatibility reasons - Documentation of predefined schemes fixed to match reality- Update to 1.978 - Added public prefix checking to verification of wildcard certificates, e.g. accept *.foo.com but not *.co.uk; see documentation of SSL_verifycn_publicsuffix and IO::Socket::SSL::PublicSuffix - Fix publicsuffix for IDNA, more tests with various IDNA libs (CPAN RT#94424) - Reuse result of IDN lib detection from PublicSuffix.pm in SSL.pm - Add more checks to external/usable_ca.t; now it is enough that at least one of the hosts verifies against the built-in CA store - Add openssl and Net::SSLeay version to diagnostics in load test - Switch preferred IDN back-end from Net::LibIDN to URI::_idna as per upstream, falling back to Net::IDN::Encode on older distributions - Add fix from upstream git to support building with Test::More < 0.88- Update to 1.975 - BEHAVIOR CHANGE: work around TEA misfeature on OS X built-in openssl, e.g. guarantee that only the explicitly-given CA or the openssl default CA will be used; this means that certificates inside the OS X keyring will no longer be used, because there is no way to control the use by openssl (e.g. certificate pinning etc.) - Make external tests run by default to make sure default CA works on all platforms; it skips automatically on network problems like timeouts or SSL interception, and can also use http(s)_proxy environment variables- Update to 1.974 - New function peer_certificates to get the whole certificate chain; needs Net::SSLeay ≥ 1.58 - Extended IO::Socket::Utils::CERT_asHash to provide way more information, like issuer information, cert and pubkey digests, all extensions, CRL distribution points and OCSP uri- Update to 1.973 - With SSL_ca, certificate handles can now be used in addition to SSL_ca_file and SSL_ca_path - No longer complain if SSL_ca_file and SSL_ca_path are both given; instead, add both as options to the CA store - Shortcut 'issuer' to give both issuer_cert and issuer_key in CERT_create- Update to 1.972 - Make sure t/external/usable_ca.t works also with older openssl without support for SNI (CPAN RT#94117)- Update to 1.971 - Try to use SSL_hostname for hostname verification if no SSL_verifycn_name is given; this way, hostname for SNI and verification can be specified in one step - New test program example/simulate_proxy.pl- Update to 1.970 - Make sure sub default_ca uses a local $_ and not a version of an outer scope that might be read-only (CPAN RT#93987)- Update to 1.969 - Fix set_defaults to match documentation regarding short names - New function set_args_filter_hack to make it possible to override bad SSL settings from other code at the last moment - Determine default_ca on module load (and not on first use in each thread) - Don't try default hostname verification if verify_mode 0 - Fix hostname verification when reusing context- Update to 1.968 - BEHAVIOR CHANGE: removed implicit defaults of certs/server-{cert,key}.pem for SSL_{cert,key}_file and ca/,certs/my-ca.pem for SSL_ca_file; these defaults were deprecated since 1.951 (July 2013) - Usable CA verification path on Windows etc.: - Do not use Net::SSLeay::CTX_set_default_verify_paths any longer to set system/build dependent default verification path, because there was no way to retrieve these default values and check if they contained usable CA - Instead, re-implement the same algorithm and export the results with public function default_ca() and make it possible to overwrite it - Also check for usable verification path during build; if no usable path is detected, require Mozilla::CA at build and try to use it at runtime- Update to 1.967 - Verify the hostname inside a certificate by default with a superset of common verification schemes instead of not verifying identity at all; for now it will only complain if name verification failed but in the future it will fail certificate verification, forcing you to set the expected SSL_verifycn_name if you want to accept the certificate - New option SSL_fingerprint and new methods get_fingerprint and get_fingerprint_bin; together they can be used to selectively accept specific certificates that would otherwise fail verification, like self-signed, outdated or from unknown CAs - Utils: - Default RSA key length 2048 - Digest algorithm to sign certificate in CERT_create can be given; defaults to SHA-256 - CERT_create can now issue non-CA self-signed certificate - CERT_create add some more useful constraints to certificate - Spelling fixes- Update to 1.966 - Fixed bug introduced in 1.964 - disabling TLSv1_2 no longer worked by specifying !TLSv12; only !TLSv1_2 worked - Fixed leak of session objects in SessionCache, if another session replaced an existing session (introduced in 1.965)- Update to 1.965 - New key SSL_session_key to influence how sessions are inserted and looked up in the client's session cache, which makes it possible to share sessions over different ip:host (as is required with some FTPS servers) - t/core.t - handle case where default loopback source is not 127.0.0.1, like in FreeBSD jails- Update to 1.964 - Disabling TLSv1_1 did not work, because the constant was wrong; now it gets the constants from calling Net::SSLeay::SSL_OP_NO_TLSv1_1 etc. - The new syntax for the protocols is TLSv1_1 instead of TLSv11, which matches the syntax from OpenSSL (the old syntax continues to work in SSL_version) - New functions get_sslversion and get_sslversion_int, which get the SSL version of the established session as string or int - Disable t/io-socket-inet6.t if Acme::Override::INET is installed- Update to 1.963 - Fix behavior of stop_SSL: for blocking sockets it now enough to call it once, for non-blocking it should be called again as long as EAGAIN and SSL_ERROR is set to SSL_WANT_(READ|WRITE) - Don't call blocking if start_SSL failed and downgraded socket has no blocking method - Documentation enhancements: - Special section for differences to IO::Socket - Describe problem with blocking accept on non-blocking socket - Describe arguments to new_from_fd and make clear that for upgrading an existing IO::Socket, start_SSL should be used directly- Update to 1.962 - Work around problems with older F5 BIG-IP by offering fewer ciphers on the client side by default, so that the client hello stays below 255 bytes- Update to 1.961 - IO::Socket::SSL::Utils::CERT_create can now create CA-certificates that are not self-signed (by giving issuer_*)- Update to 1.960 - Only documentation enhancements: - Clarify with text and example code, that within event loops not only select/poll should be used, but also pending has to be called - Better introduction into SSL; at least mention anonymous authentication as something you don't want and should take care with the right cipher - Make it more clear that it's better not to change the cipher list unless you really know what you're doing - Adopt upstream's versioning scheme- Update to 1.959 - Fix test t/core.t for Windows- Update to 1.958 Lots of behavior changes for more secure defaults: - BEHAVIOR CHANGE: make default cipher list more secure, especially: - No longer support MD5 by default (broken) - No longer support anonymous authentication by default (vulnerable to man in the middle attacks) - Prefer ECDHE/DHE ciphers and add necessary ECDH curve and DH keys, so that it uses by default forward secrecy, if underlying Net::SSLeay/openssl supports it - Move RC4 to the end, i.e. 3DES is preferred (BEAST attack should hopefully have been fixed and now RC4 is considered less safe than 3DES) - Default SSL_honor_cipher_order to 1, e.g. when used as server it tries to get the best cipher even if the client prefers other ciphers; PLEASE NOTE that this might break connections with older, less secure implementations, in which case revert to 'ALL:!LOW:!EXP:!aNULL' or so - BEHAVIOR CHANGE: SSL_cipher_list now gets set on context, not SSL object, and thus gets reused if context gets reused; PLEASE NOTE that using SSL_cipher_list together with SSL_reuse_ctx no longer has any effect on the ciphers of the context - Rework hostname verification schemes: - Add RFC names as scheme (e.g. 'rfc2818', ...) - Add SIP, SNMP, syslog, netconf, GIST - BEHAVIOR CHANGE: fix SMTP - now accept wildcards in CN and subjectAltName - BEHAVIOR CHANGE: fix IMAP, POP3, ACAP, NNTP - now accept wildcards in CN - BEHAVIOR CHANGE: anywhere wildcards like www* now match only 'www1', 'www2' etc. but not 'www' - Anywhere wildcards like x* are no longer applied to IDNA names (which start with 'xn--') - Fix crash of Utils::CERT_free - Support TLSv11, TLSv12 as handshake protocols - Fixed t/core.t: test used cipher_list of HIGH, which includes anonymous authorization; with the DH param given by default since 1.956, old versions of openssl (like 0.9.8k) used cipher ADH-AES256-SHA (e.g. anonymous authorization) instead of AES256-SHA and thus the check for the peer certificate failed (because ADH does not exchange certificates) - fixed by explicitly specifying HIGH:!aNULL as cipher (CPAN RT#90221) - Cleaned up tests: - Remove ssl_settings.req and 02settings.t, because all tests now create a simple socket at 127.0.0.1 and thus global settings are no longer needed - Some tests did not have use strict(!); fixed it - Removed special handling for older Net::SSLeay versions that are less than our minimum requirement - Some syntax enhancements: removed some SSL_version and SSL_cipher_list options where they were not really needed - Cleanup: remove workaround for old IO::Socket::INET6 but instead require at least version 2.55 which is now 5 years old - Fix t/session.t to work with older openssl versions (CPAN RT#90240)- Update to 1.955 - Support for perfect forward secrecy using ECDH, if the Net::SSLeay version supports it- Update to 1.954 - Accept older versions of ExtUtils::MakeMaker and add meta information like link to repository only for newer versions- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Perl 5.18 rebuild- Update to 1.953 - Precedence fixes for IO::Socket::SSL::Utils (CPAN RT#87052)- Update to 1.952 - Fix t/acceptSSL-timeout.t on Win32 (CPAN RT#86862)- Update to 1.951 (1.950) - MAJOR BEHAVIOR CHANGE: - ssl_verify_mode now defaults to verify_peer for client - Previously it used verify_none, but loudly complained since 1.79 about it - It will not complain any longer, but the connection will probably fail - Please don't simply disable ssl verification; instead, set SSL_ca_file etc. so that verification succeeds! - MAJOR BEHAVIOR CHANGE: - It will now complain if the built-in defaults of certs/my-ca.pem or ca/ for CA and certs/{server,client}-{key,cert}.pem for cert and key are used, i.e. no certificates are specified explicitly - In the future these insecure (relative path!) defaults will be removed and the CA replaced with the system defaults (1.951) - Use Net::SSLeay::SSL_CTX_set_default_verify_paths to use openssl's built-in defaults for CA unless CA path/file was given (or IO::Socket::SSL built-ins used)- Update to 1.94 - Makefile.PL reported wrong version of openssl if Net::SSLeay was not installed, instead of reporting a missing dependency of Net::SSLeay- Update to 1.93 - Need at least OpenSSL version 0.9.8 now, since last 0.9.7 was released 6 years ago; remove code to work around older releases - Changed AUTHOR in Makefile.PL from array back to string, because the array feature is not available in MakeMaker shipped with 5.8.9 (CPAN RT#85739) - Set openssl version requirement to 0.9.8 - Drop ExtUtils::MakeMaker version requirement back to 6.46- Update to 1.92 - Intercept: use sha1-fingerprint of original cert for id into cache unless otherwise given - Fix pod error in IO::Socket::SSL::Utils (CPAN RT#85733)- Update to 1.91 - Added IO::Socket::SSL::Utils for easier manipulation of certificates and keys - Moved SSL interception into IO::Socket::SSL::Intercept and simplified it using IO::Socket::SSL::Utils - Enhance meta information in Makefile.PL - Bump openssl version requirement to 0.9.8a - Need at least version 6.58 of ExtUtils::MakeMaker (CPAN RT#85739)- Update to 1.90 - Support more digests, especially SHA-2 (CPAN RT#85290) - Added support for easy SSL interception (man in the middle) based on ideas found in mojo-mitm proxy - Make 1.46 the minimal required version for Net::SSLeay, because it introduced lots of useful functions - BR:/R: openssl ≥ 0.9.7e for P_ASN1_TIME_(get,set)_isotime in Net::SSLeay- Update to 1.89 - If IO::Socket::IP is used it should be at least version 0.20; otherwise we get problems with HTTP::Daemon::SSL and maybe others (CPAN RT#81932) - Spelling corrections- Update to 1.88 - Consider a value of '' the same as undef for SSL_ca_(path|file), SSL_key* and SSL_cert* - some apps like Net::LDAP use it that way- Update to 1.87 - Complain if given SSL_(key|cert|ca)_(file|path) do not exist or if they are not readable (CPAN RT#84829) - Fix use of SSL_key|SSL_file objects instead of files, broken with 1.83- Update to 1.86 - Don't warn about SSL_verify_mode when re-using an existing SSL context (CPAN RT#84686)- Update to 1.85 - Probe for available modules with local __DIE__ and __WARN__handlers (CPAN RT#84574) - Fix warning, when IO::Socket::IP is installed and inet6 support gets explicitly requested (CPAN RT#84619)- Update to 1.84 - Disabled client side SNI for openssl version < 1.0.0 because of CPAN RT#83289 - Added functions can_client_sni, can_server_sni and can_npn to check availability of SNI and NPN features - Added more documentation for SNI and NPN- Update to 1.831 - Separated documentation of non-blocking I/O from error handling - Changed and documented behavior of readline to return the read data on EAGAIN/EWOULDBLOCK in case of non-blocking socket (see https://github.com/noxxi/p5-io-socket-ssl/issues/1) - Bumped release rather than version number to preserve likely upgrade path and avoid need for epoch or version number ugliness; may revisit this in light of upstream's future version numbering decisions- Update to 1.83 - Server Name Indication (SNI) support on the server side (CPAN RT#82761) - Reworked part of the documentation, like providing better examples- Update to 1.82 - sub error sets $SSL_ERROR etc. only if there really is an error; otherwise it will keep the latest error, which allows IO::Socket::SSL->new to report the correct problem, even if the problem is deeper in the code (like in connect) - Correct spelling (CPAN RT#82790)- Update to 1.81 - Deprecated set_ctx_defaults; new name is set_defaults (the old name is still available) - Changed handling of default path for SSL_(ca|cert|key)* keys: if one of these keys is user defined, don't add defaults for the others, i.e. don't mix user settings and defaults - Cleaner handling of module defaults vs. global settings vs. socket specific settings; global and socket specific settings are both provided by the user, while module defaults are not - Make IO::Socket::INET6 and IO::Socket::IP specific tests both run, even if both modules are installed, by faking a failed load of the other module - BR: perl(IO::Socket::INET6) and perl(Socket6) unconditionally- Update to 1.80 - Removed some warnings in test (missing SSL_verify_mode => 0), which caused tests to hang on Windows (CPAN RT#81493)- Update to 1.79 - Use getnameinfo instead of unpack_sockaddr_in6 to get PeerAddr and PeerPort from sockaddr in _update_peer, because this provides scope too - Work around systems that don't define AF_INET6 (CPAN RT#81216) - Prepare transition to a more secure default for SSL_verify_mode; the use of the current default SSL_VERIFY_NONE will cause a big warning for clients, unless SSL_verify_mode was explicitly set inside the application to this insecure value (in the near future the default will be SSL_VERIFY_PEER, and thus causing verification failures in unchanged applications)- Added some missing build dependencies- Update to 1.77 - support _update_peer for IPv6 too (CPAN RT#79916)- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- Perl 5.16 rebuild- Update to 1.76 - add support for IO::Socket::IP, which supports inet6 and inet4 (CPAN RT#75218) - fix documentation errors (CPAN RT#77690) - made it possible to explicitly disable TLSv11 and TLSv12 in SSL_version - use inet_pton from either Socket.pm 1.95 or Socket6.pm - Use IO::Socket::IP for IPv6 support where available, else IO::Socket::INET6 - Add runtime dependency for appropriate IPv6 support module so that we can ensure that we run at runtime what we tested with at build time- Perl 5.16 rebuild- Update to 1.74 - accept a version of SSLv2/3 as SSLv23, because older documentation could be interpreted like this- Update to 1.73 - set DEFAULT_CIPHER_LIST to ALL:!LOW instead of HIGH:!LOW - make test t/dhe.t hopefully work with more versions of openssl- Update to 1.71 - 1.70 done right: don't disable SSLv2 ciphers; SSLv2 support is better disabled by the default SSL_version of 'SSLv23:!SSLv2'- Update to 1.70 - make it possible to disable protocols using SSL_version, and make SSL_version default to 'SSLv23:!SSLv2'- Update to 1.69 (changes for CPAN RT#76929) - if no explicit cipher list is given, default to ALL:!LOW instead of the openssl default, which usually includes weak ciphers like DES - new config key SSL_honor_cipher_order and document how to use it to fight BEAST attack - fix behavior for empty cipher list (use default) - re-added workaround in t/dhe.t- Update to 1.66 - make it thread safer (CPAN RT#76538)- Update to 1.65 - added NPN (Next Protocol Negotiation) support (CPAN RT#76223)- Update to 1.64 - ignore die from within eval to make tests more stable on Win32 (CPAN RT#76147) - clarify some behavior regarding hostname verification - Drop patch for t/dhe.t, no longer needed- Update to 1.62 - small fix to last version- Update to 1.61 - call CTX_set_session_id_context so that server's session caching works with client certificates too (CPAN RT#76053)- Update to 1.60 - don't make blocking readline if socket was set nonblocking, but return as soon no more data are available (CPAN RT#75910) - fix BUG section about threading so that it shows package as thread safe as long as Net::SSLeay ≥ 1.43 is used (CPAN RT#75749) - BR: perl(constant), perl(Exporter) and perl(IO::Socket)- Update to 1.59 - if SSLv2 is not supported by Net::SSLeay set SSL_ERROR with useful message when attempting to use it - modify constant declarations so that 5.6.1 should work again - Drop %defattr, redundant since rpm 4.4- Update to 1.58 - fix t/dhe.t for openssl 1.0.1 beta by forcing TLSv1, so that it does not complain about the too small RSA key, which it should not use anyway; this workaround is not applied for older openssl versions, where it would cause failures (CPAN RT#75165) - Add patch to fiddle the openssl version number in the t/dhe.t workaround because the OPENSSL_VERSION_NUMBER cannot be trusted in Fedora - One buildreq per line for readability - Drop redundant buildreq perl(Test::Simple) - Always run full test suite- Update to 1.56 - add automatic or explicit (via SSL_hostname) SNI support, needed for multiple SSL hostnames with the same IP (currently only supported for the client) - Use DESTDIR rather than PERL_INSTALL_ROOT - No need to delete empty directories from buildroot- Update to 1.55 - work around IO::Socket's work around for systems returning EISCONN etc. on connect retry for non-blocking sockets by clearing $! if SUPER::connect returned true (CPAN RT#75101)- Update to 1.54 - return 0 instead of undef in SSL_verify_callback to fix uninitialized warnings (CPAN RT#73629)- Update to 1.53 - kill child in t/memleak_bad_handshake.t if test fails (CPAN RT#73146)- Update to 1.52 - fix for t/nonblock.t hangs on AIX (CPAN RT#72305) - disable t/memleak_bad_handshake.t on AIX, because it might hang (CPAN RT#72170) - fix syntax error in t/memleak_bad_handshake.t- Update to 1.49 - another regression for readline fix: this time it failed to return lines at EOF that don't end with newline - extended t/readline.t to catch this case and the fix for 1.48- Update to 1.48 - further fix for readline fix in 1.45: if the pending data were false (like '0'), it failed to read the rest of the line (CPAN RT#71953)- Update to 1.47 - fix for 1.46 - check for mswin32 needs to be /i- Update to 1.46 - skip signals test on Windows- Update to 1.45 - fix readline to continue when getting interrupt waiting for more data - BR: perl(Carp)- Perl mass rebuild- Update to 1.44 - fix invalid call to inet_pton in verify_hostname_of_cert when identity should be verified as ipv6 address because it contains a colon- Update to 1.43 - add SSL_create_ctx_callback to have a way to adjust context on creation (CPAN RT#67799) - describe problem of fake memory leak because of big session cache and how to fix it (CPAN RT#68073) - fix t/nonblock.t - stability improvements for t/inet6.t- Update to 1.41 - fix issue in stop_SSL where it did not issue a shutdown of the SSL connection if it first received the shutdown from the other side - try to make t/nonblock.t more reliable, at least report the real cause of SSL connection errors - No longer need to re-code docs to UTF-8- Update to 1.40 - fix in example/async_https_server - get IDN support from URI (CPAN RT#67676) - Nobody else likes macros for commands- Update to 1.39 - fixed documentation of http verification: wildcards in cn is allowed- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Update to 1.38 - fixed wildcards_in_cn setting for http, wrongly set in 1.34 to 1 instead of anywhere (CPAN RT#64864)- Update to 1.37 - don't complain about invalid certificate locations if user explicitly set SSL_ca_path and SSL_ca_file to undef: assume that user knows what they are doing and will work around the problems themselves (CPAN RT#63741)- Update to 1.36 - update documentation for SSL_verify_callback based on CPAN RT#63743 and CPAN RT#63740- Update to 1.35 (addresses CVE-2010-4334) - if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be verified as valid, it will no longer fall back to VERIFY_NONE but throw an error (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058)- Update to 1.34 - schema http for certificate verification changed to wildcards_in_cn=1 - if upgrading socket from inet to ssl fails due to handshake problems, the socket gets downgraded back again but is still open (CPAN RT#61466) - deprecate kill_socket: just use close()- Mass rebuild with perl-5.12.0- Update to 1.33 - attempt to make t/memleak_bad_handshake.t more stable - fix hostname checking: only check an IP against subjectAltName GEN_IPADD- Update to 1.32 (die in Makefile.PL if Scalar::Util has no dualvar support) - Use %{_fixperms} macro instead of our own %{__chmod} incantation- Rebuild against perl 5.10.1- Update to 1.31 (see Changes for details)- Update to 1.30 (fix memleak when SSL handshake failed) - Add buildreq procps needed for memleak test- Update to 1.27 - various regex fixes for i18n and service names - fix warnings from perl -w (CPAN RT#48131) - improve handling of errors from Net::ssl_write_all- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Update to 1.26 (verify_hostname_of_cert matched only the prefix for the hostname when no wildcard was given, e.g. www.example.org matched against a certificate with name www.exam in it [#509819])- Update to 1.25 (fix t/nonblock.t for OS X 10.5 - CPAN RT#47240)- Update to 1.24 (add verify hostname scheme ftp, same as http)- Update to 1.23 (complain when no certificates are provided)- Update to latest upstream version: 1.22- Update to latest upstream version: 1.20- Update to latest upstream version: 1.18 - BR: perl(IO::Socket::INET6) for extra test coverage- Update to latest upstream version: 1.17- Update to latest upstream version: 1.16- Update to latest upstream version: 1.15 - Add buildreq and req for perl(Net::LibIDN) to avoid croaking when trying to verify an international name against a certificate- Update to latest upstream version: 1.14 - BuildRequire perl(Net::SSLeay) >= 1.21- Rebuild for perl 5.10 (again)- Rebuild for new perl- Cosmetic spec changes suiting new maintainer's preferences- Update to latest upstream version: 1.12 - Fix license tag - Add BuildRequires for ExtUtils::MakeMaker and Test::Simple - Fix package review issues: - Source URL - Resolves: bz#226264- Correct license tag - Add BR: perl(ExtUtils::MakeMaker)- Upgrade to latest CPAN version: 1.02- 1.01 bug fixes (#206782)- 0.998 with more important fixes- 0.994 important bugfixes (#200860)- 0.991- Import into FC6- Rebuild for FC5 (perl 5.8.8). - Rebuild switch: "--with sessiontests".- 0.97. - Convert docs to UTF-8, drop some unuseful ones.- Rebuilt- Disable session test suite even if Net::SSLeay >= 1.26 is available.- Bring up to date with current fedora.us Perl spec template. - Include examples in docs.- Update to 0.96. - Reduce directory ownership bloat. - Require perl(:MODULE_COMPAT_*).- First build.  !"#$%&'()2.0232.0142.0142.023-1.fc23 perl-IO-Socket-SSLBUGSChangesREADMEcertsclient-cert.pemclient-key.encclient-key.pemmy-ca.pemproxyca.pemserver-cert.derserver-cert.pemserver-key.derserver-key.encserver-key.pemserver-rsa384-dh.pemserver-wildcard.pemserver.p12server_enc.p12test-ca.pemdocsdebugging.txtexampleasync_https_server.pllwp-with-verifycn.plsimulate_proxy.plssl_client.plssl_mitm.plssl_server.plIO::Socket::SSL.3pm.gzIO::Socket::SSL::Intercept.3pm.gzIO::Socket::SSL::PublicSuffix.3pm.gzIO::Socket::SSL::Utils.3pm.gzIOSocketSSLSSL.pmSSL.podIntercept.pmPublicSuffix.pmUtils.pm/usr/share/doc//usr/share/doc/perl-IO-Socket-SSL//usr/share/doc/perl-IO-Socket-SSL/certs//usr/share/doc/perl-IO-Socket-SSL/docs//usr/share/doc/perl-IO-Socket-SSL/example//usr/share/man/man3//usr/share/perl5/vendor_perl//usr/share/perl5/vendor_perl/IO//usr/share/perl5/vendor_perl/IO/Socket//usr/share/perl5/vendor_perl/IO/Socket/SSL/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=neon -mfloat-abi=harddrpmxz2noarch-redhat-linux-gnueabidirectoryASCII textPerl script, ASCII text executabletroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)Perl5 module source textPerl POD document, ASCII textPPPPPPRRRRRR RRRPRR R RRPRRRRPRRR RRutf-8?`7zXZ !#,lx]"k%Ir_'P~3\I<ɄU{sjK@YOi{dy>y{Ojw_T03ojGH>af5]t K m-e#s!"͍"e OUl68?&ؖz;QkQ$3QBtuҗR 5ݑq%H@WNY ;VPSn)=LsRJ]# Vo ?DP]rF&Z&ü끅Dw]nȏ+Y./(+r#B3 \s}[ Q` _mG ]A.#MlR|JJ͚2=zk9JUYHnN PDY{R(ٝd|fxCD na`A.!YvH_6S #6! -2@xe;;Rsdhb/]2#!jω+P\*}gAɪu)EdyL<u&YG.9!x,bu`zfB,gK^eyԹަm'M-QOfR iBC;ZOk+S w }&7)/"j]nj,ӛQC^ F} Q~ҥ\|yvx#9jy#pwHpگ -/V'+nZbznV5:z!sw 7DsrUx7H"]EqNM^*{V) bUfM=W3j}˙.w _2$f^8slrS1Nl<9. }}wM0hR&;O'S.] &I~DUb2tOvyL/j!]KRQܖrU@)ҁݔ4 v+?֩|BIӘ's#Kō / pXzh?MN~9^ HX AiN'N|FeIDn؃Ee]U:3kk#y_g2RMIiof,@ja7K_8>~PS6<>r=bu_K>C~4ԽNbqR26.NVD@@rFL7ۿ&YE 44$}ij8kdoS-VDy94(pL[9b$#H.]ؐ5vF!Y-UiUbCIgi1µ( zdj:sA@AW6S*MP dEYCd ^;E(6z [akM[58l!VgA6(gV]8ְFI۝&Lsvcm$PeG̹̺^{fc~qt S`I{Q5vbl7O!pL_ȓk\Hw*\%FIIa XjP像OLA6zB 848 45+Yy;ل s#:Ji ;j|qzКYO+.9Lb&Ed[z(g΋1ǠNCo١_ ZlVa^3Y+-VfZÏ * a+naiKَi?=zyNTʓVcek[xM\qP@1DfCBޜ)I\a GHPD͇7-jš>RA:#^MrbY? z6v㔈oU991@С ?+{eH' /ud^,wTRDҎ9& XFT"Dģ>D\OidhYOENASȯQ)FjmDGٷ*2"z|ugݸ՗U :v<]Ntnz«ܵ&\1W;0*V]U]3YVƫ:mPqq!6y-ܻ'⑥tc R?{ }r> 'Ue|({L-)&.;wx5i9RZEh̼P (.%nwSr8_Ƨ-Lyu C^݋bVCIc@ˋT@P{t>c_VR `29ISJ ?yQ9+zGN "e " q"+;x.{G#>nƣۙz,h"` ~t]_s9IGU^Gu^ m@+IlJz7?v'PZuwOXo&&O- Z<$9>k#U*PE7邖P'>ȦH%6>+g:q?s4>p7ޕU>r\uu7wxlWZ>uY.n=g5S-2,e,34O![1AjηsإAƯfVviAο:Rz]&$#FuF1ӌFTI궭qBmc5f<\ >^ r=ɢoaBȑ@mYwB* 4j Tb`}}:h#taS#x>8T7?XW.Dݞ˕iFIn\"?>ye94I*^mvyPe˼F{Q/O#8f2nsJW,w>٩7ӣ҅%Js[_P*`s\M&+ٍ ,7D ?H^V~-MWhzMN]qԟ 8ϧ^!Qq$Ƨ/!iђ[ c9;5k`Kz+8טI.ᛪҔ`BOⴱĆ]{;I -@+^q€֬A(H-)%%x[l-L:T(yfoNjD"4M[Jh-Ј ./pЅ՗z䌯E@pCB*Rߺu @жW~M`E+[r`,S-(:-ݛK~>dd/? |Ow[R\x~'{dEz3|lIg~s;eq\H8BIY]dGf(hoF(rZd#2r$1^W5qJPB;Xtnv!Dk`"9z(a=BU @Fcfa`=X<!p'?BSıY?h* +XSF\5V26( 2;m \G-DF$Sjh/0w Q!aAs1ݳQo$ܱ>Nwvu޼2F>p*Yc}Oh;6^瑳ٳ(ߎe$9~ϻXV{Y cjp$[e;+w)?9A4;N]rfiʃdj=vݑd8* K.J8M7:>\peT{×{>ړb')p8\a,k<ֵNR?Iާ"U(n2y_*O3bqSFUÐ~W)={VњpOlt5A0_ vav;sП?cE0+mnx;X09HX jg޾'բу : DrFy۞P>WUC-;78^G \bqhӛNnPNߴX+@MP2C$f R7$FXv${I,WOOA7aX!,k4ž O~0:\/֑-_ ;|%2\ WcGٔ2 x|KUR.eBD2H~}Ib% hy*d6ǯ~u38r'Xg VwAnw{uZ_XΌ3sY%qW uFMdvb0ϚNWY7Wwr޺TYnx K0)u-&4TCG_TJi=ÿ*k\Qdڳ!Nd*H]K />[%Cƿat }f />hU 4z:vi4f2IEkj%`zL3k@JÐ(mcgka鱝pc 7cb/|PYJv0B/$׿f,$evOΙd!Ar gh.6r10b'qK`f8#̎SDcl~+1/4Aܔ\-~`z.>JT^%D?â fG(nJIFb%#XƜ@)f5&ess[? ҥ@hZCEd*u_*N2(Rg e(NmI\:Q'wAQ(SHyv^@(O0eQN/ktF)7v-4v,$q4+zE)fhxQ5 " Dpx_DE ^4$΍߀jQd{mkZrkė9jc:Z?k5YgLt1~/!BM\ M:k˫&](= }t1erFgܫ74~BE`P ^mF25l8䟳z5{ jĀV~?]O?C4C )q}PiJ% ɉ _`2J۩S?Vys*}|J.,V9 1y!'İZK,hMېYu\k[,;͆nvMNR `uHt欦Qkf\-d^OJ.ċ䲉钜0pX5cRO$! mOEcEq 5$ʾ~!.\`7IJا^- \Z'ZJvତm*(&Fb? z$\}Ceܳ:m`B5Eg}R'2IIiW: m"7XՅ&o^mF-4ZETs.X-4rNIK%ROC/mGFfj˭3;wEu*J}RoTQ/KsgJpPo gΞ}E x/0}yҦ9,'eRtDŽ~U]i!K[%pz>R1m?b \{5H=+ kU$^mh o rϑX/6Ly@k>:Yeְ*A꾰RhR;1$}j= ŝb727 p&z&r`=DxA{U[x²>Xqc5?J44%n},=S :Bw7V,L@ur[V[.F9HlcL0s@~.UaV) @rxfƬu#Wn@XDa@X15a[B!w֗P&ПWy?qjhQ0tX)`gGt^ PO/}lȓ4ٛضDzO& B8єx%`*,KphȾҋ^m;8y@qORoҀlܕ{z2 +ΠOqPWnzncv,}M|I+Yr^wQN+\~Б^ QŐKZ]oa%KiEN׹ً_1p &>=a^yܣQ};8A]<CCFo[@ ڨhd{VW޲R:/olՓPUJ̳,wC`QU5S6HK7 dtVFb)2=iW⃮0 ꗤhkS^ﺑՏq)( ,JفQ2Z׽(?a$Þ]l1KnvxI\'OH bOmL$ Uv3:5TYe ./VjT[Q]c0jYhƹ@ڀ +m؅Oux}m:KXb'*X!C0YYXXS.{<݆4aaUo:p^z( QQ1 dqfTm3\<7r b5>#2;s7_Zpe]t襴w@m•B7G/Fz>˔UsI|8 ˡ E<~i|WF‘zdaA}md&([q]P+;B<&xq( tp1YnN{hӦ6=,o-)>dPzxsaY"Vn&F3,(>>EWND/t:;p%K[9Y$ݶ*_}84 7gIP/[5/ pv[!3k< )-7 >wj?q?X eF\w R O+Xm?[|Y}dKiđ'&Lh NJ;1Qh}鎇eufM uf'Eœ.gZ-_,v܈R@ntJedn P` Vj-l$A'TB&_Ɠ%&N,_Y7ux8A3RT&]:طhlZSEaSwNoEtrgr^CL*u484}4yko5,1RiŠɗ[ gXc( 60:%1}B9rEB#d VFڼWHZL`CNHɵ*gfA?5TKw01E$=Kja.yD$NΫ.- >Yc꓉0JEF@FB=j2(q{ OH~0)nӋ 19Gkp<{v_x/煉TcꉸI^n,.¹l,Rޞ8#VJHUk;00o`%Cy Et2笣[K'u=[16=XϠ6z {'3@LrHX,؈DbyG'"Tl6tǜC$$]hu!mivAN$c|A/k8CO̻{]6O罝k>]0oq?NEeJoH%R 24}#R5F 8ʡM@g2:S[ҖѾ_`bϖse{M*mjh2+~:To)vz\SX9:KXzb_ ×B  CoXmzr❌٪&@ -3ХAtTLs!n^U 7&swNeA3I|FβF z1 "8P~TaE^ghi@W&Qob ~f:/(#YHX,2W@xʧ?? p C$64 l+M;XBl4M+G`ݏM}Gq$Z /$_"2eL$l#fxwX?S߯Ux]궎Dwh=zVe/L}8Æ)Ar<[ AWM2_oANjm/e"Q{2dDT~T'|)`PjĞ2?0<仇sᒇ!jS1kO΅q*WNO~L:e)U>Wؓ# k) 'A;NѼ]}! wS15l>h+iF~P߇u(DWͅ h p!eGM 1;lٌ~e;B8  .(xGsў88@;.<;_=Ng]C*Qε40KU1h(kTve^e]ys&Sn0O+{/ (R"bQi!y,5S-AѼ;ciH>TW|(n@ڴfb9+&eζY(-#&EM@1:y9)- !W~Ҝ|Sqx11ӖB2ޤKQŪ_)T_F-u\gl5 e׭A&-?w}#..6`#9Ҋ1*wS+x_Xp$yT&ôqkk\xp*CVQUSeA$gd9q& >Iw- FXdxSEϯmi7Kgc?g V`cVvXTb z@J%> ƺN9BsFҏip˔V觎M`4<13q$U9MtU[فeq]'pۓWQj=kߘ`>mW$[ D`GEf{Ҷ# RW6BhCSsӣf:sӦ߆fp` uq׊0 cPKWxQ'^j4 <(b#Ehy+1[rxj> {;^bk$R=G^Kd[)Ҡ9W.+wʎ;EA\V`V>R"ηd/x@RLEfE2vjuPh@O9`. TqjAW$ތGkq+Yl%Of Je{wsw;!2q_gQKp*p8 tt]X| ?{bq݆|H.=>k*!IZm&ʻaP&Gy4Z4"=k@QMvcћC/h93P+&vdC=ʼ.jN@߱nqǾC%"6d4 d2L]Ocj#pY)Sg=YAd&4$w#!R?錒b=_};Nj%(AʨbYn5Wi4AմR ,p /*Ax8`]`xUpwƽTa*6hӳ6ǵ6w G$GVf1͸IZl6G7Wg 7\dLARXcH5qPDȖ1qRRF/|ɕFlx9tA{] `GuiyeoIvL"z.W:0Ԋw*iЫGbCYo(o?e`?gsڭ=&Í*KkM2Z586[8ɛxuЩ b"(mM qjE;[:Z&US2s/sI1$zo"jjb+˜Bwo6obU rPPBecKnmf9"*ԤO"QNJ_P"Zv\Վࡰ H gb\YeZe ]agX5[|!_5\Z#ǭt:< <ҫ?+NCjs) 8~~F*#\#^Sz'K,h^~{7f[ץbз3B=GҌESTA.BȠ.k!4a9_..֞X.2wl*K<#^]f꺔" ?1$94k7Q8-@ ,N*gw PLY#x_)YygcUa}0-Feȟ7+h2*֦[:Ex-Ń7T}NLFmŝ'<Ō7[ofdOVD%H}5Yhl)QL3v{&g-9zoee|?P۪ I{"i*bAx!҈aQpUX`Mؠ)]Dad& f&@g'qÉtmD%(~#[q6w+"< 7%j&V=ɦ{6lϜ¦Wؐo3j8LEOna'UD9P(S\H؀{/ E)p(Nޛ }QBwb\2/%q$ @;ޱ3ְb)I+qʠy]'bq ^W}Y _~[M5 /D/3y2Xd҇K`? 4f[;5p=9$-WƫDZ9l6d< aϿ>Q҄բ7^ ]Qq$G)si}/#N3 +r,. &] hRSǐE&ǡRy^at?,IE}]\~fgQ6mm0o>ʓ ~Al 6g{L_ĕSɟgwyL*i< ={$/% ca<ؗjК3'( (?^@L6WFuV\Z)&L_-]a. S&%VMɆZag>Yb.,7ăeSM^ 2Q's=UFT5co\S &&\V|Zv!nLjsqeV>J<}]Nf}IFl$yEYֵ--:G V@&Fճb| ߧKSU, Oy\3 pYQE"m[dx#<*j!?0x|ih7>_rNRax=H0X Mb$Hf2B txbE%CnqIvJ_7A%Ɖ?h0ErAz*abcFugN2<*  ߥepq׿;CrAI hկ\_A:Y|[ߞW1LumaIв%(m7 L{@C"*s*HO>v'#si%J:IءTBI|b8WɏX\&QD-$CRךDSLMm1yCQEKT}}|H' 5* օug)}U SREo]K2x?0'a>Xm pywPX%NP>rJtE,bھS@5?&e~Ve*ZzkW{拴ˎ!(C"Õ`6iv;CDc*'ӯ鶧3Vd4E^p2ft;hp2iEZ>TX%OԔ b*HbUVrRKև"6Be doFpőQ2'wKZ$wqh$h 3ch@Ў΍0vxȅhT@TsYZC_C82 8I.6cW蝨1 o -b1'&x5"ھ09ADɘ(͙zBx3,"{`v>*k< c6f U^]!(J:[Kݭqlv|WT&ȁk€>>F뮘7%S IO$4 ,1N?)nOt r=L]E8PnV;j\pnWF&zO .ȂIMF$$uXz7d%_xEѿ${h t6Vmv=/Vgd78ɬ)i{2GJ}Rת{~٥9%>\ ' i+YJ&QVަw. APzk(|vgd#*Qjee$\.m(ZhӔ) ҕ4(%=:m ZeO.7˅_r"((HPh(Nh#̼\Wf\e!4҄nh1>2ؼI8kTk";w/UBvWz"#7~k#ftwɼұ_ks>r+PQs$4:yۣ|&$ ik޹%+G.ޯMlVTf/t2f,[$|_E꥜#Gf^7 {ɶź9W/H:lA U24Y%9;7zbԀl&7ږ#X /׸iokOǁ0[ЋX"_0i6h8 T;xxdC8se4&9= !j3Pk*ߎg*#''yCLV YtoJ~ tn,u hZk,!;הEq> ƓL?x :'7:?#-ÁEec ų[\^RV0=&{9lۮ*TiC$H8KNZTS*nam(9l0 C@_?[F$`3V/i5ayu(³.9u5+sgZ1e>8^>2u C|H7D H"oygq'Eh d䍥o`-r}i1 |,^AMzb(7 qVEVÞ*3uEkߨm3y]:359fwL?-j-۲w&cvu.(W;1Va`}?(H1܄NQ}}yJ+}'WY\RzHQі \&1ڇQ-l.x&wf}+=0ov*A\H{'ȜK|(J&3ЃdzDrHA!ݩ͗Iy?O?ƥjXVR`wB^æJx.DH p.ٔ~}(ئ%+b8,6c;2ybE+L1w{I.rl1@qTzHLR@[Xl4pYG`L`[7bUM%et>"{8/9vKՅEWia @X_V"GsaPVUR!>dbNF{'MiH y6 Ue:JR0] 9"n(a {K^Wc+{`TO'ڣgof',lצdK{6~T*;$jnDHW~cj^x.C:̛o<]z]IU0hgioΑG!K]i]\Te*G: W.NY^XrE: "O5;!I5xR{|I{P]y5ɴJ^SXʒ &U"*臺,=esc0L6q uPuާ[? . Gm8gTEc-CPɎip҂>[J4"Yv- JJLϪr2dN't8tC?D0~##~07+6ˉc16ͥh"@NEl]. "A 8J@0LS|-j& az li֥Xp`kjDvْu2z7=_c|IМ>vK·UNBrӮ`$@ks cE[63INmKgG:`6Qa`f+g `9|AW\;tRn&ap #.a_0sgdXn:nĚ?͈k|a\L/z횭*Pi@Zwɠ@*iӍ^xuP,Je怏-A(|l`ށzxI22f;t 㢃lla3=,wӶ7gò("Z#>W@r346`d񸷎}} ӭ ݘ럐Hۣ!:3f ˩in~d7yR b.!+.ů-4XIOZ8_[L qFϻO7'dƕX)ǓT`x<6ωo5^?-LZ\QL*aG A߬yFeۊa2@S7Q4c$H `TB Z4~}\g@*{N.JњAQM ֜ uИ/Wc31u0RvGxaG3ǬGz:8otLKˉ3ל;k6x7=JxUmϒ2m̫}vsty8Týu2az`(-@>lgo^^z4R7$I*򿶑}5 io4ptE[̰(FB}#.qt>MmKCΙ#zmd4;l\N$E\ӖJ=kA f?rs`B2nl%8DL|5sLN!'x>CQ71TKlѢƄ ȁ,ڹRj;-+.Mi.+7&T$C>F~lzk`Wu/p}v1E*^<B#^ >?%sțSi%pUcڿ:6}J”uyuf&Y j$O%"&e7W$MxNkШϣ3tU &bfǡ&yL*KAYX2DsP&%0kpF$ .) <}?J [fz4jk.8fbG.KUiY*4A]Xd!ϣU v/brmЙzpFVmhcpf"2+62f) njg׷+ о038)pigE;yd[gIKjnL@A8h iL<> QTT>@[ӰXP'Q9r>iZ(2ܡ'e07g<(šޙuhqg~c6>JHE'l8T+E!wbZBxJ. - !$4ǏAz%ӶKM NuCXV3fz7Kvlbʛt<[& ;fS]PuUbk,):cLJS29N6N˳Jn㙛#P!v#݋xHa{>A,|K -gj`y+d^@ܡGm6|8Nor' Ê}.<%pO=y8B>}1H[+ 7q:H f6Y>{ CK8Ǥ T> W ps; eZX73&%{[=O CO^CC+Jȷ|gfd|X:a|(@!o&jar md+dCh/r+޲BhDF]1omX2?r8/v ߂&[qU(3uHژ-3BR_Ri+Ϲ%+έbzHY%>oTʦQXJ$dq[]K_tP@K`.K{0XJ갑ĀCo+A;"Tgc^ 'ϼ^d Σoc|JV\gMwwφaK;sAB カnLtTplOk~UbU^aDw %=>~' Jy;]8pF][ |[n7P겵o +gzX΍&0w= tU›{0w?\#r7 tUכlrNβÞkM|O7 m۵cUzV؏oK0F$ >rI;"A@?O:YX{jܹcnuO+-c qY('/~%5RU]%r_͈Jكjfg< caWhWi64.xX|Μc+#5׬cr!&=/qUt`<\[Kx@th,N,QYD.ʒXZ'٦fZkZiBR2{{ B aHH>Զu#dufj享T⧸*muHߡc9;I+"e›x8o~ V<,\I,+AQNרOoB/"%E۞,Fuu[T[pE?F3]DٲL÷;Mx͚.Z]MPM.'[Aw.i 3kω"% }_oL12X=lI%tXXgkAnү?mhɄ]"9ѱ͘i߶$!*b8/%"vŇT/^'ju!$C|A vH:4Z}mnbO!|O5yN"VQV)TXx7DM9[\pwLB|[ Wy\IFrwNpǃ >I=j/|-ˀ.ǑE;Ωڂqn|}>rU" YwI3突Wk]?;Z ߙNάr8cGʈ_i s=e]΂fPn` NZwk,3jZ(86b^k7йHU ٤CS97_|D5 RVfkPw n%kh[s\0XavP 0DaQZO\ny)Ϗd&lQ8NlHiy,"k6 0L>26y)jeZ}U㋚/W29nq1>@yI2"ڼg%!RLJ5IHkȁyHe/_P#LcI:hHId{,Џ՘!I$c{p懟P\)I㳫M{هo|As hO c$C} ADf1^lnn;)V1~ e:,$Nhh<57#:J!X ~' Y%&A0m|}QJ=r-Z.IC63e(Z~R_"͜T Hg/Bm hN2jKk>Rߝ&/{ *g Ufhˬz8O6y8u1v(ȟ",V) ,EG\*78`1m؜yH!u#φ49(iQO4TE"؃D"b3I\ źOuih^b2Km>5a[C%C&z+`[k}̓# Nr/>Bw__yIG61\i}g} ]쿎.7pcH^v I[v @K8#%XhpeKuVH%n8(kZe_FGQ[.zA7sNN @STK<9}z;1vi7ֹ~MuuxcaC<c=.1_~ _RAoܙ(stS̭yɚ2b0D\{juF9G]uu 8M {pIzt'/BVBeepۇh0ޕ"ȬUhqk4r4֚>lY;r|;3Z}xEˬ]7Ȟ0>Kơ# /D%{3G:6D劑N>dm |00HVamYI"WKP9RY@0}vЄ*r3/ļ?LZhvxoL-ˉUU(?;@Gz8a><^9 S׫fNW)3x|@ ȹ$Fqk?߶n= 긊Usy|"";9*+#-۸绵<ؔ1z@fw;\FCcLG,DF׎Y*Ê&Ɠ&-"JyLWߔL_,:doJ$[a DmH2Ap_`ޒTzq e5ţa>v}-lhʪEi{(bA өxN,T_7 ǟ2(V(o\cYCb 50쵁2QAn]8iY n\INäLB%+,%qi y ο\~mV/Cfn@¹R%{rc(мp7cses(++[0$^&SjB愆g%+lzά`PʏAGt-_`O;it{iZ\l!mlwxQt|w%uFnjDLajn3%Ƒ? p~/\"YY{7\p$\Sr`tϩ{ql_NuPڅc.~UY)q]?l!M ͖ Lnl}7gf4 挺$ ̻!wycPPN ű|1M(m]ۘuZ|{rl R) ; _EDbN'N- |,]h:S0 wQ8% Z)Xaެ&?]qb0ٿ)l#Tx|D4\wڸK)C[xD#ўa,>WgǸfI`7-m<_⺿Џa-n!kؓ#q )9~;FHtaL~ ?$Xي܈[8-}Zf@^5ݘoy#bsi141t?3"x8/1Wz-+K]-HH>?q2sRJo !-G""H٦qHjvAXLpP 壩1w*ƾo#sKRˑ[D~᯵0ZiCM myf=~'~:YҔQVo]n fŧTU4w-hCƨxTxpM9 !gH#؋@j rBYE~Ϙ-54Axr\0(5&EeKt1IFܫ~eR^;'$"V||8a$4좊p@GJD<Í`qil]xC7LNx x2qS|Ee G冭6xϹi( XXh싕{҈# вY]ڻ}CeaeOz%Lp"$,egB ۥB2rO};${Uu] .t7|6a2RL6 M#9jYB fHN9,'9/VI;ϳn9%ș ?O _j˵Pj9!!{mWz6H:ѭ>1'}| [@iD Z)FK8%PEatK;:4FR<4>tN/;=d_c5 'CPZ-O+"kuY6(6QΒa8SE9D1+_*ClMa$±u\}|盹+_³qNG"|\۾Ƞ-xbFfvV=3Dy.ׅ}YPC\SfcBk*H+` Ta .mU-G2)vޣwj= eξW7eu DsZ E۪ae-}ET[rNE{乏g'&#X,$1.j"Y})I Fyq:okP!dxҬ7Áf\v$C*Ϧ$]Sbr(jɼqA]ublcy-47puOZN1ʜpf^hj_ 2>8CܳwK@d~ yTBJ73P~pڗo˰]<}=Mg{?wGre}gDb11eZl<&_&HV%לƺž$,ȲyX~y4!x븸NW;Q_@ {,ژn<P9I urNj\MW\9ю Kj+$%GYV.n5%j`,fA fKOUjH)2?\s?؋nָDT i@p"pC7P<0ӽ@DN#100ڎl~jx𩶤V<^K=,w4-c@_WTPȊ-4ۦg]{N#CcՆ=JĆA^D . [aCpS+}<->f żo5Ya#b >h\uR/&fQGkS% B@Qz+K+ *yh\~AK~tzUKEn'Wiv.[]OQmE[RVZAͣeZ!u5 QqJ$DoEᒃDU8^}Ťn4n o5⭞@:%^f%sQ*7?͸eÌUO4mp˾@`Ht67ki$|A`?]ڻTF~T9҄s+^l&eco'yδ+0-+5*փ[|k43]`__.tDŽj .Q(}ÎB౷ޫ`vi?{]S6`j8d)Y{"""9 4][r4ˌ-%9S!-?;4vgŮ7x:n]p\B7:m\E6xZ6B5w΅}C͚ t̘{-JQXVٟR=eyϣԐ|2V>"8[xC}+fs>!_(5e@RA[YIa:bcmFh6^``16I| N]8f^X ;Go'VYd@~ ɛQZ~_ W l`˷?8om9jBi9$/ OS۵(HʥBS`*ktWÊpb\xb$ZTdSbՒ%M҉Dy,w[1'"o(d)qI8?tb׋AV }zЉB3,iWS]Z5SC.z\'r.V+OZ;+L`]٘c%<9!̦ ؿYGz< tl  ?m\8<%Gx5{ncc<歔ّW@MI@o/':o 73Ro吒jG2b=]{e O}-OjZ~6;0~Dɾ\}\E+C\Z >Io@ [2&FM#`BbT#\n?GMT(jjs-@׳ꕰMQ{1e7)JXp8k x晨̢3.X|s0M|y0W :}kDo5&$ӆrW.χP=+ x ?c[V4W45e$*SD8>8 kלܥagWυ¡F.Fו>DɶhU7uDZF zUd`5$3"[<3q: a9+Z4'1Bx}QG9#uc紱$JJV?-'U%"%UU]NAZg+V[P h/wpe0YOG(~̝F֪37U)mNl ^ou0'ʼ\:i%i rF0>~h@x~ˉ\xp>?總k"БwP زE,TgP>{ 7qȵ=_rT6 KV:t>q>%ÒƓE }R{$`c$@$Mo>~S<(t&tWj ;c> aH 9/M9K~ߢ!3|wFnNanYD,7opQPGdL g7݈y!4T V鍀rNN`&Juq?妮c"pmPʻKC4 ھJKVR;)muŔ ^t5iRGЋ#;U=_ TI2Hʀ!? ]TQk-ӭ r [QOn~hcR9\B{1o?*"O*LG2\ChJA 'vǕQʼn1oĽ!"T2;ciuq^8(GNaP/PDS)ܠej(C={\Btl0Nj1RQ`ќ %B(Q>s_hX /@TO(:wc @QȃG Pt|@YVwՙ"vasEцzpK'xb{'sMLDV1$GwP e r\{E1i(o!ir8)~`fzqOk/r2nyΎmɝ%=N|77D[0Qfd @48CP^dթUmn0jH}7D<-ƶg@AxЌ|1(fl_zAs>i!tNdG4V@XV5$T CdlߧOo7[5[,I[/,6SPۦS5>+@in]Wﴯy7}V, O]x%qz=xGKq ](k2 hm% vd <5b{M<c 2HZBh@IZo^Z9fLpĎPƮY4R+%7gXI%11КxzWf2UЏL 7 ے_i8ӂjK`[ vYg TC_+_ЎÄȟhcLø+@Kxkx0ޣRN+IgQ\kN><-{^ _]WX%ñ:1fQG0I> w_Ϋv%a7{vᇩ"(jo1z l iL¾@ODՔ%VB+sH@$iv⮑p&3+\ fDfLohʗCہ[#! w{)z?dЇc*Z% ]g'XDۼP;IS *[Qq~M PC~8+zݽJNJV[p[1i\?P<0l7?~/a4/MLDpؔyE]N3JėM7@}j;AXjz"Q[miK&Uɵ[*|~8r-Z4^ڌ犪j+Z*`+kj/ޠM:Y󂮂鬥·-a S'KMئ/3?|!*ͳ]MV.$ unf#9$7T ^ Jzli7+oMCt;Ԧ yUqDĐ[ 'WLЋJAa;frEHe !u-Qh|AJ(3m0,dY[Raa1uuڗ*p3ԻJFɹ)ABp3Oy5$GE.*'}?"r{a|riir0z8˅j8T STA!h9P숡D6ΎTˈ34J$qwg0Ӵ* r%vb2>DPw"p@y`,-qlHVLԮ*6?-~@EPfp7w##BDީzѿ+AI*oiAt8~$P/!ԥ`Es9qsӐ_5-F6 h ;:M'nhTSC=`}7uˇ;J֟UY#cCI I C6AN^ԀOJfVqk,c$6Pwb%rgA7n`ՓvJ-eSO<_ޥ0QMknk+^ ]FeQ2{NkyӢmF+M>.x㌮Ù ,%@,4$5:|L*!͛N˓fq2e=kЭ!z rs=~c1ٺFaoro%B1طY"Y}TBTc)o<|t,)5f)|* Go8ˏr6k!D]"ily- xp#|H[ uhEj B=lI^P 6@a7+<8&ݩq 5r- CT6{)`p1gʄj:s 9rqc0@PG|7 bY5i&O>]Emh>  hĊup2ObbK Fj:uhvR] RV8y#k`u7!Hkb]`K퀨Δ;Phuj-C7~~QAƁ̴ Du4^;v-_ӊqhip*""WQA>ghK/aI3 JA4 )V#9fnbD} TZ֧~-D;K؟*NoċhtnAO8S,@Tȁ8ntS[hm1;%˵ŦGLLpUuUeYԦrߞ*$M?F C taU2¥gopq_27ӆ~Eb pqS )c(!|7_]ƱYV/pLa 6аED0ȦzxT>z^ftY1 B<;5o\YΖrmϚ |/V"U$=y=]⡁|뿗n19g϶` ፥Jɴu:)~׍)E\@\5{ I";-Pz†ik;bJ.!$N&`!Y&JMl2ŸT3Wo6Ud O!J?c ($ߨ[gj"F!4|6}tf|33Tҁ`h/ɸ8&^9^4Yf,8jž#tDcC)m& U! 3_ڳ3dG.4yWFt{?r"J]dvܩi%@(UXpm)< b]aMC'9hz׵:wd)PF)s p3+Vъh!hbۄ xሚT6ֺW1xzFjYm ].4NC%fco;!Ba=[XOZ??)w^Bb';?iX?4[F>Œ1 UY>AQ毞-X4{#]Pd`M^n+?+QƩHXսTnoȢ",aheN ^K~:٘oԕ>cF0h7]K[rxia߳ ^oQ{Ġ1pS;fCKIn# x%ׅ'[@,hzʄ6gxZ-6OXy-M[yv *4i!DLStO(,-WێD#pwїtk0jݳ}Y 7ml\/䩉yKD$s鯌{+}-gPx??$:Rͬ23x# |A{JSywИ2X],}0Aqg5c,V&fSUtA@gKvOOiǕwd-q <)ǨZjʦDp,l h'*=Ctu^? %=fqPvk)'Gp)Äx)}+i,h\jxr$S *5@±\XS Bԯ|PJHMGq$D'sH,EHD .y\v#8sBHs5di]l0'@Vβ^f= %7ӫ +e4TY/DQ6(-Y)\`a׊qJ? hJ"6T%)ۢ.XֶQan t!0}w g1`W![8SK|xVu.1υU0C=O" ~TQ~1+CCSYpxA<"}fSY<'}'RPA{1l٢R1rswJo@.sH9"!@"ˡՐ-.eߕ8 !)lo |C\J_~+V5<0f-̐˚ Jvx -S f jho^פ SvAׇnY ֱ.mHA{ÃPX Rh ` ?ҧut FmzNX;i$׈$( 7eF3G6G) > ` ȜiqF}7K\"^.Oϒk؋-IÁ b%I [[2N:|$Ӂp-ɶ\wlJ `#Cu_Ҽ3Qs܀\7~{wS"$DΦ$J9ŬPO@ϊ(jآ)dh׾UA %/x d7W4( 'ZXQpLe8)hW4uO} 1Sb)wk y{NBI}:Wc'tN2>!Uk+:MBI ~ #8O-d.wh籦|Z:VF{bK+qtN3 |+-ʳXes|,;@} +tf5!`\ıh(I؞5{/hX5U.j9ff}@;GM,:r )e2rXv KDBѾ=z?A[P>EWWU61>~Sr) i;eݞ'}9LY)-PlvD*?)B)w #mTÀꦆ?.~($aN]ݧ2QQ2Z'CO}ahk.VPۀeG]>b..p$G_crpfExiRN2sP(Qn-t+vut Nc5K$X_P\PSՁS 0`,R=fLb̮飆ˈ)g܌9j ˽λ4#Ť g0*ӯE58;%@5O; de] )pmEFfίV%xL"LoR]39^Alpx``8b"y\q >ɣ \}gTU.~[ۘp 5/o/ljh#qz[\KHF 0![g>FD0qm^2$9w_z~>GaoR /PSa)>%JmE6s%?<t^8ceȎ2SOC cYXğ^q'?[e*Lx.Nq>t׀RJ0_7-|% 9.bϠ.?!UO/7}N5+yHjf]x<{g{7dP<{ <ֆy %, ݃ϝZ ,d5˹0!p!yKEB7_R. mR7Z^}MҌJhibjgKѯk%N%U̔E^cYn4oNyMhBr@%Bs䎣ps{uV/}9^hK0b< Qc}p]J3:(ChYc =+WrO*!h~?ȴ2 ~tWqGU3If# 3*'qT]1끧U.I4%y}%z3|7سysowzWZu d102h94%|8mc6u | ߉RyYqw1^b|;p1} 3r(ab礧Y04R_Y4fW3zXz{UWm%e 'bBNgW#NnB0F %*m.[ 2w[1(b%yZMϋ^I=mLi!z7Ʒ+ЕbR0PqZ/-c/R1/ h΁,FqPsfDBL$?Tif+IUl YS*S`4tzQ=.K :o? 6>: 5b-Y-ΜU@1FLb@h8>a˻uXiz| RMT"Wu;ZAQJ XGٳXl9 UQn(IMn6\e#BVPSbgl]n} 8HYE9CsSjI;q6bJkBO}1`}3KR*@P5T- O#ؼw5 ΋=0~۴'['tXqkjE4`dȃے>9jXi`9J}=AATq||x}֍`(cqpUe'K!~$bZ.!ߺ!0WtҏYLPAYS"U%Axj[&p-*M"rוXr\? z^eW %lKTGef3Ͱa' j iYFEL_d*@͢C@iK?Q{Jg"v4p-e[Ƶt I*\F6R-~b[ZnvZ6p U:R% ~E&`,$ 7<%a::3`Q'6 -mei g]LU;V<3Ha'Ȩ 3nB Etir(^˛1?9[bG}1nߝ X~ W4۪\n}oVP@:D3 u־Ku⠑%g&sM::Ϊ?}Wxos͙l䌷?ȉ6p莴 D^}[ Bߴ/!cPB1^? Aؑ~*Va+S$SB!*m3N^^T3&tUXxn Gho*=" Ӡ!K,~JVLL  Fb#wKo?ID(nTzwE흞+i19ؽʏ:yH7'D\c#r){6+J5O5PC=Cb|&h{e&s[нd ̖o;<[$!vԨÑʟeRsg: 'LCy o_99ɢZ!qSg[' 9Ua.C1h˸N;9E4ǡG#5ؓ3wV&L݊hMX+@5Tj.d;iR4@mp;#7m@}11֚ qO1L /_ĥMg'̋$\fϽ@ω{tq͎4sXe(ˇ;ADj.}Wc` wKU>k5%}W辍5|m_ʆfsE5OxYlƇqez$Kb?tub,jؖ5;Ӳۼ ;a]4,ɶCqc# 9Ƈa/1 N1ե.4x= $.LۤL]\BcTxMjZ?kB'F?[%,aXTR61%`ߗ ~)?(Jܢ@Kx(E[`̀m1| vxݢ=nMrAտ;yMxjvPS˜&S+>N&bQ 2$C^ /p&,msGdf;KA;0[eLH3NRDK*y^r>#-KYOзUK5+C/[-z2˩6XќoX+zoيAj 7 vY7ɉ<DXةqJ,<'p!xZ9 t#xISu#Nyֳ(fhQE$jfj=;lpd ːM?*jr91x8,4ȳľi{v!u{S9ө/2s!Ֆ3@}u=.o`w=9 937NPaIz ɤ{~_rW hj>j{s[a8G kΥIy d09G_VQzLbҐƹ8Vpmpe(##~ h.f{E{| L$P?2Jo5yJ:Ђduj+XuMvMX3Ŷ,j-q&mfE!`$-Q}So 1[[q`n2vQzj$h0ղZ|,Ԡ‹}(H]A6 %mlCYnDuskV?ވ~AjwuIm9EAַ̽U{\qaqju":r-_q DOD 𭬼)/9C﹣ Yһ,qU;E{to *o\xB!BtE%|5:9SGkPgQO"4GKl=>~9Z7Kt4 z9;Y10he`[hЌh";Se)wck 2=@ )MT̽ͽ~¼ Jq] DiG81`w}xBunsj8@$ɜ9{/IrM g ߷>e,TQ )Sz"̙)&]M$&|B9KCv:DDh>PhOׂa^ Fl7fx#d:%b"D&-`in'vQ6Q"Qg/Y)Y&NkAU\s+Òl),b1CŇ DUTJ1_J&l( e/ʼnm|K%rJ*-&sD]>yGxz¯Lk)j?AW#HtLze;;W ĆYJ3U3=)z:Wj.N Pb }j[::8PYON*KF U65+ 呸hT.ZѥO&Dr[rBht#џ+W䧎"6GX o}ܥ9 >4tIT~E?Vf,A0p8^$6.i#opr+yu?()OKVb?!3-9y)wfύ|il?WYw}q^ #; P{0Б2W-A'Or~ I3uj[ޜ,bKGcUh ɃSwX6{k3S75IEuK;%_ "(h yޥzEB_K-Tp#A]o$ot}qz-`bvqhRr :;pL{LP /y(@" )a{>5eZJ_Cc^e i.XK[3xSDALx\ކBt8ua>AvF@4)KkJ/Q7*# CT)8dz*:b^ $DBuc2mboDhyyT JЂyRWFOc+|4p@k Z6-Qȷ!9Z''ڇȣ:Ω0N֍|$˼,77$R|HWq!9SbY XU6)AP=N^I{!M~W뤡&,xhKpLӌkOa%cL',C Den\sWLy,(ܞ"J(] )?4ӕzBOiӔLQ̄fGױؑr\*Vi_qht:-mG106`f"̜*AtnqOߣvzm9q!uݲ2rU[(6vHǒ k'J]%7bXOXA-Iuߐu=A Za[ur.M-<X2}IbcjG }՜`=v|8$O$U5Ȩ-ô WvP4ۦBmHYhs*Ր3F4ө5Y!yBkxǮu @cAڢEddK4<‡'3*ᐒ7%(RŖCw94vM ao^䚊BPYOi9P6 |A ٿ=͜@}0KI3Ƭ_K||h]qb(酋^v&CO r$ĊQ\#qrDҢ BL2$ &J[!ubP`u3@4&1W;5rj?k=>qd8>nykrEX ?J=#|,*їl(l>|ekl3BO~?Ԧ:a*ڝ>䙈m1TU|(}ݰX"ng"ԦV!r. t;j|XS]i|)Q\aBiR*iuPrp" 8}垭oVŏ R-  l){lR{aqb+[|M8F*]|Gl8ֹvB^Ƀo0]&|FVIGHk.rH$W@ؐO8yhacV7S)k&MHS}E vE}GbaWM5R+O˄r+U tҠl/4YKG(&kWq. |$>ϿDLepC%uI ޓr^Q4=7z29v(~9nr9BI!5,Kj}JןVO!1%9aаyJһ>+z$~%6€'U)?m8s$K]lsk%Th結?;$i0mZ "Znzq$3k,ԬX96XX<65@FIg @9W)/( ?oa:!=bR@ %9}'LhnNp4Kt/iP7HTہEcT}9f* =i!W|z ?:`F4G0#Usb$/jYWԧlA=\ԺA >Cd628rh P no Z(v`IëgQ/,"~ 7}V(]WC5ϰ.X0>4_Uxx@D=N]Q6?")mؿ44p'l:!T1^"b^7򶅐2x /",zgZp2S(0֙/&!hoo>p 7QT} x7R+J7`:yp|z. +giiw[SO.j}zL}:r&:q!Fܩ 4 \=OQ+Gf?{ls p$r ͥDuQUs'˿{nWE3ʃ UzGEX(-CS`"J@>H[Rț9w 9eS kkVƼ64gƖV?У4IDx"`ّZ.*%y< Adx{52ʳR;ڢ [|j\o3+S~^75I2Tx,)&j'sx؃><@{,m:qZ5?^'_?g4N;6P)/2v:}&??6sM]f(&5zȗՊ >]6 WwIE@T+G^G 2c\}Q0;s>Y'd𴓕@įt`0zA}jG0 ǍWw\IvPيmVv$K__ٳov~ ߻a~CԷ9IG(PaixX$(F]0Z dB(E&9c]?D?ຳsv3N+F;@WlANVtx&Ȕ^!oGDo=Q<`^(>,ԫ4{uI:B+jB/Y!֠)Cmt+Ru@_)^C."URy} #D4ڙ?iU1@!o8ٳ5&WS1j}a$ě)m*f 3sX~hxBF.6Q<^m xdք`[BBRUVI&xwl`b[syW f9]?QG5k?`)KNΜW\Zle)C{,E's6t{%p_I$a]z77cx꒬E U=xVizb|-}HRz6/3hT M4( wSp3y5G-Irɯ]u-С@ɕT($XQ{8҇zdT ֻAcx{XUBR?mpRgc&O|U!S&c^gU3hc˕}GVo/䅧2|@]DsISh,kS,^ {=ҁq%;; e~n3A4nl+>F J:Ks( ΤG~Y\5#tpzd.*et3,,nBu^ς>" WRzIpuL"VGZY^r)r-˃^Do$/eU˼:Mg+T\!.F6QMō+(QP$ t8>Z^FcAlmp Ф/ 4Mq.ȗ,2fC_?HP4.*WOT˵J2͕ >Dy"0|>2VVkA67x[;@$/M`Fq#T ڄw{bl6C5`=,K`l '`?6HЛ.oGuЗǏWPL%Qs$d[qdVc8_B= ƵBmNL9JXv3wIWui1pܧf*|q:x&dmL R&`(hۨ $slBxA?#ׄ3.b7\G;TWOzѨqYiL8s6Lwi.b7=p]c:;!䩈\Y,<2'k3qɽ^Rim#a3/dCel{1 ,k^ ܿH6*4H", \gCJ'jěQe+ '$}'hA|BrwB7/^6vqῬ$nd,MvtކnF<"μ6IT (rUV4Yڳ 'tv z{͌]r}[8PfGFS,};7;лcO;+Hm^6=N/FyaDa?IF}*nFhAX/ŽտdG&oK'*l#Xfi q+RDmtv{zlo jpr|6LDn2`TGĶуHuc r4 cN.]GXȊ5|@ z_x#AE~a{(mewvI"&G͎`da[}{P@M^\'U (c|̤KWys*@߾h;b-b;f.ԨIf:;,2B0Vnâ9!+.zh;npG+e/&P g Td1O="`,'OvLq(Ms5e8!sr jָרBpYRb\K^@U4 ᦤMZiܒǷvD= &Q 藌+"ԢJZ~ܕl}ԧY8 .RϤj &=+33;Ȁ0Jy=<;,8$-bUZ{^_rz#Si*b-qZ>rd@aʭ{sXr2{'%:|<7 Ft;˝.jv}Oyj$!}y+#~܃ˈz6: h*w!lr 8:;6 NܴQڜhjPv&LGTG{Q,.[+ #ԏ)//1;4vӨWzީ_5AelE+^> pO1*k ތCdC ~NmOYƫ/g4mn~Zr16lYlX`h\庎Dj8ثjL$ 177̍ =>wۣ%4djD|l . kID;,.I&:CjQh3r` Wۊ:zRފPlt>]7Hou]jvLۿI|=sE2UE.ʡ>\Ic3vmpŭ_F1`1#4O_Ɖ3!(a}=Q(-Pp,K Jqb%75ItGdQ ylbxBRI$q: K7.ػq4BW-v1TenWóYecZz ^f%WR' c⇅\8^FR .b=,+2]T-5D/}:!m06ѳ 1iا?K}$v8Lq)SB|ጣ0)ORMK*8F`Uy  ȣxSӤm92K8*ntG EX-`H=LP: d SQ;՘( 8CE{B[_GsZw!YVy,r"clCyd-Bc䂭J)][ooWQm Z*:a!#ϣjɟeR 3=OԮz׾e:?~Rqtih X*ٯPU言)U : ".$ D`yb2pk#r9nbG kߙ2|;ױ|)m=]yk!c(3k0~=ߑu@jf]9Ѧ(9Ak,SٶǨk6'.Jm T@6b W!x r=*@9@Fթtȃ?rM8R u`sdd6耎5ŋ9U<>b ?'_{%.bݑDUZ !7mގ_솂5_п0BhbP~_j gM9T4U H!NhNZ\1:@yo etɚz[9Bx` jZ"<Gt5Flos\Z (b4A2Y9 〒S%AȽhC#crm -bLVJ3l>KX|ƈ%'9k;bVdF01ţ_odv@z?g[beC} R92Uoo(YʋᄃhH l؝oe(qr}Yv3p}|0L]QtƵD^-r 鳤XW%Ȩ)zCӞXԿ}"plhRL9(?J%.JoFyÃW i$Tf*H亶37s# eޓ#G*AJ 7-@U=ʮyPk)gJV ?>S$ H V.4P {݋>|d81g߫gqri\pohxx7>OHIuOCe".s& 18K!ڣdj%WMg 8bfxD9auqW)pgF )w䦊g7]ހci9R[u:4]9~_yuG;c=Oo\սm~zF =FAm=k1SWz՟-^,Os)l*nvd Tl!ic%,;Wd 8f 3[lf-ZMˀXO`\j~h-cUdGI6tO.%3^rc+\Y)WtSNꔚjt U ։ڲ YU"kyHRl%W4j~-D͵ [|i YZ